2012-04-14 16:05:29 +00:00
< ? php
/**
2012-07-25 10:37:39 +00:00
* ownCloud – LDAP Access
2012-04-14 16:05:29 +00:00
*
* @ author Arthur Schiwon
* @ copyright 2012 Arthur Schiwon blizzz @ owncloud . com
*
* This library is free software ; you can redistribute it and / or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation ; either
* version 3 of the License , or any later version .
*
* This library is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details .
*
* You should have received a copy of the GNU Affero General Public
* License along with this library . If not , see < http :// www . gnu . org / licenses />.
*
*/
2012-07-25 10:37:39 +00:00
namespace OCA\user_ldap\lib ;
2012-04-15 11:37:35 +00:00
2012-07-25 10:37:39 +00:00
abstract class Access {
protected $connection ;
public function setConnector ( Connection & $connection ) {
$this -> connection = $connection ;
}
private function checkConnection () {
return ( $this -> connection instanceof Connection );
2012-04-16 16:03:02 +00:00
}
2012-06-07 16:13:41 +00:00
2012-05-17 17:33:38 +00:00
/**
2012-07-25 10:37:39 +00:00
* @ brief reads a given attribute for an LDAP record identified by a DN
* @ param $dn the record in question
* @ param $attr the attribute that shall be retrieved
* @ returns the values in an array on success , false otherwise
2012-05-17 17:33:38 +00:00
*
2012-07-25 10:37:39 +00:00
* Reads an attribute from an LDAP entry
2012-05-17 17:33:38 +00:00
*/
2012-07-25 10:37:39 +00:00
public function readAttribute ( $dn , $attr ) {
if ( ! $this -> checkConnection ()) {
\OCP\Util :: writeLog ( 'user_ldap' , 'No LDAP Connector assigned, access impossible for readAttribute.' , \OCP\Util :: WARN );
return false ;
2012-06-07 16:13:41 +00:00
}
2012-07-25 10:37:39 +00:00
$cr = $this -> connection -> getConnectionResource ();
2012-07-25 10:54:23 +00:00
$rr = @ ldap_read ( $cr , $dn , 'objectClass=*' , array ( $attr ));
if ( ! is_resource ( $rr )) {
\OCP\Util :: writeLog ( 'user_ldap' , 'readAttribute failed for DN ' . $dn , \OCP\Util :: DEBUG );
//in case an error occurs , e.g. object does not exist
return false ;
}
2012-07-25 10:37:39 +00:00
$er = ldap_first_entry ( $cr , $rr );
//LDAP attributes are not case sensitive
$result = \OCP\Util :: mb_array_change_key_case ( ldap_get_attributes ( $cr , $er ), MB_CASE_LOWER , 'UTF-8' );
$attr = mb_strtolower ( $attr , 'UTF-8' );
2012-04-14 16:05:29 +00:00
2012-07-25 11:18:31 +00:00
if ( isset ( $result [ $attr ]) && $result [ $attr ][ 'count' ] > 0 ) {
2012-07-25 10:37:39 +00:00
$values = array ();
for ( $i = 0 ; $i < $result [ $attr ][ 'count' ]; $i ++ ) {
$values [] = $this -> resemblesDN ( $attr ) ? $this -> sanitizeDN ( $result [ $attr ][ $i ]) : $result [ $attr ][ $i ];
}
return $values ;
}
return false ;
2012-04-16 16:03:02 +00:00
}
2012-04-25 18:34:58 +00:00
/**
2012-07-25 10:37:39 +00:00
* @ brief checks wether the given attribute ` s valua is probably a DN
* @ param $attr the attribute in question
* @ return if so true , otherwise false
2012-04-25 18:34:58 +00:00
*/
2012-07-25 10:37:39 +00:00
private function resemblesDN ( $attr ) {
$resemblingAttributes = array (
'dn' ,
'uniquemember' ,
'member'
2012-04-16 11:27:20 +00:00
);
2012-07-25 10:37:39 +00:00
return in_array ( $attr , $resemblingAttributes );
}
2012-04-15 12:47:33 +00:00
2012-07-25 10:37:39 +00:00
/**
* @ brief sanitizes a DN received from the LDAP server
* @ param $dn the DN in question
* @ return the sanitized DN
*/
private function sanitizeDN ( $dn ) {
//OID sometimes gives back DNs with whitespace after the comma a la "uid=foo, cn=bar, dn=..." We need to tackle this!
