LDAP Wizard: create user list filter, show number of user that will have access to OC

apps/user_ldap/ajax/wizard.php

@@ -48,6 +48,8 @@ switch($action) {
 	case 'guessBaseDN':
 	case 'determineObjectClasses':
 	case 'determineGroups':
+	case 'getUserListFilter':
+	case 'countUsers':
 		try {
 			$result = $wizard->$action();
 			if($result !== false) {

apps/user_ldap/js/settings.js

@@ -127,6 +127,7 @@ var LdapConfiguration = {
 var LdapWizard = {
 	checkPortInfoShown: false,
 	saveBlacklist: {},
+	userFilterGroupSelectState: 'enable',
 
 	ajax: function(param, fnOnSuccess, fnOnError) {
 		$.post(
@@ -148,7 +149,11 @@ var LdapWizard = {
 				//no need to blacklist multiselect
 				LdapWizard.saveBlacklist[id] = true;
 			}
-			$('#'+id).val(result.changes[id]);
+			if(id.indexOf('count') > 0) {
+				$('#'+id).text(result.changes[id]);
+			} else {
+				$('#'+id).val(result.changes[id]);
+			}
 		}
 	},
 
@@ -202,6 +207,40 @@ var LdapWizard = {
 		}
 	},
 
+	composeFilter: function(type) {
+		if(type == 'user') {
+			action = 'getUserListFilter';
+		}
+
+		param = 'action='+action+
+				'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
+
+		LdapWizard.ajax(param,
+			function(result) {
+				LdapWizard.applyChanges(result);
+				LdapWizard.countUsers();
+			},
+			function (result) {
+				// error handling
+			}
+		);
+	},
+
+	countUsers: function() {
+		param = 'action=countUsers'+
+				'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
+
+		LdapWizard.ajax(param,
+			function(result) {
+				LdapWizard.applyChanges(result);
+// 				alert(result.changes['ldap_user_count']);
+			},
+			function (result) {
+				// error handling
+			}
+		);
+	},
+
 	findAvailableGroups: function() {
 		param = 'action=determineGroups'+
 				'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
@@ -273,6 +312,7 @@ var LdapWizard = {
 	initUserFilter: function() {
 		LdapWizard.findObjectClasses();
 		LdapWizard.findAvailableGroups();
+		LdapWizard.countUsers();
 	},
 
 	onTabChange: function(event, ui) {
@@ -289,6 +329,10 @@ var LdapWizard = {
 			LdapWizard.checkPort();
 			LdapWizard.checkBaseDN();
 		}
+
+		if(triggerObj.id == 'ldap_userlist_filter') {
+			LdapWizard.countUsers();
+		}
 	},
 
 	save: function(inputObj) {
@@ -305,6 +349,10 @@ var LdapWizard = {
 			values = values + "\n" + resultObj[i].value;
 		}
 		LdapWizard._save($('#'+originalObj)[0], $.trim(values));
+		if(originalObj == 'ldap_userfilter_objectclass'
+		   || originalObj == 'ldap_userfilter_groups') {
+			LdapWizard.composeFilter('user');
+		}
 	},
 
 	_save: function(object, value) {
@@ -330,6 +378,23 @@ var LdapWizard = {
 		$('#ldapWizard1 .ldapWizardInfo').text(t('user_ldap', text));
 		$('#ldapWizard1 .ldapWizardInfo').removeClass('invisible');
 		LdapWizard.checkInfoShown = true;
+	},
+
+	toggleRawUserFilter: function() {
+		if($('#rawUserFilterContainer').hasClass('invisible')) {
+			$('#rawUserFilterContainer').removeClass('invisible');
+			$('#ldap_userfilter_objectclass').multiselect('disable');
+			if($('#ldap_userfilter_groups').multiselect().attr('disabled') == 'disabled') {
+				userFilterGroupSelectState = 'disable';
+			} else {
+				userFilterGroupSelectState = 'enable';
+			}
+			$('#ldap_userfilter_groups').multiselect('disable');
+		} else {
+			$('#rawUserFilterContainer').addClass('invisible');
+			$('#ldap_userfilter_group').multiselect(userFilterGroupSelectState);
+			$('#ldap_userfilter_objectclass').multiselect('enable');
+		}
 	}
 };
 
