--- /dev/null
+<?php
+
+/**
+ * ownCloud – LDAP Connection
+ *
+ * @author Arthur Schiwon
+ * @copyright 2012, 2013 Arthur Schiwon blizzz@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\user_ldap\lib;
+
+class Configuration {
+
+ protected $configPrefix = null;
+ protected $configRead = false;
+
+ //settings
+ protected $config = array(
+ 'ldapHost' => null,
+ 'ldapPort' => null,
+ 'ldapBackupHost' => null,
+ 'ldapBackupPort' => null,
+ 'ldapBase' => null,
+ 'ldapBaseUsers' => null,
+ 'ldapBaseGroups' => null,
+ 'ldapAgentName' => null,
+ 'ldapAgentPassword' => null,
+ 'ldapTLS' => null,
+ 'ldapNoCase' => null,
+ 'turnOffCertCheck' => null,
+ 'ldapIgnoreNamingRules' => null,
+ 'ldapUserDisplayName' => null,
+ 'ldapUserFilter' => null,
+ 'ldapGroupFilter' => null,
+ 'ldapGroupDisplayName' => null,
+ 'ldapGroupMemberAssocAttr' => null,
+ 'ldapLoginFilter' => null,
+ 'ldapQuotaAttribute' => null,
+ 'ldapQuotaDefault' => null,
+ 'ldapEmailAttribute' => null,
+ 'ldapCacheTTL' => null,
+ 'ldapUuidAttribute' => 'auto',
+ 'ldapOverrideUuidAttribute' => null,
+ 'ldapOverrideMainServer' => false,
+ 'ldapConfigurationActive' => false,
+ 'ldapAttributesForUserSearch' => null,
+ 'ldapAttributesForGroupSearch' => null,
+ 'homeFolderNamingRule' => null,
+ 'hasPagedResultSupport' => false,
+ 'ldapExpertUsernameAttr' => null,
+ 'ldapExpertUUIDAttr' => null,
+ );
+
+ public function __construct($configPrefix, $autoread = true) {
+ $this->configPrefix = $configPrefix;
+ if($autoread) {
+ $this->readConfiguration();
+ }
+ }
+
+ public function __get($name) {
+ if(isset($this->config[$name])) {
+ return $this->config[$name];
+ }
+ }
+
+ public function __set($name, $value) {
+ $this->setConfiguration(array($name => $value));
+ }
+
+ public function getConfiguration() {
+ return $this->config;
+ }
+
+ /**
+ * @brief set LDAP configuration with values delivered by an array, not read
+ * from configuration. It does not save the configuration! To do so, you
+ * must call saveConfiguration afterwards.
+ * @param $config array that holds the config parameters in an associated
+ * array
+ * @param &$applied optional; array where the set fields will be given to
+ * @return null
+ */
+ public function setConfiguration($config, &$applied = null) {
+ if(!is_array($config)) {
+ return false;
+ }
+
+ $cta = $this->getConfigTranslationArray();
+ foreach($config as $inputkey => $val) {
+ if(strpos($inputkey, '_') !== false && isset($cta[$inputkey])) {
+ $key = $cta[$inputkey];
+ } elseif(isset($this->config[$inputkey])) {
+ $key = $inputkey;
+ } else {
+ continue;
+ }
+
+ $setMethod = 'setValue';
+ switch($key) {
+ case 'homeFolderNamingRule':
+ if(!empty($val) && strpos($val, 'attr:') === false) {
+ $val = 'attr:'.$val;
+ }
+ case 'ldapBase':
+ case 'ldapBaseUsers':
+ case 'ldapBaseGroups':
+ case 'ldapAttributesForUserSearch':
+ case 'ldapAttributesForGroupSearch':
+ $setMethod = 'setMultiLine';
+ default:
+ $this->$setMethod($key, $val);
+ if(is_array($applied)) {
+ $applied[] = $inputkey;
+ }
+ }
+ }
+
+ }
+
+ public function readConfiguration() {
+ if(!$this->configRead && !is_null($this->configPrefix)) {
+ $cta = array_flip($this->getConfigTranslationArray());
+ foreach($this->config as $key => $val) {
+// if($this->configPrefix == 's04') var_dump($key);
+ if(!isset($cta[$key])) {
+ //some are determined
+ continue;
+ }
+ $dbkey = $cta[$key];
+// if($this->configPrefix == 's04') var_dump($dbkey);
+ switch($key) {
+ case 'ldapBase':
+ case 'ldapBaseUsers':
+ case 'ldapBaseGroups':
+ case 'ldapAttributesForUserSearch':
+ case 'ldapAttributesForGroupSearch':
+ $readMethod = 'getMultiLine';
+ break;
+ case 'ldapIgnoreNamingRules':
+ $readMethod = 'getSystemValue';
+ $dbkey = $key;
+ break;
+ case 'ldapAgentPassword':
+ $readMethod = 'getPwd';
+ break;
+ case 'ldapUserDisplayName':
+ case 'ldapGroupDisplayName':
+ $readMethod = 'getLcValue';
+ break;
+ default:
+ $readMethod = 'getValue';
+ break;
+ }
+// if($this->configPrefix == 's04') var_dump($readMethod);
+ $this->config[$key] = $this->$readMethod($dbkey);
+ }
+ $this->configRead = true;
+ }
+ if($this->configPrefix == 's03') {
+// var_dump($this->config);
+
+// die;
+ }
+ }
+
+ /**
+ * @brief saves the current Configuration in the database
+ */
+ public function saveConfiguration() {
+ $cta = array_flip($this->getConfigTranslationArray());
+ foreach($this->config as $key => $value) {
+ switch ($key) {
+ case 'ldapAgentPassword':
+ $value = base64_encode($value);
+ break;
+ case 'ldapBase':
+ case 'ldapBaseUsers':
+ case 'ldapBaseGroups':
