Mirrors
/
nextcloud-server
mirror of https://github.com/nextcloud/server
3
0
Fork 0
Code Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48238 Commits
574 Branches
1160 Tags
4.0 GiB
Tree: 792bcb82ae
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '792bcb82ae'
${ noResults }
nextcloud-server/apps/user_ldap/lib/Connection.php

683 lines
19 KiB
Raw Normal View History

LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
Fix apps/
9 years ago
Update license headers
10 years ago
Update license headers
11 years ago
Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>
8 years ago
Fix apps/
9 years ago
Update license headers
11 years ago
Update license headers
10 years ago
Update license headers
11 years ago
Update with robin
9 years ago
Happy new year!
10 years ago
Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>
8 years ago
user_ldap: Add support for gidNumber This patch is based on the work of @dleeuw (https://github.com/dleeuw) (See https://github.com/nextcloud/server/issues/2640#issuecomment-269615883 for more details). The difference is user & group data will be written into cache to have better performance, and functions splited from primaryGroupID series to make them more readable. Fixed https://github.com/nextcloud/server/issues/2640 Signed-off-by: Xuanwo <xuanwo@yunify.com>
9 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
Update license headers
11 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
Update license headers
11 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
Update license headers
11 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
Update license headers
11 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
Update license headers
11 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
Revert "Updating license headers" This reverts commit 6a1a4880f0d556fb090f19a5019fec31916f5c36.
11 years ago
Move Connection to PSR-4
10 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
throw exception if setup is incomplete
11 years ago
move log constants to ILogger Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
throw exception if setup is incomplete
11 years ago
support for AD primary groups support for primary groups actually the problem is only known on AD, it is only needed to take care of their attributes adjust to ADs special behaviour this change was not intended cache the SID value so it is not requested over and over again theres only one, use singular we are access add tests for new Access methods add tests for new Group methods address scrutinizer findings, mostly doc call ldap_explode_dn from ldap wrapper, enables tests without php5-ldap PHP Doc yo dawg, i heard you like backslashes … php doc fix PHPDoc updated and typos fixed while reviewing
12 years ago
fix cherrypicking
11 years ago
support for AD primary groups support for primary groups actually the problem is only known on AD, it is only needed to take care of their attributes adjust to ADs special behaviour this change was not intended cache the SID value so it is not requested over and over again theres only one, use singular we are access add tests for new Access methods add tests for new Group methods address scrutinizer findings, mostly doc call ldap_explode_dn from ldap wrapper, enables tests without php5-ldap PHP Doc yo dawg, i heard you like backslashes … php doc fix PHPDoc updated and typos fixed while reviewing
12 years ago
fix retrieval of user groups
11 years ago
improve log output when no LDAP user was found on login attempt
10 years ago
support for AD primary groups support for primary groups actually the problem is only known on AD, it is only needed to take care of their attributes adjust to ADs special behaviour this change was not intended cache the SID value so it is not requested over and over again theres only one, use singular we are access add tests for new Access methods add tests for new Group methods address scrutinizer findings, mostly doc call ldap_explode_dn from ldap wrapper, enables tests without php5-ldap PHP Doc yo dawg, i heard you like backslashes … php doc fix PHPDoc updated and typos fixed while reviewing
12 years ago
Port of test_ldap_2nddispname to master
10 years ago
allow admin to disable fetching of avatars as well as a specific attribute Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
Add tests Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
9 years ago
Split mapping from Access and Helper classes into it's own. Fully test them, too. remove unused methods split mapping methods off from Access class fix DB query handling move 'clear mapping' methods from static helper to new mapping class add tests test directly with DB finishing tests and fix return value from setDNbyUUID add corresponding class for groups and make abstract test class neutral. helper tests is now obsolete as the tested functions were moved to the new mapper class. add missing info to PHPDoc add unmap method fix namespaces fix test inheritance PHPDoc and a small code restructure for scrutinizer, no effective changes PostgreSQL does not accept LIMIT in DELETE queries phpdoc fixes, no code changes
11 years ago
don't show recurring msg when pages result was turned off and only as debug level otherwise. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
and escape the search term
11 years ago
add integration test for uuid attr detection Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
9 years ago
move LDAP user attributes "sync" to background (except for ajax jobs) Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
lower log level for quota manipulation cases and simplify the forest of ifs a little bit Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
add LDAP ConfigHandler for external storages and "$home" var * handler registered upon OCA\\Files_External::loadAdditionalBackends event as user_ldap is loaded before files_external * new configuration field "ldapExtStorageHomeAttribute" (not in GUI yet) Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
7 years ago
fix retrieval of user groups
11 years ago
LDAP: make Access be a dependency to the user and group backend instead of inheriting it.
12 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
introduce configPrefix to allow settings for multiple LDAP servers
13 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
New LDAPProvider for user_ldap
9 years ago
LDAP: only connect to LDAP once on login
12 years ago
if possible, getUserGroups should get memberships using memberOf virtual attribute
11 years ago
user_ldap: Add support for gidNumber This patch is based on the work of @dleeuw (https://github.com/dleeuw) (See https://github.com/nextcloud/server/issues/2640#issuecomment-269615883 for more details). The difference is user & group data will be written into cache to have better performance, and functions splited from primaryGroupID series to make them more readable. Fixed https://github.com/nextcloud/server/issues/2640 Signed-off-by: Xuanwo <xuanwo@yunify.com>
9 years ago
LDAP: use OC_Cache to cache results from LDAP. Default is set to 10 min. Should improve performance especially when LDAP users use the sync client, because userExists checks with the LDAP server are reduced.
14 years ago
fix typo and comment
11 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: don't validate unconfigured (new) LDAP server configs, fixes #5518
12 years ago
Port of LDAP Wizard: get correct total no of users, groups and complete list of groups on big setups #9002 fix PHPdoc Conflicts: apps/user_ldap/lib/connection.php add method to count groups on LDAP Conflicts: apps/user_ldap/lib/access.php LDAP Wizard: count users and groups with the power of paged search Conflicts: apps/user_ldap/lib/wizard.php consolidate requirement check fix PHPdoc Conflicts: apps/user_ldap/lib/access.php Wizard: get really all groups from LDAP by power of Paged Search Conflicts: apps/user_ldap/lib/wizard.php make all this work in an early configuration state in the wizard by marking the config active and ignoring the validation state. Conflicts: apps/user_ldap/lib/connection.php simplify two methods a bit, because they are not used for group search anymore Conflicts: apps/user_ldap/lib/wizard.php remove unused vars; increase scrutinizer happiness
12 years ago
track the state of the bind result Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
documentation for the Connection constructor
13 years ago
Remove all occurences of @brief and @returns from PHPDoc * test case added to avoid adding them later
12 years ago
Use proper PHPDoc and variable names in the LDAP lib My IDE was so sad about this that it marked the whole file in red and yellow and forced me to fix this.
