Merge pull request #8538 from owncloud/make-my-ide-less-complain-about-ldap
Use proper PHPDoc and variable names in the LDAP lib
This commit is contained in:
commit
aea44ee0d5
15 changed files with 691 additions and 386 deletions
|
@ -23,6 +23,10 @@
|
|||
|
||||
namespace OCA\user_ldap\lib;
|
||||
|
||||
/**
|
||||
* Class Access
|
||||
* @package OCA\user_ldap\lib
|
||||
*/
|
||||
class Access extends LDAPUtility {
|
||||
public $connection;
|
||||
//never ever check this var directly, always use getPagedSearchResultState
|
||||
|
@ -30,24 +34,30 @@ class Access extends LDAPUtility {
|
|||
|
||||
protected $cookies = array();
|
||||
|
||||
/**
|
||||
* @param Connection $connection
|
||||
* @param ILDAPWrapper $ldap
|
||||
*/
|
||||
public function __construct(Connection $connection, ILDAPWrapper $ldap) {
|
||||
parent::__construct($ldap);
|
||||
$this->connection = $connection;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
private function checkConnection() {
|
||||
return ($this->connection instanceof Connection);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief reads a given attribute for an LDAP record identified by a DN
|
||||
* @param $dn the record in question
|
||||
* @param $attr the attribute that shall be retrieved
|
||||
* @param string $dn the record in question
|
||||
* @param string $attr the attribute that shall be retrieved
|
||||
* if empty, just check the record's existence
|
||||
* @returns an array of values on success or an empty
|
||||
* @param string $filter
|
||||
* @return array|false an array of values on success or an empty
|
||||
* array if $attr is empty, false otherwise
|
||||
*
|
||||
* Reads an attribute from an LDAP entry or check if entry exists
|
||||
*/
|
||||
public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
|
||||
if(!$this->checkConnection()) {
|
||||
|
@ -105,7 +115,7 @@ class Access extends LDAPUtility {
|
|||
}
|
||||
|
||||
/**
|
||||
* @brief checks wether the given attribute`s valua is probably a DN
|
||||
* @brief checks whether the given attributes value is probably a DN
|
||||
* @param string $attr the attribute in question
|
||||
* @return boolean if so true, otherwise false
|
||||
*/
|
||||
|
@ -120,8 +130,8 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief sanitizes a DN received from the LDAP server
|
||||
* @param $dn the DN in question
|
||||
* @return the sanitized DN
|
||||
* @param array $dn the DN in question
|
||||
* @return array the sanitized DN
|
||||
*/
|
||||
private function sanitizeDN($dn) {
|
||||
//treating multiple base DNs
|
||||
|
@ -163,7 +173,8 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* gives back the database table for the query
|
||||
* @param boolean $isUser
|
||||
* @param bool $isUser
|
||||
* @return string
|
||||
*/
|
||||
private function getMapTable($isUser) {
|
||||
if($isUser) {
|
||||
|
@ -176,9 +187,7 @@ class Access extends LDAPUtility {
|
|||
/**
|
||||
* @brief returns the LDAP DN for the given internal ownCloud name of the group
|
||||
* @param string $name the ownCloud name in question
|
||||
* @returns string with the LDAP DN on success, otherwise false
|
||||
*
|
||||
* returns the LDAP DN for the given internal ownCloud name of the group
|
||||
* @return string with the LDAP DN on success, otherwise false
|
||||
*/
|
||||
public function groupname2dn($name) {
|
||||
$dn = $this->ocname2dn($name, false);
|
||||
|
@ -192,10 +201,8 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief returns the LDAP DN for the given internal ownCloud name of the user
|
||||
* @param $name the ownCloud name in question
|
||||
* @returns string with the LDAP DN on success, otherwise false
|
||||
*
|
||||
* returns the LDAP DN for the given internal ownCloud name of the user
|
||||
* @param string $name the ownCloud name in question
|
||||
* @return string with the LDAP DN on success, otherwise false
|
||||
*/
|
||||
public function username2dn($name) {
|
||||
$dn = $this->ocname2dn($name, true);
|
||||
|
@ -210,11 +217,9 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief returns the LDAP DN for the given internal ownCloud name
|
||||
* @param $name the ownCloud name in question
|
||||
* @param string $name the ownCloud name in question
|
||||
* @param boolean $isUser is it a user? otherwise group
|
||||
* @returns string with the LDAP DN on success, otherwise false
|
||||
*
|
||||
* returns the LDAP DN for the given internal ownCloud name
|
||||
* @return string with the LDAP DN on success, otherwise false
|
||||
*/
|
||||
private function ocname2dn($name, $isUser) {
|
||||
$table = $this->getMapTable($isUser);
|
||||
|
@ -230,15 +235,12 @@ class Access extends LDAPUtility {
|
|||
}
|
||||
|
||||
/**
|
||||
* @brief returns the internal ownCloud name for the given LDAP DN of the group
|
||||
* @param $dn the dn of the group object
|
||||
* @param $ldapname optional, the display name of the object
|
||||
* @returns string with with the name to use in ownCloud, false on DN outside of search DN
|
||||
*
|
||||
* returns the internal ownCloud name for the given LDAP DN of the
|
||||
* group, false on DN outside of search DN or failure
|
||||
* @brief returns the internal ownCloud name for the given LDAP DN of the group, false on DN outside of search DN or failure
|
||||
* @param string $dn the dn of the group object
|
||||
* @param string $ldapName optional, the display name of the object
|
||||
* @return string with the name to use in ownCloud, false on DN outside of search DN
|
||||
*/
|
||||
public function dn2groupname($dn, $ldapname = null) {
|
||||
public function dn2groupname($dn, $ldapName = null) {
|
||||
//To avoid bypassing the base DN settings under certain circumstances
|
||||
//with the group support, check whether the provided DN matches one of
|
||||
//the given Bases
|
||||
|
@ -246,18 +248,16 @@ class Access extends LDAPUtility {
|
|||
return false;
|
||||
}
|
||||
|
||||
return $this->dn2ocname($dn, $ldapname, false);
|
||||
return $this->dn2ocname($dn, $ldapName, false);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief returns the internal ownCloud name for the given LDAP DN of the user
|
||||
* @param $dn the dn of the user object
|
||||
* @param $ldapname optional, the display name of the object
|
||||
* @returns string with with the name to use in ownCloud
|
||||
*
|
||||
* returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN or failure
|
||||
* @brief returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN or failure
|
||||
* @param string $dn the dn of the user object
|
||||
* @param string $ldapName optional, the display name of the object
|
||||
* @return string with with the name to use in ownCloud
|
||||
*/
|
||||
public function dn2username($dn, $ldapname = null) {
|
||||
public function dn2username($dn, $ldapName = null) {
|
||||
//To avoid bypassing the base DN settings under certain circumstances
|
||||
//with the group support, check whether the provided DN matches one of
|
||||
//the given Bases
|
||||
|
@ -265,19 +265,17 @@ class Access extends LDAPUtility {
|
|||
return false;
|
||||
}
|
||||
|
||||
return $this->dn2ocname($dn, $ldapname, true);
|
||||
return $this->dn2ocname($dn, $ldapName, true);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief returns an internal ownCloud name for the given LDAP DN
|
||||
* @param $dn the dn of the user object
|
||||
* @param $ldapname optional, the display name of the object
|
||||
* @param $isUser optional, wether it is a user object (otherwise group assumed)
|
||||
* @returns string with with the name to use in ownCloud
|
||||
*
|
||||
* returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN
|
||||
* @brief returns an internal ownCloud name for the given LDAP DN, false on DN outside of search DN
|
||||
* @param string $dn the dn of the user object
|
||||
* @param string $ldapName optional, the display name of the object
|
||||
* @param bool $isUser optional, whether it is a user object (otherwise group assumed)
|
||||
* @return string with with the name to use in ownCloud
|
||||
*/
|
||||
public function dn2ocname($dn, $ldapname = null, $isUser = true) {
|
||||
public function dn2ocname($dn, $ldapName = null, $isUser = true) {
|
||||
$table = $this->getMapTable($isUser);
|
||||
if($isUser) {
|
||||
$fncFindMappedName = 'findMappedUser';
|
||||
|
@ -288,9 +286,9 @@ class Access extends LDAPUtility {
|
|||
}
|
||||
|
||||
//let's try to retrieve the ownCloud name from the mappings table
|
||||
$ocname = $this->$fncFindMappedName($dn);
|
||||
if($ocname) {
|
||||
return $ocname;
|
||||
$ocName = $this->$fncFindMappedName($dn);
|
||||
if($ocName) {
|
||||
return $ocName;
|
||||
}
|
||||
|
||||
//second try: get the UUID and check if it is known. Then, update the DN and return the name.
|
||||
|
@ -317,13 +315,13 @@ class Access extends LDAPUtility {
|
|||
return false;
|
||||
}
|
||||
|
||||
if(is_null($ldapname)) {
|
||||
$ldapname = $this->readAttribute($dn, $nameAttribute);
|
||||
if(!isset($ldapname[0]) && empty($ldapname[0])) {
|
||||
if(is_null($ldapName)) {
|
||||
$ldapName = $this->readAttribute($dn, $nameAttribute);
|
||||
if(!isset($ldapName[0]) && empty($ldapName[0])) {
|
||||
\OCP\Util::writeLog('user_ldap', 'No or empty name for '.$dn.'.', \OCP\Util::INFO);
|
||||
return false;
|
||||
}
|
||||
$ldapname = $ldapname[0];
|
||||
$ldapName = $ldapName[0];
|
||||
}
|
||||
|
||||
if($isUser) {
|
||||
|
@ -334,27 +332,27 @@ class Access extends LDAPUtility {
|
|||
} else {
|
||||
$username = $uuid;
|
||||
}
|
||||
$intname = $this->sanitizeUsername($username);
|
||||
$intName = $this->sanitizeUsername($username);
|
||||
} else {
|
||||
$intname = $ldapname;
|
||||
$intName = $ldapName;
|
||||
}
|
||||
|
||||
//a new user/group! Add it only if it doesn't conflict with other backend's users or existing groups
|
||||
//disabling Cache is required to avoid that the new user is cached as not-existing in fooExists check
|
||||
$originalTTL = $this->connection->ldapCacheTTL;
|
||||
$this->connection->setConfiguration(array('ldapCacheTTL' => 0));
|
||||
if(($isUser && !\OCP\User::userExists($intname))
|
||||
|| (!$isUser && !\OC_Group::groupExists($intname))) {
|
||||
if($this->mapComponent($dn, $intname, $isUser)) {
|
||||
if(($isUser && !\OCP\User::userExists($intName))
|
||||
|| (!$isUser && !\OC_Group::groupExists($intName))) {
|
||||
if($this->mapComponent($dn, $intName, $isUser)) {
|
||||
$this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
|
||||
return $intname;
|
||||
return $intName;
|
||||
}
|
||||
}
|
||||
$this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
|
||||
|
||||
$altname = $this->createAltInternalOwnCloudName($intname, $isUser);
|
||||
if($this->mapComponent($dn, $altname, $isUser)) {
|
||||
return $altname;
|
||||
$altName = $this->createAltInternalOwnCloudName($intName, $isUser);
|
||||
if($this->mapComponent($dn, $altName, $isUser)) {
|
||||
return $altName;
|
||||
}
|
||||
|
||||
//if everything else did not help..