+ case 'ldapAttributesForUserSearch':
+ case 'ldapAttributesForGroupSearch':
+ if(is_array($value)) {
+ $value = implode("\n", $value);
+ }
+ break;
+ //following options are not stored but detected, skip them
+ case 'ldapIgnoreNamingRules':
+ case 'ldapOverrideUuidAttribute':
+ case 'hasPagedResultSupport':
+ continue 2;
+ }
+ if(is_null($value)) {
+ $value = '';
+ }
+ $this->saveValue($cta[$key], $value);
+ }
+ }
+
+ protected function getMultiLine($varname) {
+ $value = $this->getValue($varname);
+ if(empty($value)) {
+ $value = '';
+ } else {
+ $value = preg_split('/\r\n|\r|\n/', $value);
+ }
+
+ return $value;
+ }
+
+ protected function setMultiLine($varname, $value) {
+ if(empty($value)) {
+ $value = '';
+ } else {
+ $value = preg_split('/\r\n|\r|\n/', $value);
+ }
+
+ $this->setValue($varname, $value);
+ }
+
+ protected function getPwd($varname) {
+ return base64_decode($this->getValue($varname));
+ }
+
+ protected function getLcValue($varname) {
+ return mb_strtolower($this->getValue($varname), 'UTF-8');
+ }
+
+ protected function getSystemValue($varname) {
+ //FIXME: if another system value is added, softcode the default value
+ return \OCP\Config::getSystemValue($varname, false);
+ }
+
+ protected function getValue($varname) {
+ static $defaults;
+ if(is_null($defaults)) {
+ $defaults = $this->getDefaults();
+ }
+// if($this->configPrefix == 's04') var_dump($this->configPrefix.$varname);
+// if(0 == $this->configKeyToDBKey($varname)) {
+// var_dump($varname);
+// print("<pre>");
+// debug_print_backtrace(); die;
+// }
+ return \OCP\Config::getAppValue('user_ldap',
+ $this->configPrefix.$varname,
+ $defaults[$varname]);
+ }
+
+ protected function setValue($varname, $value) {
+ $this->config[$varname] = $value;
+ }
+
+ protected function saveValue($varname, $value) {
+ return \OCP\Config::setAppValue('user_ldap',
+ $this->configPrefix.$varname,
+ $value);
+ }
+
+ /**
+ * @returns an associative array with the default values. Keys are correspond
+ * to config-value entries in the database table
+ */
+ public function getDefaults() {
+ return array(
+ 'ldap_host' => '',
+ 'ldap_port' => '389',
+ 'ldap_backup_host' => '',
+ 'ldap_backup_port' => '',
+ 'ldap_override_main_server' => '',
+ 'ldap_dn' => '',
+ 'ldap_agent_password' => '',
+ 'ldap_base' => '',
+ 'ldap_base_users' => '',
+ 'ldap_base_groups' => '',
+ 'ldap_userlist_filter' => 'objectClass=person',
+ 'ldap_login_filter' => 'uid=%uid',
+ 'ldap_group_filter' => 'objectClass=posixGroup',
+ 'ldap_display_name' => 'cn',
+ 'ldap_group_display_name' => 'cn',
+ 'ldap_tls' => 1,
+ 'ldap_nocase' => 0,
+ 'ldap_quota_def' => '',
+ 'ldap_quota_attr' => '',
+ 'ldap_email_attr' => '',
+ 'ldap_group_member_assoc_attribute' => 'uniqueMember',
+ 'ldap_cache_ttl' => 600,
+ 'ldap_uuid_attribute' => 'auto',
+ 'ldap_override_uuid_attribute' => 0,
+ 'home_folder_naming_rule' => '',
+ 'ldap_turn_off_cert_check' => 0,
+ 'ldap_configuration_active' => 1,
+ 'ldap_attributes_for_user_search' => '',
+ 'ldap_attributes_for_group_search' => '',
+ 'ldap_expert_username_attr' => '',
+ 'ldap_expert_uuid_attr' => '',
+ );
+ }
+
+ /**
+ * @return returns an array that maps internal variable names to database fields
+ */
+ public function getConfigTranslationArray() {
+ //TODO: merge them into one representation
+ static $array = array(
+ 'ldap_host' => 'ldapHost',
+ 'ldap_port' => 'ldapPort',
+ 'ldap_backup_host' => 'ldapBackupHost',
+ 'ldap_backup_port' => 'ldapBackupPort',
+ 'ldap_override_main_server' => 'ldapOverrideMainServer',
+ 'ldap_dn' => 'ldapAgentName',
+ 'ldap_agent_password' => 'ldapAgentPassword',
+ 'ldap_base' => 'ldapBase',
+ 'ldap_base_users' => 'ldapBaseUsers',
+ 'ldap_base_groups' => 'ldapBaseGroups',
+ 'ldap_userlist_filter' => 'ldapUserFilter',
+ 'ldap_login_filter' => 'ldapLoginFilter',
+ 'ldap_group_filter' => 'ldapGroupFilter',
+ 'ldap_display_name' => 'ldapUserDisplayName',
+ 'ldap_group_display_name' => 'ldapGroupDisplayName',
+ 'ldap_tls' => 'ldapTLS',
+ 'ldap_nocase' => 'ldapNoCase',
+ 'ldap_quota_def' => 'ldapQuotaDefault',
+ 'ldap_quota_attr' => 'ldapQuotaAttribute',
+ 'ldap_email_attr' => 'ldapEmailAttribute',
+ 'ldap_group_member_assoc_attribute' => 'ldapGroupMemberAssocAttr',
+ 'ldap_cache_ttl' => 'ldapCacheTTL',
+ 'home_folder_naming_rule' => 'homeFolderNamingRule',
+ 'ldap_turn_off_cert_check' => 'turnOffCertCheck',
+ 'ldap_configuration_active' => 'ldapConfigurationActive',
+ 'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch',
+ 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch',
