diff --git a/apps/user_ldap/ajax/wizard.php b/apps/user_ldap/ajax/wizard.php
index 497fe9dcf247379df3684e38ab3b02d266e59ed3..27359b908f61e5e9eab9fe713b074b7cd62d2089 100644
--- a/apps/user_ldap/ajax/wizard.php
+++ b/apps/user_ldap/ajax/wizard.php
@@ -48,6 +48,8 @@ switch($action) {
case 'guessBaseDN':
case 'determineObjectClasses':
case 'determineGroups':
+ case 'getUserListFilter':
+ case 'countUsers':
try {
$result = $wizard->$action();
if($result !== false) {
diff --git a/apps/user_ldap/js/settings.js b/apps/user_ldap/js/settings.js
index 837b79e329c0f5268014678b07865fcdde8f2574..d3c7aeea4f7768cc7903b866b9d877c6aea9a90e 100644
--- a/apps/user_ldap/js/settings.js
+++ b/apps/user_ldap/js/settings.js
@@ -127,6 +127,7 @@ var LdapConfiguration = {
var LdapWizard = {
checkPortInfoShown: false,
saveBlacklist: {},
+ userFilterGroupSelectState: 'enable',
ajax: function(param, fnOnSuccess, fnOnError) {
$.post(
@@ -148,7 +149,11 @@ var LdapWizard = {
//no need to blacklist multiselect
LdapWizard.saveBlacklist[id] = true;
}
- $('#'+id).val(result.changes[id]);
+ if(id.indexOf('count') > 0) {
+ $('#'+id).text(result.changes[id]);
+ } else {
+ $('#'+id).val(result.changes[id]);
+ }
}
},
@@ -202,6 +207,40 @@ var LdapWizard = {
}
},
+ composeFilter: function(type) {
+ if(type == 'user') {
+ action = 'getUserListFilter';
+ }
+
+ param = 'action='+action+
+ '&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
+
+ LdapWizard.ajax(param,
+ function(result) {
+ LdapWizard.applyChanges(result);
+ LdapWizard.countUsers();
+ },
+ function (result) {
+ // error handling
+ }
+ );
+ },
+
+ countUsers: function() {
+ param = 'action=countUsers'+
+ '&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
+
+ LdapWizard.ajax(param,
+ function(result) {
+ LdapWizard.applyChanges(result);
+// alert(result.changes['ldap_user_count']);
+ },
+ function (result) {
+ // error handling
+ }
+ );
+ },
+
findAvailableGroups: function() {
param = 'action=determineGroups'+
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
@@ -273,6 +312,7 @@ var LdapWizard = {
initUserFilter: function() {
LdapWizard.findObjectClasses();
LdapWizard.findAvailableGroups();
+ LdapWizard.countUsers();
},
onTabChange: function(event, ui) {
@@ -289,6 +329,10 @@ var LdapWizard = {
LdapWizard.checkPort();
LdapWizard.checkBaseDN();
}
+
+ if(triggerObj.id == 'ldap_userlist_filter') {
+ LdapWizard.countUsers();
+ }
},
save: function(inputObj) {
@@ -305,6 +349,10 @@ var LdapWizard = {
values = values + "\n" + resultObj[i].value;
}
LdapWizard._save($('#'+originalObj)[0], $.trim(values));
+ if(originalObj == 'ldap_userfilter_objectclass'
+ || originalObj == 'ldap_userfilter_groups') {
+ LdapWizard.composeFilter('user');
+ }
},
_save: function(object, value) {
@@ -330,6 +378,23 @@ var LdapWizard = {
$('#ldapWizard1 .ldapWizardInfo').text(t('user_ldap', text));
$('#ldapWizard1 .ldapWizardInfo').removeClass('invisible');
LdapWizard.checkInfoShown = true;
+ },
+
+ toggleRawUserFilter: function() {
+ if($('#rawUserFilterContainer').hasClass('invisible')) {
+ $('#rawUserFilterContainer').removeClass('invisible');
+ $('#ldap_userfilter_objectclass').multiselect('disable');
+ if($('#ldap_userfilter_groups').multiselect().attr('disabled') == 'disabled') {
+ userFilterGroupSelectState = 'disable';
+ } else {
+ userFilterGroupSelectState = 'enable';
+ }
+ $('#ldap_userfilter_groups').multiselect('disable');
+ } else {
+ $('#rawUserFilterContainer').addClass('invisible');
+ $('#ldap_userfilter_group').multiselect(userFilterGroupSelectState);
+ $('#ldap_userfilter_objectclass').multiselect('enable');
+ }
}
};
@@ -346,6 +411,7 @@ $(document).ready(function() {
'ldap_userfilter_objectclass',
t('user_ldap', 'Select object classes'));