|
||||
|
@ -364,8 +362,8 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief gives back the user names as they are used ownClod internally
|
||||
* @param $ldapGroups an array with the ldap Users result in style of array ( array ('dn' => foo, 'uid' => bar), ... )
|
||||
* @returns an array with the user names to use in ownCloud
|
||||
* @param array $ldapUsers an array with the ldap Users result in style of array ( array ('dn' => foo, 'uid' => bar), ... )
|
||||
* @return array an array with the user names to use in ownCloud
|
||||
*
|
||||
* gives back the user names as they are used ownClod internally
|
||||
*/
|
||||
|
@ -375,8 +373,8 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief gives back the group names as they are used ownClod internally
|
||||
* @param $ldapGroups an array with the ldap Groups result in style of array ( array ('dn' => foo, 'cn' => bar), ... )
|
||||
* @returns an array with the group names to use in ownCloud
|
||||
* @param array $ldapGroups an array with the ldap Groups result in style of array ( array ('dn' => foo, 'cn' => bar), ... )
|
||||
* @return array an array with the group names to use in ownCloud
|
||||
*
|
||||
* gives back the group names as they are used ownClod internally
|
||||
*/
|
||||
|
@ -384,6 +382,10 @@ class Access extends LDAPUtility {
|
|||
return $this->ldap2ownCloudNames($ldapGroups, false);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $dn
|
||||
* @return bool|string
|
||||
*/
|
||||
private function findMappedUser($dn) {
|
||||
static $query = null;
|
||||
if(is_null($query)) {
|
||||
|
@ -400,6 +402,10 @@ class Access extends LDAPUtility {
|
|||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $dn
|
||||
* @return bool|string
|
||||
*/
|
||||
private function findMappedGroup($dn) {
|
||||
static $query = null;
|
||||
if(is_null($query)) {
|
||||
|
@ -416,9 +422,10 @@ class Access extends LDAPUtility {
|
|||
return false;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @param boolean $isUsers
|
||||
* @param array $ldapObjects
|
||||
* @param bool $isUsers
|
||||
* @return array
|
||||
*/
|
||||
private function ldap2ownCloudNames($ldapObjects, $isUsers) {
|
||||
if($isUsers) {
|
||||
|
@ -430,13 +437,13 @@ class Access extends LDAPUtility {
|
|||
|
||||
foreach($ldapObjects as $ldapObject) {
|
||||
$nameByLDAP = isset($ldapObject[$nameAttribute]) ? $ldapObject[$nameAttribute] : null;
|
||||
$ocname = $this->dn2ocname($ldapObject['dn'], $nameByLDAP, $isUsers);
|
||||
if($ocname) {
|
||||
$ownCloudNames[] = $ocname;
|
||||
$ocName = $this->dn2ocname($ldapObject['dn'], $nameByLDAP, $isUsers);
|
||||
if($ocName) {
|
||||
$ownCloudNames[] = $ocName;
|
||||
if($isUsers) {
|
||||
//cache the user names so it does not need to be retrieved
|
||||
//again later (e.g. sharing dialogue).
|
||||
$this->cacheUserDisplayName($ocname, $nameByLDAP);
|
||||
$this->cacheUserDisplayName($ocName, $nameByLDAP);
|
||||
}
|
||||
}
|
||||
continue;
|
||||
|
@ -446,18 +453,18 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief caches the user display name
|
||||
* @param string the internal owncloud username
|
||||
* @param string the display name
|
||||
* @param string $ocName the internal ownCloud username
|
||||
* @param string $displayName the display name
|
||||
*/
|
||||
public function cacheUserDisplayName($ocname, $displayName) {
|
||||
public function cacheUserDisplayName($ocName, $displayName) {
|
||||
$cacheKeyTrunk = 'getDisplayName';
|
||||
$this->connection->writeToCache($cacheKeyTrunk.$ocname, $displayName);
|
||||
$this->connection->writeToCache($cacheKeyTrunk.$ocName, $displayName);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief creates a unique name for internal ownCloud use for users. Don't call it directly.
|
||||
* @param $name the display name of the object
|
||||
* @returns string with with the name to use in ownCloud or false if unsuccessful
|
||||
* @param string $name the display name of the object
|
||||
* @return string with with the name to use in ownCloud or false if unsuccessful
|
||||
*
|
||||
* Instead of using this method directly, call
|
||||
* createAltInternalOwnCloudName($name, true)
|
||||
|
@ -478,8 +485,8 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief creates a unique name for internal ownCloud use for groups. Don't call it directly.
|
||||
* @param $name the display name of the object
|
||||
* @returns string with with the name to use in ownCloud or false if unsuccessful.
|
||||
* @param string $name the display name of the object
|
||||
* @return string with with the name to use in ownCloud or false if unsuccessful.
|
||||
*
|
||||
* Instead of using this method directly, call
|
||||
* createAltInternalOwnCloudName($name, false)
|
||||
|
@ -504,17 +511,17 @@ class Access extends LDAPUtility {
|
|||
$lastNo = 1; //will become name_2
|
||||
} else {
|
||||
natsort($usedNames);
|
||||
$lastname = array_pop($usedNames);
|
||||
$lastNo = intval(substr($lastname, strrpos($lastname, '_') + 1));
|
||||
$lastName = array_pop($usedNames);
|
||||
$lastNo = intval(substr($lastName, strrpos($lastName, '_') + 1));
|
||||
}
|
||||
$altName = $name.'_'.strval($lastNo+1);
|
||||
unset($usedNames);
|
||||
|
||||
$attempts = 1;
|
||||
while($attempts < 21){
|
||||
//Pro forma check to be really sure it is unique
|
||||
//while loop is just a precaution. If a name is not generated within
|
||||
//20 attempts, something else is very wrong. Avoids infinite loop.
|
||||
// Check to be really sure it is unique
|
||||
// while loop is just a precaution. If a name is not generated within
|
||||
// 20 attempts, something else is very wrong. Avoids infinite loop.
|
||||
if(!\OC_Group::groupExists($altName)) {
|
||||
return $altName;
|
||||
}
|
||||
|
@ -526,9 +533,9 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief creates a unique name for internal ownCloud use.
|
||||
* @param $name the display name of the object
|
||||
* @param string $name the display name of the object
|
||||
* @param boolean $isUser whether name should be created for a user (true) or a group (false)
|
||||
* @returns string with with the name to use in ownCloud or false if unsuccessful
|
||||
* @return string with with the name to use in ownCloud or false if unsuccessful
|
||||
*/
|
||||
private function createAltInternalOwnCloudName($name, $isUser) {
|
||||
$originalTTL = $this->connection->ldapCacheTTL;
|
||||
|
@ -545,7 +552,7 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief retrieves all known groups from the mappings table
|
||||
* @returns array with the results
|
||||
* @return array with the results
|
||||
*
|
||||
* retrieves all known groups from the mappings table
|
||||
*/
|
||||
|
@ -555,7 +562,7 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief retrieves all known users from the mappings table
|
||||
* @returns array with the results
|
||||
* @return array with the results
|
||||
*
|
||||
* retrieves all known users from the mappings table
|
||||
*/
|
||||
|
@ -579,19 +586,19 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief inserts a new user or group into the mappings table
|
||||
* @param $dn the record in question
|
||||
* @param $ocname the name to use in ownCloud
|
||||
* @param $isUser is it a user or a group?
|
||||
* @returns true on success, false otherwise
|
||||
* @param string $dn the record in question
|
||||
* @param string $ocName the name to use in ownCloud
|
||||
* @param bool $isUser is it a user or a group?
|
||||
* @return bool true on success, false otherwise
|
||||
*
|
||||
* inserts a new user or group into the mappings table
|
||||
*/
|
||||
private function mapComponent($dn, $ocname, $isUser = true) {
|
||||
private function mapComponent($dn, $ocName, $isUser = true) {
|
||||
$table = $this->getMapTable($isUser);
|
||||
|
||||
$sqlAdjustment = '';
|
||||
$dbtype = \OCP\Config::getSystemValue('dbtype');
|
||||
if($dbtype === 'mysql') {
|
||||
$dbType = \OCP\Config::getSystemValue('dbtype');
|
||||
if($dbType === 'mysql') {
|
||||
$sqlAdjustment = 'FROM DUAL';
|
||||
}
|
||||
|
||||
|
@ -607,9 +614,9 @@ class Access extends LDAPUtility {
|
|||
');
|
||||
|
||||
//feed the DB
|
||||
$insRows = $insert->execute(array($dn, $ocname,
|
||||
$insRows = $insert->execute(array($dn, $ocName,
|
||||
$this->getUUID($dn, $isUser), $dn,
|
||||
$ocname));
|
||||
$ocName));
|
||||
|
||||
if(\OCP\DB::isError($insRows)) {
|
||||
return false;
|
||||
|
@ -623,24 +630,31 @@ class Access extends LDAPUtility {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param integer $limit
|
||||
* @param integer $offset
|
||||
* @param $filter
|
||||
* @param $attr
|
||||
* @param int $limit
|
||||
* @param int $offset
|
||||
* @return array
|
||||
*/
|
||||
public function fetchListOfUsers($filter, $attr, $limit = null, $offset = null) {
|
||||
return $this->fetchList($this->searchUsers($filter, $attr, $limit, $offset), (count($attr) > 1));
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $filter
|
||||
* @param integer $limit
|
||||
* @param integer $offset
|
||||
* @param $filter
|
||||
* @param $attr
|
||||
* @param int $limit
|
||||
* @param int $offset
|
||||
* @return array
|
||||
*/
|
||||
public function fetchListOfGroups($filter, $attr, $limit = null, $offset = null) {
|
||||
return $this->fetchList($this->searchGroups($filter, $attr, $limit, $offset), (count($attr) > 1));
|
||||
}
|
||||
|
||||
/**
|
||||
* @param boolean $manyAttributes
|
||||
* @param $list
|
||||
* @param bool $manyAttributes
|
||||
* @return array
|
||||
*/
|
||||
private function fetchList($list, $manyAttributes) {
|
||||
if(is_array($list)) {
|
||||
|
@ -657,11 +671,11 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief executes an LDAP search, optimized for Users
|
||||
* @param $filter the LDAP filter for the search
|
||||
* @param $attr optional, when a certain attribute shall be filtered out
|
||||
* @param string $filter the LDAP filter for the search
|
||||
* @param string $attr optional, when a certain attribute shall be filtered out
|
||||
* @param integer $limit
|
||||
* @param integer $offset
|
||||
* @returns array with the search result
|
||||
* @return array with the search result
|
||||
*
|
||||
* Executes an LDAP search
|
||||
*/
|
||||
|
@ -671,6 +685,10 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @param string $filter
|
||||
* @param array $attr
|
||||
* @param int $limit
|
||||
* @param int $offset
|
||||
* @return false|int
|
||||
*/
|
||||
public function countUsers($filter, $attr = array('dn'), $limit = null, $offset = null) {
|
||||
return $this->count($filter, $this->connection->ldapBaseUsers, $attr, $limit, $offset);
|
||||
|
@ -679,10 +697,10 @@ class Access extends LDAPUtility {
|
|||
/**
|
||||
* @brief executes an LDAP search, optimized for Groups
|
||||
* @param string $filter the LDAP filter for the search
|
||||
* @param $attr optional, when a certain attribute shall be filtered out
|
||||
* @param string $attr optional, when a certain attribute shall be filtered out
|
||||
* @param integer $limit
|
||||
* @param integer $offset
|
||||
* @returns array with the search result
|
||||
* @return array with the search result
|
||||
*
|
||||
* Executes an LDAP search
|
||||
*/
|
||||
|
@ -692,13 +710,13 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief prepares and executes an LDAP search operation
|
||||
* @param $filter the LDAP filter for the search
|
||||
* @param $base an array containing the LDAP subtree(s) that shall be searched
|
||||
* @param $attr optional, array, one or more attributes that shall be
|
||||
* @param string $filter the LDAP filter for the search
|
||||
* @param array $base an array containing the LDAP subtree(s) that shall be searched
|
||||
* @param array $attr optional, array, one or more attributes that shall be
|
||||
* retrieved. Results will according to the order in the array.
|
||||
* @param $limit optional, maximum results to be counted
|
||||
* @param $offset optional, a starting point
|
||||
* @returns array with the search result as first value and pagedSearchOK as
|
||||
* @param int $limit optional, maximum results to be counted
|
||||
* @param int $offset optional, a starting point
|
||||
* @return array|false array with the search result as first value and pagedSearchOK as
|
||||
* second | false if not successful
|
||||
*/
|
||||
private function executeSearch($filter, $base, &$attr = null, $limit = null, $offset = null) {
|
||||
|
@ -715,7 +733,7 @@ class Access extends LDAPUtility {
|
|||
return false;
|
||||
}
|
||||
|
||||
//check wether paged search should be attempted
|
||||
//check whether paged search should be attempted
|
||||
$pagedSearchOK = $this->initPagedSearch($filter, $base, $attr, $limit, $offset);
|
||||
|
||||
$linkResources = array_pad(array(), count($base), $cr);
|
||||
|
@ -738,16 +756,16 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief processes an LDAP paged search operation
|
||||
* @param $sr the array containing the LDAP search resources
|
||||
* @param $filter the LDAP filter for the search
|
||||
* @param $base an array containing the LDAP subtree(s) that shall be searched
|
||||
* @param $iFoundItems number of results in the search operation
|
||||
* @param $limit maximum results to be counted
|
||||
* @param $offset a starting point
|
||||
* @param $pagedSearchOK whether a paged search has been executed
|
||||
* @param boolean $skipHandling required for paged search when cookies to
|
||||
* @param array $sr the array containing the LDAP search resources
|
||||
* @param string $filter the LDAP filter for the search
|
||||
* @param array $base an array containing the LDAP subtree(s) that shall be searched
|
||||
* @param int $iFoundItems number of results in the search operation
|
||||
* @param int $limit maximum results to be counted
|
||||
* @param int $offset a starting point
|
||||
* @param bool $pagedSearchOK whether a paged search has been executed
|
||||
* @param bool $skipHandling required for paged search when cookies to
|
||||
* prior results need to be gained
|
||||
* @returns array with the search result as first value and pagedSearchOK as
|
||||
* @return array|false array with the search result as first value and pagedSearchOK as
|
||||
* second | false if not successful
|
||||
*/
|
||||
private function processPagedSearchStatus($sr, $filter, $base, $iFoundItems, $limit, $offset, $pagedSearchOK, $skipHandling) {
|
||||
|
@ -780,14 +798,14 @@ class Access extends LDAPUtility {
|
|||
/**
|
||||
* @brief executes an LDAP search, but counts the results only
|
||||
* @param string $filter the LDAP filter for the search
|
||||
* @param $base an array containing the LDAP subtree(s) that shall be searched
|
||||
* @param $attr optional, array, one or more attributes that shall be
|
||||
* @param array $base an array containing the LDAP subtree(s) that shall be searched
|
||||
* @param array $attr optional, array, one or more attributes that shall be
|
||||
* retrieved. Results will according to the order in the array.
