Skip to content
Snippets Groups Projects
Commit 25ad1d5c authored by Arthur Schiwon's avatar Arthur Schiwon
Browse files

LDAP: split up LIB_LDAP into Access for LDAP interaction functions and... 

LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
parent eefe6882
Branches
No related tags found
No related merge requests found
Expand all Show whitespace changes
Inline Side-by-side
apps/user_ldap/appinfo/app.php
+ 8
2
View file @ 25ad1d5c
...@@ -26,9 +26,15 @@ require_once('apps/user_ldap/lib_ldap.php'); ...@@ -26,9 +26,15 @@ require_once('apps/user_ldap/lib_ldap.php');
OCP\App::registerAdmin('user_ldap','settings'); OCP\App::registerAdmin('user_ldap','settings');
$connector = new OCA\user_ldap\lib\Connection('user_ldap');
$userBackend = new OCA\user_ldap\USER_LDAP();
$userBackend->setConnector($connector);
$groupBackend = new OCA\user_ldap\GROUP_LDAP();
$groupBackend->setConnector($connector);
// register user backend // register user backend
OC_User::useBackend(new OCA\user_ldap\USER_LDAP()); OC_User::useBackend($userBackend);
OC_Group::useBackend(new OCA\user_ldap\GROUP_LDAP()); OC_Group::useBackend($groupBackend);
// add settings page to navigation // add settings page to navigation
$entry = array( $entry = array(
......
apps/user_ldap/group_ldap.php
+ 36
39
View file @ 25ad1d5c
...@@ -23,24 +23,21 @@ ...@@ -23,24 +23,21 @@
namespace OCA\user_ldap; namespace OCA\user_ldap;
class GROUP_LDAP implements \OCP\GroupInterface { class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
// //group specific settings // //group specific settings
protected $ldapGroupFilter; protected $enabled = false;
protected $ldapGroupMemberAssocAttr;
protected $configured = false;
protected $_group_user = array(); protected $_group_user = array();
protected $_user_groups = array(); protected $_user_groups = array();
protected $_group_users = array(); protected $_group_users = array();
protected $_groups = array(); protected $_groups = array();
public function __construct() { public function setConnector(lib\Connection &$connection) {
$this->ldapGroupFilter = \OCP\Config::getAppValue('user_ldap', 'ldap_group_filter', '(objectClass=posixGroup)'); parent::setConnector($connection);
$this->ldapGroupMemberAssocAttr = \OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember'); if(empty($this->connection->ldapGroupFilter) || empty($this->connection->ldapGroupMemberAssocAttr)) {
$this->enabled = false;
if(!empty($this->ldapGroupFilter) && !empty($this->ldapGroupMemberAssocAttr)) {
$this->configured = true;
} }
$this->enabled = true;
} }
/** /**
...@@ -52,31 +49,31 @@ class GROUP_LDAP implements \OCP\GroupInterface { ...@@ -52,31 +49,31 @@ class GROUP_LDAP implements \OCP\GroupInterface {
* Checks whether the user is member of a group or not. * Checks whether the user is member of a group or not.
*/ */
public function inGroup($uid, $gid) { public function inGroup($uid, $gid) {
if(!$this->configured) { if(!$this->enabled) {
return false; return false;
} }
if(isset($this->_group_user[$gid][$uid])) { if(isset($this->_group_user[$gid][$uid])) {
return $this->_group_user[$gid][$uid]; return $this->_group_user[$gid][$uid];
} }
$dn_user = \OC_LDAP::username2dn($uid); $dn_user = $this->username2dn($uid);
$dn_group = \OC_LDAP::groupname2dn($gid); $dn_group = $this->groupname2dn($gid);
// just in case // just in case
if(!$dn_group || !$dn_user) { if(!$dn_group || !$dn_user) {
return false; return false;
} }
//usually, LDAP attributes are said to be case insensitive. But there are exceptions of course. //usually, LDAP attributes are said to be case insensitive. But there are exceptions of course.