$('.lwautosave').change(function() { LdapWizard.save(this); });
+ $('#toggleRawUserFilter').click(LdapWizard.toggleRawUserFilter);
LdapConfiguration.refreshConfig();
$('#ldap_action_test_connection').click(function(event){
event.preventDefault();
diff --git a/apps/user_ldap/lib/configuration.php b/apps/user_ldap/lib/configuration.php
index 33771cf9388015fce799e64c668359fd5d7a1ac3..70c5545889501ecfb632a4b87ae75e1d42a85e89 100644
--- a/apps/user_ldap/lib/configuration.php
+++ b/apps/user_ldap/lib/configuration.php
@@ -63,6 +63,7 @@ class Configuration {
'ldapAttributesForGroupSearch' => null,
'homeFolderNamingRule' => null,
'hasPagedResultSupport' => false,
+ 'hasMemberOfFilterSupport' => false,
'ldapExpertUsernameAttr' => null,
'ldapExpertUUIDAttr' => null,
);
@@ -304,6 +305,7 @@ class Configuration {
'ldap_attributes_for_group_search' => '',
'ldap_expert_username_attr' => '',
'ldap_expert_uuid_attr' => '',
+ 'has_memberof_filter_support' => 0,
);
}
@@ -344,6 +346,7 @@ class Configuration {
'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch',
'ldap_expert_username_attr' => 'ldapExpertUsernameAttr',
'ldap_expert_uuid_attr' => 'ldapExpertUUIDAttr',
+ 'has_memberof_filter_support' => 'hasMemberOfFilterSupport',
);
return $array;
}
diff --git a/apps/user_ldap/lib/wizard.php b/apps/user_ldap/lib/wizard.php
index 7e3dfa8610f6c23f7a6cb8c12166f2b959f2c312..e85c7460748f650fe760a78f13bf94d09785fb5f 100644
--- a/apps/user_ldap/lib/wizard.php
+++ b/apps/user_ldap/lib/wizard.php
@@ -34,6 +34,10 @@ class Wizard extends LDAPUtility {
const LRESULT_PROCESSED_INVALID = 1;
const LRESULT_PROCESSED_SKIP = 2;
+ const LFILTER_LOGIN = 0;
+ const LFILTER_USER_LIST = 1;
+ const LFILTER_GROUP_LIST = 2;
+
/**
* @brief Constructor
* @param $configuration an instance of Configuration
@@ -54,6 +58,35 @@ class Wizard extends LDAPUtility {
}
}
+ public function countUsers() {
+ if(!$this->checkRequirements(array('ldapHost',
+ 'ldapPort',
+ 'ldapAgentName',
+ 'ldapAgentPassword',
+ 'ldapBase',
+ 'ldapUserFilter',
+ ))) {
+ return false;
+ }
+
+ $cr = $this->getConnection();
+ if(!$cr) {
+ throw new \Excpetion('Could not connect to LDAP');
+ }
+
+ $base = $this->configuration->ldapBase[0];
+ $filter = $this->configuration->ldapUserFilter;
+ $rr = $this->ldap->search($cr, $base, $filter, array('dn'));
+ if(!$this->ldap->isResource($rr)) {
+ return false;
+ }
+ $entries = $this->ldap->countEntries($cr, $rr);
+ $entries = ($entries !== false) ? $entries : 0;
+ $this->result->addChange('ldap_user_count', $entries);
+
+ return $this->result;
+ }
+
/**
* @brief detects the available LDAP groups
* @returns the instance's WizardResult instance
@@ -78,7 +111,9 @@ class Wizard extends LDAPUtility {
'ldap_userfilter_groups',
'ldapUserFilterGroups');
- if(!$this->testMemberOf()) {
+ $this->configuration->hasMemberOfFilterSupport = $this->testMemberOf();
+ $filter = $this->composeLdapFilter(self::LFILTER_USER_LIST);
+ if(!$this->configuration->hasMemberOfFilterSupport) {
throw new \Exception('memberOf is not supported by the server');
}
@@ -114,6 +149,24 @@ class Wizard extends LDAPUtility {
return $this->result;
}
+ public function getUserListFilter() {
+ if(!$this->checkRequirements(array('ldapHost',
+ 'ldapPort',
+ 'ldapAgentName',
+ 'ldapAgentPassword',
+ 'ldapBase',
+ ))) {
+ return false;
+ }
+ $filter = $this->composeLdapFilter(self::LFILTER_USER_LIST);
+ if(!$filter) {
+ throw new \Exception('Cannot create filter');
+ }
+
+ $this->applyFind('ldap_userlist_filter', $filter);
+ return $this->result;
+ }
+
/**
* Tries to determine the port, requires given Host, User DN and Password
* @returns mixed WizardResult on success, false otherwise
@@ -295,6 +348,72 @@ class Wizard extends LDAPUtility {
return false;
}
+ /**
+ * @brief creates an LDAP Filter from given configuration