12 years ago
Port of LDAP Wizard: get correct total no of users, groups and complete list of groups on big setups #9002 fix PHPdoc Conflicts: apps/user_ldap/lib/connection.php add method to count groups on LDAP Conflicts: apps/user_ldap/lib/access.php LDAP Wizard: count users and groups with the power of paged search Conflicts: apps/user_ldap/lib/wizard.php consolidate requirement check fix PHPdoc Conflicts: apps/user_ldap/lib/access.php Wizard: get really all groups from LDAP by power of Paged Search Conflicts: apps/user_ldap/lib/wizard.php make all this work in an early configuration state in the wizard by marking the config active and ignoring the validation state. Conflicts: apps/user_ldap/lib/connection.php simplify two methods a bit, because they are not used for group search anymore Conflicts: apps/user_ldap/lib/wizard.php remove unused vars; increase scrutinizer happiness
12 years ago
documentation for the Connection constructor
13 years ago
LDAP: make Access be a dependency to the user and group backend instead of inheriting it.
12 years ago
introduce configPrefix to allow settings for multiple LDAP servers
13 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: only read config from database, if configID is given. Not what we want to do when on-the-fly-testing settings from the admin page
12 years ago
Use $server->getMemCacheFactory() in ldap connection
12 years ago
LDAP: use memcache if available
12 years ago
don't use deprecated method for requesting memcache Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
LDAP: use memcache if available
12 years ago
DI IConfig into ldap helper Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
9 years ago
LDAP: don't validate unconfigured (new) LDAP server configs, fixes #5518
12 years ago
LDAP User Cleanup: Port from stable7 without further adjustements LDAP User Cleanup background job for user clean up adjust user backend for clean up register background job remove dead code dependency injection make Helper non-static for proper testing check whether it is OK to run clean up job. Do not forget to pass arguments. use correct method to get the config from server methods can be private, proper indirect testing is given no automatic user deletion make limit readable for test purposes make method less complex add first tests let preferences accept limit and offset for getUsersForValue DI via constructor does not work for background jobs after detecting, now we have retrieving deleted users and their details we need this method to be public for now finalize export method, add missing getter clean up namespaces and get rid of unnecessary files helper is not static anymore cleanup according to scrutinizer add cli tool to show deleted users uses are necessary after recent namespace change also remove user from mappings table on deletion add occ command to delete users fix use statement improve output big fixes / improvements PHP doc return true in userExists early for cleaning up deleted users bump version control state and interval with one config.php setting, now ldapUserCleanupInterval. 0 will disable it. enabled by default. improve doc rename cli method to be consistent with others introduce ldapUserCleanupInterval in sample config don't show last login as unix epoche start when no login happend less log output consistent namespace for OfflineUser rename GarbageCollector to DeletedUsersIndex and move it to user subdir fix unit tests add tests for deleteUser more test adjustements Conflicts: apps/user_ldap/ajax/clearMappings.php apps/user_ldap/appinfo/app.php apps/user_ldap/lib/access.php apps/user_ldap/lib/helper.php apps/user_ldap/tests/helper.php core/register_command.php lib/private/preferences.php lib/private/user.php add ldap:check-user to check user existance on the fly Conflicts: apps/user_ldap/lib/helper.php forgotten file PHPdoc fixes, no code change and don't forget to adjust tests
11 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
New LDAPProvider for user_ldap
9 years ago
Resolve merge conflict
12 years ago
track the state of the bind result Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
Remove unneeded semicolon and parentheses Signed-off-by: Morris Jobke <hey@morrisjobke.de>
8 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: only connect to LDAP once on login
12 years ago
Remove all occurences of @brief and @returns from PHPDoc * test case added to avoid adding them later
12 years ago
LDAP: only connect to LDAP once on login
12 years ago
On clone create a new instance of the Configuration To avide effects on the original instance of Connection when the clone is modified, for instance on authentication checks.
12 years ago
unbound cloned connection fix Signed-off-by: Roger Szabo <roger.szabo@web.de>
8 years ago
on clone Connection, do not take over the existing LDAP resource For one, it solves potential conflicts when using the resource. For the other, one on the login check (the only place where a clone happens currently) we do not need to rebind after confirming the user's login was successful.
10 years ago
New LDAPProvider for user_ldap
9 years ago
LDAP: only connect to LDAP once on login
12 years ago
Use proper PHPDoc and variable names in the LDAP lib My IDE was so sad about this that it marked the whole file in red and yellow and forced me to fix this.
12 years ago
Fix PHPDoc in /apps
12 years ago
avoid unnecessary recursion Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
Use proper PHPDoc and variable names in the LDAP lib My IDE was so sad about this that it marked the whole file in red and yellow and forced me to fix this.
12 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
Use proper PHPDoc and variable names in the LDAP lib My IDE was so sad about this that it marked the whole file in red and yellow and forced me to fix this.
12 years ago
Fix PHPDoc in /apps
12 years ago
Use proper PHPDoc and variable names in the LDAP lib My IDE was so sad about this that it marked the whole file in red and yellow and forced me to fix this.
12 years ago
LDAP: identify (map) users with their directory UUID. Fixes the issue, that usernames for owncloud will change, when the DN changes (which happens rarely, but it happens).
13 years ago
LDAP: don't validate unconfigured (new) LDAP server configs, fixes #5518
12 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
Fix regression: undesired writes to the DB Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
9 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: identify (map) users with their directory UUID. Fixes the issue, that usernames for owncloud will change, when the DN changes (which happens rarely, but it happens).