$members = \OC_LDAP::readAttribute($dn_group, $this->ldapGroupMemberAssocAttr); $members = $this->readAttribute($dn_group, $this->connection->ldapGroupMemberAssocAttr);
if(!$members) { if(!$members) {
return false; return false;
} }
//extra work if we don't get back user DNs //extra work if we don't get back user DNs
//TODO: this can be done with one LDAP query //TODO: this can be done with one LDAP query
if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') { if(strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid') {
$dns = array(); $dns = array();
foreach($members as $mid) { foreach($members as $mid) {
$filter = str_replace('%uid', $mid, \OC_LDAP::conf('ldapLoginFilter')); $filter = str_replace('%uid', $mid, $this->connection->ldapLoginFilter);
$ldap_users = \OC_LDAP::fetchListOfUsers($filter, 'dn'); $ldap_users = $this->fetchListOfUsers($filter, 'dn');
if(count($ldap_users) < 1) { if(count($ldap_users) < 1) {
continue; continue;
} }
...@@ -98,36 +95,36 @@ class GROUP_LDAP implements \OCP\GroupInterface { ...@@ -98,36 +95,36 @@ class GROUP_LDAP implements \OCP\GroupInterface {
* if the user exists at all. * if the user exists at all.
*/ */
public function getUserGroups($uid) { public function getUserGroups($uid) {
if(!$this->configured) { if(!$this->enabled) {
return array(); return array();
} }
if(isset($this->_user_groups[$uid])) { if(isset($this->_user_groups[$uid])) {
return $this->_user_groups[$uid]; return $this->_user_groups[$uid];
} }
$userDN = \OC_LDAP::username2dn($uid); $userDN = $this->username2dn($uid);
if(!$userDN) { if(!$userDN) {
$this->_user_groups[$uid] = array(); $this->_user_groups[$uid] = array();
return array(); return array();
} }
//uniqueMember takes DN, memberuid the uid, so we need to distinguish //uniqueMember takes DN, memberuid the uid, so we need to distinguish
if((strtolower($this->ldapGroupMemberAssocAttr) == 'uniquemember') if((strtolower($this->connection->ldapGroupMemberAssocAttr) == 'uniquemember')
|| (strtolower($this->ldapGroupMemberAssocAttr) == 'member')) { || (strtolower($this->connection->ldapGroupMemberAssocAttr) == 'member')) {
$uid = $userDN; $uid = $userDN;
} else if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') { } else if(strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid') {
$result = \OC_LDAP::readAttribute($userDN, 'uid'); $result = $this->readAttribute($userDN, 'uid');
$uid = $result[0]; $uid = $result[0];
} else { } else {
// just in case // just in case
$uid = $userDN; $uid = $userDN;
} }
$filter = \OC_LDAP::combineFilterWithAnd(array( $filter = $this->combineFilterWithAnd(array(
$this->ldapGroupFilter, $this->connection->ldapGroupFilter,
$this->ldapGroupMemberAssocAttr.'='.$uid $this->connection->ldapGroupMemberAssocAttr.'='.$uid
)); ));
$groups = \OC_LDAP::fetchListOfGroups($filter, array(\OC_LDAP::conf('ldapGroupDisplayName'),'dn')); $groups = $this->fetchListOfGroups($filter, array($this->connection->ldapGroupDisplayName,'dn'));
