switch($action) {
case 'guessPortAndTLS':
case 'guessBaseDN':
+ case 'determineObjectClasses':
try {
$result = $wizard->$action();
if($result !== false) {
.table {
display: table;
+ width: 60%;
}
.tablecell {
height: 15px;
}
-.hidden {
+.hidden, .invisible {
visibility: hidden;
}
width: 96.5% !important;
}
+.tableCellInput {
+ margin-left: -40%;
+ width: 100%;
+}
+
+.tableCellLabel {
+ text-align: right;
+ padding-right: 25%;
+}
+
.ldapIndent {
margin-left: 50px;
}
#ldap fieldset p input[type=checkbox] {
vertical-align: bottom;
+}
+
+select[multiple=multiple] + button {
+ height: 28px;
+ padding-top: 6px !important;
+ min-width: 40%;
+ max-width: 40%;
}
\ No newline at end of file
applyChanges: function (result) {
for (id in result.changes) {
- LdapWizard.saveBlacklist[id] = true;
+ if(!$.isArray(result.changes[id])) {
+ //no need to blacklist multiselect
+ LdapWizard.saveBlacklist[id] = true;
+ }
$('#'+id).val(result.changes[id]);
}
},
function(result) {
LdapWizard.applyChanges(result);
if($('#ldap_base').val()) {
- $('#ldap_base').removeClass('hidden');
+ $('#ldap_base').removeClass('invisible');
LdapWizard.hideInfoBox();
}
},
function (result) {
- $('#ldap_base').removeClass('hidden');
+ $('#ldap_base').removeClass('invisible');
LdapWizard.showInfoBox('Please specify a port');
}
);
function(result) {
LdapWizard.applyChanges(result);
if($('#ldap_port').val()) {
- $('#ldap_port').removeClass('hidden');
+ $('#ldap_port').removeClass('invisible');
LdapWizard.hideInfoBox();
}
},
function (result) {
- $('#ldap_port').removeClass('hidden');
+ $('#ldap_port').removeClass('invisible');
LdapWizard.showInfoBox('Please specify the BaseDN');
}
);
}
},
+ findObjectClasses: function() {
+ param = 'action=determineObjectClasses'+
+ '&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
+
+ LdapWizard.ajax(param,
+ function(result) {
+ $('#ldap_userfilter_objectclass').find('option').remove();
+ for (i in result.options['ldap_userfilter_objectclass']) {
+ //FIXME: move HTML into template
+ objc = result.options['ldap_userfilter_objectclass'][i];
+ $('#ldap_userfilter_objectclass').append("<option value='"+objc+"'>"+objc+"</option>");
+ }
+ LdapWizard.applyChanges(result);
+ $('#ldap_userfilter_objectclass').multiselect('refresh');
+ },
+ function (result) {
+ //TODO: error handling
+ }
+ );
+ },
+
hideInfoBox: function() {
if(LdapWizard.checkInfoShown) {
- $('#ldapWizard1 .ldapWizardInfo').addClass('hidden');
+ $('#ldapWizard1 .ldapWizardInfo').addClass('invisible');
LdapWizard.checkInfoShown = false;
}
},
init: function() {
if($('#ldap_port').val()) {
- $('#ldap_port').removeClass('hidden');
+ $('#ldap_port').removeClass('invisible');
+ }
+ },
+
+ initUserFilter: function() {
+ LdapWizard.findObjectClasses();
+ },
+
+ onTabChange: function(event, ui) {
+ if(ui.newTab[0].id === '#ldapWizard2') {
+ LdapWizard.initUserFilter();
}
},
delete LdapWizard.saveBlacklist[inputObj.id];
return;
}
- param = 'cfgkey='+inputObj.id+
- '&cfgval='+$(inputObj).val()+
+ LdapWizard._save(inputObj, $(inputObj).val());
+ },
+
+ saveMultiSelect: function(originalObj, resultObj) {
+ values = '';
+ for(i = 0; i < resultObj.length; i++) {
+ values = values + "\n" + resultObj[i].value;