13 years ago
allow admin to disable fetching of avatars as well as a specific attribute Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
Port of LDAP Wizard: get correct total no of users, groups and complete list of groups on big setups #9002 fix PHPdoc Conflicts: apps/user_ldap/lib/connection.php add method to count groups on LDAP Conflicts: apps/user_ldap/lib/access.php LDAP Wizard: count users and groups with the power of paged search Conflicts: apps/user_ldap/lib/wizard.php consolidate requirement check fix PHPdoc Conflicts: apps/user_ldap/lib/access.php Wizard: get really all groups from LDAP by power of Paged Search Conflicts: apps/user_ldap/lib/wizard.php make all this work in an early configuration state in the wizard by marking the config active and ignoring the validation state. Conflicts: apps/user_ldap/lib/connection.php simplify two methods a bit, because they are not used for group search anymore Conflicts: apps/user_ldap/lib/wizard.php remove unused vars; increase scrutinizer happiness
12 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
Remove all occurences of @brief and @returns from PHPDoc * test case added to avoid adding them later
12 years ago
Use proper PHPDoc and variable names in the LDAP lib My IDE was so sad about this that it marked the whole file in red and yellow and forced me to fix this.
12 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
Remove all occurences of @brief and @returns from PHPDoc * test case added to avoid adding them later
12 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: move is_resource check to ldap wrapper to make it mockable
12 years ago
LDAP: fix potentially unavailable LDAP resource, which can prevent successful login
13 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
move log constants to ILogger Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
throw exception if setup is incomplete
11 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
fix writing to cache when fallback server should be used immediately
10 years ago
track the state of the bind result Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
fix writing to cache when fallback server should be used immediately
10 years ago
Fix PHPdoc in user_ldap using scrutinizer patch
12 years ago
Fix PHPDoc in /apps
12 years ago
Use proper PHPDoc and variable names in the LDAP lib My IDE was so sad about this that it marked the whole file in red and yellow and forced me to fix this.
12 years ago
Fix PHPdoc in user_ldap using scrutinizer patch
12 years ago
LDAP: use OC_Cache to cache results from LDAP. Default is set to 10 min. Should improve performance especially when LDAP users use the sync client, because userExists checks with the LDAP server are reduced.
14 years ago
introduce configPrefix to allow settings for multiple LDAP servers
13 years ago
LDAP: use OC_Cache to cache results from LDAP. Default is set to 10 min. Should improve performance especially when LDAP users use the sync client, because userExists checks with the LDAP server are reduced.
14 years ago
use hash algo that's robust against collisions Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
LDAP: use OC_Cache to cache results from LDAP. Default is set to 10 min. Should improve performance especially when LDAP users use the sync client, because userExists checks with the LDAP server are reduced.
14 years ago
polish documentation based on scrutinizer patches
12 years ago
Fix PHPDoc in /apps
12 years ago
Use proper PHPDoc and variable names in the LDAP lib My IDE was so sad about this that it marked the whole file in red and yellow and forced me to fix this.
12 years ago
polish documentation based on scrutinizer patches
12 years ago
LDAP: use OC_Cache to cache results from LDAP. Default is set to 10 min. Should improve performance especially when LDAP users use the sync client, because userExists checks with the LDAP server are reduced.
14 years ago
drop global file cache support, fixes #15621
11 years ago
LDAP: use OC_Cache to cache results from LDAP. Default is set to 10 min. Should improve performance especially when LDAP users use the sync client, because userExists checks with the LDAP server are reduced.
14 years ago
[user_ldap] properly decode cached objects * fixes #21896
10 years ago
LDAP: use OC_Cache to cache results from LDAP. Default is set to 10 min. Should improve performance especially when LDAP users use the sync client, because userExists checks with the LDAP server are reduced.
14 years ago
polish documentation based on scrutinizer patches
12 years ago
Fix PHPDoc in /apps
12 years ago
drop global file cache support, fixes #15621
11 years ago
polish documentation based on scrutinizer patches
12 years ago
LDAP: use OC_Cache to cache results from LDAP. Default is set to 10 min. Should improve performance especially when LDAP users use the sync client, because userExists checks with the LDAP server are reduced.
14 years ago
drop global file cache support, fixes #15621
11 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: use OC_Cache to cache results from LDAP. Default is set to 10 min. Should improve performance especially when LDAP users use the sync client, because userExists checks with the LDAP server are reduced.
14 years ago
Use "json_encode" and "json_decode" instead of unserialize
10 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: use OC_Cache to cache results from LDAP. Default is set to 10 min. Should improve performance especially when LDAP users use the sync client, because userExists checks with the LDAP server are reduced.
14 years ago
drop global file cache support, fixes #15621
11 years ago
LDAP: use OC_Cache to cache results from LDAP. Default is set to 10 min. Should improve performance especially when LDAP users use the sync client, because userExists checks with the LDAP server are reduced.
14 years ago
LDAP: even better check for emptiness, fixes #3815
13 years ago
Remove all occurences of @brief and @returns from PHPDoc * test case added to avoid adding them later
12 years ago
Use proper PHPDoc and variable names in the LDAP lib My IDE was so sad about this that it marked the whole file in red and yellow and forced me to fix this.
12 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: some inline documentation
13 years ago
Remove all occurences of @brief and @returns from PHPDoc * test case added to avoid adding them later
12 years ago
Fix PHPDoc in /apps
12 years ago
Use proper PHPDoc and variable names in the LDAP lib My IDE was so sad about this that it marked the whole file in red and yellow and forced me to fix this.
12 years ago
polish documentation based on scrutinizer patches
12 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: don't validate unconfigured (new) LDAP server configs, fixes #5518
12 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: don't validate unconfigured (new) LDAP server configs, fixes #5518
12 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: some inline documentation
13 years ago
Remove all occurences of @brief and @returns from PHPDoc * test case added to avoid adding them later
12 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: some inline documentation
13 years ago
Ajaxifiy Settings Save
13 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: Clear cache on saving settings
13 years ago
Ajaxifiy Settings Save
13 years ago
fix mixed key and value
13 years ago
Remove all occurences of @brief and @returns from PHPDoc * test case added to avoid adding them later
12 years ago
fix mixed key and value
13 years ago
make sure that Configuration is read when getConfiguration is called. And give back the appropriate result.
13 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
make sure that Configuration is read when getConfiguration is called. And give back the appropriate result.
13 years ago
Ajaxifiy Settings Save
13 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
fix mixed key and value
13 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
Fix whitespace issues
12 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
resolve merge conflicts from rebase
12 years ago
move LDAP user attributes "sync" to background (except for ajax jobs) Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
resolve merge conflicts from rebase
12 years ago
move log constants to ILogger Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
resolve merge conflicts from rebase
12 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
resolve merge conflicts from rebase
12 years ago
LDAP: identify (map) users with their directory UUID. Fixes the issue, that usernames for owncloud will change, when the DN changes (which happens rarely, but it happens).