2012-07-25 11:18:31 +00:00
$dn = preg_replace ( '/([^\\\]),(\s+)/u' , '\1,' , $dn );
2012-04-25 18:34:58 +00:00
2012-07-25 10:37:39 +00:00
//make comparisons and everything work
$dn = mb_strtolower ( $dn , 'UTF-8' );
return $dn ;
2012-04-25 18:34:58 +00:00
}
/**
* gives back the database table for the query
*/
2012-07-25 10:37:39 +00:00
private function getMapTable ( $isUser ) {
2012-04-25 18:34:58 +00:00
if ( $isUser ) {
return '*PREFIX*ldap_user_mapping' ;
} else {
return '*PREFIX*ldap_group_mapping' ;
}
}
/**
* @ brief returns the LDAP DN for the given internal ownCloud name of the group
* @ param $name the ownCloud name in question
* @ returns string with the LDAP DN on success , otherwise false
*
* returns the LDAP DN for the given internal ownCloud name of the group
*/
2012-07-25 10:37:39 +00:00
public function groupname2dn ( $name ) {
return $this -> ocname2dn ( $name , false );
2012-04-25 18:34:58 +00:00
}
/**
* @ brief returns the LDAP DN for the given internal ownCloud name of the user
* @ param $name the ownCloud name in question
* @ returns string with the LDAP DN on success , otherwise false
*
* returns the LDAP DN for the given internal ownCloud name of the user
*/
2012-07-25 10:37:39 +00:00
public function username2dn ( $name ) {
$dn = $this -> ocname2dn ( $name , true );
2012-04-25 18:34:58 +00:00
if ( $dn ) {
return $dn ;
} else {
//fallback: user is not mapped
2012-07-25 10:37:39 +00:00
$filter = $this -> combineFilterWithAnd ( array (
$this -> connection -> ldapUserFilter ,
$this -> connection -> ldapUserDisplayName . '=' . $name ,
2012-04-25 18:34:58 +00:00
));
2012-07-25 10:37:39 +00:00
$result = $this -> searchUsers ( $filter , 'dn' );
2012-04-25 18:34:58 +00:00
if ( isset ( $result [ 0 ][ 'dn' ])) {
2012-07-25 10:37:39 +00:00
$this -> mapComponent ( $result [ 0 ], $name , true );
2012-04-25 18:34:58 +00:00
return $result [ 0 ];
}
}
return false ;
}
2012-07-25 10:37:39 +00:00
/**
* @ brief returns the LDAP DN for the given internal ownCloud name
* @ param $name the ownCloud name in question
* @ param $isUser is it a user ? otherwise group
* @ returns string with the LDAP DN on success , otherwise false
*
* returns the LDAP DN for the given internal ownCloud name
*/
private function ocname2dn ( $name , $isUser ) {
$table = $this -> getMapTable ( $isUser );
2012-04-25 18:34:58 +00:00
2012-07-25 10:37:39 +00:00
$query = \OCP\DB :: prepare ( '
2012-04-25 18:34:58 +00:00
SELECT ldap_dn
FROM '.$table.'
WHERE owncloud_name = ?