+ }
+ LdapWizard._save($('#'+originalObj)[0], $.trim(values));
+ },
+
+ _save: function(object, value) {
+ param = 'cfgkey='+object.id+
+ '&cfgval='+value+
'&action=save'+
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
param,
function(result) {
if(result.status == 'success') {
- LdapWizard.processChanges(inputObj);
+ LdapWizard.processChanges(object);
} else {
// alert('Oooooooooooh :(');
}
showInfoBox: function(text) {
$('#ldapWizard1 .ldapWizardInfo').text(t('user_ldap', text));
- $('#ldapWizard1 .ldapWizardInfo').removeClass('hidden');
+ $('#ldapWizard1 .ldapWizardInfo').removeClass('invisible');
LdapWizard.checkInfoShown = true;
}
};
$(document).ready(function() {
$('#ldapAdvancedAccordion').accordion({ heightStyle: 'content', animate: 'easeInOutCirc'});
- $('#ldapSettings').tabs();
+ $('#ldapSettings').tabs({ beforeActivate: LdapWizard.onTabChange });
$('#ldap_submit').button();
$('#ldap_action_test_connection').button();
$('#ldap_action_delete_configuration').button();
+ $('#ldap_userfilter_groups').multiselect();
+ $('#ldap_userfilter_objectclass').multiselect({
+ header: false,
+ selectedList: 9,
+ noneSelectedText: t('user_ldap', 'Select object classes'),
+ click: function(event, ui) {
+ LdapWizard.saveMultiSelect('ldap_userfilter_objectclass',
+ $('#ldap_userfilter_objectclass').multiselect("getChecked")
+ );
+ }
+ });
$('.lwautosave').change(function() { LdapWizard.save(this); });
LdapConfiguration.refreshConfig();
$('#ldap_action_test_connection').click(function(event){
'turnOffCertCheck' => null,
'ldapIgnoreNamingRules' => null,
'ldapUserDisplayName' => null,
+ 'ldapUserFilterObjectclass' => null,
'ldapUserFilter' => null,
'ldapGroupFilter' => null,
'ldapGroupDisplayName' => null,
case 'ldapBaseGroups':
case 'ldapAttributesForUserSearch':
case 'ldapAttributesForGroupSearch':
+ case 'ldapUserFilterObjectclass':
$setMethod = 'setMultiLine';
default:
$this->$setMethod($key, $val);
if(!$this->configRead && !is_null($this->configPrefix)) {
$cta = array_flip($this->getConfigTranslationArray());
foreach($this->config as $key => $val) {
-// if($this->configPrefix == 's04') var_dump($key);
if(!isset($cta[$key])) {
//some are determined
continue;
}
$dbkey = $cta[$key];
-// if($this->configPrefix == 's04') var_dump($dbkey);
switch($key) {
case 'ldapBase':
case 'ldapBaseUsers':
case 'ldapBaseGroups':
case 'ldapAttributesForUserSearch':
case 'ldapAttributesForGroupSearch':
+ case 'ldapUserFilterObjectclass':
$readMethod = 'getMultiLine';
break;
case 'ldapIgnoreNamingRules':
$readMethod = 'getValue';
break;
}
-// if($this->configPrefix == 's04') var_dump($readMethod);
$this->config[$key] = $this->$readMethod($dbkey);
}
$this->configRead = true;
}
- if($this->configPrefix == 's03') {
-// var_dump($this->config);
-
-// die;
- }
}
/**
case 'ldapBaseGroups':
case 'ldapAttributesForUserSearch':
case 'ldapAttributesForGroupSearch':
+ case 'ldapUserFilterObjectclass':
if(is_array($value)) {
$value = implode("\n", $value);
}
if(is_null($defaults)) {
$defaults = $this->getDefaults();
}
-// if($this->configPrefix == 's04') var_dump($this->configPrefix.$varname);
-// if(0 == $this->configKeyToDBKey($varname)) {
-// var_dump($varname);