13 years ago
LDAP: allow different UUID attributes for groups and users
12 years ago
Use type casting instead of *val() method It should be up to 6x faster Signed-off-by: Morris Jobke <hey@morrisjobke.de>
8 years ago
Harden empty Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
9 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
make sure port is used as backup port if not specified. documentation. determine connection error earlier.
13 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
Use proper PHPDoc and variable names in the LDAP lib My IDE was so sad about this that it marked the whole file in red and yellow and forced me to fix this.
12 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
Use proper PHPDoc and variable names in the LDAP lib My IDE was so sad about this that it marked the whole file in red and yellow and forced me to fix this.
12 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: make it possible to define attributes that should be considered on searches
13 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
move log constants to ILogger Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
LDAP: when ldaps and tls are configured, disable the latter one - they do not work together. ldaps already creates a secure connection.
13 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: make it possible to define attributes that should be considered on searches
13 years ago
Use proper PHPDoc and variable names in the LDAP lib My IDE was so sad about this that it marked the whole file in red and yellow and forced me to fix this.
12 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
Use type casting instead of *val() method It should be up to 6x faster Signed-off-by: Morris Jobke <hey@morrisjobke.de>
8 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
move log constants to ILogger Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
Harden empty Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
9 years ago
move log constants to ILogger Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
move log constants to ILogger Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
move log constants to ILogger Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: gather defaults in one place, simplify readConfiguration
13 years ago
Remove all occurences of @brief and @returns from PHPDoc * test case added to avoid adding them later
12 years ago
That's bool and not always true
12 years ago
LDAP: gather defaults in one place, simplify readConfiguration
13 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: don't validate unconfigured (new) LDAP server configs, fixes #5518
12 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
Use proper PHPDoc and variable names in the LDAP lib My IDE was so sad about this that it marked the whole file in red and yellow and forced me to fix this.
12 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: gather defaults in one place, simplify readConfiguration
13 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP backup server should not be queried when auth fails Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: make it possible to enable/disable server configurations
13 years ago
LDAP: check if php-ldap is installed. If not, give an error output. FIX: blank Users page when the module is not installed.
14 years ago
Port of LDAP Wizard: get correct total no of users, groups and complete list of groups on big setups #9002 fix PHPdoc Conflicts: apps/user_ldap/lib/connection.php add method to count groups on LDAP Conflicts: apps/user_ldap/lib/access.php LDAP Wizard: count users and groups with the power of paged search Conflicts: apps/user_ldap/lib/wizard.php consolidate requirement check fix PHPdoc Conflicts: apps/user_ldap/lib/access.php Wizard: get really all groups from LDAP by power of Paged Search Conflicts: apps/user_ldap/lib/wizard.php make all this work in an early configuration state in the wizard by marking the config active and ignoring the validation state. Conflicts: apps/user_ldap/lib/connection.php simplify two methods a bit, because they are not used for group search anymore Conflicts: apps/user_ldap/lib/wizard.php remove unused vars; increase scrutinizer happiness
12 years ago
move log constants to ILogger Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
Resolve merge conflict
12 years ago
LDAP: check if php-ldap is installed. If not, give an error output. FIX: blank Users page when the module is not installed.
14 years ago
move log constants to ILogger Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
LDAP: check if php-ldap is installed. If not, give an error output. FIX: blank Users page when the module is not installed.
14 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: offer option to disable SSL certificate checks. Works around problems with self-signed certificates, for example. However, the best and right way to solve it is always to import the LDAP server cert to the owncloud server, so you it for testing only. Like to hear wether it works, instead appending LDAPTLS_REQCERT=never to ldap.conf.
14 years ago
Style cleanup user_ldap
13 years ago
move log constants to ILogger Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
LDAP: offer option to disable SSL certificate checks. Works around problems with self-signed certificates, for example. However, the best and right way to solve it is always to import the LDAP server cert to the owncloud server, so you it for testing only. Like to hear wether it works, instead appending LDAPTLS_REQCERT=never to ldap.conf.
14 years ago
move log constants to ILogger Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
LDAP: offer option to disable SSL certificate checks. Works around problems with self-signed certificates, for example. However, the best and right way to solve it is always to import the LDAP server cert to the owncloud server, so you it for testing only. Like to hear wether it works, instead appending LDAPTLS_REQCERT=never to ldap.conf.
14 years ago
LDAP: attempt to connect to backup server again, if main server is not available. Fixes #18701
10 years ago
LDAP: Simplify conditions in establishConnection Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
8 years ago
LDAP: attempt to connect to backup server again, if main server is not available. Fixes #18701
10 years ago
LDAP: Simplify conditions in establishConnection Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
8 years ago
LDAP: attempt to connect to backup server again, if main server is not available. Fixes #18701
10 years ago
Only bind if configuration for the first server is available Signed-off-by: Julius Härtl <jus@bitgrid.net>
7 years ago
LDAP: attempt to connect to backup server again, if main server is not available. Fixes #18701
10 years ago
LDAP: Use imported exception in Connection class Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
8 years ago
LDAP: Simplify conditions in establishConnection Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
8 years ago
LDAP: attempt to connect to backup server again, if main server is not available. Fixes #18701
10 years ago
LDAP: add support for backup/replica servers
13 years ago
LDAP backup server should not be queried when auth fails Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
LDAP: attempt to connect to backup server again, if main server is not available. Fixes #18701
10 years ago
track the state of the bind result Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
LDAP: attempt to connect to backup server again, if main server is not available. Fixes #18701
10 years ago
LDAP: Connect to backup server only if it exists + handle errors Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
9 years ago
LDAP: attempt to connect to backup server again, if main server is not available. Fixes #18701
10 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: Connect to backup server only if it exists + handle errors Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
9 years ago
LDAP: add support for backup/replica servers
13 years ago
fix a few minor code smells
9 years ago
LDAP: add support for backup/replica servers
13 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
Use proper PHPDoc and variable names in the LDAP lib My IDE was so sad about this that it marked the whole file in red and yellow and forced me to fix this.
12 years ago
Fix PHPDoc in /apps
12 years ago
Fix phpdoc
9 years ago
wizard should also detect protocol errors, as side effect enforces LDAPv3
10 years ago
Use proper PHPDoc and variable names in the LDAP lib My IDE was so sad about this that it marked the whole file in red and yellow and forced me to fix this.