+ 'ldap_expert_username_attr' => 'ldapExpertUsernameAttr',
+ 'ldap_expert_uuid_attr' => 'ldapExpertUUIDAttr',
+ );
+ return $array;
+ }
+
+}
\ No newline at end of file
//whether connection should be kept on __destruct
private $dontDestruct = false;
+ private $hasPagedResultSupport = true;
//cache handler
protected $cache;
- //settings
- protected $config = array(
- 'ldapHost' => null,
- 'ldapPort' => null,
- 'ldapBackupHost' => null,
- 'ldapBackupPort' => null,
- 'ldapBase' => null,
- 'ldapBaseUsers' => null,
- 'ldapBaseGroups' => null,
- 'ldapAgentName' => null,
- 'ldapAgentPassword' => null,
- 'ldapTLS' => null,
- 'ldapNoCase' => null,
- 'turnOffCertCheck' => null,
- 'ldapIgnoreNamingRules' => null,
- 'ldapUserDisplayName' => null,
- 'ldapUserFilter' => null,
- 'ldapGroupFilter' => null,
- 'ldapGroupDisplayName' => null,
- 'ldapGroupMemberAssocAttr' => null,
- 'ldapLoginFilter' => null,
- 'ldapQuotaAttribute' => null,
- 'ldapQuotaDefault' => null,
- 'ldapEmailAttribute' => null,
- 'ldapCacheTTL' => null,
- 'ldapUuidUserAttribute' => 'auto',
+ //settings handler
+ protected $configuration;
'ldapUuidGroupAttribute' => 'auto',
- 'ldapOverrideUuidAttribute' => null,
- 'ldapOverrideMainServer' => false,
- 'ldapConfigurationActive' => false,
- 'ldapAttributesForUserSearch' => null,
- 'ldapAttributesForGroupSearch' => null,
- 'homeFolderNamingRule' => null,
- 'hasPagedResultSupport' => false,
- 'ldapExpertUsernameAttr' => null,
- 'ldapExpertUUIDUserAttr' => null,
'ldapExpertUUIDGroupAttr' => null,
- );
/**
* @brief Constructor
parent::__construct($ldap);
$this->configPrefix = $configPrefix;
$this->configID = $configID;
+ $this->configuration = new Configuration($configPrefix);
$memcache = new \OC\Memcache\Factory();
if($memcache->isAvailable()) {
$this->cache = $memcache->create();
} else {
$this->cache = \OC_Cache::getGlobalCache();
}
- $this->config['hasPagedResultSupport'] =
+ $this->hasPagedResultSupport =
$this->ldap->hasPagedResultSupport();
}
$this->readConfiguration();
}
- if(isset($this->config[$name])) {
- return $this->config[$name];
+ if($name === 'hasPagedResultSupport') {
+ return $this->hasPagedResultSupport;
}
+
+ return $this->configuration->$name;
}
public function __set($name, $value) {
- $changed = false;
- //only few options are writable
- if($name === 'ldapUuidUserAttribute' || $name === 'ldapUuidGroupAttribute') {
- \OCP\Util::writeLog('user_ldap', 'Set config '.$name.' to '.$value, \OCP\Util::DEBUG);
- $this->config[$name] = $value;
+ $before = $this->configuration->$name;
+ $this->configuration->$name = $value;
+ $after = $this->configuration->$name;
+ if($before !== $after) {
if(!empty($this->configID)) {
- \OCP\Config::setAppValue($this->configID, $this->configPrefix.$name, $value);
+ $this->configuration->saveConfiguration();
}
- $changed = true;
- }
- if($changed) {
$this->validateConfiguration();
}
}
if(!$this->configured) {
$this->readConfiguration();
}
- if(!$this->config['ldapCacheTTL']) {
+ if(!$this->configuration->ldapCacheTTL) {
return null;
}
if(!$this->isCached($key)) {
if(!$this->configured) {
$this->readConfiguration();
}
- if(!$this->config['ldapCacheTTL']) {
+ if(!$this->configuration->ldapCacheTTL) {
return false;
}
$key = $this->getCacheKey($key);
if(!$this->configured) {
$this->readConfiguration();
}
- if(!$this->config['ldapCacheTTL']
- || !$this->config['ldapConfigurationActive']) {
+ if(!$this->configuration->ldapCacheTTL
+ || !$this->configuration->ldapConfigurationActive) {
return null;
}
$key = $this->getCacheKey($key);
$value = base64_encode(serialize($value));
- $this->cache->set($key, $value, $this->config['ldapCacheTTL']);
+ $this->cache->set($key, $value, $this->configuration->ldapCacheTTL);
}
public function clearCache() {
$this->cache->clear($this->getCacheKey(null));
}
- private function getValue($varname) {
- static $defaults;
- if(is_null($defaults)) {
- $defaults = $this->getDefaults();
- }
- return \OCP\Config::getAppValue($this->configID,
- $this->configPrefix.$varname,
- $defaults[$varname]);
- }
-
- private function setValue($varname, $value) {
- \OCP\Config::setAppValue($this->configID,
- $this->configPrefix.$varname,
- $value);
- }
-
/**
- * Special handling for reading Base Configuration
- *
- * @param $base the internal name of the config key
- * @param $value the value stored for the base
- */
- private function readBase($base, $value) {
- if(empty($value)) {
- $value = '';
- } else {
- $value = preg_split('/\r\n|\r|\n/', $value);
- }
-
- $this->config[$base] = $value;
- }
-
- /**
- * Caches the general LDAP configuration.