$this->_user_groups[$uid] = array_unique(\OC_LDAP::ownCloudGroupNames($groups), SORT_LOCALE_STRING); $this->_user_groups[$uid] = array_unique($this->ownCloudGroupNames($groups), SORT_LOCALE_STRING);
return $this->_user_groups[$uid]; return $this->_user_groups[$uid];
} }
...@@ -137,38 +134,38 @@ class GROUP_LDAP implements \OCP\GroupInterface { ...@@ -137,38 +134,38 @@ class GROUP_LDAP implements \OCP\GroupInterface {
* @returns array with user ids * @returns array with user ids
*/ */
public function usersInGroup($gid) { public function usersInGroup($gid) {
if(!$this->configured) { if(!$this->enabled) {
return array(); return array();
} }
if(isset($this->_group_users[$gid])) { if(isset($this->_group_users[$gid])) {
return $this->_group_users[$gid]; return $this->_group_users[$gid];
} }
$groupDN = \OC_LDAP::groupname2dn($gid); $groupDN = $this->groupname2dn($gid);
if(!$groupDN) { if(!$groupDN) {
$this->_group_users[$gid] = array(); $this->_group_users[$gid] = array();
return array(); return array();
} }
$members = \OC_LDAP::readAttribute($groupDN, $this->ldapGroupMemberAssocAttr); $members = $this->readAttribute($groupDN, $this->connection->ldapGroupMemberAssocAttr);
if(!$members) { if(!$members) {
$this->_group_users[$gid] = array(); $this->_group_users[$gid] = array();
return array(); return array();
} }
$result = array(); $result = array();
$isMemberUid = (strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid'); $isMemberUid = (strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid');
foreach($members as $member) { foreach($members as $member) {
if($isMemberUid) { if($isMemberUid) {
$filter = \OCP\Util::mb_str_replace('%uid', $member, \OC_LDAP::conf('ldapLoginFilter'), 'UTF-8'); $filter = \OCP\Util::mb_str_replace('%uid', $member, $this->connection->ldapLoginFilter, 'UTF-8');
$ldap_users = \OC_LDAP::fetchListOfUsers($filter, 'dn'); $ldap_users = $this->fetchListOfUsers($filter, 'dn');
if(count($ldap_users) < 1) { if(count($ldap_users) < 1) {
continue; continue;
} }
$result[] = \OC_LDAP::dn2username($ldap_users[0]); $result[] = $this->dn2username($ldap_users[0]);
continue; continue;
} else { } else {
if($ocname = \OC_LDAP::dn2username($member)){ if($ocname = $this->dn2username($member)){
$result[] = $ocname; $result[] = $ocname;
} }
} }
...@@ -187,12 +184,12 @@ class GROUP_LDAP implements \OCP\GroupInterface { ...@@ -187,12 +184,12 @@ class GROUP_LDAP implements \OCP\GroupInterface {
* Returns a list with all groups * Returns a list with all groups
*/ */
public function getGroups() { public function getGroups() {
if(!$this->configured) { if(!$this->enabled) {
return array(); return array();
} }
if(empty($this->_groups)) { if(empty($this->_groups)) {
$ldap_groups = \OC_LDAP::fetchListOfGroups($this->ldapGroupFilter, array(\OC_LDAP::conf('ldapGroupDisplayName'), 'dn')); $ldap_groups = $this->fetchListOfGroups($this->connection->ldapGroupFilter, array($this->connection->ldapGroupDisplayName, 'dn'));
$this->_groups = \OC_LDAP::ownCloudGroupNames($ldap_groups); $this->_groups = $this->ownCloudGroupNames($ldap_groups);
} }
return $this->_groups; return $this->_groups;
} }
......