12 years ago
LDAP: add support for backup/replica servers
13 years ago
Harden empty Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
9 years ago
LDAP: better detect timeouts. do not try to reconnect. do not try to bind when connection failed. makes ownCloud more responsive, esp. with multiple server connections configured
13 years ago
LDAP: Clean-up doConnect Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
8 years ago
Resolve merge conflict
12 years ago
LDAP: Clean-up doConnect Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
8 years ago
LDAP: Use imported exception in Connection class Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
8 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: Clean-up doConnect Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
8 years ago
LDAP: Use imported exception in Connection class Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
8 years ago
LDAP: Clean-up doConnect Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
8 years ago
LDAP: Use imported exception in Connection class Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
8 years ago
LDAP: Clean-up doConnect Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
8 years ago
fix a few minor code smells
9 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
LDAP: make it possible to enable/disable server configurations
13 years ago
track the state of the bind result Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
LDAP: move is_resource check to ldap wrapper to make it mockable
12 years ago
track the state of the bind result Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
LDAP: better detect timeouts. do not try to reconnect. do not try to bind when connection failed. makes ownCloud more responsive, esp. with multiple server connections configured
13 years ago
track the state of the bind result Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
LDAP: coding style
12 years ago
LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.
12 years ago
track the state of the bind result Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: Don't handle invalid credentials as a connection error Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
9 years ago
Style cleanup user_ldap
13 years ago
LDAP: Don't handle invalid credentials as a connection error Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
9 years ago
move log constants to ILogger Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
LDAP: Don't handle invalid credentials as a connection error Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
9 years ago
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
14 years ago
LDAP: take out ldapUuidAttribute from on-the-fly check, cannot be set by the user and would lead to server error. Fixes oc-1625
13 years ago
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  6. * @author Bart Visscher <bartv@thisnet.nl>
  7. * @author Brent Bloxam <brent.bloxam@gmail.com>
  8. * @author Jarkko Lehtoranta <devel@jlranta.com>
  9. * @author Joas Schilling <coding@schilljs.com>
  10. * @author Jörn Friedrich Dreyer <jfd@butonic.de>
  11. * @author Lukas Reschke <lukas@statuscode.ch>
  12. * @author Lyonel Vincent <lyonel@ezix.org>
  13. * @author Morris Jobke <hey@morrisjobke.de>
  14. * @author Robin Appelman <robin@icewind.nl>
  15. * @author Robin McCorkell <robin@mccorkell.me.uk>
  16. * @author Roeland Jago Douma <roeland@famdouma.nl>
  17. * @author root <root@localhost.localdomain>
  18. * @author Victor Dubiniuk <dubiniuk@owncloud.com>
  19. * @author Xuanwo <xuanwo@yunify.com>
  20. *
  21. * @license AGPL-3.0
  22. *
  23. * This code is free software: you can redistribute it and/or modify
  24. * it under the terms of the GNU Affero General Public License, version 3,
  25. * as published by the Free Software Foundation.
  26. *
  27. * This program is distributed in the hope that it will be useful,
  28. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  29. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  30. * GNU Affero General Public License for more details.
  31. *
  32. * You should have received a copy of the GNU Affero General Public License, version 3,
  33. * along with this program. If not, see <http://www.gnu.org/licenses/>
  34. *
  35. */
  37. namespace OCA\User_LDAP;
  39. use OC\ServerNotAvailableException;
  40. use OCP\ILogger;
  42. /**
  43. * magic properties (incomplete)
  44. * responsible for LDAP connections in context with the provided configuration
  45. *
  46. * @property string ldapHost
  47. * @property string ldapPort holds the port number
  48. * @property string ldapUserFilter
  49. * @property string ldapUserDisplayName
  50. * @property string ldapUserDisplayName2
  51. * @property string ldapUserAvatarRule
  52. * @property boolean turnOnPasswordChange
  53. * @property string[] ldapBaseUsers
  54. * @property int|null ldapPagingSize holds an integer
  55. * @property bool|mixed|void ldapGroupMemberAssocAttr
  56. * @property string ldapUuidUserAttribute
  57. * @property string ldapUuidGroupAttribute
  58. * @property string ldapExpertUUIDUserAttr
  59. * @property string ldapExpertUUIDGroupAttr
  60. * @property string ldapQuotaAttribute
  61. * @property string ldapQuotaDefault
  62. * @property string ldapEmailAttribute
  63. * @property string ldapExtStorageHomeAttribute
  64. * @property string homeFolderNamingRule
  65. */
  66. class Connection extends LDAPUtility {
  67. private $ldapConnectionRes = null;
  68. private $configPrefix;
  69. private $configID;
  70. private $configured = false;
  71. //whether connection should be kept on __destruct
  72. private $dontDestruct = false;
  74. /**
  75. * @var bool runtime flag that indicates whether supported primary groups are available
  76. */
  77. public $hasPrimaryGroups = true;
  79. /**
  80. * @var bool runtime flag that indicates whether supported POSIX gidNumber are available
  81. */
  82. public $hasGidNumber = true;
  84. //cache handler
  85. protected $cache;
  87. /** @var Configuration settings handler **/
  88. protected $configuration;
  90. protected $doNotValidate = false;
  92. protected $ignoreValidation = false;
  94. protected $bindResult = [];
  96. /**
  97. * Constructor
  98. * @param ILDAPWrapper $ldap
  99. * @param string $configPrefix a string with the prefix for the configkey column (appconfig table)
  100. * @param string|null $configID a string with the value for the appid column (appconfig table) or null for on-the-fly connections
  101. */
  102. public function __construct(ILDAPWrapper $ldap, $configPrefix = '', $configID = 'user_ldap') {
  103. parent::__construct($ldap);
  104. $this->configPrefix = $configPrefix;
  105. $this->configID = $configID;
  106. $this->configuration = new Configuration($configPrefix,
  107. !is_null($configID));
  108. $memcache = \OC::$server->getMemCacheFactory();
  109. if($memcache->isAvailable()) {
  110. $this->cache = $memcache->createDistributed();
  111. }
  112. $helper = new Helper(\OC::$server->getConfig());
  113. $this->doNotValidate = !in_array($this->configPrefix,
  114. $helper->getServerConfigurationPrefixes());
  115. }
  117. public function __destruct() {
  118. if(!$this->dontDestruct && $this->ldap->isResource($this->ldapConnectionRes)) {
  119. @$this->ldap->unbind($this->ldapConnectionRes);
  120. $this->bindResult = [];
  121. }
  122. }
  124. /**
  125. * defines behaviour when the instance is cloned
  126. */
  127. public function __clone() {
  128. $this->configuration = new Configuration($this->configPrefix,
  129. !is_null($this->configID));
  130. if(count($this->bindResult) !== 0 && $this->bindResult['result'] === true) {
  131. $this->bindResult = [];
  132. }
  133. $this->ldapConnectionRes = null;
  134. $this->dontDestruct = true;
  135. }
  137. /**
  138. * @param string $name
  139. * @return bool|mixed
  140. */
  141. public function __get($name) {
  142. if(!$this->configured) {
  143. $this->readConfiguration();
  144. }
  146. return $this->configuration->$name;
  147. }
  149. /**
  150. * @param string $name
  151. * @param mixed $value
  152. */
  153. public function __set($name, $value) {
  154. $this->doNotValidate = false;
  155. $before = $this->configuration->$name;
  156. $this->configuration->$name = $value;
  157. $after = $this->configuration->$name;
  158. if($before !== $after) {
  159. if ($this->configID !== '' && $this->configID !== null) {
  160. $this->configuration->saveConfiguration();
  161. }
  162. $this->validateConfiguration();
  163. }
  164. }
  166. /**
  167. * @param string $rule
  168. * @return array
  169. * @throws \RuntimeException
  170. */
  171. public function resolveRule($rule) {
  172. return $this->configuration->resolveRule($rule);
  173. }
  175. /**
  176. * sets whether the result of the configuration validation shall
  177. * be ignored when establishing the connection. Used by the Wizard
  178. * in early configuration state.