@@ -346,6 +411,7 @@ $(document).ready(function() {
 							   'ldap_userfilter_objectclass',
 							   t('user_ldap', 'Select object classes'));
 	$('.lwautosave').change(function() { LdapWizard.save(this); });
+	$('#toggleRawUserFilter').click(LdapWizard.toggleRawUserFilter);
 	LdapConfiguration.refreshConfig();
 	$('#ldap_action_test_connection').click(function(event){
 		event.preventDefault();

apps/user_ldap/lib/configuration.php

@@ -63,6 +63,7 @@ class Configuration {
 		'ldapAttributesForGroupSearch' => null,
 		'homeFolderNamingRule' => null,
 		'hasPagedResultSupport' => false,
+		'hasMemberOfFilterSupport' => false,
 		'ldapExpertUsernameAttr' => null,
 		'ldapExpertUUIDAttr' => null,
 	);
@@ -304,6 +305,7 @@ class Configuration {
 			'ldap_attributes_for_group_search'	=> '',
 			'ldap_expert_username_attr'			=> '',
 			'ldap_expert_uuid_attr'				=> '',
+			'has_memberof_filter_support'		=> 0,
 		);
 	}
 
@@ -344,6 +346,7 @@ class Configuration {
 			'ldap_attributes_for_group_search'	=> 'ldapAttributesForGroupSearch',
 			'ldap_expert_username_attr' 		=> 'ldapExpertUsernameAttr',
 			'ldap_expert_uuid_attr' 			=> 'ldapExpertUUIDAttr',
+			'has_memberof_filter_support'		=> 'hasMemberOfFilterSupport',
 		);
 		return $array;
 	}

apps/user_ldap/lib/wizard.php

@@ -34,6 +34,10 @@ class Wizard extends LDAPUtility {
 	const LRESULT_PROCESSED_INVALID = 1;
 	const LRESULT_PROCESSED_SKIP = 2;
 
+	const LFILTER_LOGIN      = 0;
+	const LFILTER_USER_LIST  = 1;
+	const LFILTER_GROUP_LIST = 2;
+
 	/**
 	 * @brief Constructor
 	 * @param $configuration an instance of Configuration
@@ -54,6 +58,35 @@ class Wizard extends LDAPUtility {
 		}
 	}
 
+	public function countUsers() {
+		if(!$this->checkRequirements(array('ldapHost',
+										   'ldapPort',
+										   'ldapAgentName',
+										   'ldapAgentPassword',
+										   'ldapBase',
+										   'ldapUserFilter',
+										   ))) {
+			return  false;
+		}
+
+		$cr = $this->getConnection();
+		if(!$cr) {
+			throw new \Excpetion('Could not connect to LDAP');
+		}
+
+		$base = $this->configuration->ldapBase[0];
+		$filter = $this->configuration->ldapUserFilter;
+		$rr = $this->ldap->search($cr, $base, $filter, array('dn'));
+		if(!$this->ldap->isResource($rr)) {
+			return false;
+		}
+		$entries = $this->ldap->countEntries($cr, $rr);
+		$entries = ($entries !== false) ? $entries : 0;
+		$this->result->addChange('ldap_user_count', $entries);
+
+		return $this->result;
+	}
+
 	/**
 	 * @brief detects the available LDAP groups
 	 * @returns the instance's WizardResult instance
@@ -78,7 +111,9 @@ class Wizard extends LDAPUtility {
 								'ldap_userfilter_groups',
 								'ldapUserFilterGroups');
 
-		if(!$this->testMemberOf()) {
+		$this->configuration->hasMemberOfFilterSupport = $this->testMemberOf();
+		$filter = $this->composeLdapFilter(self::LFILTER_USER_LIST);
+		if(!$this->configuration->hasMemberOfFilterSupport) {
 			throw new \Exception('memberOf is not supported by the server');
 		}
 
@@ -114,6 +149,24 @@ class Wizard extends LDAPUtility {
 		return $this->result;
 	}
 
+	public function getUserListFilter() {
+		if(!$this->checkRequirements(array('ldapHost',
+										   'ldapPort',
+										   'ldapAgentName',
+										   'ldapAgentPassword',
+										   'ldapBase',
+										   ))) {
+			return false;
+		}
+		$filter = $this->composeLdapFilter(self::LFILTER_USER_LIST);
+		if(!$filter) {
+			throw new \Exception('Cannot create filter');
+		}
+
+		$this->applyFind('ldap_userlist_filter', $filter);
+		return $this->result;
+	}
+
 	/**
 	 * Tries to determine the port, requires given Host, User DN and Password
 	 * @returns mixed WizardResult on success, false otherwise
@@ -295,6 +348,72 @@ class Wizard extends LDAPUtility {
 		return false;
 	}
 