|
||||
* @param $limit optional, maximum results to be counted
|
||||
* @param $offset optional, a starting point
|
||||
* @param $skipHandling indicates whether the pages search operation is
|
||||
* @param int $limit optional, maximum results to be counted
|
||||
* @param int $offset optional, a starting point
|
||||
* @param bool $skipHandling indicates whether the pages search operation is
|
||||
* completed
|
||||
* @returns int | false if the search could not be initialized
|
||||
* @return int|false Integer or false if the search could not be initialized
|
||||
*
|
||||
*/
|
||||
private function count($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) {
|
||||
|
@ -799,7 +817,7 @@ class Access extends LDAPUtility {
|
|||
|
||||
$counter = 0;
|
||||
$count = null;
|
||||
$cr = $this->connection->getConnectionResource();
|
||||
$this->connection->getConnectionResource();
|
||||
|
||||
do {
|
||||
$continue = false;
|
||||
|
@ -821,10 +839,15 @@ class Access extends LDAPUtility {
|
|||
return $counter;
|
||||
}
|
||||
|
||||
private function countEntriesInSearchResults($searchResults, $limit,
|
||||
&$hasHitLimit) {
|
||||
/**
|
||||
* @param $searchResults
|
||||
* @param $limit
|
||||
* @param $hasHitLimit
|
||||
* @return int
|
||||
*/
|
||||
private function countEntriesInSearchResults($searchResults, $limit, &$hasHitLimit) {
|
||||
$cr = $this->connection->getConnectionResource();
|
||||
$count = 0;
|
||||
$counter = 0;
|
||||
|
||||
foreach($searchResults as $res) {
|
||||
$count = intval($this->ldap->countEntries($cr, $res));
|
||||
|
@ -838,14 +861,14 @@ class Access extends LDAPUtility {
|
|||
}
|
||||
|
||||
/**
|
||||
* @brief executes an LDAP search
|
||||
* @param $filter the LDAP filter for the search
|
||||
* @param $base an array containing the LDAP subtree(s) that shall be searched
|
||||
* @param $attr optional, array, one or more attributes that shall be
|
||||
* retrieved. Results will according to the order in the array.
|
||||
* @returns array with the search result
|
||||
*
|
||||
* Executes an LDAP search
|
||||
* @brief Executes an LDAP search
|
||||
* @param string $filter the LDAP filter for the search
|
||||
* @param array $base an array containing the LDAP subtree(s) that shall be searched
|
||||
* @param array $attr optional, array, one or more attributes that shall be
|
||||
* @param int $limit
|
||||
* @param int $offset
|
||||
* @param bool $skipHandling
|
||||
* @return array with the search result
|
||||
*/
|
||||
private function search($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) {
|
||||
$search = $this->executeSearch($filter, $base, $attr, $limit, $offset);
|
||||
|
@ -873,7 +896,7 @@ class Access extends LDAPUtility {
|
|||
}
|
||||
|
||||
$findings = array();
|
||||
foreach($sr as $key => $res) {
|
||||
foreach($sr as $res) {
|
||||
$findings = array_merge($findings, $this->ldap->getEntries($cr , $res ));
|
||||
}
|
||||
|
||||
|
@ -889,9 +912,9 @@ class Access extends LDAPUtility {
|
|||
|
||||
if(!is_null($attr)) {
|
||||
$selection = array();
|
||||
$multiarray = false;
|
||||
$multiArray = false;
|
||||
if(count($attr) > 1) {
|
||||
$multiarray = true;
|
||||
$multiArray = true;
|
||||
$i = 0;
|
||||
}
|
||||
foreach($findings as $item) {
|
||||
|
@ -900,7 +923,7 @@ class Access extends LDAPUtility {
|
|||
}
|
||||
$item = \OCP\Util::mb_array_change_key_case($item, MB_CASE_LOWER, 'UTF-8');
|
||||
|
||||
if($multiarray) {
|
||||
if($multiArray) {
|
||||
foreach($attr as $key) {
|
||||
$key = mb_strtolower($key, 'UTF-8');
|
||||
if(isset($item[$key])) {
|
||||
|
@ -931,7 +954,7 @@ class Access extends LDAPUtility {
|
|||
$findings = $selection;
|
||||
}
|
||||
//we slice the findings, when
|
||||
//a) paged search insuccessful, though attempted
|
||||
//a) paged search unsuccessful, though attempted
|
||||
//b) no paged search, but limit set
|
||||
if((!$this->getPagedSearchResultState()
|
||||
&& $pagedSearchOK)
|
||||
|
@ -945,19 +968,23 @@ class Access extends LDAPUtility {
|
|||
return $findings;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $name
|
||||
* @return bool|mixed|string
|
||||
*/
|
||||
public function sanitizeUsername($name) {
|
||||
if($this->connection->ldapIgnoreNamingRules) {
|
||||
return $name;
|
||||
}
|
||||
|
||||
// Translitaration
|
||||
//latin characters to ASCII
|
||||
// Transliteration
|
||||
// latin characters to ASCII
|
||||
$name = iconv('UTF-8', 'ASCII//TRANSLIT', $name);
|
||||
|
||||
//REPLACEMENTS
|
||||
// Replacements
|
||||
$name = \OCP\Util::mb_str_replace(' ', '_', $name, 'UTF-8');
|
||||
|
||||
//every remaining unallowed characters will be removed
|
||||
// Every remaining disallowed characters will be removed
|
||||
$name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name);
|
||||
|
||||
return $name;
|
||||
|
@ -966,7 +993,7 @@ class Access extends LDAPUtility {
|
|||
/**
|
||||
* @brief escapes (user provided) parts for LDAP filter
|
||||
* @param string $input, the provided value
|
||||
* @return the escaped string
|
||||
* @return string the escaped string
|
||||
*/
|
||||
public function escapeFilterPart($input) {
|
||||
$search = array('*', '\\', '(', ')');
|
||||
|
@ -977,9 +1004,7 @@ class Access extends LDAPUtility {
|
|||
/**
|
||||
* @brief combines the input filters with AND
|
||||
* @param $filters array, the filters to connect
|
||||
* @returns the combined filter
|
||||
*
|
||||
* Combines Filter arguments with AND
|
||||
* @return string the combined filter
|
||||
*/
|
||||
public function combineFilterWithAnd($filters) {
|
||||
return $this->combineFilter($filters, '&');
|
||||
|
@ -988,9 +1013,7 @@ class Access extends LDAPUtility {
|
|||
/**
|
||||
* @brief combines the input filters with AND
|
||||
* @param $filters array, the filters to connect
|
||||
* @returns the combined filter
|
||||
*
|
||||
* Combines Filter arguments with AND
|
||||
* @return string the combined filter
|
||||
*/
|
||||
public function combineFilterWithOr($filters) {
|
||||
return $this->combineFilter($filters, '|');
|
||||
|
@ -1000,9 +1023,7 @@ class Access extends LDAPUtility {
|
|||
* @brief combines the input filters with given operator
|
||||
* @param $filters array, the filters to connect
|
||||
* @param string $operator either & or |
|
||||
* @returns the combined filter
|
||||
*
|
||||
* Combines Filter arguments with AND
|
||||
* @return string the combined filter
|
||||
*/
|
||||
private function combineFilter($filters, $operator) {
|
||||
$combinedFilter = '('.$operator;
|
||||
|
@ -1017,7 +1038,7 @@ class Access extends LDAPUtility {
|
|||
}
|
||||
|
||||
/**
|
||||
* @brief creates a filter part for to perfrom search for users
|
||||
* @brief creates a filter part for to perform search for users
|
||||
* @param string $search the search term
|
||||
* @return string the final filter part to use in LDAP searches
|
||||
*/
|
||||
|
@ -1028,7 +1049,7 @@ class Access extends LDAPUtility {
|
|||
}
|
||||
|
||||
/**
|
||||
* @brief creates a filter part for to perfrom search for groups
|
||||
* @brief creates a filter part for to perform search for groups
|
||||
* @param string $search the search term
|
||||
* @return string the final filter part to use in LDAP searches
|
||||
*/
|
||||
|
@ -1041,9 +1062,10 @@ class Access extends LDAPUtility {
|
|||
/**
|
||||
* @brief creates a filter part for searches
|
||||
* @param string $search the search term
|
||||
* @param $searchAttributes
|
||||
* @param string $fallbackAttribute a fallback attribute in case the user
|
||||
* did not define search attributes. Typically the display name attribute.