  179. * @param bool $state
  180. */
  181. public function setIgnoreValidation($state) {
  182. $this->ignoreValidation = (bool)$state;
  183. }
  185. /**
  186. * initializes the LDAP backend
  187. * @param bool $force read the config settings no matter what
  188. */
  189. public function init($force = false) {
  190. $this->readConfiguration($force);
  191. $this->establishConnection();
  192. }
  194. /**
  195. * Returns the LDAP handler
  196. */
  197. public function getConnectionResource() {
  198. if(!$this->ldapConnectionRes) {
  199. $this->init();
  200. } else if(!$this->ldap->isResource($this->ldapConnectionRes)) {
  201. $this->ldapConnectionRes = null;
  202. $this->establishConnection();
  203. }
  204. if(is_null($this->ldapConnectionRes)) {
  205. \OCP\Util::writeLog('user_ldap', 'No LDAP Connection to server ' . $this->configuration->ldapHost, ILogger::ERROR);
  206. throw new ServerNotAvailableException('Connection to LDAP server could not be established');
  207. }
  208. return $this->ldapConnectionRes;
  209. }
  211. /**
  212. * resets the connection resource
  213. */
  214. public function resetConnectionResource() {
  215. if(!is_null($this->ldapConnectionRes)) {
  216. @$this->ldap->unbind($this->ldapConnectionRes);
  217. $this->ldapConnectionRes = null;
  218. $this->bindResult = [];
  219. }
  220. }
  222. /**
  223. * @param string|null $key
  224. * @return string
  225. */
  226. private function getCacheKey($key) {
  227. $prefix = 'LDAP-'.$this->configID.'-'.$this->configPrefix.'-';
  228. if(is_null($key)) {
  229. return $prefix;
  230. }
  231. return $prefix.hash('sha256', $key);
  232. }
  234. /**
  235. * @param string $key
  236. * @return mixed|null
  237. */
  238. public function getFromCache($key) {
  239. if(!$this->configured) {
  240. $this->readConfiguration();
  241. }
  242. if(is_null($this->cache) || !$this->configuration->ldapCacheTTL) {
  243. return null;
  244. }
  245. $key = $this->getCacheKey($key);
  247. return json_decode(base64_decode($this->cache->get($key)), true);
  248. }
  250. /**
  251. * @param string $key
  252. * @param mixed $value
  253. *
  254. * @return string
  255. */
  256. public function writeToCache($key, $value) {
  257. if(!$this->configured) {
  258. $this->readConfiguration();
  259. }
  260. if(is_null($this->cache)
  261. || !$this->configuration->ldapCacheTTL
  262. || !$this->configuration->ldapConfigurationActive) {
  263. return null;
  264. }
  265. $key = $this->getCacheKey($key);
  266. $value = base64_encode(json_encode($value));
  267. $this->cache->set($key, $value, $this->configuration->ldapCacheTTL);
  268. }
  270. public function clearCache() {
  271. if(!is_null($this->cache)) {
  272. $this->cache->clear($this->getCacheKey(null));
  273. }
  274. }
  276. /**
  277. * Caches the general LDAP configuration.
  278. * @param bool $force optional. true, if the re-read should be forced. defaults
  279. * to false.