' );
$record = $query -> execute ( array ( $name )) -> fetchOne ();
return $record ;
}
/**
* @ brief returns the internal ownCloud name for the given LDAP DN of the group
* @ param $dn the dn of the group object
* @ param $ldapname optional , the display name of the object
2012-06-18 23:15:58 +00:00
* @ returns string with with the name to use in ownCloud , false on DN outside of search DN
2012-04-25 18:34:58 +00:00
*
* returns the internal ownCloud name for the given LDAP DN of the group
*/
2012-07-25 10:37:39 +00:00
public function dn2groupname ( $dn , $ldapname = null ) {
if ( mb_strripos ( $dn , $this -> connection -> ldapBaseGroups , 0 , 'UTF-8' ) !== ( mb_strlen ( $dn , 'UTF-8' ) - mb_strlen ( $this -> connection -> ldapBaseGroups , 'UTF-8' ))) {
2012-06-18 23:15:58 +00:00
return false ;
}
2012-07-25 10:37:39 +00:00
return $this -> dn2ocname ( $dn , $ldapname , false );
2012-04-25 18:34:58 +00:00
}
/**
* @ brief returns the internal ownCloud name for the given LDAP DN of the user
* @ param $dn the dn of the user object
* @ param $ldapname optional , the display name of the object
* @ returns string with with the name to use in ownCloud
*
2012-06-18 23:15:58 +00:00
* returns the internal ownCloud name for the given LDAP DN of the user , false on DN outside of search DN
2012-04-25 18:34:58 +00:00
*/
2012-07-25 10:37:39 +00:00
public function dn2username ( $dn , $ldapname = null ) {
if ( mb_strripos ( $dn , $this -> connection -> ldapBaseUsers , 0 , 'UTF-8' ) !== ( mb_strlen ( $dn , 'UTF-8' ) - mb_strlen ( $this -> connection -> ldapBaseUsers , 'UTF-8' ))) {
2012-06-18 23:15:58 +00:00
return false ;
}
2012-07-25 10:37:39 +00:00
return $this -> dn2ocname ( $dn , $ldapname , true );
2012-04-25 18:34:58 +00:00
}
2012-07-25 10:37:39 +00:00
/**
* @ brief returns an internal ownCloud name for the given LDAP DN
* @ param $dn the dn of the user object
* @ param $ldapname optional , the display name of the object
* @ param $isUser optional , wether it is a user object ( otherwise group assumed )
* @ returns string with with the name to use in ownCloud
*
* returns the internal ownCloud name for the given LDAP DN of the user , false on DN outside of search DN
*/
public function dn2ocname ( $dn , $ldapname = null , $isUser = true ) {
$dn = $this -> sanitizeDN ( $dn );
$table = $this -> getMapTable ( $isUser );
2012-04-25 18:34:58 +00:00
if ( $isUser ) {
2012-07-25 10:37:39 +00:00
$nameAttribute = $this -> connection -> ldapUserDisplayName ;
2012-04-25 18:34:58 +00:00
} else {
2012-07-25 10:37:39 +00:00
$nameAttribute = $this -> connection -> ldapGroupDisplayName ;
2012-04-25 18:34:58 +00:00
}
2012-07-25 10:37:39 +00:00
$query = \OCP\DB :: prepare ( '
2012-04-25 18:34:58 +00:00
SELECT owncloud_name
FROM '.$table.'
WHERE ldap_dn = ?
' );
$component = $query -> execute ( array ( $dn )) -> fetchOne ();
if ( $component ) {
return $component ;
}
if ( is_null ( $ldapname )) {
2012-07-25 10:37:39 +00:00
$ldapname = $this -> readAttribute ( $dn , $nameAttribute );
2012-04-25 18:34:58 +00:00
$ldapname = $ldapname [ 0 ];
}
2012-07-25 10:37:39 +00:00
$ldapname = $this -> sanitizeUsername ( $ldapname );
2012-04-25 18:34:58 +00:00
//a new user/group! Then let's try to add it. We're shooting into the blue with the user/group name, assuming that in most cases there will not be a conflict. Otherwise an error will occur and we will continue with our second shot.
2012-07-25 10:37:39 +00:00
if ( $this -> mapComponent ( $dn , $ldapname , $isUser )) {
2012-04-25 18:34:58 +00:00
return $ldapname ;
}
//doh! There is a conflict. We need to distinguish between users/groups. Adding indexes is an idea, but not much of a help for the user. The DN is ugly, but for now the only reasonable way. But we transform it to a readable format and remove the first part to only give the path where this object is located.
2012-07-25 10:37:39 +00:00
$oc_name = $this -> alternateOwnCloudName ( $ldapname , $dn );
if ( $this -> mapComponent ( $dn , $oc_name , $isUser )) {
2012-04-25 18:34:58 +00:00
return $oc_name ;
}
2012-07-25 10:37:39 +00:00
//TODO: do not simple die away!