|
||||
* @returns string the final filter part to use in LDAP searches
|
||||
* @return string the final filter part to use in LDAP searches
|
||||
*/
|
||||
private function getFilterPartForSearch($search, $searchAttributes, $fallbackAttribute) {
|
||||
$filter = array();
|
||||
|
@ -1065,7 +1087,9 @@ class Access extends LDAPUtility {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param string $name
|
||||
* @param string $password
|
||||
* @return bool
|
||||
*/
|
||||
public function areCredentialsValid($name, $password) {
|
||||
$name = $this->DNasBaseParameter($name);
|
||||
|
@ -1084,9 +1108,10 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief auto-detects the directory's UUID attribute
|
||||
* @param $dn a known DN used to check against
|
||||
* @param $force the detection should be run, even if it is not set to auto
|
||||
* @returns true on success, false otherwise
|
||||
* @param string $dn a known DN used to check against
|
||||
* @param bool $isUser
|
||||
* @param bool $force the detection should be run, even if it is not set to auto
|
||||
* @return bool true on success, false otherwise
|
||||
*/
|
||||
private function detectUuidAttribute($dn, $isUser = true, $force = false) {
|
||||
if($isUser) {
|
||||
|
@ -1106,7 +1131,7 @@ class Access extends LDAPUtility {
|
|||
return true;
|
||||
}
|
||||
|
||||
//for now, supported attributes are entryUUID, nsuniqueid, objectGUID, ipaUniqueID
|
||||
// for now, supported attributes are entryUUID, nsuniqueid, objectGUID, ipaUniqueID
|
||||
$testAttributes = array('entryuuid', 'nsuniqueid', 'objectguid', 'guid', 'ipauniqueid');
|
||||
|
||||
foreach($testAttributes as $attribute) {
|
||||
|
@ -1126,6 +1151,11 @@ class Access extends LDAPUtility {
|
|||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $dn
|
||||
* @param bool $isUser
|
||||
* @return array|bool|false
|
||||
*/
|
||||
public function getUUID($dn, $isUser = true) {
|
||||
if($isUser) {
|
||||
$uuidAttr = 'ldapUuidUserAttribute';
|
||||
|
@ -1154,11 +1184,9 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief converts a binary ObjectGUID into a string representation
|
||||
* @param $oguid the ObjectGUID in it's binary form as retrieved from AD
|
||||
* @returns String
|
||||
*
|
||||
* converts a binary ObjectGUID into a string representation
|
||||
* http://www.php.net/manual/en/function.ldap-get-values-len.php#73198
|
||||
* @param string $oguid the ObjectGUID in it's binary form as retrieved from AD
|
||||
* @return string
|
||||
* @link http://www.php.net/manual/en/function.ldap-get-values-len.php#73198
|
||||
*/
|
||||
private function convertObjectGUID2Str($oguid) {
|
||||
$hex_guid = bin2hex($oguid);
|
||||
|
@ -1181,12 +1209,9 @@ class Access extends LDAPUtility {
|
|||
}
|
||||
|
||||
/**
|
||||
* @brief converts a stored DN so it can be used as base parameter for LDAP queries
|
||||
* @param $dn the DN
|
||||
* @returns String
|
||||
*
|
||||
* converts a stored DN so it can be used as base parameter for LDAP queries
|
||||
* internally we store them for usage in LDAP filters
|
||||
* @brief converts a stored DN so it can be used as base parameter for LDAP queries, internally we store them for usage in LDAP filters
|
||||
* @param string $dn the DN
|
||||
* @return string
|
||||
*/
|
||||
private function DNasBaseParameter($dn) {
|
||||
return str_ireplace('\\5c', '\\', $dn);
|
||||
|
@ -1194,12 +1219,14 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief checks if the given DN is part of the given base DN(s)
|
||||
* @param $dn the DN
|
||||
* @param string $dn the DN
|
||||
* @param $bases array containing the allowed base DN or DNs
|
||||
* @returns Boolean
|
||||
* @return bool
|
||||
*/
|
||||
private function isDNPartOfBase($dn, $bases) {
|
||||
$belongsToBase = false;
|
||||
$bases = $this->sanitizeDN($bases);
|
||||
|
||||
foreach($bases as $base) {
|
||||
$belongsToBase = true;
|
||||
if(mb_strripos($dn, $base, 0, 'UTF-8') !== (mb_strlen($dn, 'UTF-8')-mb_strlen($base, 'UTF-8'))) {
|
||||
|
@ -1214,11 +1241,11 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief get a cookie for the next LDAP paged search
|
||||
* @param $base a string with the base DN for the search
|
||||
* @param $filter the search filter to identify the correct search
|
||||
* @param $limit the limit (or 'pageSize'), to identify the correct search well
|
||||
* @param $offset the offset for the new search to identify the correct search really good
|
||||
* @returns string containing the key or empty if none is cached
|
||||
* @param string $base a string with the base DN for the search
|
||||
* @param string $filter the search filter to identify the correct search
|
||||
* @param int $limit the limit (or 'pageSize'), to identify the correct search well
|
||||
* @param int $offset the offset for the new search to identify the correct search really good
|
||||
* @return string containing the key or empty if none is cached
|
||||
*/
|
||||
private function getPagedResultCookie($base, $filter, $limit, $offset) {
|
||||
if($offset === 0) {
|
||||
|
@ -1226,10 +1253,10 @@ class Access extends LDAPUtility {
|
|||
}
|
||||
$offset -= $limit;
|
||||
//we work with cache here
|
||||
$cachekey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' . intval($limit) . '-' . intval($offset);
|
||||
$cacheKey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' . intval($limit) . '-' . intval($offset);
|
||||
$cookie = '';
|
||||
if(isset($this->cookies[$cachekey])) {
|
||||
$cookie = $this->cookies[$cachekey];
|
||||
if(isset($this->cookies[$cacheKey])) {
|
||||
$cookie = $this->cookies[$cacheKey];
|
||||
if(is_null($cookie)) {
|
||||
$cookie = '';
|
||||
}
|
||||
|
@ -1239,22 +1266,22 @@ class Access extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief set a cookie for LDAP paged search run
|
||||
* @param $base a string with the base DN for the search
|
||||
* @param $filter the search filter to identify the correct search
|
||||
* @param $limit the limit (or 'pageSize'), to identify the correct search well
|
||||
* @param $offset the offset for the run search to identify the correct search really good
|
||||
* @param $cookie string containing the cookie returned by ldap_control_paged_result_response
|
||||
* @param string $base a string with the base DN for the search
|
||||
* @param string $filter the search filter to identify the correct search
|
||||
* @param int $limit the limit (or 'pageSize'), to identify the correct search well
|
||||
* @param int $offset the offset for the run search to identify the correct search really good
|
||||
* @param string $cookie string containing the cookie returned by ldap_control_paged_result_response
|
||||
* @return void
|
||||
*/
|
||||
private function setPagedResultCookie($base, $filter, $limit, $offset, $cookie) {
|
||||
if(!empty($cookie)) {
|
||||
$cachekey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' .intval($limit) . '-' . intval($offset);
|
||||
$this->cookies[$cachekey] = $cookie;
|
||||
$cacheKey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' .intval($limit) . '-' . intval($offset);
|
||||
$this->cookies[$cacheKey] = $cookie;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief check wether the most recent paged search was successful. It flushed the state var. Use it always after a possible paged search.
|
||||
* @brief Check whether the most recent paged search was successful. It flushed the state var. Use it always after a possible paged search.
|
||||
* @return boolean|null true on success, null or false otherwise
|
||||
*/
|
||||
public function getPagedSearchResultState() {
|
||||
|
@ -1263,15 +1290,14 @@ class Access extends LDAPUtility {
|
|||
return $result;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @brief prepares a paged search, if possible
|
||||
* @param $filter the LDAP filter for the search
|
||||
* @param $bases an array containing the LDAP subtree(s) that shall be searched
|
||||
* @param $attr optional, when a certain attribute shall be filtered outside
|
||||
* @param $limit
|
||||
* @param $offset
|
||||
*
|
||||
* @brief Prepares a paged search, if possible
|
||||
* @param string $filter the LDAP filter for the search
|
||||
* @param array $bases an array containing the LDAP subtree(s) that shall be searched
|
||||
* @param array $attr optional, when a certain attribute shall be filtered outside
|
||||
* @param int $limit
|
||||
* @param int $offset
|
||||
* @return bool|true
|
||||
*/
|
||||
private function initPagedSearch($filter, $bases, $attr, $limit, $offset) {
|
||||
$pagedSearchOK = false;
|
||||
|
@ -1287,8 +1313,9 @@ class Access extends LDAPUtility {
|
|||
$cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
|
||||
if(empty($cookie) && ($offset > 0)) {
|
||||
// no cookie known, although the offset is not 0. Maybe cache run out. We need
|
||||
// to start all over *sigh* (btw, Dear Reader, did you need LDAP paged
|
||||
// to start all over *sigh* (btw, Dear Reader, did you know LDAP paged
|
||||
// searching was designed by MSFT?)
|
||||
// Lukas: No, but thanks to reading that source I finally know!
|
||||
$reOffset = ($offset - $limit) < 0 ? 0 : $offset - $limit;
|
||||
//a bit recursive, $offset of 0 is the exit
|
||||
\OCP\Util::writeLog('user_ldap', 'Looking for cookie L/O '.$limit.'/'.$reOffset, \OCP\Util::INFO);
|
||||
|
|
|
@ -30,7 +30,7 @@ abstract class BackendUtility {
|
|||
|
||||
/**
|
||||
* @brief constructor, make sure the subclasses call this one!
|
||||
* @param $access an instance of Access for LDAP interaction
|
||||
* @param Access $access an instance of Access for LDAP interaction
|
||||
*/
|
||||
public function __construct(Access $access) {
|
||||
$this->access = $access;
|
||||
|
|
|
@ -81,25 +81,37 @@ class Configuration {
|
|||
);
|
||||
|
||||
/**
|
||||
* @param string $configPrefix
|
||||
* @param $configPrefix
|
||||
* @param bool $autoRead
|
||||
*/
|
||||
public function __construct($configPrefix, $autoread = true) {
|
||||
public function __construct($configPrefix, $autoRead = true) {
|
||||
$this->configPrefix = $configPrefix;
|
||||
if($autoread) {
|
||||
if($autoRead) {
|
||||
$this->readConfiguration();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $name
|
||||
* @return mixed|void
|
||||
*/
|
||||
public function __get($name) {
|
||||
if(isset($this->config[$name])) {
|
||||
return $this->config[$name];
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $name
|
||||
* @param $value
|
||||
*/
|
||||
public function __set($name, $value) {
|
||||
$this->setConfiguration(array($name => $value));
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
public function getConfiguration() {
|
||||
return $this->config;
|
||||
}
|
||||
|
@ -110,7 +122,7 @@ class Configuration {
|
|||
* must call saveConfiguration afterwards.
|
||||
* @param $config array that holds the config parameters in an associated
|
||||
* array
|
||||
* @param &$applied optional; array where the set fields will be given to
|
||||
* @param array &$applied optional; array where the set fields will be given to
|
||||
* @return false|null
|
||||
*/
|
||||
public function setConfiguration($config, &$applied = null) {
|
||||
|
@ -119,11 +131,11 @@ class Configuration {
|
|||
}
|
||||
|
||||
$cta = $this->getConfigTranslationArray();
|
||||
foreach($config as $inputkey => $val) {
|
||||
if(strpos($inputkey, '_') !== false && array_key_exists($inputkey, $cta)) {
|
||||
$key = $cta[$inputkey];
|
||||
} elseif(array_key_exists($inputkey, $this->config)) {
|
||||
$key = $inputkey;
|
||||
foreach($config as $inputKey => $val) {
|
||||
if(strpos($inputKey, '_') !== false && array_key_exists($inputKey, $cta)) {
|
||||
$key = $cta[$inputKey];
|
||||
} elseif(array_key_exists($inputKey, $this->config)) {
|
||||
$key = $inputKey;
|
||||
} else {
|
||||
continue;
|
||||
}
|
||||
|
@ -150,7 +162,7 @@ class Configuration {
|
|||
}
|
||||
$this->$setMethod($key, $val);
|
||||
if(is_array($applied)) {
|
||||
$applied[] = $inputkey;
|
||||
$applied[] = $inputKey;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -164,7 +176,7 @@ class Configuration {
|
|||
//some are determined
|
||||
continue;
|
||||
}
|
||||
$dbkey = $cta[$key];
|
||||
$dbKey = $cta[$key];
|
||||
switch($key) {
|
||||
case 'ldapBase':
|
||||
case 'ldapBaseUsers':
|
||||
|
@ -180,7 +192,7 @@ class Configuration {
|
|||
break;
|
||||
case 'ldapIgnoreNamingRules':
|
||||
$readMethod = 'getSystemValue';
|
||||
$dbkey = $key;
|
||||
$dbKey = $key;
|
||||
break;
|
||||
case 'ldapAgentPassword':
|
||||
$readMethod = 'getPwd';
|
||||
|
@ -193,7 +205,7 @@ class Configuration {
|
|||
$readMethod = 'getValue';
|
||||
break;
|
||||
}
|
||||
$this->config[$key] = $this->$readMethod($dbkey);
|
||||
$this->config[$key] = $this->$readMethod($dbKey);
|
||||
}
|
||||
$this->configRead = true;
|
||||
}
|
||||
|
@ -237,8 +249,12 @@ class Configuration {
|
|||
}
|
||||
}
|
||||
|
||||
protected function getMultiLine($varname) {
|
||||
$value = $this->getValue($varname);
|
||||
/**
|
||||
* @param $varName
|
||||
* @return array|string
|
||||
*/
|
||||
protected function getMultiLine($varName) {
|
||||