-// print("<pre>");
-// debug_print_backtrace(); die;
-// }
return \OCP\Config::getAppValue('user_ldap',
$this->configPrefix.$varname,
$defaults[$varname]);
'ldap_base_users' => '',
'ldap_base_groups' => '',
'ldap_userlist_filter' => 'objectClass=person',
+ 'ldap_userfilter_objectclass' => '',
'ldap_login_filter' => 'uid=%uid',
'ldap_group_filter' => 'objectClass=posixGroup',
'ldap_display_name' => 'cn',
'ldap_base' => 'ldapBase',
'ldap_base_users' => 'ldapBaseUsers',
'ldap_base_groups' => 'ldapBaseGroups',
+ 'ldap_userfilter_objectclass' => 'ldapUserFilterObjectclass',
'ldap_userlist_filter' => 'ldapUserFilter',
'ldap_login_filter' => 'ldapLoginFilter',
'ldap_group_filter' => 'ldapGroupFilter',
* */
public function getAttributes($link, $result);
+ /**
+ * @brief Get the DN of a result entry
+ * @param $link LDAP link resource
+ * @param $result LDAP result resource
+ * @return string containing the DN, false on error
+ */
+ public function getDN($link, $result);
+
/**
* @brief Get all result entries
* @param $link LDAP link resource
*/
public function getEntries($link, $result);
+ /**
+ * @brief Return next result id
+ * @param $link LDAP link resource
+ * @param $result LDAP entry result resource
+ * @return an LDAP search result resource
+ * */
+ public function nextEntry($link, $result);
+
/**
* @brief Read an entry
* @param $link LDAP link resource
return $this->invokeLDAPMethod('get_attributes', $link, $result);
}
+ public function getDN($link, $result) {
+ return $this->invokeLDAPMethod('get_dn', $link, $result);
+ }
+
public function getEntries($link, $result) {
return $this->invokeLDAPMethod('get_entries', $link, $result);
}
+ public function nextEntry($link, $result) {
+ return $this->invokeLDAPMethod('next_entry', $link, $result);
+ }
+
public function read($link, $baseDN, $filter, $attr) {
return $this->invokeLDAPMethod('read', $link, $baseDN, $filter, $attr);
}
protected $configuration;
protected $result;
+ const LRESULT_PROCESSED_OK = 0;
+ const LRESULT_PROCESSED_INVALID = 1;
+ const LRESULT_PROCESSED_SKIP = 2;
+
/**
* @brief Constructor
* @param $configuration an instance of Configuration
}
}
+ public function determineObjectClasses() {
+ if(!$this->checkRequirements(array('ldapHost',
+ 'ldapPort',
+ 'ldapAgentName',
+ 'ldapAgentPassword',
+ 'ldapBase',
+ ))) {
+ return false;
+ }
+ $cr = $this->getConnection();
+ if(!$cr) {
+ throw new \Excpetion('Could not connect to LDAP');
+ }
+
+ $p = 'objectclass=';
+ $obclasses = array($p.'inetOrgPerson', $p.'person',
+ $p.'organizationalPerson', $p.'user',
+ $p.'posixAccount', $p.'*');
+
+ $maxEntryObjC = '';
+ $availableObjectClasses =
+ $this->cumulativeSearchOnAttribute($obclasses, 'objectclass',
+ true, $maxEntryObjC);
+ if(is_array($availableObjectClasses)
+ && count($availableObjectClasses) > 0) {
+ $this->result->addOptions('ldap_userfilter_objectclass',
+ $availableObjectClasses);
+ } else {
+ throw new \Exception(self::$l->t('Could not find any objectClass'));
+ }
+ $setOCs = $this->configuration->ldapUserFilterObjectclass;
+ file_put_contents('/tmp/set', print_r($setOCs, true));
+ if(is_array($setOCs) && !empty($setOCs)) {
+ //something is already configured? pre-select it.