apps/user_ldap/lib/connection.php 0 → 100644
+ 245
0
View file @ 25ad1d5c
<?php
/**
* ownCloud – LDAP Access
*
* @author Arthur Schiwon
* @copyright 2012 Arthur Schiwon blizzz@owncloud.com
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\user_ldap\lib;
class Connection {
private $ldapConnectionRes = null;
private $configID;
private $configured = false;
//cached settings
protected $config = array(
'ldapHost' => null,
'ldapPort' => null,
'ldapBase' => null,
'ldapBaseUsers' => null,
'ldapBaseGroups' => null,
'ldapAgentName' => null,
'ldapAgentPassword' => null,
'ldapTLS' => null,
'ldapNoCase' => null,
'ldapIgnoreNamingRules' => null,
'ldapUserDisplayName' => null,
'ldapUserFilter' => null,
'ldapGroupFilter' => null,
'ldapGroupDisplayName' => null,
'ldapLoginFilter' => null,
'ldapQuotaAttribute' => null,
'ldapQuotaDefault' => null,
'ldapEmailAttribute' => null,
);
public function __construct($configID = 'user_ldap') {
$this->configID = $configID;
}
public function __destruct() {
@ldap_unbind($this->ldapConnectionRes);
}
public function __get($name) {
if(!$this->configured) {
$this->readConfiguration();
}
if(isset($this->config[$name])) {
return $this->config[$name];
}
}
/**
* @brief initializes the LDAP backend
* @param $force read the config settings no matter what
*
* initializes the LDAP backend
*/
public function init($force = false) {
$this->readConfiguration($force);
$this->establishConnection();
}
/**
* Returns the LDAP handler
*/
public function getConnectionResource() {
if(!$this->ldapConnectionRes) {
$this->init();
}
if(is_null($this->ldapConnectionRes)) {
\OCP\Util::writeLog('user_ldap', 'Connection could not be established', \OCP\Util::ERROR);
}
return $this->ldapConnectionRes;
}
/**
* Caches the general LDAP configuration.
*/
private function readConfiguration($force = false) {
\OCP\Util::writeLog('user_ldap','Checking conf state: isConfigured? '.print_r($this->configured, true).' isForce? '.print_r($force, true).' configID? '.print_r($this->configID, true), \OCP\Util::DEBUG);
if((!$this->configured || $force) && !is_null($this->configID)) {
\OCP\Util::writeLog('user_ldap','Reading the configuration', \OCP\Util::DEBUG);
$this->config['ldapHost'] = \OCP\Config::getAppValue($this->configID, 'ldap_host', '');
$this->config['ldapPort'] = \OCP\Config::getAppValue($this->configID, 'ldap_port', 389);
$this->config['ldapAgentName'] = \OCP\Config::getAppValue($this->configID, 'ldap_dn','');
$this->config['ldapAgentPassword'] = base64_decode(\OCP\Config::getAppValue($this->configID, 'ldap_agent_password',''));
$this->config['ldapBase'] = \OCP\Config::getAppValue($this->configID, 'ldap_base', '');
$this->config['ldapBaseUsers'] = \OCP\Config::getAppValue($this->configID, 'ldap_base_users',$this->config['ldapBase']);
$this->config['ldapBaseGroups'] = \OCP\Config::getAppValue($this->configID, 'ldap_base_groups', $this->config['ldapBase']);
$this->config['ldapTLS'] = \OCP\Config::getAppValue($this->configID, 'ldap_tls',0);
$this->config['ldapNoCase'] = \OCP\Config::getAppValue($this->configID, 'ldap_nocase', 0);
$this->config['ldapUserDisplayName'] = mb_strtolower(\OCP\Config::getAppValue($this->configID, 'ldap_display_name', 'uid'), 'UTF-8');
$this->config['ldapUserFilter'] = \OCP\Config::getAppValue($this->configID, 'ldap_userlist_filter','objectClass=person');
$this->config['ldapGroupFilter'] = \OCP\Config::getAppValue($this->configID, 'ldap_group_filter','(objectClass=posixGroup)');
$this->config['ldapLoginFilter'] = \OCP\Config::getAppValue($this->configID, 'ldap_login_filter', '(uid=%uid)');