+ * @brief Caches the general LDAP configuration.
+ * @param $force optional. true, if the re-read should be forced. defaults
+ * to false.
+ * @return null
*/
private function readConfiguration($force = false) {
if((!$this->configured || $force) && !is_null($this->configID)) {
- $v = 'getValue';
- $this->config['ldapHost'] = $this->$v('ldap_host');
- $this->config['ldapBackupHost'] = $this->$v('ldap_backup_host');
- $this->config['ldapPort'] = $this->$v('ldap_port');
- $this->config['ldapBackupPort'] = $this->$v('ldap_backup_port');
- $this->config['ldapOverrideMainServer']
- = $this->$v('ldap_override_main_server');
- $this->config['ldapAgentName'] = $this->$v('ldap_dn');
- $this->config['ldapAgentPassword']
- = base64_decode($this->$v('ldap_agent_password'));
- $this->readBase('ldapBase', $this->$v('ldap_base'));
- $this->readBase('ldapBaseUsers', $this->$v('ldap_base_users'));
- $this->readBase('ldapBaseGroups', $this->$v('ldap_base_groups'));
- $this->config['ldapTLS'] = $this->$v('ldap_tls');
- $this->config['ldapNoCase'] = $this->$v('ldap_nocase');
- $this->config['turnOffCertCheck']
- = $this->$v('ldap_turn_off_cert_check');
- $this->config['ldapUserDisplayName']
- = mb_strtolower($this->$v('ldap_display_name'), 'UTF-8');
- $this->config['ldapUserFilter']
- = $this->$v('ldap_userlist_filter');
- $this->config['ldapGroupFilter'] = $this->$v('ldap_group_filter');
- $this->config['ldapLoginFilter'] = $this->$v('ldap_login_filter');
- $this->config['ldapGroupDisplayName']
- = mb_strtolower($this->$v('ldap_group_display_name'), 'UTF-8');
- $this->config['ldapQuotaAttribute']
- = $this->$v('ldap_quota_attr');
- $this->config['ldapQuotaDefault']
- = $this->$v('ldap_quota_def');
- $this->config['ldapEmailAttribute']
- = $this->$v('ldap_email_attr');
- $this->config['ldapGroupMemberAssocAttr']
- = $this->$v('ldap_group_member_assoc_attribute');
- $this->config['ldapIgnoreNamingRules']
- = \OCP\Config::getSystemValue('ldapIgnoreNamingRules', false);
- $this->config['ldapCacheTTL'] = $this->$v('ldap_cache_ttl');
- $this->config['ldapUuidUserAttribute']
- = $this->$v('ldap_uuid_user_attribute');
+ $this->configuration->readConfiguration();
$this->config['ldapUuidGroupAttribute']
= $this->$v('ldap_uuid_group_attribute');
- $this->config['ldapOverrideUuidAttribute']
- = $this->$v('ldap_override_uuid_attribute');
- $this->config['homeFolderNamingRule']
- = $this->$v('home_folder_naming_rule');
- $this->config['ldapConfigurationActive']
- = $this->$v('ldap_configuration_active');
- $this->config['ldapAttributesForUserSearch']
- = preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_user_search'));
- $this->config['ldapAttributesForGroupSearch']
- = preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_group_search'));
- $this->config['ldapExpertUsernameAttr']
- = $this->$v('ldap_expert_username_attr');
- $this->config['ldapExpertUUIDUserAttr']
- = $this->$v('ldap_expert_uuid_user_attr');
$this->config['ldapExpertUUIDGroupAttr']
= $this->$v('ldap_expert_uuid_group_attr');
}
/**
- * @return returns an array that maps internal variable names to database fields
- */
- private function getConfigTranslationArray() {
- static $array = array(
- 'ldap_host'=>'ldapHost',
- 'ldap_port'=>'ldapPort',
- 'ldap_backup_host'=>'ldapBackupHost',
- 'ldap_backup_port'=>'ldapBackupPort',
- 'ldap_override_main_server' => 'ldapOverrideMainServer',
- 'ldap_dn'=>'ldapAgentName',
- 'ldap_agent_password'=>'ldapAgentPassword',
- 'ldap_base'=>'ldapBase',
- 'ldap_base_users'=>'ldapBaseUsers',
- 'ldap_base_groups'=>'ldapBaseGroups',
- 'ldap_userlist_filter'=>'ldapUserFilter',
- 'ldap_login_filter'=>'ldapLoginFilter',
- 'ldap_group_filter'=>'ldapGroupFilter',
- 'ldap_display_name'=>'ldapUserDisplayName',
- 'ldap_group_display_name'=>'ldapGroupDisplayName',
- 'ldap_tls'=>'ldapTLS',
- 'ldap_nocase'=>'ldapNoCase',
- 'ldap_quota_def'=>'ldapQuotaDefault',
- 'ldap_quota_attr'=>'ldapQuotaAttribute',
- 'ldap_email_attr'=>'ldapEmailAttribute',
- 'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr',
- 'ldap_cache_ttl'=>'ldapCacheTTL',
- 'home_folder_naming_rule' => 'homeFolderNamingRule',
- 'ldap_turn_off_cert_check' => 'turnOffCertCheck',
- 'ldap_configuration_active' => 'ldapConfigurationActive',
- 'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch',
- 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch',
- 'ldap_expert_username_attr' => 'ldapExpertUsernameAttr',
- 'ldap_expert_uuid_user_attr' => 'ldapExpertUUIDUserAttr',
'ldap_expert_uuid_group_attr' => 'ldapExpertUUIDGroupAttr',
- );
- return $array;
- }
-
- /**
* @brief set LDAP configuration with values delivered by an array, not read from configuration
* @param $config array that holds the config parameters in an associated array
* @param &$setParameters optional; array where the set fields will be given to
* @return true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters
*/
public function setConfiguration($config, &$setParameters = null) {