2012-04-25 18:34:58 +00:00
//and this of course should never been thrown :)
throw new Exception ( 'LDAP backend: unexpected collision of DN and ownCloud Name.' );
}
/**
* @ brief gives back the user names as they are used ownClod internally
* @ param $ldapGroups an array with the ldap Users result in style of array ( array ( 'dn' => foo , 'uid' => bar ), ... )
* @ returns an array with the user names to use in ownCloud
*
* gives back the user names as they are used ownClod internally
*/
2012-07-25 10:37:39 +00:00
public function ownCloudUserNames ( $ldapUsers ) {
return $this -> ldap2ownCloudNames ( $ldapUsers , true );
2012-04-25 18:34:58 +00:00
}
/**
* @ brief gives back the group names as they are used ownClod internally
* @ param $ldapGroups an array with the ldap Groups result in style of array ( array ( 'dn' => foo , 'cn' => bar ), ... )
* @ returns an array with the group names to use in ownCloud
*
* gives back the group names as they are used ownClod internally
*/
2012-07-25 10:37:39 +00:00
public function ownCloudGroupNames ( $ldapGroups ) {
return $this -> ldap2ownCloudNames ( $ldapGroups , false );
2012-04-25 18:34:58 +00:00
}
2012-07-25 10:37:39 +00:00
private function ldap2ownCloudNames ( $ldapObjects , $isUsers ) {
2012-04-25 18:34:58 +00:00
if ( $isUsers ) {
2012-07-25 10:37:39 +00:00
$knownObjects = $this -> mappedUsers ();
$nameAttribute = $this -> connection -> ldapUserDisplayName ;
2012-04-25 18:34:58 +00:00
} else {
2012-07-25 10:37:39 +00:00
$knownObjects = $this -> mappedGroups ();
$nameAttribute = $this -> connection -> ldapGroupDisplayName ;
2012-04-25 18:34:58 +00:00
}
$ownCloudNames = array ();
foreach ( $ldapObjects as $ldapObject ) {
2012-07-25 10:37:39 +00:00
$key = \OCP\Util :: recursiveArraySearch ( $knownObjects , $ldapObject [ 'dn' ]);
2012-04-25 18:34:58 +00:00
//everything is fine when we know the group
2012-06-07 10:44:59 +00:00
if ( $key !== false ) {
2012-04-25 18:34:58 +00:00
$ownCloudNames [] = $knownObjects [ $key ][ 'owncloud_name' ];
continue ;
}
2012-05-17 13:14:47 +00:00
//a new group! Then let's try to add it. We're shooting into the blue with the group name, assuming that in most cases there will not be a conflict. But first make sure, that the display name contains only allowed characters.
2012-07-25 10:37:39 +00:00
$ocname = $this -> sanitizeUsername ( $ldapObject [ $nameAttribute ]);
if ( $this -> mapComponent ( $ldapObject [ 'dn' ], $ocname , $isUsers )) {
2012-05-17 13:14:47 +00:00
$ownCloudNames [] = $ocname ;
2012-04-25 18:34:58 +00:00
continue ;
}
//doh! There is a conflict. We need to distinguish between groups. Adding indexes is an idea, but not much of a help for the user. The DN is ugly, but for now the only reasonable way. But we transform it to a readable format and remove the first part to only give the path where this entry is located.