$value = $this->getValue($varName);
|
||||
if(empty($value)) {
|
||||
$value = '';
|
||||
} else {
|
||||
|
@ -248,7 +264,11 @@ class Configuration {
|
|||
return $value;
|
||||
}
|
||||
|
||||
protected function setMultiLine($varname, $value) {
|
||||
/**
|
||||
* @param $varName
|
||||
* @param $value
|
||||
*/
|
||||
protected function setMultiLine($varName, $value) {
|
||||
if(empty($value)) {
|
||||
$value = '';
|
||||
} else if (!is_array($value)) {
|
||||
|
@ -258,44 +278,69 @@ class Configuration {
|
|||
}
|
||||
}
|
||||
|
||||
$this->setValue($varname, $value);
|
||||
$this->setValue($varName, $value);
|
||||
}
|
||||
|
||||
protected function getPwd($varname) {
|
||||
return base64_decode($this->getValue($varname));
|
||||
/**
|
||||
* @param $varName
|
||||
* @return string
|
||||
*/
|
||||
protected function getPwd($varName) {
|
||||
return base64_decode($this->getValue($varName));
|
||||
}
|
||||
|
||||
protected function getLcValue($varname) {
|
||||
return mb_strtolower($this->getValue($varname), 'UTF-8');
|
||||
/**
|
||||
* @param $varName
|
||||
* @return string
|
||||
*/
|
||||
protected function getLcValue($varName) {
|
||||
return mb_strtolower($this->getValue($varName), 'UTF-8');
|
||||
}
|
||||
|
||||
protected function getSystemValue($varname) {
|
||||
/**
|
||||
* @param $varName
|
||||
* @return string
|
||||
*/
|
||||
protected function getSystemValue($varName) {
|
||||
//FIXME: if another system value is added, softcode the default value
|
||||
return \OCP\Config::getSystemValue($varname, false);
|
||||
return \OCP\Config::getSystemValue($varName, false);
|
||||
}
|
||||
|
||||
protected function getValue($varname) {
|
||||
/**
|
||||
* @param $varName
|
||||
* @return string
|
||||
*/
|
||||
protected function getValue($varName) {
|
||||
static $defaults;
|
||||
if(is_null($defaults)) {
|
||||
$defaults = $this->getDefaults();
|
||||
}
|
||||
return \OCP\Config::getAppValue('user_ldap',
|
||||
$this->configPrefix.$varname,
|
||||
$defaults[$varname]);
|
||||
$this->configPrefix.$varName,
|
||||
$defaults[$varName]);
|
||||
}
|
||||
|
||||
protected function setValue($varname, $value) {
|
||||
$this->config[$varname] = $value;
|
||||
/**
|
||||
* @param $varName
|
||||
* @param $value
|
||||
*/
|
||||
protected function setValue($varName, $value) {
|
||||
$this->config[$varName] = $value;
|
||||
}
|
||||
|
||||
protected function saveValue($varname, $value) {
|
||||
/**
|
||||
* @param $varName
|
||||
* @param $value
|
||||
* @return bool
|
||||
*/
|
||||
protected function saveValue($varName, $value) {
|
||||
return \OCP\Config::setAppValue('user_ldap',
|
||||
$this->configPrefix.$varname,
|
||||
$this->configPrefix.$varName,
|
||||
$value);
|
||||
}
|
||||
|
||||
/**
|
||||
* @returns an associative array with the default values. Keys are correspond
|
||||
* @return array an associative array with the default values. Keys are correspond
|
||||
* to config-value entries in the database table
|
||||
*/
|
||||
public function getDefaults() {
|
||||
|
@ -350,7 +395,7 @@ class Configuration {
|
|||
}
|
||||
|
||||
/**
|
||||
* @return returns an array that maps internal variable names to database fields
|
||||
* @return array that maps internal variable names to database fields
|
||||
*/
|
||||
public function getConfigTranslationArray() {
|
||||
//TODO: merge them into one representation
|
||||
|
|
|
@ -43,8 +43,9 @@ class Connection extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief Constructor
|
||||
* @param $configPrefix a string with the prefix for the configkey column (appconfig table)
|
||||
* @param $configID a string with the value for the appid column (appconfig table) or null for on-the-fly connections
|
||||
* @param ILDAPWrapper $ldap
|
||||
* @param string $configPrefix a string with the prefix for the configkey column (appconfig table)
|
||||
* @param string $configID a string with the value for the appid column (appconfig table) or null for on-the-fly connections
|
||||
*/
|
||||
public function __construct(ILDAPWrapper $ldap, $configPrefix = '', $configID = 'user_ldap') {
|
||||
parent::__construct($ldap);
|
||||
|
@ -82,6 +83,10 @@ class Connection extends LDAPUtility {
|
|||
!is_null($this->configID));
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $name
|
||||
* @return bool|mixed|void
|
||||
*/
|
||||
public function __get($name) {
|
||||
if(!$this->configured) {
|
||||
$this->readConfiguration();
|
||||
|
@ -94,6 +99,10 @@ class Connection extends LDAPUtility {
|
|||
return $this->configuration->$name;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $name
|
||||
* @param $value
|
||||
*/
|
||||
public function __set($name, $value) {
|
||||
$this->doNotValidate = false;
|
||||
$before = $this->configuration->$name;
|
||||
|
@ -109,9 +118,7 @@ class Connection extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief initializes the LDAP backend
|
||||
* @param $force read the config settings no matter what
|
||||
*
|
||||
* initializes the LDAP backend
|
||||
* @param bool $force read the config settings no matter what
|
||||
*/
|
||||
public function init($force = false) {
|
||||
$this->readConfiguration($force);
|
||||
|
@ -119,7 +126,7 @@ class Connection extends LDAPUtility {
|
|||
}
|
||||
|
||||
/**
|
||||
* Returns the LDAP handler
|
||||
* @brief Returns the LDAP handler
|
||||
*/
|
||||
public function getConnectionResource() {
|
||||
if(!$this->ldapConnectionRes) {
|
||||
|
@ -135,7 +142,8 @@ class Connection extends LDAPUtility {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param string|null $key
|
||||
* @param $key
|
||||
* @return string
|
||||
*/
|
||||
private function getCacheKey($key) {
|
||||
$prefix = 'LDAP-'.$this->configID.'-'.$this->configPrefix.'-';
|
||||
|
@ -146,7 +154,8 @@ class Connection extends LDAPUtility {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param string $key
|
||||
* @param $key
|
||||
* @return mixed|null
|
||||
*/
|
||||
public function getFromCache($key) {
|
||||
if(!$this->configured) {
|
||||
|
@ -165,7 +174,8 @@ class Connection extends LDAPUtility {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param string $key
|
||||
* @param $key
|
||||
* @return bool
|
||||
*/
|
||||
public function isCached($key) {
|
||||
if(!$this->configured) {
|
||||
|
@ -179,7 +189,8 @@ class Connection extends LDAPUtility {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param string $key
|
||||
* @param $key
|
||||
* @param $value
|
||||
*/
|
||||
public function writeToCache($key, $value) {
|
||||
if(!$this->configured) {
|
||||
|
@ -200,7 +211,7 @@ class Connection extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief Caches the general LDAP configuration.
|
||||
* @param $force optional. true, if the re-read should be forced. defaults
|
||||
* @param bool $force optional. true, if the re-read should be forced. defaults
|
||||
* to false.
|
||||
* @return null
|
||||
*/
|
||||
|
@ -214,7 +225,7 @@ class Connection extends LDAPUtility {
|
|||
/**
|
||||
* @brief set LDAP configuration with values delivered by an array, not read from configuration
|
||||
* @param $config array that holds the config parameters in an associated array
|
||||
* @param &$setParameters optional; array where the set fields will be given to
|
||||
* @param array &$setParameters optional; array where the set fields will be given to
|
||||
* @return boolean true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters
|
||||
*/
|
||||
public function setConfiguration($config, &$setParameters = null) {
|
||||
|
@ -326,9 +337,9 @@ class Connection extends LDAPUtility {
|
|||
}
|
||||
|
||||
//make sure empty search attributes are saved as simple, empty array
|
||||
$sakeys = array('ldapAttributesForUserSearch',
|
||||
$saKeys = array('ldapAttributesForUserSearch',
|
||||
'ldapAttributesForGroupSearch');
|
||||
foreach($sakeys as $key) {
|
||||
foreach($saKeys as $key) {
|
||||
$val = $this->configuration->$key;
|
||||
if(is_array($val) && count($val) === 1 && empty($val[0])) {
|
||||
$this->configuration->$key = array();
|
||||
|
@ -345,6 +356,9 @@ class Connection extends LDAPUtility {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
private function doCriticalValidation() {
|
||||
$configurationOK = true;
|
||||
$errorStr = 'Configuration Error (prefix '.
|
||||
|
@ -420,7 +434,7 @@ class Connection extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief Validates the user specified configuration
|
||||
* @returns true if configuration seems OK, false otherwise
|
||||
* @return bool true if configuration seems OK, false otherwise
|
||||
*/
|
||||
private function validateConfiguration() {
|
||||
|
||||
|
@ -435,8 +449,8 @@ class Connection extends LDAPUtility {
|
|||
// necessary, but advisable. If left empty, give an info message
|
||||
$this->doSoftValidation();
|
||||
|
||||
//second step: critical checks. If left empty or filled wrong, set as
|
||||
//unconfigured and give a warning.
|
||||
//second step: critical checks. If left empty or filled wrong, mark as
|
||||
//not configured and give a warning.
|
||||
return $this->doCriticalValidation();
|
||||
}
|
||||
|
||||
|
@ -508,12 +522,17 @@ class Connection extends LDAPUtility {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $host
|
||||
* @param $port
|
||||
* @return false|void
|
||||
*/
|
||||
private function doConnect($host, $port) {
|
||||
if(empty($host)) {
|
||||
return false;
|
||||
}
|
||||
if(strpos($host, '://') !== false) {
|
||||
//ldap_connect ignores port paramater when URLs are passed
|
||||
//ldap_connect ignores port parameter when URLs are passed
|
||||
$host .= ':' . $port;
|
||||
}
|
||||
$this->ldapConnectionRes = $this->ldap->connect($host, $port);
|
||||
|
|
|
@ -27,7 +27,7 @@ class Helper {
|
|||
|
||||
/**
|
||||
* @brief returns prefixes for each saved LDAP/AD server configuration.
|
||||
* @param bool optional, whether only active configuration shall be
|
||||
* @param bool $activeConfigurations optional, whether only active configuration shall be
|
||||
* retrieved, defaults to false
|
||||
* @return array with a list of the available prefixes
|
||||
*
|
||||
|
@ -80,7 +80,7 @@ class Helper {
|
|||
/**
|
||||
*
|
||||
* @brief determines the host for every configured connection
|
||||
* @return an array with configprefix as keys
|
||||
* @return array an array with configprefix as keys
|
||||
*
|
||||
*/
|
||||
static public function getServerConfigurationHosts() {
|
||||
|
@ -107,7 +107,7 @@ class Helper {
|
|||
|
||||
/**
|
||||
* @brief deletes a given saved LDAP/AD server configuration.
|
||||
* @param string the configuration prefix of the config to delete
|
||||
* @param string $prefix the configuration prefix of the config to delete
|
||||
* @return bool true on success, false otherwise
|
||||
*/
|
||||
static public function deleteServerConfiguration($prefix) {
|
||||
|
@ -148,7 +148,7 @@ class Helper {
|
|||
* Truncate's the given mapping table
|
||||
*
|
||||
* @param string $mapping either 'user' or 'group'
|
||||
* @return boolean true on success, false otherwise
|
||||
* @return bool true on success, false otherwise
|
||||
*/
|
||||
static public function clearMapping($mapping) {
|
||||
if($mapping === 'user') {
|
||||
|
@ -177,8 +177,8 @@ class Helper {
|
|||
|
||||
/**
|
||||
* @brief extractsthe domain from a given URL
|
||||
* @param $url the URL
|
||||
* @return mixed, domain as string on success, false otherwise
|
||||
* @param string $url the URL
|
||||
* @return string|false domain as string on success, false otherwise
|
||||
*/
|
||||
static public function getDomainFromURL($url) {
|
||||
$uinfo = parse_url($url);
|
||||
|
|
|
@ -30,9 +30,9 @@ interface ILDAPWrapper {
|
|||
/**
|
||||
* @brief Bind to LDAP directory
|
||||
* @param resource $link LDAP link resource
|
||||
* @param $dn an RDN to log in with
|
||||
* @param $password the password
|
||||
* @return true on success, false otherwise
|
||||
* @param string $dn an RDN to log in with
|
||||
* @param string $password the password
|
||||
* @return bool true on success, false otherwise
|
||||
*
|
||||
* with $dn and $password as null a anonymous bind is attempted.
|
||||
*/
|
||||
|
@ -40,28 +40,28 @@ interface ILDAPWrapper {
|
|||
|
||||
/**
|
||||
* @brief connect to an LDAP server
|
||||
* @param $host The host to connect to
|
||||
* @param $port The port to connect to
|
||||
* @return a link resource on success, otherwise false
|
||||
* @param string $host The host to connect to
|
||||
* @param string $port The port to connect to
|
||||
* @return mixed a link resource on success, otherwise false
|
||||
*/
|
||||
public function connect($host, $port);
|
||||
|
||||
/**
|
||||
* @brief Send LDAP pagination control
|
||||
* @param $link LDAP link resource
|
||||
* @param $pagesize number of results per page
|
||||
* @param boolean $isCritical Indicates whether the pagination is critical of not.
|
||||
* @param $cookie structure sent by LDAP server
|
||||
* @param resource $link LDAP link resource
|
||||
* @param int $pageSize number of results per page
|
||||
* @param bool $isCritical Indicates whether the pagination is critical of not.