  280. * @return null
  281. */
  282. private function readConfiguration($force = false) {
  283. if((!$this->configured || $force) && !is_null($this->configID)) {
  284. $this->configuration->readConfiguration();
  285. $this->configured = $this->validateConfiguration();
  286. }
  287. }
  289. /**
  290. * set LDAP configuration with values delivered by an array, not read from configuration
  291. * @param array $config array that holds the config parameters in an associated array
  292. * @param array &$setParameters optional; array where the set fields will be given to
  293. * @return boolean true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters
  294. */
  295. public function setConfiguration($config, &$setParameters = null) {
  296. if(is_null($setParameters)) {
  297. $setParameters = array();
  298. }
  299. $this->doNotValidate = false;
  300. $this->configuration->setConfiguration($config, $setParameters);
  301. if(count($setParameters) > 0) {
  302. $this->configured = $this->validateConfiguration();
  303. }
  306. return $this->configured;
  307. }
  309. /**
  310. * saves the current Configuration in the database and empties the
  311. * cache
  312. * @return null
  313. */
  314. public function saveConfiguration() {
  315. $this->configuration->saveConfiguration();
  316. $this->clearCache();
  317. }
  319. /**
  320. * get the current LDAP configuration
  321. * @return array
  322. */
  323. public function getConfiguration() {
  324. $this->readConfiguration();
  325. $config = $this->configuration->getConfiguration();
  326. $cta = $this->configuration->getConfigTranslationArray();
  327. $result = array();
  328. foreach($cta as $dbkey => $configkey) {
  329. switch($configkey) {
  330. case 'homeFolderNamingRule':
  331. if(strpos($config[$configkey], 'attr:') === 0) {
  332. $result[$dbkey] = substr($config[$configkey], 5);
  333. } else {
  334. $result[$dbkey] = '';
  335. }
  336. break;
  337. case 'ldapBase':
  338. case 'ldapBaseUsers':
  339. case 'ldapBaseGroups':
  340. case 'ldapAttributesForUserSearch':
  341. case 'ldapAttributesForGroupSearch':
  342. if(is_array($config[$configkey])) {
  343. $result[$dbkey] = implode("\n", $config[$configkey]);
  344. break;
  345. } //else follows default
  346. default:
  347. $result[$dbkey] = $config[$configkey];
  348. }
  349. }
  350. return $result;
  351. }
  353. private function doSoftValidation() {
  354. //if User or Group Base are not set, take over Base DN setting
  355. foreach(array('ldapBaseUsers', 'ldapBaseGroups') as $keyBase) {
  356. $val = $this->configuration->$keyBase;
  357. if(empty($val)) {
  358. $this->configuration->$keyBase = $this->configuration->ldapBase;
  359. }
  360. }
  362. foreach(array('ldapExpertUUIDUserAttr' => 'ldapUuidUserAttribute',
  363. 'ldapExpertUUIDGroupAttr' => 'ldapUuidGroupAttribute')
  364. as $expertSetting => $effectiveSetting) {
  365. $uuidOverride = $this->configuration->$expertSetting;
  366. if(!empty($uuidOverride)) {
  367. $this->configuration->$effectiveSetting = $uuidOverride;
  368. } else {
  369. $uuidAttributes = Access::UUID_ATTRIBUTES;
  370. array_unshift($uuidAttributes, 'auto');
  371. if(!in_array($this->configuration->$effectiveSetting,
  372. $uuidAttributes)
  373. && (!is_null($this->configID))) {
  374. $this->configuration->$effectiveSetting = 'auto';
  375. $this->configuration->saveConfiguration();
  376. \OCP\Util::writeLog('user_ldap',
  377. 'Illegal value for the '.
  378. $effectiveSetting.', '.'reset to '.
  379. 'autodetect.', ILogger::INFO);
  380. }
  382. }
  383. }
  385. $backupPort = (int)$this->configuration->ldapBackupPort;
  386. if ($backupPort <= 0) {
  387. $this->configuration->backupPort = $this->configuration->ldapPort;
  388. }
  390. //make sure empty search attributes are saved as simple, empty array
  391. $saKeys = array('ldapAttributesForUserSearch',
  392. 'ldapAttributesForGroupSearch');
  393. foreach($saKeys as $key) {
  394. $val = $this->configuration->$key;
  395. if(is_array($val) && count($val) === 1 && empty($val[0])) {
  396. $this->configuration->$key = array();
  397. }
  398. }
  400. if((stripos($this->configuration->ldapHost, 'ldaps://') === 0)
  401. && $this->configuration->ldapTLS) {
  402. $this->configuration->ldapTLS = false;
  403. \OCP\Util::writeLog(
  404. 'user_ldap',
  405. 'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.',
  406. ILogger::INFO
  407. );
  408. }
  409. }
  411. /**
  412. * @return bool
  413. */
  414. private function doCriticalValidation() {
  415. $configurationOK = true;
  416. $errorStr = 'Configuration Error (prefix '.
  417. (string)$this->configPrefix .'): ';
  419. //options that shall not be empty
  420. $options = array('ldapHost', 'ldapPort', 'ldapUserDisplayName',
  421. 'ldapGroupDisplayName', 'ldapLoginFilter');
  422. foreach($options as $key) {
  423. $val = $this->configuration->$key;
  424. if(empty($val)) {
  425. switch($key) {
  426. case 'ldapHost':
  427. $subj = 'LDAP Host';
  428. break;
  429. case 'ldapPort':
  430. $subj = 'LDAP Port';
  431. break;
  432. case 'ldapUserDisplayName':
  433. $subj = 'LDAP User Display Name';
  434. break;
  435. case 'ldapGroupDisplayName':
  436. $subj = 'LDAP Group Display Name';
  437. break;
  438. case 'ldapLoginFilter':
  439. $subj = 'LDAP Login Filter';
  440. break;
  441. default:
  442. $subj = $key;
  443. break;
  444. }
  445. $configurationOK = false;
  446. \OCP\Util::writeLog(
  447. 'user_ldap',
  448. $errorStr.'No '.$subj.' given!',
  449. ILogger::WARN
  450. );
  451. }
  452. }
  454. //combinations
  455. $agent = $this->configuration->ldapAgentName;
  456. $pwd = $this->configuration->ldapAgentPassword;
  457. if (
  458. ($agent === '' && $pwd !== '')
  459. || ($agent !== '' && $pwd === '')
  460. ) {
  461. \OCP\Util::writeLog(
  462. 'user_ldap',
  463. $errorStr.'either no password is given for the user ' .
  464. 'agent or a password is given, but not an LDAP agent.',
  465. ILogger::WARN);
  466. $configurationOK = false;
  467. }
  469. $base = $this->configuration->ldapBase;
  470. $baseUsers = $this->configuration->ldapBaseUsers;
  471. $baseGroups = $this->configuration->ldapBaseGroups;
  473. if(empty($base) && empty($baseUsers) && empty($baseGroups)) {
  474. \OCP\Util::writeLog(
  475. 'user_ldap',
  476. $errorStr.'Not a single Base DN given.',
  477. ILogger::WARN
  478. );
  479. $configurationOK = false;
  480. }
  482. if(mb_strpos($this->configuration->ldapLoginFilter, '%uid', 0, 'UTF-8')
  483. === false) {
  484. \OCP\Util::writeLog(
  485. 'user_ldap',
  486. $errorStr.'login filter does not contain %uid place holder.',
  487. ILogger::WARN
  488. );
  489. $configurationOK = false;
  490. }
  492. return $configurationOK;
  493. }
  495. /**
  496. * Validates the user specified configuration
  497. * @return bool true if configuration seems OK, false otherwise
  498. */
  499. private function validateConfiguration() {
  501. if($this->doNotValidate) {
  502. //don't do a validation if it is a new configuration with pure
  503. //default values. Will be allowed on changes via __set or
  504. //setConfiguration
  505. return false;
  506. }
  508. // first step: "soft" checks: settings that are not really
  509. // necessary, but advisable. If left empty, give an info message
  510. $this->doSoftValidation();
  512. //second step: critical checks. If left empty or filled wrong, mark as
  513. //not configured and give a warning.