+ $this->result->addChange('ldap_userfilter_objectclass', $setOCs);
+ } else if(!empty($maxEntryObjC)) {
+ //new? pre-select something hopefully sane
+ $maxEntryObjC = str_replace($p, '', $maxEntryObjC);
+ $this->result->addChange('ldap_userfilter_objectclass',
+ $maxEntryObjC);
+ }
+
+ return $this->result;
+ }
+
/**
* Tries to determine the port, requires given Host, User DN and Password
* @returns mixed WizardResult on success, false otherwise
public function guessPortAndTLS() {
if(!$this->checkRequirements(array('ldapHost',
'ldapAgentName',
- 'ldapAgentPassword'))) {
+ 'ldapAgentPassword'
+ ))) {
return false;
}
$this->checkHost();
return true;
}
+ /**
+ * @brief does a cumulativeSearch on LDAP to get different values of a
+ * specified attribute
+ * @param $filters array, the filters that shall be used in the search
+ * @param $attr the attribute of which a list of values shall be returned
+ * @param $lfw bool, whether the last filter is a wildcard which shall not
+ * be processed if there were already findings, defaults to true
+ * @param $maxF string. if not null, this variable will have the filter that
+ * yields most result entries
+ * @return mixed, an array with the values on success, false otherwise
+ *
+ */
+ private function cumulativeSearchOnAttribute($filters, $attr, $lfw = true, &$maxF = null) {
+ $dnRead = array();
+ $foundItems = array();
+ $maxEntries = 0;
+ if(!is_array($this->configuration->ldapBase) || !isset($this->configuration->ldapBase[0])) {
+ return false;
+ }
+ $base = $this->configuration->ldapBase[0];
+ $cr = $this->getConnection();
+ if(!is_resource($cr)) {
+ return false;
+ }
+ foreach($filters as $filter) {
+ if($lfw && count($foundItems) > 0) {
+ continue;
+ }
+ $rr = $this->ldap->search($cr, $base, $filter, array($attr));
+ if(!$this->ldap->isResource($rr)) {
+ \OCP\Util::writeLog('user_ldap', 'Search failed, Base '.$base, \OCP\Util::DEBUG);
+ continue;
+ }
+ $entries = $this->ldap->countEntries($cr, $rr);
+ $getEntryFunc = 'firstEntry';
+ if(($entries !== false) && ($entries > 0)) {
+ if(!is_null($maxF) && $entries > $maxEntries) {
+ $maxEntries = $entries;
+ $maxF = $filter;
+ }
+ do {
+ $entry = $this->ldap->$getEntryFunc($cr, $rr);
+ if(!$this->ldap->isResource($entry)) {
+ continue 2;
+ }
+ $attributes = $this->ldap->getAttributes($cr, $entry);
+ $dn = $this->ldap->getDN($cr, $entry);
+ if($dn === false || in_array($dn, $dnRead)) {
+ continue;
+ }
+ $state = $this->getAttributeValuesFromEntry($attributes,
+ $attr,
+ $foundItems);
+ $dnRead[] = $dn;
+ $getEntryFunc = 'nextEntry';
+ $rr = $entry; //will be expected by nextEntry next round
+ } while($state === self::LRESULT_PROCESSED_SKIP
+ || $this->ldap->isResource($entry));
+ }
+ }
+
+ return $foundItems;
+ }
+
+ /**
+ * @brief appends a list of values fr
+ * @param $result resource, the return value from ldap_get_attributes
+ * @param $attribute string, the attribute values to look for
+ * @param &$known array, new values will be appended here
+ * @return int, state on of the class constants LRESULT_PROCESSED_OK,
+ * LRESULT_PROCESSED_INVALID or LRESULT_PROCESSED_SKIP
+ */
+ private function getAttributeValuesFromEntry($result, $attribute, &$known) {
+ if(!is_array($result)
+ || !isset($result['count'])
+ || !$result['count'] > 0) {
+ return self::LRESULT_PROCESSED_INVALID;
+ }
+
+ //strtolower on all keys for proper comparison
+ $result = \OCP\Util::mb_array_change_key_case($result);
+ $attribute = strtolower($attribute);
+ if(isset($result[$attribute])) {
+ foreach($result[$attribute] as $key => $val) {
+ if($key === 'count') {
+ continue;
+ }
+ if(!in_array($val, $known)) {
+ \OCP\Util::writeLog('user_ldap', 'Found objclass '.$val, \OCP\Util::DEBUG);
+ $known[] = $val;
+ }
+ }
+ return self::LRESULT_PROCESSED_OK;
+ } else {
+ return self::LRESULT_PROCESSED_SKIP;
+ }
+ }
+
private function getConnection() {