|
||||
* @param array $cookie structure sent by LDAP server
|
||||
* @return true on success, false otherwise
|
||||
*/
|
||||
public function controlPagedResult($link, $pagesize, $isCritical, $cookie);
|
||||
public function controlPagedResult($link, $pageSize, $isCritical, $cookie);
|
||||
|
||||
/**
|
||||
* @brief Retrieve the LDAP pagination cookie
|
||||
* @param $link LDAP link resource
|
||||
* @param $result LDAP result resource
|
||||
* @param $cookie structure sent by LDAP server
|
||||
* @return boolean on success, false otherwise
|
||||
* @param array $cookie structure sent by LDAP server
|
||||
* @return bool true on success, false otherwise
|
||||
*
|
||||
* Corresponds to ldap_control_paged_result_response
|
||||
*/
|
||||
|
@ -69,101 +69,101 @@ interface ILDAPWrapper {
|
|||
|
||||
/**
|
||||
* @brief Count the number of entries in a search
|
||||
* @param $link LDAP link resource
|
||||
* @param $result LDAP result resource
|
||||
* @return mixed, number of results on success, false otherwise
|
||||
* @param resource $link LDAP link resource
|
||||
* @param resource $result LDAP result resource
|
||||
* @return int|false number of results on success, false otherwise
|
||||
*/
|
||||
public function countEntries($link, $result);
|
||||
|
||||
/**
|
||||
* @brief Return the LDAP error number of the last LDAP command
|
||||
* @param $link LDAP link resource
|
||||
* @return error message as string
|
||||
* @param resource $link LDAP link resource
|
||||
* @return string error message as string
|
||||
*/
|
||||
public function errno($link);
|
||||
|
||||
/**
|
||||
* @brief Return the LDAP error message of the last LDAP command
|
||||
* @param $link LDAP link resource
|
||||
* @return error code as integer
|
||||
* @param resource $link LDAP link resource
|
||||
* @return int error code as integer
|
||||
*/
|
||||
public function error($link);
|
||||
|
||||
/**
|
||||
* @brief Return first result id
|
||||
* @param $link LDAP link resource
|
||||
* @param $result LDAP result resource
|
||||
* @return an LDAP search result resource
|
||||
* @param resource $link LDAP link resource
|
||||
* @param resource $result LDAP result resource
|
||||
* @return Resource an LDAP search result resource
|
||||
* */
|
||||
public function firstEntry($link, $result);
|
||||
|
||||
/**
|
||||
* @brief Get attributes from a search result entry
|
||||
* @param $link LDAP link resource
|
||||
* @param $result LDAP result resource
|
||||
* @param resource $link LDAP link resource
|
||||
* @param resource $result LDAP result resource
|
||||
* @return array containing the results, false on error
|
||||
* */
|
||||
public function getAttributes($link, $result);
|
||||
|
||||
/**
|
||||
* @brief Get the DN of a result entry
|
||||
* @param $link LDAP link resource
|
||||
* @param $result LDAP result resource
|
||||
* @param resource $link LDAP link resource
|
||||
* @param resource $result LDAP result resource
|
||||
* @return string containing the DN, false on error
|
||||
*/
|
||||
public function getDN($link, $result);
|
||||
|
||||
/**
|
||||
* @brief Get all result entries
|
||||
* @param $link LDAP link resource
|
||||
* @param $result LDAP result resource
|
||||
* @param resource $link LDAP link resource
|
||||
* @param resource $result LDAP result resource
|
||||
* @return array containing the results, false on error
|
||||
*/
|
||||
public function getEntries($link, $result);
|
||||
|
||||
/**
|
||||
* @brief Return next result id
|
||||
* @param $link LDAP link resource
|
||||
* @param resource $link LDAP link resource
|
||||
* @param resource $result LDAP entry result resource
|
||||
* @return an LDAP search result resource
|
||||
* @return resource an LDAP search result resource
|
||||
* */
|
||||
public function nextEntry($link, $result);
|
||||
|
||||
/**
|
||||
* @brief Read an entry
|
||||
* @param $link LDAP link resource
|
||||
* @param $baseDN The DN of the entry to read from
|
||||
* @param $filter An LDAP filter
|
||||
* @param $attr array of the attributes to read
|
||||
* @return an LDAP search result resource
|
||||
* @param resource $link LDAP link resource
|
||||
* @param array $baseDN The DN of the entry to read from
|
||||
* @param string $filter An LDAP filter
|
||||
* @param array $attr array of the attributes to read
|
||||
* @return resource an LDAP search result resource
|
||||
*/
|
||||
public function read($link, $baseDN, $filter, $attr);
|
||||
|
||||
/**
|
||||
* @brief Search LDAP tree
|
||||
* @param $link LDAP link resource
|
||||
* @param $baseDN The DN of the entry to read from
|
||||
* @param $filter An LDAP filter
|
||||
* @param $attr array of the attributes to read
|
||||
* @param $attrsonly optional, 1 if only attribute types shall be returned
|
||||
* @param $limit optional, limits the result entries
|
||||
* @return an LDAP search result resource, false on error
|
||||
* @param resource $link LDAP link resource
|
||||
* @param string $baseDN The DN of the entry to read from
|
||||
* @param string $filter An LDAP filter
|
||||
* @param array $attr array of the attributes to read
|
||||
* @param int $attrsOnly optional, 1 if only attribute types shall be returned
|
||||
* @param int $limit optional, limits the result entries
|
||||
* @return resource|false an LDAP search result resource, false on error
|
||||
*/
|
||||
public function search($link, $baseDN, $filter, $attr, $attrsonly = 0, $limit = 0);
|
||||
public function search($link, $baseDN, $filter, $attr, $attrsOnly = 0, $limit = 0);
|
||||
|
||||
/**
|
||||
* @brief Sets the value of the specified option to be $value
|
||||
* @param $link LDAP link resource
|
||||
* @param $option a defined LDAP Server option
|
||||
* @param integer $value the new value for the option
|
||||
* @return true on success, false otherwise
|
||||
* @param resource $link LDAP link resource
|
||||
* @param string $option a defined LDAP Server option
|
||||
* @param int $value the new value for the option
|
||||
* @return bool true on success, false otherwise
|
||||
*/
|
||||
public function setOption($link, $option, $value);
|
||||
|
||||
/**
|
||||
* @brief establish Start TLS
|
||||
* @param $link LDAP link resource
|
||||
* @return true on success, false otherwise
|
||||
* @param resource|$link LDAP link resource
|
||||
* @return bool true on success, false otherwise
|
||||
*/
|
||||
public function startTls($link);
|
||||
|
||||
|
@ -171,35 +171,35 @@ interface ILDAPWrapper {
|
|||
* @brief Sort the result of a LDAP search
|
||||
* @param $link LDAP link resource
|
||||
* @param $result LDAP result resource
|
||||
* @param $sortfilter attribute to use a key in sort
|
||||
* @param string $sortFilter attribute to use a key in sort
|
||||
*/
|
||||
public function sort($link, $result, $sortfilter);
|
||||
public function sort($link, $result, $sortFilter);
|
||||
|
||||
/**
|
||||
* @brief Unbind from LDAP directory
|
||||
* @param resource $link LDAP link resource
|
||||
* @return true on success, false otherwise
|
||||
* @return bool true on success, false otherwise
|
||||
*/
|
||||
public function unbind($link);
|
||||
|
||||
//additional required methods in owncloud
|
||||
//additional required methods in ownCloud
|
||||
|
||||
/**
|
||||
* @brief Checks whether the server supports LDAP
|
||||
* @return boolean if it the case, false otherwise
|
||||
* @return bool true if it the case, false otherwise
|
||||
* */
|
||||
public function areLDAPFunctionsAvailable();
|
||||
|
||||
/**
|
||||
* @brief Checks whether PHP supports LDAP Paged Results
|
||||
* @return boolean if it the case, false otherwise
|
||||
* @return bool true if it the case, false otherwise
|
||||
* */
|
||||
public function hasPagedResultSupport();
|
||||
|
||||
/**
|
||||
* @brief Checks whether the submitted parameter is a resource
|
||||
* @param $resource the resource variable to check
|
||||
* @return boolean if it is a resource, false otherwise
|
||||
* @param resource $resource the resource variable to check
|
||||
* @return bool true if it is a resource, false otherwise
|
||||
*/
|
||||
public function isResource($resource);
|
||||
|
||||
|
|
|
@ -33,6 +33,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
|
|||
$this->interval = self::getRefreshInterval();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $argument
|
||||
*/
|
||||
public function run($argument){
|
||||
Jobs::updateGroups();
|
||||
}
|
||||
|
@ -57,11 +60,17 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
|
|||
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – Finished.', \OCP\Util::DEBUG);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return int
|
||||
*/
|
||||
static private function getRefreshInterval() {
|
||||
//defaults to every hour
|
||||
return \OCP\Config::getAppValue('user_ldap', 'bgjRefreshInterval', 3600);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $groups
|
||||
*/
|
||||
static private function handleKnownGroups($groups) {
|
||||
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – Dealing with known Groups.', \OCP\Util::DEBUG);
|
||||
$query = \OCP\DB::prepare('
|
||||
|
@ -97,6 +106,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
|
|||
\OCP\Util::DEBUG);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $createdGroups
|
||||
*/
|
||||
static private function handleCreatedGroups($createdGroups) {
|
||||
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – dealing with created Groups.', \OCP\Util::DEBUG);
|
||||
$query = \OCP\DB::prepare('
|
||||
|
@ -116,6 +128,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
|
|||
\OCP\Util::DEBUG);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $removedGroups
|
||||
*/
|
||||
static private function handleRemovedGroups($removedGroups) {
|
||||
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – dealing with removed groups.', \OCP\Util::DEBUG);
|
||||
$query = \OCP\DB::prepare('
|
||||
|
@ -134,6 +149,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
|
|||
\OCP\Util::DEBUG);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return \OCA\user_ldap\GROUP_LDAP|\OCA\user_ldap\Group_Proxy
|
||||
*/
|
||||
static private function getGroupBE() {
|
||||
if(!is_null(self::$groupBE)) {
|
||||
return self::$groupBE;
|
||||
|
@ -152,6 +170,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
|
|||
return self::$groupBE;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
static private function getKnownGroups() {
|
||||
if(is_array(self::$groupsFromDB)) {
|
||||
return self::$groupsFromDB;
|
||||
|
|
|
@ -27,14 +27,31 @@ class LDAP implements ILDAPWrapper {
|
|||
protected $curFunc = '';
|
||||
protected $curArgs = array();
|
||||
|
||||
/**
|
||||
* @param resource $link
|
||||
* @param string $dn
|
||||
* @param string $password
|
||||
* @return bool|mixed
|
||||
*/
|
||||
public function bind($link, $dn, $password) {
|
||||
return $this->invokeLDAPMethod('bind', $link, $dn, $password);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $host
|
||||
* @param string $port
|
||||
* @return mixed
|
||||
*/
|
||||
public function connect($host, $port) {
|
||||
return $this->invokeLDAPMethod('connect', $host, $port);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param LDAP $link
|
||||
* @param LDAP $result
|
||||
* @param $cookie
|
||||
* @return bool|LDAP
|
||||
*/
|
||||
public function controlPagedResultResponse($link, $result, &$cookie) {
|
||||
$this->preFunctionCall('ldap_control_paged_result_response',
|
||||
array($link, $result, $cookie));
|
||||
|
@ -44,64 +61,144 @@ class LDAP implements ILDAPWrapper {
|
|||
return $result;
|
||||
}
|
||||
|
||||
public function controlPagedResult($link, $pagesize, $isCritical, $cookie) {
|
||||
return $this->invokeLDAPMethod('control_paged_result', $link, $pagesize,
|
||||
/**
|
||||
* @param LDAP $link
|
||||
* @param int $pageSize
|
||||
* @param bool $isCritical
|
||||
* @param array $cookie
|
||||
* @return mixed|true
|
||||
*/
|
||||
public function controlPagedResult($link, $pageSize, $isCritical, $cookie) {
|
||||
return $this->invokeLDAPMethod('control_paged_result', $link, $pageSize,
|
||||
$isCritical, $cookie);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param LDAP $link
|
||||
* @param LDAP $result
|
||||
* @return mixed
|
||||
*/
|
||||
public function countEntries($link, $result) {
|
||||
return $this->invokeLDAPMethod('count_entries', $link, $result);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param LDAP $link
|
||||
* @return mixed|string
|
||||
*/
|
||||
public function errno($link) {
|
||||
return $this->invokeLDAPMethod('errno', $link);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param LDAP $link
|
||||
* @return int|mixed
|
||||
*/
|
||||
public function error($link) {
|
||||
return $this->invokeLDAPMethod('error', $link);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param LDAP $link
|
||||
* @param LDAP $result
|
||||
* @return mixed
|
||||
*/
|
||||
public function firstEntry($link, $result) {
|
||||
return $this->invokeLDAPMethod('first_entry', $link, $result);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param LDAP $link
|
||||
* @param LDAP $result
|
||||
* @return array|mixed
|
||||
*/
|
||||
public function getAttributes($link, $result) {
|
||||
return $this->invokeLDAPMethod('get_attributes', $link, $result);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param LDAP $link
|
||||
* @param LDAP $result
|
||||
* @return mixed|string
|
||||
*/
|
||||
public function getDN($link, $result) {
|
||||
return $this->invokeLDAPMethod('get_dn', $link, $result);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param LDAP $link
|
||||
* @param LDAP $result
|
||||
* @return array|mixed
|
||||
*/
|
||||
public function getEntries($link, $result) {
|
||||
return $this->invokeLDAPMethod('get_entries', $link, $result);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param LDAP $link
|
||||
* @param resource $result
|
||||
* @return mixed|an
|
||||
*/
|
||||
public function nextEntry($link, $result) {
|
||||
return $this->invokeLDAPMethod('next_entry', $link, $result);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param LDAP $link
|
||||
* @param string $baseDN
|
||||
* @param string $filter
|
||||
* @param array $attr
|
||||
* @return mixed
|
||||
*/
|
||||
public function read($link, $baseDN, $filter, $attr) {
|
||||
return $this->invokeLDAPMethod('read', $link, $baseDN, $filter, $attr);
|
||||
}
|
||||
|
||||
public function search($link, $baseDN, $filter, $attr, $attrsonly = 0, $limit = 0) {
|
||||
return $this->invokeLDAPMethod('search', $link, $baseDN, $filter,
|
||||
$attr, $attrsonly, $limit);
|
||||
/**
|
||||
* @param LDAP $link
|
||||
* @param string $baseDN
|
||||
* @param string $filter
|
||||
* @param array $attr
|
||||
* @param int $attrsOnly
|
||||
* @param int $limit
|
||||
* @return mixed
|
||||
*/
|
||||
public function search($link, $baseDN, $filter, $attr, $attrsOnly = 0, $limit = 0) {
|
||||
return $this->invokeLDAPMethod('search', $link, $baseDN, $filter, $attr, $attrsOnly, $limit);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param LDAP $link
|
||||
* @param string $option
|
||||
* @param int $value
|
||||
* @return bool|mixed
|
||||
*/
|
||||
public function setOption($link, $option, $value) {
|
||||
return $this->invokeLDAPMethod('set_option', $link, $option, $value);
|
||||
}
|
||||
|
||||
public function sort($link, $result, $sortfilter) {
|
||||
return $this->invokeLDAPMethod('sort', $link, $result, $sortfilter);
|
||||
/**
|
||||
* @param LDAP $link
|
||||
* @param LDAP $result
|
||||
* @param string $sortFilter
|
||||
* @return mixed
|
||||
*/
|
||||
public function sort($link, $result, $sortFilter) {
|
||||
return $this->invokeLDAPMethod('sort', $link, $result, $sortFilter);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param LDAP $link
|
||||
* @return mixed|true
|
||||
*/
|
||||
public function startTls($link) {
|
||||
return $this->invokeLDAPMethod('start_tls', $link);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param resource $link
|
||||
* @return bool|mixed
|
||||
*/
|
||||
public function unbind($link) {
|
||||
return $this->invokeLDAPMethod('unbind', $link);
|
||||
}
|
||||
|
@ -126,13 +223,16 @@ class LDAP implements ILDAPWrapper {
|
|||
|
||||
/**
|
||||
* @brief Checks whether the submitted parameter is a resource
|
||||
* @param $resource the resource variable to check
|
||||
* @return boolean if it is a resource, false otherwise
|
||||
* @param Resource $resource the resource variable to check
|
||||
* @return bool true if it is a resource, false otherwise
|
||||
*/
|
||||
public function isResource($resource) {
|
||||
return is_resource($resource);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return mixed
|
||||
*/
|
||||
private function invokeLDAPMethod() {
|
||||
$arguments = func_get_args();
|
||||
$func = 'ldap_' . array_shift($arguments);
|
||||
|
@ -148,6 +248,7 @@ class LDAP implements ILDAPWrapper {
|
|||
|
||||
/**
|
||||
* @param string $functionName
|
||||
* @param $args
|
||||
*/
|
||||
private function preFunctionCall($functionName, $args) {
|
||||
$this->curFunc = $functionName;
|
||||
|
@ -181,4 +282,4 @@ class LDAP implements ILDAPWrapper {
|
|||
$this->curFunc = '';
|
||||
$this->curArgs = array();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -28,7 +28,7 @@ abstract class LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief constructor, make sure the subclasses call this one!
|
||||
* @param $ldapWrapper an instance of an ILDAPWrapper
|
||||
* @param ILDAPWrapper $ldapWrapper an instance of an ILDAPWrapper
|
||||
*/
|
||||
public function __construct(ILDAPWrapper $ldapWrapper) {
|
||||
$this->ldap = $ldapWrapper;
|
||||
|
|
|
@ -29,16 +29,26 @@ abstract class Proxy {
|
|||
static private $accesses = array();
|
||||
private $ldap = null;
|
||||
|
||||
/**
|
||||
* @param ILDAPWrapper $ldap
|
||||
*/
|
||||
public function __construct(ILDAPWrapper $ldap) {
|
||||
$this->ldap = $ldap;
|
||||
$this->cache = \OC_Cache::getGlobalCache();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $configPrefix
|
||||
*/
|
||||
private function addAccess($configPrefix) {
|
||||
$connector = new Connection($this->ldap, $configPrefix);
|
||||
self::$accesses[$configPrefix] = new Access($connector, $this->ldap);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $configPrefix
|
||||
* @return mixed
|
||||
*/
|
||||
protected function getAccess($configPrefix) {
|
||||
if(!isset(self::$accesses[$configPrefix])) {
|
||||
$this->addAccess($configPrefix);
|
||||
|
@ -46,30 +56,45 @@ abstract class Proxy {
|
|||
return self::$accesses[$configPrefix];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $uid
|
||||
* @return string
|
||||
*/
|
||||
protected function getUserCacheKey($uid) {
|
||||
return 'user-'.$uid.'-lastSeenOn';
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $gid
|
||||
* @return string
|
||||
*/
|
||||
protected function getGroupCacheKey($gid) {
|
||||
return 'group-'.$gid.'-lastSeenOn';
|
||||
}
|
||||
|
||||
/**
|
||||
* @param boolean $passOnWhen
|
||||
* @param string $method
|
||||
* @param $id
|
||||
* @param $method
|
||||
* @param $parameters
|
||||
* @param bool $passOnWhen
|
||||
* @return mixed
|
||||
*/
|
||||
abstract protected function callOnLastSeenOn($id, $method, $parameters, $passOnWhen);
|
||||
|
||||
/**
|
||||
* @param string $method
|
||||
* @param $id
|
||||
* @param $method
|
||||
* @param $parameters
|
||||
* @return mixed
|
||||
*/
|
||||
abstract protected function walkBackends($id, $method, $parameters);
|
||||
|
||||
/**
|
||||
* @brief Takes care of the request to the User backend
|
||||
* @param $uid string, the uid connected to the request
|
||||
* @param $id
|
||||
* @param string $method string, the method of the user backend that shall be called
|
||||
* @param $parameters an array of parameters to be passed
|
||||
* @param array $parameters an array of parameters to be passed
|
||||
* @param bool $passOnWhen
|
||||
* @return mixed, the result of the specified method
|
||||
*/
|
||||
protected function handleRequest($id, $method, $parameters, $passOnWhen = false) {
|
||||
|
@ -81,7 +106,8 @@ abstract class Proxy {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param string|null $key
|
||||
* @param $key
|
||||
* @return string
|
||||
*/
|
||||
private function getCacheKey($key) {
|
||||
$prefix = 'LDAP-Proxy-';
|
||||
|
@ -92,7 +118,8 @@ abstract class Proxy {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param string $key
|
||||
* @param $key
|
||||
* @return mixed|null
|
||||
*/
|
||||
public function getFromCache($key) {
|
||||
if(!$this->isCached($key)) {
|
||||
|
@ -104,7 +131,8 @@ abstract class Proxy {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param string $key
|
||||
* @param $key
|
||||
* @return bool
|
||||
*/
|
||||
public function isCached($key) {
|
||||
$key = $this->getCacheKey($key);
|
||||
|
@ -112,7 +140,8 @@ abstract class Proxy {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param string $key
|
||||
* @param $key
|
||||
* @param $value
|
||||
*/
|
||||
public function writeToCache($key, $value) {
|
||||
$key = $this->getCacheKey($key);
|
||||
|
|
|
@ -45,8 +45,8 @@ class Wizard extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief Constructor
|
||||
* @param $configuration an instance of Configuration
|
||||
* @param $ldap an instance of ILDAPWrapper
|
||||
* @param Configuration $configuration an instance of Configuration
|
||||
* @param ILDAPWrapper $ldap an instance of ILDAPWrapper
|
||||
*/
|
||||
public function __construct(Configuration $configuration, ILDAPWrapper $ldap) {
|
||||
parent::__construct($ldap);
|
||||
|
@ -63,6 +63,10 @@ class Wizard extends LDAPUtility {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return WizardResult
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function countGroups() {
|
||||
if(!$this->checkRequirements(array('ldapHost',
|
||||
'ldapPort',
|
||||
|
@ -96,6 +100,10 @@ class Wizard extends LDAPUtility {
|
|||
return $this->result;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return WizardResult
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function countUsers() {
|
||||
if(!$this->checkRequirements(array('ldapHost',
|
||||
'ldapPort',
|
||||
|
@ -125,7 +133,10 @@ class Wizard extends LDAPUtility {
|
|||
return $this->result;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @return WizardResult
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function determineAttributes() {
|
||||
if(!$this->checkRequirements(array('ldapHost',
|
||||
'ldapPort',
|
||||
|
@ -152,6 +163,7 @@ class Wizard extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief return the state of the Group Filter Mode
|
||||
* @return WizardResult
|
||||
*/
|
||||
public function getGroupFilterMode() {
|
||||
$this->getFilterMode('ldapGroupFilterMode');
|
||||
|
@ -160,6 +172,7 @@ class Wizard extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief return the state of the Login Filter Mode
|
||||
* @return WizardResult
|
||||
*/
|
||||
public function getLoginFilterMode() {
|
||||
$this->getFilterMode('ldapLoginFilterMode');
|
||||
|
@ -168,6 +181,7 @@ class Wizard extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief return the state of the User Filter Mode
|
||||
* @return WizardResult
|
||||
*/
|
||||
public function getUserFilterMode() {
|
||||
$this->getFilterMode('ldapUserFilterMode');
|
||||
|
@ -176,19 +190,20 @@ class Wizard extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief return the state of the mode of the specified filter
|
||||
* @param string $confkey string, contains the access key of the Configuration
|
||||
* @param string $confKey contains the access key of the Configuration
|
||||
*/
|
||||
private function getFilterMode($confkey) {
|
||||
$mode = $this->configuration->$confkey;
|
||||
private function getFilterMode($confKey) {
|
||||
$mode = $this->configuration->$confKey;
|
||||
if(is_null($mode)) {
|
||||
$mode = $this->LFILTER_MODE_ASSISTED;
|
||||
}
|
||||
$this->result->addChange($confkey, $mode);
|
||||
$this->result->addChange($confKey, $mode);
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief detects the available LDAP attributes
|
||||
* @returns the instance's WizardResult instance
|
||||
* @return array The instance's WizardResult instance
|
||||
* @throws \Exception
|
||||
*/
|
||||
private function getUserAttributes() {
|
||||
if(!$this->checkRequirements(array('ldapHost',
|
||||
|
@ -221,7 +236,7 @@ class Wizard extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief detects the available LDAP groups
|
||||
* @returns the instance's WizardResult instance
|
||||
* @return WizardResult the instance's WizardResult instance
|
||||
*/
|
||||
public function determineGroupsForGroups() {
|
||||
return $this->determineGroups('ldap_groupfilter_groups',
|
||||
|
@ -231,7 +246,7 @@ class Wizard extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief detects the available LDAP groups
|
||||
* @returns the instance's WizardResult instance
|
||||
* @return WizardResult the instance's WizardResult instance
|
||||
*/
|
||||
public function determineGroupsForUsers() {
|
||||
return $this->determineGroups('ldap_userfilter_groups',
|
||||
|
@ -240,11 +255,13 @@ class Wizard extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief detects the available LDAP groups
|
||||
* @param string $dbkey
|
||||
* @param string $confkey
|
||||
* @returns the instance's WizardResult instance
|
||||
* @param string $dbKey
|
||||
* @param string $confKey
|
||||
* @param bool $testMemberOf
|
||||
* @return WizardResult the instance's WizardResult instance
|
||||
* @throws \Exception
|
||||
*/
|
||||
private function determineGroups($dbkey, $confkey, $testMemberOf = true) {
|
||||
private function determineGroups($dbKey, $confKey, $testMemberOf = true) {
|
||||
if(!$this->checkRequirements(array('ldapHost',
|
||||
'ldapPort',
|
||||
'ldapBase',
|
||||
|
@ -256,8 +273,8 @@ class Wizard extends LDAPUtility {
|
|||
throw new \Exception('Could not connect to LDAP');
|
||||
}
|
||||
|
||||
$obclasses = array('posixGroup', 'group', 'zimbraDistributionList', '*');
|
||||
$this->determineFeature($obclasses, 'cn', $dbkey, $confkey);
|
||||
$obClasses = array('posixGroup', 'group', 'zimbraDistributionList', '*');
|
||||
$this->determineFeature($obClasses, 'cn', $dbKey, $confKey);
|
||||
|
||||
if($testMemberOf) {
|
||||
$this->configuration->hasMemberOfFilterSupport = $this->testMemberOf();
|
||||
|
@ -270,6 +287,10 @@ class Wizard extends LDAPUtility {
|
|||
return $this->result;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool|WizardResult
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function determineGroupMemberAssoc() {
|
||||
if(!$this->checkRequirements(array('ldapHost',
|
||||
'ldapPort',
|
||||
|
@ -289,8 +310,9 @@ class Wizard extends LDAPUtility {
|
|||
}
|
||||
|
||||
/**
|
||||
* @brief detects the available object classes
|
||||
* @returns the instance's WizardResult instance
|
||||
* @brief Detects the available object classes
|
||||
* @return WizardResult the instance's WizardResult instance
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function determineGroupObjectClasses() {
|
||||
if(!$this->checkRequirements(array('ldapHost',
|
||||
|
@ -316,7 +338,8 @@ class Wizard extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief detects the available object classes
|
||||
* @returns the instance's WizardResult instance
|
||||
* @return WizardResult
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function determineUserObjectClasses() {
|
||||
if(!$this->checkRequirements(array('ldapHost',
|
||||
|
@ -344,6 +367,10 @@ class Wizard extends LDAPUtility {
|
|||
return $this->result;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return WizardResult
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function getGroupFilter() {
|
||||
if(!$this->checkRequirements(array('ldapHost',
|
||||
'ldapPort',
|
||||
|
@ -364,6 +391,10 @@ class Wizard extends LDAPUtility {
|
|||
return $this->result;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return WizardResult