$this->config['ldapGroupDisplayName'] = mb_strtolower(\OCP\Config::getAppValue($this->configID, 'ldap_group_display_name', LDAP_GROUP_DISPLAY_NAME_ATTR), 'UTF-8');
$this->config['ldapQuotaAttribute'] = \OCP\Config::getAppValue($this->configID, 'ldap_quota_attr', '');
$this->config['ldapQuotaDefault'] = \OCP\Config::getAppValue($this->configID, 'ldap_quota_def', '');
$this->config['ldapEmailAttribute'] = \OCP\Config::getAppValue($this->configID, 'ldap_email_attr', '');
$this->config['ldapGroupMemberAssocAttr'] = \OCP\Config::getAppValue($this->configID, 'ldap_group_member_assoc_attribute', 'uniqueMember');
$this->config['ldapIgnoreNamingRules'] = \OCP\Config::getSystemValue('ldapIgnoreNamingRules', false);
$this->configured = $this->validateConfiguration();
}
}
/**
* @brief set LDAP configuration with values delivered by an array, not read from configuration
* @param $config array that holds the config parameters in an associated array
* @param &$setParameters optional; array where the set fields will be given to
* @return true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters
*/
public function setConfiguration($config, &$setParameters = null) {
if(!is_array($config)) {
return false;
}
foreach($config as $parameter => $value) {
if(isset($this->config[$parameter])) {
$this->config[$parameter] = $value;
if(is_array($setParameters)) {
$setParameters[] = $parameter;
}
}
}
$this->configured = $this->validateConfiguration();
return $this->configured;
}
/**
* @brief Validates the user specified configuration
* @returns true if configuration seems OK, false otherwise
*/
private function validateConfiguration() {
//first step: "soft" checks: settings that are not really necessary, but advisable. If left empty, give an info message
if(empty($this->config['ldapBaseUsers'])) {
\OCP\Util::writeLog('user_ldap', 'Base tree for Users is empty, using Base DN', \OCP\Util::INFO);
$this->config['ldapBaseUsers'] = $this->config['ldapBase'];
}
if(empty($this->config['ldapBaseGroups'])) {
\OCP\Util::writeLog('user_ldap', 'Base tree for Groups is empty, using Base DN', \OCP\Util::INFO);
$this->config['ldapBaseGroups'] = $this->config['ldapBase'];
}
if(empty($this->config['ldapGroupFilter']) && empty($this->config['ldapGroupMemberAssocAttr'])) {
\OCP\Util::writeLog('user_ldap', 'No group filter is specified, LDAP group feature will not be used.', \OCP\Util::INFO);
}
//second step: critical checks. If left empty or filled wrong, set as unconfigured and give a warning.
$configurationOK = true;
if(empty($this->config['ldapHost'])) {
\OCP\Util::writeLog('user_ldap', 'No LDAP host given, won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
}
if(empty($this->config['ldapPort'])) {
\OCP\Util::writeLog('user_ldap', 'No LDAP Port given, won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
}
if((empty($this->config['ldapAgentName']) && !empty($this->config['ldapAgentPassword']))
|| (!empty($this->config['ldapAgentName']) && empty($this->config['ldapAgentPassword']))) {
\OCP\Util::writeLog('user_ldap', 'Either no password given for the user agent or a password is given, but no LDAP agent; won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
}
//TODO: check if ldapAgentName is in DN form
if(empty($this->config['ldapBase']) && (empty($this->config['ldapBaseUsers']) && empty($this->config['ldapBaseGroups']))) {
\OCP\Util::writeLog('user_ldap', 'No Base DN given, won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
}
if(empty($this->config['ldapUserDisplayName'])) {
\OCP\Util::writeLog('user_ldap', 'No user display name attribute specified, won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
}
if(empty($this->config['ldapGroupDisplayName'])) {