2012-07-25 10:37:39 +00:00
$ocname = $this -> alternateOwnCloudName ( $ocname , $ldapObject [ 'dn' ]);
if ( $this -> mapComponent ( $ldapObject [ 'dn' ], $ocname , $isUsers )) {
2012-05-17 13:14:47 +00:00
$ownCloudNames [] = $ocname ;
2012-04-25 18:34:58 +00:00
continue ;
}
2012-07-25 10:37:39 +00:00
//TODO: do not simple die away
2012-04-25 18:34:58 +00:00
//and this of course should never been thrown :)
throw new Exception ( 'LDAP backend: unexpected collision of DN and ownCloud Name.' );
}
return $ownCloudNames ;
}
/**
* @ brief creates a hopefully unique name for owncloud based on the display name and the dn of the LDAP object
* @ param $name the display name of the object
* @ param $dn the dn of the object
* @ returns string with with the name to use in ownCloud
*
* creates a hopefully unique name for owncloud based on the display name and the dn of the LDAP object
*/
2012-07-25 10:37:39 +00:00
private function alternateOwnCloudName ( $name , $dn ) {
2012-04-25 18:34:58 +00:00
$ufn = ldap_dn2ufn ( $dn );
2012-07-25 10:37:39 +00:00
$name = $name . '@' . trim ( \OCP\Util :: mb_substr_replace ( $ufn , '' , 0 , mb_strpos ( $ufn , ',' , 0 , 'UTF-8' ), 'UTF-8' ));
$name = $this -> sanitizeUsername ( $name );
2012-05-17 13:14:47 +00:00
return $name ;
2012-04-25 18:34:58 +00:00
}
/**
* @ brief retrieves all known groups from the mappings table
* @ returns array with the results
*
* retrieves all known groups from the mappings table
*/
2012-07-25 10:37:39 +00:00
private function mappedGroups () {
return $this -> mappedComponents ( false );
2012-04-25 18:34:58 +00:00
}
/**
* @ brief retrieves all known users from the mappings table
* @ returns array with the results
*
* retrieves all known users from the mappings table
*/
2012-07-25 10:37:39 +00:00
private function mappedUsers () {
return $this -> mappedComponents ( true );
2012-04-25 18:34:58 +00:00
}
2012-07-25 10:37:39 +00:00
private function mappedComponents ( $isUsers ) {
$table = $this -> getMapTable ( $isUsers );
2012-04-25 18:34:58 +00:00
2012-07-25 10:37:39 +00:00
$query = \OCP\DB :: prepare ( '
2012-04-25 18:34:58 +00:00
SELECT ldap_dn , owncloud_name
FROM ' . $table
);
return $query -> execute () -> fetchAll ();
}
/**
* @ brief inserts a new user or group into the mappings table
* @ param $dn the record in question
* @ param $ocname the name to use in ownCloud
* @ param $isUser is it a user or a group ?
* @ returns true on success , false otherwise
*
* inserts a new user or group into the mappings table
*/
2012-07-25 10:37:39 +00:00
private function mapComponent ( $dn , $ocname , $isUser = true ) {
$table = $this -> getMapTable ( $isUser );
$dn = $this -> sanitizeDN ( $dn );
2012-04-25 18:34:58 +00:00
2012-05-31 11:06:27 +00:00
$sqlAdjustment = '' ;
2012-07-25 10:37:39 +00:00
$dbtype = \OCP\Config :: getSystemValue ( 'dbtype' );
2012-05-31 11:06:27 +00:00
if ( $dbtype == 'mysql' ) {
$sqlAdjustment = 'FROM dual' ;
2012-05-08 11:56:07 +00:00
}
2012-07-25 10:37:39 +00:00
$insert = \OCP\DB :: prepare ( '
2012-05-31 11:06:27 +00:00
INSERT INTO '.$table.' ( ldap_dn , owncloud_name )
SELECT ? , ?
'.$sqlAdjustment.'
WHERE NOT EXISTS (
SELECT 1
FROM '.$table.'
WHERE ldap_dn = ?
2012-06-07 11:36:34 +00:00
OR owncloud_name = ? )
2012-04-25 18:34:58 +00:00
' );
2012-05-31 11:06:27 +00:00
$res = $insert -> execute ( array ( $dn , $ocname , $dn , $ocname ));
2012-04-25 18:34:58 +00:00
2012-07-25 10:37:39 +00:00
if ( \OCP\DB :: isError ( $res )) {
2012-06-07 11:36:34 +00:00
return false ;
}
$insRows = $res -> numRows ();
if ( $insRows == 0 ) {
return false ;
}
return true ;
2012-04-15 12:47:33 +00:00
}
2012-07-25 10:37:39 +00:00
public function fetchListOfUsers ( $filter , $attr ) {
return $this -> fetchList ( $this -> searchUsers ( $filter , $attr ), ( count ( $attr ) > 1 ));
2012-05-03 21:38:55 +00:00
}
2012-07-25 10:37:39 +00:00
public function fetchListOfGroups ( $filter , $attr ) {
return $this -> fetchList ( $this -> searchGroups ( $filter , $attr ), ( count ( $attr ) > 1 ));
2012-05-03 21:38:55 +00:00
}
2012-07-25 10:37:39 +00:00
private function fetchList ( $list , $manyAttributes ) {
2012-05-03 21:38:55 +00:00
if ( is_array ( $list )) {
if ( $manyAttributes ) {
return $list ;
} else {
return array_unique ( $list , SORT_LOCALE_STRING );
}
}
//error cause actually, maybe throw an exception in future.
return array ();
}
2012-04-23 11:04:58 +00:00
/**
* @ brief executes an LDAP search , optimized for Users
* @ param $filter the LDAP filter for the search
* @ param $attr optional , when a certain attribute shall be filtered out
* @ returns array with the search result
*
* Executes an LDAP search
*/
2012-07-25 10:37:39 +00:00
public function searchUsers ( $filter , $attr = null ) {
return $this -> search ( $filter , $this -> connection -> ldapBaseUsers , $attr );
2012-04-23 11:04:58 +00:00
}
/**
* @ brief executes an LDAP search , optimized for Groups
* @ param $filter the LDAP filter for the search
* @ param $attr optional , when a certain attribute shall be filtered out
* @ returns array with the search result
*
* Executes an LDAP search
*/
2012-07-25 10:37:39 +00:00
public function searchGroups ( $filter , $attr = null ) {
return $this -> search ( $filter , $this -> connection -> ldapBaseGroups , $attr );
2012-04-23 11:04:58 +00:00
}
2012-04-14 16:26:46 +00:00
/**
* @ brief executes an LDAP search
* @ param $filter the LDAP filter for the search
2012-04-23 11:04:58 +00:00
* @ param $base the LDAP subtree that shall be searched
2012-04-14 16:26:46 +00:00
* @ param $attr optional , when a certain attribute shall be filtered out
* @ returns array with the search result
*
* Executes an LDAP search
*/
2012-07-25 10:37:39 +00:00
private function search ( $filter , $base , $attr = null ) {
2012-04-25 18:34:58 +00:00
if ( ! is_null ( $attr ) && ! is_array ( $attr )) {
2012-07-02 18:31:07 +00:00
$attr = array ( mb_strtolower ( $attr , 'UTF-8' ));
2012-04-25 18:34:58 +00:00
}
2012-05-28 13:54:38 +00:00
2012-06-22 20:57:35 +00:00
// See if we have a resource
2012-07-25 10:37:39 +00:00
$link_resource = $this -> connection -> getConnectionResource ();
2012-07-02 12:03:16 +00:00
if ( is_resource ( $link_resource )) {
2012-05-28 13:54:38 +00:00
$sr = ldap_search ( $link_resource , $base , $filter , $attr );
$findings = ldap_get_entries ( $link_resource , $sr );
2012-07-02 12:03:16 +00:00
2012-06-22 20:57:35 +00:00
// if we're here, probably no connection resource is returned.
2012-05-28 13:54:38 +00:00
// to make ownCloud behave nicely, we simply give back an empty array.
if ( is_null ( $findings )) {
return array ();
}
2012-07-02 12:03:16 +00:00
} else {
2012-05-28 13:54:38 +00:00
// Seems like we didn't find any resource.
// Return an empty array just like before.
2012-07-25 10:37:39 +00:00
\OCP\Util :: writeLog ( 'user_ldap' , 'Could not search, because resource is missing.' , \OCP\Util :: DEBUG );
2012-05-01 10:17:33 +00:00
return array ();
}
2012-04-14 16:05:29 +00:00
if ( ! is_null ( $attr )) {
$selection = array ();
2012-04-25 18:34:58 +00:00
$multiarray = false ;
if ( count ( $attr ) > 1 ) {
$multiarray = true ;
$i = 0 ;
}
2012-04-14 16:05:29 +00:00
foreach ( $findings as $item ) {
2012-05-17 11:15:26 +00:00
if ( ! is_array ( $item )) {
continue ;
}
2012-07-25 10:37:39 +00:00
$item = \OCP\Util :: mb_array_change_key_case ( $item , MB_CASE_LOWER , 'UTF-8' );
2012-05-17 11:15:26 +00:00
2012-04-25 18:34:58 +00:00
if ( $multiarray ) {
foreach ( $attr as $key ) {
2012-07-02 18:31:07 +00:00
$key = mb_strtolower ( $key , 'UTF-8' );
2012-04-25 18:34:58 +00:00
if ( isset ( $item [ $key ])) {
2012-07-25 11:18:31 +00:00
if ( $key != 'dn' ) {
2012-07-25 10:37:39 +00:00
$selection [ $i ][ $key ] = $this -> resemblesDN ( $key ) ? $this -> sanitizeDN ( $item [ $key ][ 0 ]) : $item [ $key ][ 0 ];
2012-04-25 18:34:58 +00:00
} else {
2012-07-25 10:37:39 +00:00
$selection [ $i ][ $key ] = $this -> sanitizeDN ( $item [ $key ]);
2012-04-25 18:34:58 +00:00
}
}
}
$i ++ ;
} else {
2012-05-11 13:42:05 +00:00
//tribute to case insensitivity
2012-07-02 18:31:07 +00:00
$key = mb_strtolower ( $attr [ 0 ], 'UTF-8' );
2012-05-11 13:42:05 +00:00
if ( isset ( $item [ $key ])) {
2012-07-25 10:37:39 +00:00
if ( $this -> resemblesDN ( $key )) {
$selection [] = $this -> sanitizeDN ( $item [ $key ]);
2012-05-14 10:25:10 +00:00
} else {
$selection [] = $item [ $key ];
}
2012-04-25 18:34:58 +00:00
}
2012-04-14 16:05:29 +00:00
}
}
return $selection ;
}
return $findings ;
}
2012-07-25 10:37:39 +00:00
public function sanitizeUsername ( $name ) {
if ( $this -> connection -> ldapIgnoreNamingRules ) {
2012-05-17 17:33:38 +00:00
return $name ;
}
2012-05-17 13:14:47 +00:00
//REPLACEMENTS
2012-07-25 10:37:39 +00:00
$name = \OCP\Util :: mb_str_replace ( ' ' , '_' , $name , 'UTF-8' );
2012-05-17 13:14:47 +00:00
//every remaining unallowed characters will be removed
2012-07-02 18:31:07 +00:00
$name = preg_replace ( '/[^a-zA-Z0-9_.@-]/u' , '' , $name );
2012-05-17 13:14:47 +00:00
return $name ;
}
2012-04-15 11:37:35 +00:00
/**
* @ brief combines the input filters with AND
* @ param $filters array , the filters to connect
* @ returns the combined filter
*
* Combines Filter arguments with AND
*/
2012-07-25 10:37:39 +00:00
public function combineFilterWithAnd ( $filters ) {
2012-07-25 11:18:31 +00:00
return $this -> combineFilter ( $filters , '&' );
2012-04-15 11:37:35 +00:00
}
/**
* @ brief combines the input filters with AND
* @ param $filters array , the filters to connect
* @ returns the combined filter
*
* Combines Filter arguments with AND
*/
2012-07-25 10:37:39 +00:00
public function combineFilterWithOr ( $filters ) {
2012-07-25 11:18:31 +00:00
return $this -> combineFilter ( $filters , '|' );
2012-04-15 11:37:35 +00:00
}
/**
* @ brief combines the input filters with given operator
* @ param $filters array , the filters to connect
* @ param $operator either & or |
* @ returns the combined filter
*
* Combines Filter arguments with AND
*/
2012-07-25 10:37:39 +00:00
private function combineFilter ( $filters , $operator ) {
2012-04-15 11:37:35 +00:00
$combinedFilter = '(' . $operator ;
foreach ( $filters as $filter ) {
2012-06-08 19:23:25 +00:00
if ( $filter [ 0 ] != '(' ) {
2012-04-15 11:37:35 +00:00
$filter = '(' . $filter . ')' ;
}
$combinedFilter .= $filter ;
}
$combinedFilter .= ')' ;
return $combinedFilter ;
}
2012-07-25 10:37:39 +00:00
public function areCredentialsValid ( $name , $password ) {
$testConnection = clone $this -> connection ;
$credentials = array (
'ldapAgentName' => $name ,
'ldapAgentPassword' => $password
);
if ( ! $testConnection -> setConfiguration ( $credentials )) {
2012-04-16 15:28:58 +00:00
return false ;
}
2012-07-25 10:37:39 +00:00
return $testConnection -> bind ();
2012-04-25 18:34:58 +00:00
}
2012-07-25 10:37:39 +00:00
}