$cr = $this->ldap->connect(
$this->configuration->ldapHost.':'.$this->configuration->ldapPort,
class WizardResult {
protected $changes = array();
+ protected $options = array();
public function addChange($key, $value) {
$this->changes[$key] = $value;
}
+ public function addOptions($key, $values) {
+ if(!is_array($values)) {
+ $values = array($values);
+ }
+ $this->options[$key] = $values;
+ }
+
public function hasChanges() {
return count($this->changes) > 0;
}
public function getResultArray() {
$result = array();
$result['changes'] = $this->changes;
+ if(count($this->options) > 0) {
+ $result['options'] = $this->options;
+ }
return $result;
}
}
\ No newline at end of file
OC_Util::checkAdminUser();
-OCP\Util::addscript('user_ldap', 'settings');
-OCP\Util::addstyle('user_ldap', 'settings');
+OCP\Util::addScript('user_ldap', 'settings');
+OCP\Util::addScript('core', 'jquery.multiselect');
+OCP\Util::addStyle('user_ldap', 'settings');
+OCP\Util::addStyle('core', 'jquery.multiselect');
+OCP\Util::addStyle('core', 'jquery-ui-1.10.0.custom');
// fill template
$tmpl = new OCP\Template('user_ldap', 'settings');
$wizardHtml .= $wizard1->fetchPage();
$toc['#ldapWizard1'] = 'Server';
+$wizard2 = new OCP\Template('user_ldap', 'part.wizard-userfilter');
+$wizard2->assign('wizardControls', $wControls);
+$wizardHtml .= $wizard2->fetchPage();
+$toc['#ldapWizard2'] = 'User Filter';
+
$tmpl->assign('tabs', $wizardHtml);
$tmpl->assign('toc', $toc);
/>
<span>
<input type="number" id="ldap_port" name="ldap_port"
- class="hidden lwautosave"
+ class="invisible lwautosave"
data-default="<?php p($_['ldap_port_default']); ?>"
placeholder="<?php p($l->t('Port'));?>" />
</span>
</div>
<div class="tablerow">
- <div class="tablecell ldapWizardInfo hidden">
+ <div class="tablecell ldapWizardInfo invisible">
</div>
</div>
</div>
--- /dev/null
+<fieldset id="ldapWizard2">
+
+ <div>
+ <p>
+ <?php p($l->t('Limit the access to ownCloud to users meetignthis criteria:'));?>
+ </p>
+
+ <p>
+ <label for="ldap_userfilter_objectclass">
+ <?php p($l->t('only those object classes:'));?>
+ </label>
+
+ <select id="ldap_userfilter_objectclass" multiple="multiple"
+ name="ldap_userfilter_objectclass"
+ data-default="<?php p($_['ldap_userfilter_objectclass_default']); ?>">
+<!-- <option><?php p($l->t('Any'));?></option> -->
+ </select>
+ </p>
+
+ <p>
+ <label for="ldap_userfilter_groups">
+ <?php p($l->t('only from those groups:'));?>
+ </label>
+
+ <select id="ldap_userfilter_groups" multiple="multiple"
+ name="ldap_userfilter_groups" class="lwautosave"
+ data-default="<?php p($_['ldap_userfilter_groups_default']); ?>">
+<!-- <option value="TODOfillIn">TODO: fill in object classes via Ajax</option> -->
+<!-- <option value="TODOfillIn2">22222</option> -->
+ </select>
+ </p>
+
+ <p>
+ <label><a>↓ <?php p($l->t('Edit raw filter instead'));?></a></label>
+ </p>
+
+ <p class="invisible">
+ <input type="text" id="ldap_userlistfilter_raw" name="ldap_userlistfilter_raw"
+ class="lwautosave"
+ data-default="<?php p($_['ldap_userlistfilter_raw_default']); ?>"
+ placeholder="<?php p($l->t('Raw LDAP filter'));?>"
+ title="<?php p($l->t('The filter specifies which LDAP users shall have access to the ownCloud instance.'));?>"
+ />
+ </p>
+
+ <p>
+ <div class="ldapWizardInfo invisible"> </div>
+ </p>
+ <?php print_unescaped($_['wizardControls']); ?>
+ </div>
+</fieldset>
\ No newline at end of file
<div id="ldapSettings" class="personalblock">
<ul>
<?php foreach($_['toc'] as $id => $title) { ?>
- <li><a href="<?php p($id); ?>"><?php p($title); ?></a></li>
+ <li
id="<?php p($id); ?>"><a href="<?php p($id); ?>"><?php p($title); ?></a></li>
<?php } ?>
<li class="ldapSettingsTabs"><a href="#ldapSettings-3">Expert</a></li>
<li class="ldapSettingsTabs"><a href="#ldapSettings-2">Advanced</a></li>
projects / nextcloud-server.git / commitdiff