class Wizard extends LDAPUtility {
static protected $l;
+ protected $cr;
protected $configuration;
protected $result;
+ protected $resultCache = array();
const LRESULT_PROCESSED_OK = 0;
const LRESULT_PROCESSED_INVALID = 1;
}
$obclasses = array('posixGroup', 'group', '*');
- return $this->determineFeature($obclasses,
- 'cn',
- 'ldap_userfilter_groups',
- 'ldapUserFilterGroups');
+ $groups = $this->determineFeature($obclasses,
+ 'cn',
+ 'ldap_userfilter_groups',
+ 'ldapUserFilterGroups');
- //TODO: Check, whether member-of-overlay is installed on the LDAP Server
+ $isMemberOfWorking = $this->testMemberOf($groups);
+ if(!$isMemberOfWorking) {
+ throw new \Exception('memberOf is not supported by the server');
+ }
+
+ return $this->result;
+ }
+
+ private function testMemberOf($groups) {
+ $cr = $this->getConnection();
+ if(!$cr) {
+ throw new \Excpetion('Could not connect to LDAP');
+ }
+ if(!is_array($this->configuration->ldapBase)
+ || !isset($this->configuration->ldapBase[0])) {
+ return false;
+ }
+ $base = $this->configuration->ldapBase[0];
+ $filterPrefix = '(&(objectclass=*)(memberOf=';
+
+ foreach($this->resultCache as $dn => $properties) {
+ if(!isset($properties['cn'])) {
+ //assuming only groups have their cn cached :)
+ continue;
+ }
+ $filter = strtolower($filterPrefix . $dn.'))');
+ $rr = $this->ldap->search($cr, $base, $filter, array('dn'));
+ if(!$this->ldap->isResource($rr)) {
+ continue;
+ }
+ $entries = $this->ldap->countEntries($cr, $rr);
+ //we do not know which groups are empty, so test any and return
+ //success on the first match that returns at least one user
+ if(($entries !== false) && ($entries > 0)) {
+ return true;
+ }
+ }
+
+
+ return false;
}
/**
'ldapAgentName',
'ldapAgentPassword',
'ldapBase',
- true
))) {
return false;
}
$obclasses = array('inetOrgPerson', 'person', 'organizationalPerson',
'user', 'posixAccount', '*');
- return $this->determineFeature($obclasses,
- 'objectclass',
- 'ldap_userfilter_objectclass',
- 'ldapUserFilterObjectclass');
+ $this->determineFeature($obclasses,
+ 'objectclass',
+ 'ldap_userfilter_objectclass',
+ 'ldapUserFilterObjectclass',
+ true);
+
+ return $this->result;
}
/**
if($dn === false || in_array($dn, $dnRead)) {
continue;
}
+ $newItems = array();
$state = $this->getAttributeValuesFromEntry($attributes,
$attr,
- $foundItems);
+ $newItems);
+ $foundItems = array_merge($foundItems, $newItems);
+ $this->resultCache[$dn][$attr] = $newItems;
$dnRead[] = $dn;
$getEntryFunc = 'nextEntry';
$rr = $entry; //will be expected by nextEntry next round
}
}
- return $foundItems;
+ return array_unique($foundItems);
}
/**
* Configuration class
* @param $po boolean, whether the objectClass with most result entries
* shall be pre-selected via the result
- * @returns the instance's WizardResult instance
+ * @returns array, list of found items.
*/
private function determineFeature($objectclasses, $attr, $dbkey, $confkey, $po = false) {
$cr = $this->getConnection();
$this->result->addChange($dbkey, $maxEntryObjC);
}
- return $this->result;
+ return $availableFeatures;
}
/**
continue;
}
if(!in_array($val, $known)) {
- \OCP\Util::writeLog('user_ldap', 'Found objclass '.$val, \OCP\Util::DEBUG);
$known[] = $val;
}
}
}
private function getConnection() {
+ if(!is_null($this->cr)) {
+ return $cr;
+ }
$cr = $this->ldap->connect(
$this->configuration->ldapHost.':'.$this->configuration->ldapPort,
$this->configuration->ldapPort);
$this->configuration->ldapAgentName,
$this->configuration->ldapAgentPassword);
if($lo === true) {
+ $this->$cr = $cr;
return $cr;
}
projects / nextcloud-server.git / commitdiff