- if(!is_array($config)) {
- return false;
+ if(is_null($setParameters)) {
+ $setParameters = array();
}
-
- $params = $this->getConfigTranslationArray();
-
- foreach($config as $parameter => $value) {
- if(($parameter === 'homeFolderNamingRule'
- || (isset($params[$parameter])
- && $params[$parameter] === 'homeFolderNamingRule'))
- && !empty($value)) {
- $value = 'attr:'.$value;
- } else if (strpos($parameter, 'ldapBase') !== false
- || (isset($params[$parameter])
- && strpos($params[$parameter], 'ldapBase') !== false)) {
- $this->readBase($params[$parameter], $value);
- if(is_array($setParameters)) {
- $setParameters[] = $parameter;
- }
- continue;
- }
- if(isset($this->config[$parameter])) {
- $this->config[$parameter] = $value;
- if(is_array($setParameters)) {
- $setParameters[] = $parameter;
- }
- } else if(isset($params[$parameter])) {
- $this->config[$params[$parameter]] = $value;
- if(is_array($setParameters)) {
- $setParameters[] = $params[$parameter];
- }
- }
+ $this->configuration->setConfiguration($config, $setParameters);
+ if(count($setParameters) > 0) {
+ $this->configured = $this->validateConfiguration();
}
- $this->configured = $this->validateConfiguration();
-
return $this->configured;
}
/**
- * @brief saves the current Configuration in the database
+ * @brief saves the current Configuration in the database and empties the
+ * cache
+ * @return null
*/
public function saveConfiguration() {
- $trans = array_flip($this->getConfigTranslationArray());
- foreach($this->config as $key => $value) {
- \OCP\Util::writeLog('user_ldap', 'LDAP: storing key '.$key.
- ' value '.print_r($value, true), \OCP\Util::DEBUG);
- switch ($key) {
- case 'ldapAgentPassword':
- $value = base64_encode($value);
- break;
- case 'ldapBase':
- case 'ldapBaseUsers':
- case 'ldapBaseGroups':
- case 'ldapAttributesForUserSearch':
- case 'ldapAttributesForGroupSearch':
- if(is_array($value)) {
- $value = implode("\n", $value);
- }
- break;
- case 'ldapIgnoreNamingRules':
- case 'ldapOverrideUuidAttribute':
- case 'ldapUuidUserAttribute':
+ $this->configuration->saveConfiguration();
case 'ldapUuidGroupAttribute':
- case 'hasPagedResultSupport':
- continue 2;
- }
- if(is_null($value)) {
- $value = '';
- }
-
- $this->setValue($trans[$key], $value);
- }
$this->clearCache();
}
*/
public function getConfiguration() {
$this->readConfiguration();
- $trans = $this->getConfigTranslationArray();
- $config = array();
- foreach($trans as $dbKey => $classKey) {
- if($classKey === 'homeFolderNamingRule') {
- if(strpos($this->config[$classKey], 'attr:') === 0) {
- $config[$dbKey] = substr($this->config[$classKey], 5);
- } else {
- $config[$dbKey] = '';
- }
- continue;
- } else if((strpos($classKey, 'ldapBase') !== false
- || strpos($classKey, 'ldapAttributes') !== false)
- && is_array($this->config[$classKey])) {
- $config[$dbKey] = implode("\n", $this->config[$classKey]);
- continue;
+ $config = $this->configuration->getConfiguration();
+ $cta = $this->configuration->getConfigTranslationArray();
+ $result = array();
+ foreach($cta as $dbkey => $configkey) {
+ switch($configkey) {
+ case 'homeFolderNamingRule':
+ if(strpos($config[$configkey], 'attr:') === 0) {
+ $result[$dbkey] = substr($config[$configkey], 5);
+ } else {
+ $result[$dbkey] = '';
+ }
+ break;
+ case 'ldapBase':
+ case 'ldapBaseUsers':
+ case 'ldapBaseGroups':
+ case 'ldapAttributesForUserSearch':
+ case 'ldapAttributesForGroupSearch':
+ if(is_array($config[$configkey])) {
+ $result[$dbkey] = implode("\n", $config[$configkey]);
+ break;
+ } //else follows default
+ default:
+ $result[$dbkey] = $config[$configkey];
}
- $config[$dbKey] = $this->config[$classKey];
}
-
- return $config;
+ return $result;
}
- /**
- * @brief Validates the user specified configuration
- * @returns true if configuration seems OK, false otherwise
- */
- private function validateConfiguration() {
- // first step: "soft" checks: settings that are not really
- // necessary, but advisable. If left empty, give an info message
- if(empty($this->config['ldapBaseUsers'])) {
- \OCP\Util::writeLog('user_ldap', 'Base tree for Users is empty, using Base DN', \OCP\Util::INFO);
- $this->config['ldapBaseUsers'] = $this->config['ldapBase'];
- }
- if(empty($this->config['ldapBaseGroups'])) {
- \OCP\Util::writeLog('user_ldap', 'Base tree for Groups is empty, using Base DN', \OCP\Util::INFO);
- $this->config['ldapBaseGroups'] = $this->config['ldapBase'];
+ //TODO remove if not necessary
+// public function getDefaults() {
+// return $this->configuration->getDefaults();
+// }
+
+ private function doSoftValidation() {
+ //if User or Group Base are not set, take over Base DN setting
+ foreach(array('ldapBaseUsers', 'ldapBaseGroups') as $keyBase) {
+ $val = $this->configuration->$keyBase;
+ if(empty($val)) {
+ $obj = strpos('Users', $keyBase) !== false ? 'Users' : 'Groups';
+ \OCP\Util::writeLog('user_ldap',
+ 'Base tree for '.$obj.