+ * @param $filterType int, for which use case the filter shall be created
+ * can be any of self::LFILTER_USER_LIST, self::LFILTER_LOGIN or
+ * self::LFILTER_GROUP_LIST
+ * @return mixed, string with the filter on success, false otherwise
+ */
+ private function composeLdapFilter($filterType) {
+ $filter = '';
+ $parts = 0;
+ switch ($filterType) {
+ case self::LFILTER_USER_LIST:
+ $objcs = $this->configuration->ldapUserFilterObjectclass;
+ \OCP\Util::writeLog('user_ldap', 'Wiz: '.print_r($objcs, true), \OCP\Util::DEBUG);
+ //glue objectclasses
+ if(is_array($objcs) && count($objcs) > 0) {
+ \OCP\Util::writeLog('user_ldap', 'Wiz: Processing objectclasses', \OCP\Util::DEBUG);
+ $filter .= '(|';
+ foreach($objcs as $objc) {
+ $filter .= '(objectclass=' . $objc . ')';
+ }
+ $filter .= ')';
+ $parts++;
+ }
+ \OCP\Util::writeLog('user_ldap', 'Wiz: Intermediate filter '.$filter, \OCP\Util::DEBUG);
+ //glue group memberships
+ if($this->configuration->hasMemberOfFilterSupport) {
+ $cns = $this->configuration->ldapUserFilterGroups;
+ \OCP\Util::writeLog('user_ldap', 'Wiz: '.print_r($cns, true), \OCP\Util::DEBUG);
+ if(is_array($cns) && count($cns) > 0) {
+ \OCP\Util::writeLog('user_ldap', 'Wiz: Processing groups', \OCP\Util::DEBUG);
+ $filter .= '(|';
+ $cr = $this->getConnection();
+ if(!$cr) {
+ throw new \Excpetion('Could not connect to LDAP');
+ }
+ $base = $this->configuration->ldapBase[0];
+ foreach($cns as $cn) {
+ $rr = $this->ldap->search($cr, $base, 'cn=' . $cn, array('dn'));
+ if(!$this->ldap->isResource($rr)) {
+ continue;
+ }
+ $er = $this->ldap->firstEntry($cr, $rr);
+ $dn = $this->ldap->getDN($cr, $er);
+ $filter .= '(memberof=' . $dn . ')';
+ }
+ $filter .= ')';
+ }
+ $parts++;
+ \OCP\Util::writeLog('user_ldap', 'Wiz: Intermediate filter '.$filter, \OCP\Util::DEBUG);
+ }
+ //wrap parts in AND condition
+ if($parts > 1) {
+ $filter = '(&' . $filter . ')';
+ }
+ if(empty($filter)) {
+ $filter = 'objectclass=*';
+ }
+ break;
+ }
+
+ \OCP\Util::writeLog('user_ldap', 'Wiz: Final filter '.$filter, \OCP\Util::DEBUG);
+
+ return empty($filter) ? false : $filter;
+ }
+
/**
* Connects and Binds to an LDAP Server
* @param $port the port to connect with
diff --git a/apps/user_ldap/templates/part.wizard-userfilter.php b/apps/user_ldap/templates/part.wizard-userfilter.php
index 56dd16e8a611c1f5b7f5fc04b0a2f471f4d213ef..879af95b2bca2084239af2b34932c00a17829a70 100644
--- a/apps/user_ldap/templates/part.wizard-userfilter.php
+++ b/apps/user_ldap/templates/part.wizard-userfilter.php
@@ -2,7 +2,7 @@
<div>
<p>
- <?php p($l->t('Limit the access to ownCloud to users meetignthis criteria:'));?>
+ <?php p($l->t('Limit the access to ownCloud to users meeting this criteria:'));?>
</p>
<p>
@@ -28,13 +28,13 @@
</p>
<p>
- <label><a>↓ <?php p($l->t('Edit raw filter instead'));?></a></label>
+ <label><a id='toggleRawUserFilter'>↓ <?php p($l->t('Edit raw filter instead'));?></a></label>
</p>
- <p class="invisible">
- <input type="text" id="ldap_userlistfilter_raw" name="ldap_userlistfilter_raw"
+ <p id="rawUserFilterContainer" class="invisible">
+ <input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter"
class="lwautosave"
- data-default="<?php p($_['ldap_userlistfilter_raw_default']); ?>"
+ data-default="<?php p($_['ldap_userlist_filter_default']); ?>"
placeholder="<?php p($l->t('Raw LDAP filter'));?>"
title="<?php p($l->t('The filter specifies which LDAP users shall have access to the ownCloud instance.'));?>"
/>
@@ -43,6 +43,10 @@
<p>
<div class="ldapWizardInfo invisible"> </div>
</p>
+
+ <p>
+ <span id="ldap_user_count">0</span> <span><?php p($l->t('user(s) found'));?></span>
+ </p>
<?php print_unescaped($_['wizardControls']); ?>
</div>
</fieldset>
\ No newline at end of file