  514. return $this->doCriticalValidation();
  515. }
  518. /**
  519. * Connects and Binds to LDAP
  520. *
  521. * @throws ServerNotAvailableException
  522. */
  523. private function establishConnection() {
  524. if(!$this->configuration->ldapConfigurationActive) {
  525. return null;
  526. }
  527. static $phpLDAPinstalled = true;
  528. if(!$phpLDAPinstalled) {
  529. return false;
  530. }
  531. if(!$this->ignoreValidation && !$this->configured) {
  532. \OCP\Util::writeLog(
  533. 'user_ldap',
  534. 'Configuration is invalid, cannot connect',
  535. ILogger::WARN
  536. );
  537. return false;
  538. }
  539. if(!$this->ldapConnectionRes) {
  540. if(!$this->ldap->areLDAPFunctionsAvailable()) {
  541. $phpLDAPinstalled = false;
  542. \OCP\Util::writeLog(
  543. 'user_ldap',
  544. 'function ldap_connect is not available. Make sure that the PHP ldap module is installed.',
  545. ILogger::ERROR
  546. );
  548. return false;
  549. }
  550. if($this->configuration->turnOffCertCheck) {
  551. if(putenv('LDAPTLS_REQCERT=never')) {
  552. \OCP\Util::writeLog('user_ldap',
  553. 'Turned off SSL certificate validation successfully.',
  554. ILogger::DEBUG);
  555. } else {
  556. \OCP\Util::writeLog(
  557. 'user_ldap',
  558. 'Could not turn off SSL certificate validation.',
  559. ILogger::WARN
  560. );
  561. }
  562. }
  564. $isOverrideMainServer = ($this->configuration->ldapOverrideMainServer
  565. || $this->getFromCache('overrideMainServer'));
  566. $isBackupHost = (trim($this->configuration->ldapBackupHost) !== "");
  567. $bindStatus = false;
  568. try {
  569. if (!$isOverrideMainServer) {
  570. $this->doConnect($this->configuration->ldapHost,
  571. $this->configuration->ldapPort);
  572. return $this->bind();
  573. }
  574. } catch (ServerNotAvailableException $e) {
  575. if(!$isBackupHost) {
  576. throw $e;
  577. }
  578. }
  580. //if LDAP server is not reachable, try the Backup (Replica!) Server
  581. if($isBackupHost || $isOverrideMainServer) {
  582. $this->doConnect($this->configuration->ldapBackupHost,
  583. $this->configuration->ldapBackupPort);
  584. $this->bindResult = [];
  585. $bindStatus = $this->bind();
  586. $error = $this->ldap->isResource($this->ldapConnectionRes) ?
  587. $this->ldap->errno($this->ldapConnectionRes) : -1;
  588. if($bindStatus && $error === 0 && !$this->getFromCache('overrideMainServer')) {
  589. //when bind to backup server succeeded and failed to main server,
  590. //skip contacting him until next cache refresh
  591. $this->writeToCache('overrideMainServer', true);
  592. }
  593. }
  595. return $bindStatus;
  596. }
  597. return null;
  598. }
  600. /**
  601. * @param string $host
  602. * @param string $port
  603. * @return bool
  604. * @throws \OC\ServerNotAvailableException
  605. */
  606. private function doConnect($host, $port) {
  607. if ($host === '') {
  608. return false;
  609. }
  611. $this->ldapConnectionRes = $this->ldap->connect($host, $port);
  613. if(!$this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
  614. throw new ServerNotAvailableException('Could not set required LDAP Protocol version.');
  615. }
  617. if(!$this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
  618. throw new ServerNotAvailableException('Could not disable LDAP referrals.');
  619. }
  621. if($this->configuration->ldapTLS) {
  622. if(!$this->ldap->startTls($this->ldapConnectionRes)) {
  623. throw new ServerNotAvailableException('Start TLS failed, when connecting to LDAP host ' . $host . '.');
  624. }
  625. }
  627. return true;
  628. }
  630. /**
  631. * Binds to LDAP
  632. */
  633. public function bind() {
  634. if(!$this->configuration->ldapConfigurationActive) {
  635. return false;
  636. }
  637. $cr = $this->ldapConnectionRes;
  638. if(!$this->ldap->isResource($cr)) {
  639. $cr = $this->getConnectionResource();
  640. }
  642. if(
  643. count($this->bindResult) !== 0
  644. && $this->bindResult['dn'] === $this->configuration->ldapAgentName
  645. && \OC::$server->getHasher()->verify(
  646. $this->configPrefix . $this->configuration->ldapAgentPassword,
  647. $this->bindResult['hash']
  648. )
  649. ) {
  650. // don't attempt to bind again with the same data as before
  651. // bind might have been invoked via getConnectionResource(),
  652. // but we need results specifically for e.g. user login
  653. return $this->bindResult['result'];
  654. }
  656. $ldapLogin = @$this->ldap->bind($cr,
  657. $this->configuration->ldapAgentName,
  658. $this->configuration->ldapAgentPassword);
  660. $this->bindResult = [
  661. 'dn' => $this->configuration->ldapAgentName,
  662. 'hash' => \OC::$server->getHasher()->hash($this->configPrefix . $this->configuration->ldapAgentPassword),
  663. 'result' => $ldapLogin,
  664. ];
  666. if(!$ldapLogin) {
  667. $errno = $this->ldap->errno($cr);
  669. \OCP\Util::writeLog('user_ldap',
  670. 'Bind failed: ' . $errno . ': ' . $this->ldap->error($cr),
  671. ILogger::WARN);
  673. // Set to failure mode, if LDAP error code is not LDAP_SUCCESS or LDAP_INVALID_CREDENTIALS
  674. if($errno !== 0x00 && $errno !== 0x31) {
  675. $this->ldapConnectionRes = null;
  676. }
  678. return false;
  679. }
  680. return true;
  681. }
  683. }