+ ' is empty, using Base DN',
+ \OCP\Util::INFO);
+ $this->configuration->$keyBase = $this->configuration->ldapBase;
+ }
}
- if(empty($this->config['ldapGroupFilter']) && empty($this->config['ldapGroupMemberAssocAttr'])) {
+
+ $groupFilter = $this->configuration->ldapGroupFilter;
+ if(empty($groupFilter)) {
\OCP\Util::writeLog('user_ldap',
- 'No group filter is specified, LDAP group feature will not be used.',
- \OCP\Util::INFO);
- }
- $uuidAttributes = array(
- 'auto', 'entryuuid', 'nsuniqueid', 'objectguid', 'guid');
- $uuidSettings = array(
- 'ldapUuidUserAttribute' => 'ldapExpertUUIDUserAttr',
- 'ldapUuidGroupAttribute' => 'ldapExpertUUIDGroupAttr');
- $cta = array_flip($this->getConfigTranslationArray());
- foreach($uuidSettings as $defaultKey => $overrideKey) {
- if( !in_array($this->config[$defaultKey], $uuidAttributes)
- && is_null($this->config[$overrideKey])
- && !is_null($this->configID)) {
- \OCP\Config::setAppValue($this->configID,
- $this->configPrefix.$cta[$defaultKey],
+ 'No group filter is specified, LDAP group '.
+ 'feature will not be used.',
+ \OCP\Util::INFO);
+ }
+
+ $uuidOverride = $this->configuration->ldapExpertUUIDAttr;
+ if(!empty($uuidOverride)) {
+ $this->configuration->ldapUuidAttribute = $uuidOverride;
+ } else {
+ $uuidAttributes = array('auto', 'entryuuid', 'nsuniqueid',
+ 'objectguid', 'guid');
+ if(!in_array($this->configuration->ldapUuidAttribute,
+ $uuidAttributes)
+ && (!is_null($this->configID))) {
+ $this->configuration->ldapUuidAttribute = 'auto';
+ $this->configuration->saveConfiguration();
'auto');
\OCP\Util::writeLog('user_ldap',
- 'Illegal value for'.$defaultKey.', reset to autodetect.',
- \OCP\Util::DEBUG);
+ 'Illegal value for the UUID Attribute, '.
+ 'reset to autodetect.',
+ \OCP\Util::INFO);
}
+
}
- if(empty($this->config['ldapBackupPort'])) {
- //force default
- $this->config['ldapBackupPort'] = $this->config['ldapPort'];
+
+ $backupPort = $this->configuration->ldapBackupPort;
+ if(empty($backupPort)) {
+ $this->configuration->backupPort = $this->configuration->ldapPort;
}
- foreach(array('ldapAttributesForUserSearch', 'ldapAttributesForGroupSearch') as $key) {
- if(is_array($this->config[$key])
- && count($this->config[$key]) === 1
- && empty($this->config[$key][0])) {
- $this->config[$key] = array();
+
+ //make sure empty search attributes are saved as simple, empty array
+ $sakeys = array('ldapAttributesForUserSearch',
+ 'ldapAttributesForGroupSearch');
+ foreach($sakeys as $key) {
+ $val = $this->configuration->$key;
+ if(is_array($val) && count($val) === 1 && empty($val[0])) {
+ $this->configuration->$key = array();
}
}
- if((strpos($this->config['ldapHost'], 'ldaps') === 0)
- && $this->config['ldapTLS']) {
- $this->config['ldapTLS'] = false;
+
+ if((stripos($this->configuration->ldapHost, 'ldaps://') === 0)
+ && $this->configuration->ldapTLS) {
+ $this->configuration->ldapTLS = false;
\OCP\Util::writeLog('user_ldap',
- 'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.',
- \OCP\Util::INFO);
+ 'LDAPS (already using secure connection) and '.
+ 'TLS do not work together. Switched off TLS.',
+ \OCP\Util::INFO);
}
+ }
- //second step: critical checks. If left empty or filled wrong, set as unconfigured and give a warning.