+	/**
+	 * @brief creates an LDAP Filter from given configuration
+	 * @param $filterType int, for which use case the filter shall be created
+	 * can be any of self::LFILTER_USER_LIST, self::LFILTER_LOGIN or
+	 * self::LFILTER_GROUP_LIST
+	 * @return mixed, string with the filter on success, false otherwise
+	 */
+	private function composeLdapFilter($filterType) {
+		$filter = '';
+		$parts = 0;
+		switch ($filterType) {
+			case self::LFILTER_USER_LIST:
+				$objcs = $this->configuration->ldapUserFilterObjectclass;
+				\OCP\Util::writeLog('user_ldap', 'Wiz: '.print_r($objcs, true), \OCP\Util::DEBUG);
+				//glue objectclasses
+				if(is_array($objcs) && count($objcs) > 0) {
+					\OCP\Util::writeLog('user_ldap', 'Wiz: Processing objectclasses', \OCP\Util::DEBUG);
+					$filter .= '(|';
+					foreach($objcs as $objc) {
+						$filter .= '(objectclass=' . $objc . ')';
+					}
+					$filter .= ')';
+					$parts++;
+				}
+				\OCP\Util::writeLog('user_ldap', 'Wiz: Intermediate filter '.$filter, \OCP\Util::DEBUG);
+				//glue group memberships
+				if($this->configuration->hasMemberOfFilterSupport) {
+					$cns = $this->configuration->ldapUserFilterGroups;
+					\OCP\Util::writeLog('user_ldap', 'Wiz: '.print_r($cns, true), \OCP\Util::DEBUG);
+					if(is_array($cns) && count($cns) > 0) {
+						\OCP\Util::writeLog('user_ldap', 'Wiz: Processing groups', \OCP\Util::DEBUG);
+						$filter .= '(|';
+						$cr = $this->getConnection();
+						if(!$cr) {
+							throw new \Excpetion('Could not connect to LDAP');
+						}
+						$base = $this->configuration->ldapBase[0];
+						foreach($cns as $cn) {
+							$rr = $this->ldap->search($cr, $base, 'cn=' . $cn, array('dn'));
+							if(!$this->ldap->isResource($rr)) {
+								continue;
+							}
+							$er = $this->ldap->firstEntry($cr, $rr);
+							$dn = $this->ldap->getDN($cr, $er);
+							$filter .= '(memberof=' . $dn . ')';
+						}
+						$filter .= ')';
+					}
+					$parts++;
+					\OCP\Util::writeLog('user_ldap', 'Wiz: Intermediate filter '.$filter, \OCP\Util::DEBUG);
+				}
+				//wrap parts in AND condition
+				if($parts > 1) {
+					$filter = '(&' . $filter . ')';
+				}
+				if(empty($filter)) {
+					$filter = 'objectclass=*';
+				}
+				break;
+		}
+
+		\OCP\Util::writeLog('user_ldap', 'Wiz: Final filter '.$filter, \OCP\Util::DEBUG);
+
+		return empty($filter) ? false : $filter;
+	}
+
 	/**
 	 * Connects and Binds to an LDAP Server
 	 * @param $port the port to connect with

apps/user_ldap/templates/part.wizard-userfilter.php

@@ -2,7 +2,7 @@
 
 	<div>
 		<p>
-			<?php p($l->t('Limit the access to ownCloud to users meetignthis criteria:'));?>
+			<?php p($l->t('Limit the access to ownCloud to users meeting this criteria:'));?>
 		</p>
 
 		<p>
@@ -28,13 +28,13 @@
 		</p>
 
 		<p>
-			<label><a>↓ <?php p($l->t('Edit raw filter instead'));?></a></label>
+			<label><a id='toggleRawUserFilter'>↓ <?php p($l->t('Edit raw filter instead'));?></a></label>
 		</p>
 
-		<p class="invisible">
-			<input type="text" id="ldap_userlistfilter_raw" name="ldap_userlistfilter_raw"
+		<p id="rawUserFilterContainer" class="invisible">
+			<input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter"
 			class="lwautosave"
-			data-default="<?php p($_['ldap_userlistfilter_raw_default']); ?>"
+			data-default="<?php p($_['ldap_userlist_filter_default']); ?>"
 			placeholder="<?php p($l->t('Raw LDAP filter'));?>"
 			title="<?php p($l->t('The filter specifies which LDAP users shall have access to the ownCloud instance.'));?>"
 			/>
@@ -43,6 +43,10 @@
 		<p>
 			<div class="ldapWizardInfo invisible">&nbsp;</div>
 		</p>
+
+		<p>
+			<span id="ldap_user_count">0</span> <span><?php p($l->t('user(s) found'));?></span>
+		</p>
 		<?php print_unescaped($_['wizardControls']); ?>
 	</div>
 </fieldset>
\ No newline at end of file