\OCP\Util::writeLog('user_ldap', 'No group display name attribute specified, won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
}
if(empty($this->config['ldapLoginFilter'])) {
\OCP\Util::writeLog('user_ldap', 'No login filter specified, won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
}
if(mb_strpos($this->config['ldapLoginFilter'], '%uid', 0, 'UTF-8') === false) {
\OCP\Util::writeLog('user_ldap', 'Login filter does not contain %uid place holder, won`t connect.', \OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap', 'Login filter was ' . $this->config['ldapLoginFilter'], \OCP\Util::DEBUG);
$configurationOK = false;
}
return $configurationOK;
}
/**
* Connects and Binds to LDAP
*/
private function establishConnection() {
if(!$this->configured) {
\OCP\Util::writeLog('user_ldap', 'Configuration is invalid, cannot connect', \OCP\Util::WARN);
return false;
}
if(!$this->ldapConnectionRes) {
$this->ldapConnectionRes = ldap_connect($this->config['ldapHost'], $this->config['ldapPort']);
if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
if($this->config['ldapTLS']) {
ldap_start_tls($this->ldapConnectionRes);
}
}
}
return $this->bind();
}
}
/**
* Binds to LDAP
*/
public function bind() {
$ldapLogin = @ldap_bind($this->getConnectionResource(), $this->config['ldapAgentName'], $this->config['ldapAgentPassword']);
if(!$ldapLogin) {
\OCP\Util::writeLog('user_ldap', 'Bind failed: ' . ldap_errno($this->ldapConnectionRes) . ': ' . ldap_error($this->ldapConnectionRes), \OCP\Util::ERROR);
$this->ldapConnectionRes = null;
return false;
}
return true;
}
}
\ No newline at end of file
apps/user_ldap/user_ldap.php
+ 17
29
View file @ 25ad1d5c
...@@ -27,51 +27,38 @@ namespace OCA\user_ldap; ...@@ -27,51 +27,38 @@ namespace OCA\user_ldap;
class USER_LDAP extends lib\Access implements \OCP\UserInterface { class USER_LDAP extends lib\Access implements \OCP\UserInterface {
// cached settings
protected $ldapUserFilter;
protected $ldapQuotaAttribute;
protected $ldapQuotaDefault;
protected $ldapEmailAttribute;
// will be retrieved from LDAP server // will be retrieved from LDAP server
protected $ldap_dc = false; protected $ldap_dc = false;
// cache getUsers() // cache getUsers()
protected $_users = null; protected $_users = null;
public function __construct() {
$this->ldapUserFilter = \OCP\Config::getAppValue('user_ldap', 'ldap_userlist_filter', '(objectClass=posixAccount)');
$this->ldapQuotaAttribute = \OCP\Config::getAppValue('user_ldap', 'ldap_quota_attr', '');
$this->ldapQuotaDefault = \OCP\Config::getAppValue('user_ldap', 'ldap_quota_def', '');
$this->ldapEmailAttribute = \OCP\Config::getAppValue('user_ldap', 'ldap_email_attr', '');
}
private function updateQuota($dn) { private function updateQuota($dn) {
$quota = null; $quota = null;
if(!empty($this->ldapQuotaDefault)) { if(!empty($this->connection->ldapQuotaDefault)) {
$quota = $this->ldapQuotaDefault; $quota = $this->connection->ldapQuotaDefault;
} }
if(!empty($this->ldapQuotaAttribute)) { if(!empty($this->connection->ldapQuotaAttribute)) {
$aQuota = \OC_LDAP::readAttribute($dn, $this->ldapQuotaAttribute); $aQuota = $this->readAttribute($dn, $this->connection->ldapQuotaAttribute);
if($aQuota && (count($aQuota) > 0)) { if($aQuota && (count($aQuota) > 0)) {
$quota = $aQuota[0]; $quota = $aQuota[0];
} }
} }
if(!is_null($quota)) { if(!is_null($quota)) {
\OCP\Config::setUserValue(\OC_LDAP::dn2username($dn), 'files', 'quota', \OCP\Util::computerFileSize($quota)); \OCP\Config::setUserValue($this->dn2username($dn), 'files', 'quota', \OCP\Util::computerFileSize($quota));
} }
} }
private function updateEmail($dn) { private function updateEmail($dn) {