+ private function doCriticalValidation() {
$configurationOK = true;
- if(empty($this->config['ldapHost'])) {
- \OCP\Util::writeLog('user_ldap', 'No LDAP host given, won`t connect.', \OCP\Util::WARN);
- $configurationOK = false;
- }
- if(empty($this->config['ldapPort'])) {
- \OCP\Util::writeLog('user_ldap', 'No LDAP Port given, won`t connect.', \OCP\Util::WARN);
- $configurationOK = false;
- }
- if((empty($this->config['ldapAgentName']) && !empty($this->config['ldapAgentPassword']))
- || (!empty($this->config['ldapAgentName']) && empty($this->config['ldapAgentPassword']))) {
- \OCP\Util::writeLog('user_ldap',
- 'Either no password given for the user agent or a password is given, but no LDAP agent; won`t connect.',
- \OCP\Util::WARN);
- $configurationOK = false;
- }
- //TODO: check if ldapAgentName is in DN form
- if(empty($this->config['ldapBase'])
- && (empty($this->config['ldapBaseUsers'])
- && empty($this->config['ldapBaseGroups']))) {
- \OCP\Util::writeLog('user_ldap', 'No Base DN given, won`t connect.', \OCP\Util::WARN);
- $configurationOK = false;
+ $errorStr = 'Configuration Error (prefix '.
+ strval($this->configPrefix).'): ';
+
+ //options that shall not be empty
+ $options = array('ldapHost', 'ldapPort', 'ldapUserDisplayName',
+ 'ldapGroupDisplayName', 'ldapLoginFilter');
+ foreach($options as $key) {
+ $val = $this->configuration->$key;
+ if(empty($val)) {
+ switch($key) {
+ case 'ldapHost':
+ $subj = 'LDAP Host';
+ break;
+ case 'ldapPort':
+ $subj = 'LDAP Port';
+ break;
+ case 'ldapUserDisplayName':
+ $subj = 'LDAP User Display Name';
+ break;
+ case 'ldapGroupDisplayName':
+ $subj = 'LDAP Group Display Name';
+ break;
+ case 'ldapLoginFilter':
+ $subj = 'LDAP Login Filter';
+ break;
+ default:
+ $subj = $key;
+ break;
+ }
+ $configurationOK = false;
+ \OCP\Util::writeLog('user_ldap',
+ $errorStr.'No '.$subj.' given!',
+ \OCP\Util::WARN);
+ }
}
- if(empty($this->config['ldapUserDisplayName'])) {
+
+ //combinations
+ $agent = $this->configuration->ldapAgentName;
+ $pwd = $this->configuration->ldapAgentPassword;
+ if((empty($agent) && !empty($pwd)) || (!empty($agent) && empty($pwd))) {
\OCP\Util::writeLog('user_ldap',
- 'No user display name attribute specified, won`t connect.',
+ $errorStr.'either no password is given for the'.
+ 'user agent or a password is given, but not an'.
+ 'LDAP agent.',
\OCP\Util::WARN);
$configurationOK = false;
}
- if(empty($this->config['ldapGroupDisplayName'])) {
+
+ $base = $this->configuration->ldapBase;
+ $baseUsers = $this->configuration->ldapBaseUsers;
+ $baseGroups = $this->configuration->ldapBaseGroups;
+
+ if(empty($base) && empty($baseUsers) && empty($baseGroups)) {
\OCP\Util::writeLog('user_ldap',
- 'No group display name attribute specified, won`t connect.',
- \OCP\Util::WARN);
+ $errorStr.'Not a single Base DN given.',
+ \OCP\Util::WARN);
$configurationOK = false;
}
- if(empty($this->config['ldapLoginFilter'])) {
- \OCP\Util::writeLog('user_ldap', 'No login filter specified, won`t connect.', \OCP\Util::WARN);
- $configurationOK = false;
- }
- if(mb_strpos($this->config['ldapLoginFilter'], '%uid', 0, 'UTF-8') === false) {
+
+ if(mb_strpos($this->configuration->ldapLoginFilter, '%uid', 0, 'UTF-8')
+ === false) {
\OCP\Util::writeLog('user_ldap',
- 'Login filter does not contain %uid place holder, won`t connect.',
- \OCP\Util::WARN);
- \OCP\Util::writeLog('user_ldap', 'Login filter was ' . $this->config['ldapLoginFilter'], \OCP\Util::DEBUG);
+ $errorStr.'login filter does not contain %uid '.
+ 'place holder.',
+ \OCP\Util::WARN);
$configurationOK = false;
}
- if(!empty($this->config['ldapExpertUUIDUserAttr'])) {
- $this->config['ldapUuidUserAttribute'] = $this->config['ldapExpertUUIDUserAttr'];
}
if(!empty($this->config['ldapExpertUUIDGroupAttr'])) {
$this->config['ldapUuidGroupAttribute'] = $this->config['ldapExpertUUIDGroupAttr'];
- }
-
return $configurationOK;
}
/**
- * @returns an associative array with the default values. Keys are correspond
- * to config-value entries in the database table
+ * @brief Validates the user specified configuration
+ * @returns true if configuration seems OK, false otherwise
*/
- static public function getDefaults() {
- return array(
- 'ldap_host' => '',
- 'ldap_port' => '389',
- 'ldap_backup_host' => '',
- 'ldap_backup_port' => '',
- 'ldap_override_main_server' => '',
- 'ldap_dn' => '',
- 'ldap_agent_password' => '',
- 'ldap_base' => '',
- 'ldap_base_users' => '',
- 'ldap_base_groups' => '',
- 'ldap_userlist_filter' => 'objectClass=person',
- 'ldap_login_filter' => 'uid=%uid',
- 'ldap_group_filter' => 'objectClass=posixGroup',
- 'ldap_display_name' => 'cn',
- 'ldap_group_display_name' => 'cn',
- 'ldap_tls' => 1,
- 'ldap_nocase' => 0,
- 'ldap_quota_def' => '',
- 'ldap_quota_attr' => '',
- 'ldap_email_attr' => '',
- 'ldap_group_member_assoc_attribute' => 'uniqueMember',
- 'ldap_cache_ttl' => 600,
- 'ldap_uuid_user_attribute' => 'auto',
+ private function validateConfiguration() {
+ // first step: "soft" checks: settings that are not really
+ // necessary, but advisable. If left empty, give an info message
+ $this->doSoftValidation();
+
+ //second step: critical checks. If left empty or filled wrong, set as
+ //unconfigured and give a warning.
+ return $this->doCriticalValidation();
'ldap_uuid_group_attribute' => 'auto',
- 'ldap_override_uuid_attribute' => 0,
- 'home_folder_naming_rule' => '',
- 'ldap_turn_off_cert_check' => 0,
- 'ldap_configuration_active' => 1,
- 'ldap_attributes_for_user_search' => '',
- 'ldap_attributes_for_group_search' => '',
- 'ldap_expert_username_attr' => '',
- 'ldap_expert_uuid_user_attr' => '',
'ldap_expert_uuid_group_attr' => '',
- );
}
+
/**
* Connects and Binds to LDAP
*/
private function establishConnection() {
- if(!$this->config['ldapConfigurationActive']) {
+ if(!$this->configuration->ldapConfigurationActive) {
return null;
}
static $phpLDAPinstalled = true;
return false;
}
if(!$this->configured) {
- \OCP\Util::writeLog('user_ldap', 'Configuration is invalid, cannot connect', \OCP\Util::WARN);
+ \OCP\Util::writeLog('user_ldap',
+ 'Configuration is invalid, cannot connect',
+ \OCP\Util::WARN);
return false;
}
if(!$this->ldapConnectionRes) {
if(!$this->ldap->areLDAPFunctionsAvailable()) {
$phpLDAPinstalled = false;
\OCP\Util::writeLog('user_ldap',
- 'function ldap_connect is not available. Make sure that the PHP ldap module is installed.',
- \OCP\Util::ERROR);
+ 'function ldap_connect is not available. Make '.
+ 'sure that the PHP ldap module is installed.',
+ \OCP\Util::ERROR);
return false;
}
- if($this->config['turnOffCertCheck']) {
+ if($this->configuration->turnOffCertCheck) {
if(putenv('LDAPTLS_REQCERT=never')) {
\OCP\Util::writeLog('user_ldap',
'Turned off SSL certificate validation successfully.',
\OCP\Util::WARN);
} else {
- \OCP\Util::writeLog('user_ldap', 'Could not turn off SSL certificate validation.', \OCP\Util::WARN);
+ \OCP\Util::writeLog('user_ldap',
+ 'Could not turn off SSL certificate validation.',
+ \OCP\Util::WARN);
}
}
- if(!$this->config['ldapOverrideMainServer'] && !$this->getFromCache('overrideMainServer')) {
- $this->doConnect($this->config['ldapHost'], $this->config['ldapPort']);
+ if(!$this->configuration->ldapOverrideMainServer
+ && !$this->getFromCache('overrideMainServer')) {
+ $this->doConnect($this->configuration->ldapHost,
+ $this->configuration->ldapPort);
$bindStatus = $this->bind();
$error = $this->ldap->isResource($this->ldapConnectionRes) ?
$this->ldap->errno($this->ldapConnectionRes) : -1;
//if LDAP server is not reachable, try the Backup (Replica!) Server
if((!$bindStatus && ($error !== 0))
- || $this->config['ldapOverrideMainServer']
+ || $this->configuration->ldapOverrideMainServer
|| $this->getFromCache('overrideMainServer')) {
- $this->doConnect($this->config['ldapBackupHost'], $this->config['ldapBackupPort']);
+ $this->doConnect($this->configuration->ldapBackupHost,
+ $this->configuration->ldapBackupPort);
$bindStatus = $this->bind();
if(!$bindStatus && $error === -1) {
//when bind to backup server succeeded and failed to main server,
$this->ldapConnectionRes = $this->ldap->connect($host, $port);
if($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
if($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
- if($this->config['ldapTLS']) {
+ if($this->configuration->ldapTLS) {
$this->ldap->startTls($this->ldapConnectionRes);
}
}
*/
public function bind() {
static $getConnectionResourceAttempt = false;
- if(!$this->config['ldapConfigurationActive']) {
+ if(!$this->configuration->ldapConfigurationActive) {
return false;
}
if($getConnectionResourceAttempt) {
return false;
}
$ldapLogin = @$this->ldap->bind($cr,
- $this->config['ldapAgentName'],
- $this->config['ldapAgentPassword']);
+ $this->configuration->ldapAgentName,
+ $this->configuration->ldapAgentPassword);
if(!$ldapLogin) {
\OCP\Util::writeLog('user_ldap',
'Bind failed: ' . $this->ldap->errno($cr) . ': ' . $this->ldap->error($cr),
projects / nextcloud-server.git / commitdiff