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function getUserListFilter() {
|
||||
if(!$this->checkRequirements(array('ldapHost',
|
||||
'ldapPort',
|
||||
|
@ -386,6 +417,10 @@ class Wizard extends LDAPUtility {
|
|||
return $this->result;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool|WizardResult
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function getUserLoginFilter() {
|
||||
if(!$this->checkRequirements(array('ldapHost',
|
||||
'ldapPort',
|
||||
|
@ -406,7 +441,8 @@ class Wizard extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* Tries to determine the port, requires given Host, User DN and Password
|
||||
* @returns mixed WizardResult on success, false otherwise
|
||||
* @return WizardResult|false WizardResult on success, false otherwise
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function guessPortAndTLS() {
|
||||
if(!$this->checkRequirements(array('ldapHost',
|
||||
|
@ -444,7 +480,7 @@ class Wizard extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* @brief tries to determine a base dn from User DN or LDAP Host
|
||||
* @returns mixed WizardResult on success, false otherwise
|
||||
* @return WizardResult|false WizardResult on success, false otherwise
|
||||
*/
|
||||
public function guessBaseDN() {
|
||||
if(!$this->checkRequirements(array('ldapHost',
|
||||
|
@ -486,8 +522,7 @@ class Wizard extends LDAPUtility {
|
|||
* @brief sets the found value for the configuration key in the WizardResult
|
||||
* as well as in the Configuration instance
|
||||
* @param string $key the configuration key
|
||||
* @param $value the (detected) value
|
||||
* @return null
|
||||
* @param string $value the (detected) value
|
||||
*
|
||||
*/
|
||||
private function applyFind($key, $value) {
|
||||
|
@ -516,7 +551,8 @@ class Wizard extends LDAPUtility {
|
|||
/**
|
||||
* @brief tries to detect the group member association attribute which is
|
||||
* one of 'uniqueMember', 'memberUid', 'member'
|
||||
* @return mixed, string with the attribute name, false on error
|
||||
* @return string|false, string with the attribute name, false on error
|
||||
* @throws \Exception
|
||||
*/
|
||||
private function detectGroupMemberAssoc() {
|
||||
$possibleAttrs = array('uniqueMember', 'memberUid', 'member', 'unfugasdfasdfdfa');
|
||||
|
@ -535,7 +571,7 @@ class Wizard extends LDAPUtility {
|
|||
}
|
||||
$er = $this->ldap->firstEntry($cr, $rr);
|
||||
while(is_resource($er)) {
|
||||
$dn = $this->ldap->getDN($cr, $er);
|
||||
$this->ldap->getDN($cr, $er);
|
||||
$attrs = $this->ldap->getAttributes($cr, $er);
|
||||
$result = array();
|
||||
for($i = 0; $i < count($possibleAttrs); $i++) {
|
||||
|
@ -558,6 +594,7 @@ class Wizard extends LDAPUtility {
|
|||
* @brief Checks whether for a given BaseDN results will be returned
|
||||
* @param string $base the BaseDN to test
|
||||
* @return bool true on success, false otherwise
|
||||
* @throws \Exception
|
||||
*/
|
||||
private function testBaseDN($base) {
|
||||
$cr = $this->getConnection();
|
||||
|
@ -583,7 +620,8 @@ class Wizard extends LDAPUtility {
|
|||
* @brief Checks whether the server supports memberOf in LDAP Filter.
|
||||
* Requires that groups are determined, thus internally called from within
|
||||
* determineGroups()
|
||||
* @return bool, true if it does, false otherwise
|
||||
* @return bool true if it does, false otherwise
|
||||
* @throws \Exception
|
||||
*/
|
||||
private function testMemberOf() {
|
||||
$cr = $this->getConnection();
|
||||
|
@ -624,7 +662,8 @@ class Wizard extends LDAPUtility {
|
|||
* @param integer $filterType int, for which use case the filter shall be created
|
||||
* can be any of self::LFILTER_USER_LIST, self::LFILTER_LOGIN or
|
||||
* self::LFILTER_GROUP_LIST
|
||||
* @return mixed, string with the filter on success, false otherwise
|
||||
* @return string|false string with the filter on success, false otherwise
|
||||
* @throws \Exception
|
||||
*/
|
||||
private function composeLdapFilter($filterType) {
|
||||
$filter = '';
|
||||
|
@ -765,9 +804,11 @@ class Wizard extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* Connects and Binds to an LDAP Server
|
||||
* @param $port the port to connect with
|
||||
* @param $tls whether startTLS is to be used
|
||||
* @return
|
||||
* @param int $port the port to connect with
|
||||
* @param bool $tls whether startTLS is to be used
|
||||
* @param bool $ncc
|
||||
* @return bool
|
||||
* @throws \Exception
|
||||
*/
|
||||
private function connectAndBind($port = 389, $tls = false, $ncc = false) {
|
||||
if($ncc) {
|
||||
|
@ -819,17 +860,17 @@ class Wizard extends LDAPUtility {
|
|||
if($ncc) {
|
||||
throw new \Exception('Certificate cannot be validated.');
|
||||
}
|
||||
\OCP\Util::writeLog('user_ldap', 'Wiz: Bind successfull to Port '. $port . ' TLS ' . intval($tls), \OCP\Util::DEBUG);
|
||||
\OCP\Util::writeLog('user_ldap', 'Wiz: Bind successful to Port '. $port . ' TLS ' . intval($tls), \OCP\Util::DEBUG);
|
||||
return true;
|
||||
}
|
||||
|
||||
$errno = $this->ldap->errno($cr);
|
||||
$errNo = $this->ldap->errno($cr);
|
||||
$error = ldap_error($cr);
|
||||
$this->ldap->unbind($cr);
|
||||
if($errno === -1 || ($errno === 2 && $ncc)) {
|
||||
if($errNo === -1 || ($errNo === 2 && $ncc)) {
|
||||
//host, port or TLS wrong
|
||||
return false;
|
||||
} else if ($errno === 2) {
|
||||
} else if ($errNo === 2) {
|
||||
return $this->connectAndBind($port, $tls, true);
|
||||
}
|
||||
throw new \Exception($error);
|
||||
|
@ -838,8 +879,7 @@ class Wizard extends LDAPUtility {
|
|||
/**
|
||||
* @brief checks whether a valid combination of agent and password has been
|
||||
* provided (either two values or nothing for anonymous connect)
|
||||
* @return boolean, true if everything is fine, false otherwise
|
||||
*
|
||||
* @return bool, true if everything is fine, false otherwise
|
||||
*/
|
||||
private function checkAgentRequirements() {
|
||||
$agent = $this->configuration->ldapAgentName;
|
||||
|
@ -850,7 +890,8 @@ class Wizard extends LDAPUtility {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param string[] $reqs
|
||||
* @param array $reqs
|
||||
* @return bool
|
||||
*/
|
||||
private function checkRequirements($reqs) {
|
||||
$this->checkAgentRequirements();
|
||||
|
@ -874,8 +915,7 @@ class Wizard extends LDAPUtility {
|
|||
* The lower, the faster
|
||||
* @param string $maxF string. if not null, this variable will have the filter that
|
||||
* yields most result entries
|
||||
* @return mixed, an array with the values on success, false otherwise
|
||||
*
|
||||
* @return array|false an array with the values on success, false otherwise
|
||||
*/
|
||||
public function cumulativeSearchOnAttribute($filters, $attr, $lfw = true, $dnReadLimit = 3, &$maxF = null) {
|
||||
$dnRead = array();
|
||||
|
@ -949,7 +989,8 @@ class Wizard extends LDAPUtility {
|
|||
* Configuration class
|
||||
* @param $po boolean, whether the objectClass with most result entries
|
||||
* shall be pre-selected via the result
|
||||
* @returns array, list of found items.
|
||||
* @return array, list of found items.
|
||||
* @throws \Exception
|
||||
*/
|
||||
private function determineFeature($objectclasses, $attr, $dbkey, $confkey, $po = false) {
|
||||
$cr = $this->getConnection();
|
||||
|
@ -1013,7 +1054,7 @@ class Wizard extends LDAPUtility {
|
|||
return self::LRESULT_PROCESSED_INVALID;
|
||||
}
|
||||
|
||||
//strtolower on all keys for proper comparison
|
||||
// strtolower on all keys for proper comparison
|
||||
$result = \OCP\Util::mb_array_change_key_case($result);
|
||||
$attribute = strtolower($attribute);
|
||||
if(isset($result[$attribute])) {
|
||||
|
@ -1031,6 +1072,9 @@ class Wizard extends LDAPUtility {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool|mixed
|
||||
*/
|
||||
private function getConnection() {
|
||||
if(!is_null($this->cr)) {
|
||||
return $this->cr;
|
||||
|
@ -1057,6 +1101,9 @@ class Wizard extends LDAPUtility {
|
|||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
private function getDefaultLdapPortSettings() {
|
||||
static $settings = array(
|
||||
array('port' => 7636, 'tls' => false),
|
||||
|
@ -1069,6 +1116,9 @@ class Wizard extends LDAPUtility {
|
|||
return $settings;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
private function getPortSettingsToTry() {
|
||||
//389 ← LDAP / Unencrypted or StartTLS
|
||||
//636 ← LDAPS / SSL
|
||||
|
@ -1096,4 +1146,4 @@ class Wizard extends LDAPUtility {
|
|||
}
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
@ -28,10 +28,17 @@ class WizardResult {
|
|||
protected $options = array();
|
||||
protected $markedChange = false;
|
||||
|
||||
/**
|
||||
* @param $key
|
||||
* @param $value
|
||||
*/
|
||||
public function addChange($key, $value) {
|
||||
$this->changes[$key] = $value;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public function markChange() {
|
||||
$this->markedChange = true;
|
||||
}
|
||||
|
@ -47,10 +54,16 @@ class WizardResult {
|
|||
$this->options[$key] = $values;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
public function hasChanges() {
|
||||
return (count($this->changes) > 0 || $this->markedChange);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
public function getResultArray() {
|
||||
$result = array();
|
||||
$result['changes'] = $this->changes;
|
||||
|
|
|
@ -71,7 +71,7 @@ class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
|
|||
case 'ladyofshadows':
|
||||
return 'dnOfLadyOfShadows';
|
||||
break;
|
||||
defautl:
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
}));
|
||||
|
|
|
@ -136,7 +136,7 @@ class API implements IApi{
|
|||
* @brief Emits a signal. To get data from the slot use references!
|
||||
* @param string $signalClass class name of emitter
|
||||
* @param string $signalName name of signal
|
||||
* @param array $params defautl: array() array with additional data
|
||||
* @param array $params default: array() array with additional data
|
||||
* @return bool, true if slots exists or false if not
|
||||
*/
|
||||
public function emitHook($signalClass, $signalName, $params = array()) {
|
||||
|
|
|
@ -45,7 +45,7 @@ class OC_Hook{
|
|||
* @brief emits a signal
|
||||
* @param string $signalclass class name of emitter
|
||||
* @param string $signalname name of signal
|
||||
* @param array $params defautl: array() array with additional data
|
||||
* @param array $params default: array() array with additional data
|
||||
* @return bool, true if slots exists or false if not
|
||||
*
|
||||
* Emits a signal. To get data from the slot use references!
|
||||
|
|
Loading…
Reference in a new issue