$email = null; $email = null;
if(!empty($this->ldapEmailAttribute)) { if(!empty($this->connection->ldapEmailAttribute)) {
$aEmail = \OC_LDAP::readAttribute($dn, $this->ldapEmailAttribute); $aEmail = $this->readAttribute($dn, $this->connection->ldapEmailAttribute);
if($aEmail && (count($aEmail) > 0)) { if($aEmail && (count($aEmail) > 0)) {
$email = $aEmail[0]; $email = $aEmail[0];
} }
if(!is_null($email)){ if(!is_null($email)){
\OCP\Config::setUserValue(\OC_LDAP::dn2username($dn), 'settings', 'email', $email); \OCP\Config::setUserValue($this->dn2username($dn), 'settings', 'email', $email);
} }
} }
} }
...@@ -86,15 +73,16 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface { ...@@ -86,15 +73,16 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
*/ */
public function checkPassword($uid, $password){ public function checkPassword($uid, $password){
//find out dn of the user name //find out dn of the user name
$filter = \OCP\Util::mb_str_replace('%uid', $uid, \OC_LDAP::conf('ldapLoginFilter'), 'UTF-8'); $filter = \OCP\Util::mb_str_replace('%uid', $uid, $this->connection->ldapLoginFilter, 'UTF-8');
$ldap_users = \OC_LDAP::fetchListOfUsers($filter, 'dn'); \OCP\Util::writeLog('user_ldap', 'Getting DN for login, filter '.$filter.' originating from '.$this->connection->ldapLoginFilter,\OCP\Util::DEBUG);
$ldap_users = $this->fetchListOfUsers($filter, 'dn');
if(count($ldap_users) < 1) { if(count($ldap_users) < 1) {
return false; return false;
} }
$dn = $ldap_users[0]; $dn = $ldap_users[0];
//are the credentials OK? //are the credentials OK?
if(!\OC_LDAP::areCredentialsValid($dn, $password)) { if(!$this->areCredentialsValid($dn, $password)) {
return false; return false;
} }
...@@ -103,7 +91,7 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface { ...@@ -103,7 +91,7 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
$this->updateEmail($dn); $this->updateEmail($dn);
//give back the display name //give back the display name
return \OC_LDAP::dn2username($dn); return $this->dn2username($dn);
} }
/** /**
...@@ -114,8 +102,8 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface { ...@@ -114,8 +102,8 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
*/ */
public function getUsers(){ public function getUsers(){
if(is_null($this->_users)) { if(is_null($this->_users)) {
$ldap_users = \OC_LDAP::fetchListOfUsers($this->ldapUserFilter, array(\OC_LDAP::conf('ldapUserDisplayName'), 'dn')); $ldap_users = $this->fetchListOfUsers($this->connection->ldapUserFilter, array($this->connection->ldapUserDisplayName, 'dn'));
$this->_users = \OC_LDAP::ownCloudUserNames($ldap_users); $this->_users = $this->ownCloudUserNames($ldap_users);
} }
return $this->_users; return $this->_users;
} }
...@@ -127,13 +115,13 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface { ...@@ -127,13 +115,13 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
*/ */
public function userExists($uid){ public function userExists($uid){
//getting dn, if false the user does not exist. If dn, he may be mapped only, requires more checking. //getting dn, if false the user does not exist. If dn, he may be mapped only, requires more checking.
$dn = \OC_LDAP::username2dn($uid); $dn = $this->username2dn($uid);
if(!$dn) { if(!$dn) {
return false; return false;
} }
//if user really still exists, we will be able to read his cn //if user really still exists, we will be able to read his cn
$cn = \OC_LDAP::readAttribute($dn, 'cn'); $cn = $this->readAttribute($dn, 'cn');
if(!$cn || empty($cn)) { if(!$cn || empty($cn)) {
return false; return false;
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment