case 'guessBaseDN':
case 'determineObjectClasses':
case 'determineGroups':
+ case 'determineAttributes':
case 'getUserListFilter':
+ case 'getUserLoginFilter':
case 'countUsers':
try {
$result = $wizard->$action();
composeFilter: function(type) {
if(type == 'user') {
action = 'getUserListFilter';
+ } else if(type == 'login') {
+ action = 'getUserLoginFilter';
}
param = 'action='+action+
);
},
+ findAttributes: function() {
+ param = 'action=determineAttributes'+
+ '&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
+
+ LdapWizard.ajax(param,
+ function(result) {
+ $('#ldap_loginfilter_attributes').find('option').remove();
+ for (i in result.options['ldap_loginfilter_attributes']) {
+ //FIXME: move HTML into template
+ attr = result.options['ldap_loginfilter_attributes'][i];
+ $('#ldap_loginfilter_attributes').append(
+ "<option value='"+attr+"'>"+attr+"</option>");
+ }
+ LdapWizard.applyChanges(result);
+ $('#ldap_loginfilter_attributes').multiselect('refresh');
+ $('#ldap_loginfilter_attributes').multiselect('enable');
+ },
+ function (result) {
+ //deactivate if no attributes found
+ $('#ldap_loginfilter_attributes').multiselect(
+ {noneSelectedText : 'No attributes found'});
+ $('#ldap_loginfilter_attributes').multiselect('disable');
+ }
+ );
+ },
+
findAvailableGroups: function() {
param = 'action=determineGroups'+
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
}
},
+ initLoginFilter: function() {
+ LdapWizard.findAttributes();
+ },
+
initMultiSelect: function(object, id, caption) {
object.multiselect({
header: false,
onTabChange: function(event, ui) {
if(ui.newTab[0].id === '#ldapWizard2') {
LdapWizard.initUserFilter();
+ } else if(ui.newTab[0].id === '#ldapWizard3') {
+ LdapWizard.initLoginFilter();
}
},
if(triggerObj.id == 'ldap_userlist_filter') {
LdapWizard.countUsers();
}
+
+ if(triggerObj.id == 'ldap_loginfilter_username'
+ || triggerObj.id == 'ldap_loginfilter_email') {
+ LdapWizard.composeFilter('login');
+ }
},
save: function(inputObj) {
delete LdapWizard.saveBlacklist[inputObj.id];
return;
}
- LdapWizard._save(inputObj, $(inputObj).val());
+ if($(inputObj).is('input[type=checkbox]')
+ && !$(inputObj).is(':checked')) {
+ val = 0;
+ } else {
+ val = $(inputObj).val();
+ }
+ LdapWizard._save(inputObj, val);
},
saveMultiSelect: function(originalObj, resultObj) {
if(originalObj == 'ldap_userfilter_objectclass'
|| originalObj == 'ldap_userfilter_groups') {
LdapWizard.composeFilter('user');
+ } else if(originalObj == 'ldap_loginfilter_attributes') {
+ LdapWizard.composeFilter('login');
}
+
},
_save: function(object, value) {
LdapWizard.initMultiSelect($('#ldap_userfilter_objectclass'),
'ldap_userfilter_objectclass',
t('user_ldap', 'Select object classes'));
+ LdapWizard.initMultiSelect($('#ldap_loginfilter_attributes'),
+ 'ldap_loginfilter_attributes',
+ t('user_ldap', 'Select attributes'));
$('.lwautosave').change(function() { LdapWizard.save(this); });
$('#toggleRawUserFilter').click(LdapWizard.toggleRawUserFilter);
LdapConfiguration.refreshConfig();
'ldapGroupDisplayName' => null,
'ldapGroupMemberAssocAttr' => null,
'ldapLoginFilter' => null,
+ 'ldapLoginFilterEmail' => null,
+ 'ldapLoginFilterUsername' => null,
+ 'ldapLoginFilterAttributes' => null,
'ldapQuotaAttribute' => null,
'ldapQuotaDefault' => null,
'ldapEmailAttribute' => null,
case 'ldapAttributesForGroupSearch':
case 'ldapUserFilterObjectclass':
case 'ldapUserFilterGroups':
+ case 'ldapLoginFilterAttributes':
$setMethod = 'setMultiLine';
default:
$this->$setMethod($key, $val);
case 'ldapAttributesForGroupSearch':
case 'ldapUserFilterObjectclass':
case 'ldapUserFilterGroups':
+ case 'ldapLoginFilterAttributes':
$readMethod = 'getMultiLine';
break;
case 'ldapIgnoreNamingRules':
case 'ldapAttributesForGroupSearch':
case 'ldapUserFilterObjectclass':
case 'ldapUserFilterGroups':
+ case 'ldapLoginFilterAttributes':
if(is_array($value)) {
$value = implode("\n", $value);
}
'ldap_userfilter_objectclass' => '',
'ldap_userfilter_groups' => '',
'ldap_login_filter' => 'uid=%uid',
+ 'ldap_loginfilter_email' => 0,
+ 'ldap_loginfilter_username' => 1,
+ 'ldap_loginfilter_attributes' => '',
'ldap_group_filter' => 'objectClass=posixGroup',
'ldap_display_name' => 'cn',
'ldap_group_display_name' => 'cn',
'ldap_userfilter_groups' => 'ldapUserFilterGroups',
'ldap_userlist_filter' => 'ldapUserFilter',
'ldap_login_filter' => 'ldapLoginFilter',
+ 'ldap_loginfilter_email' => 'ldapLoginFilterEmail',
+ 'ldap_loginfilter_username' => 'ldapLoginFilterUsername',
+ 'ldap_loginfilter_attributes' => 'ldapLoginFilterAttributes',
'ldap_group_filter' => 'ldapGroupFilter',
'ldap_display_name' => 'ldapUserDisplayName',
'ldap_group_display_name' => 'ldapGroupDisplayName',
protected $result;
protected $resultCache = array();
- const LRESULT_PROCESSED_OK = 0;
- const LRESULT_PROCESSED_INVALID = 1;
- const LRESULT_PROCESSED_SKIP = 2;
+ const LRESULT_PROCESSED_OK = 2;
+ const LRESULT_PROCESSED_INVALID = 3;
+ const LRESULT_PROCESSED_SKIP = 4;
- const LFILTER_LOGIN = 0;
- const LFILTER_USER_LIST = 1;
- const LFILTER_GROUP_LIST = 2;
+ const LFILTER_LOGIN = 2;
+ const LFILTER_USER_LIST = 3;
+ const LFILTER_GROUP_LIST = 4;
/**
* @brief Constructor
return $this->result;
}
+ public function determineAttributes() {
+ if(!$this->checkRequirements(array('ldapHost',
+ 'ldapPort',
+ 'ldapAgentName',
+ 'ldapAgentPassword',
+ 'ldapBase',
+ 'ldapUserFilter',
+ ))) {
+ return false;
+ }
+
+ $attributes = $this->getUserAttributes();
+
+ natcasesort($attributes);
+ $attributes = array_values($attributes);
+
+ $this->result->addOptions('ldap_loginfilter_attributes', $attributes);
+
+ $selected = $this->configuration->ldapLoginFilterAttributes;
+ if(is_array($selected) && !empty($selected)) {
+ $this->result->addChange('ldap_loginfilter_attributes', $selected);
+ }
+
+ return $this->result;
+ }
+
+ /**
+ * @brief detects the available LDAP attributes
+ * @returns the instance's WizardResult instance
+ */
+ private function getUserAttributes() {
+ if(!$this->checkRequirements(array('ldapHost',
+ 'ldapPort',
+ 'ldapAgentName',
+ 'ldapAgentPassword',
+ 'ldapBase',
+ 'ldapUserFilter',
+ ))) {
+ return false;
+ }
+ $cr = $this->getConnection();
+ if(!$cr) {
+ throw new \Excpetion('Could not connect to LDAP');
+ }
+
+ $base = $this->configuration->ldapBase[0];
+ $filter = $this->configuration->ldapUserFilter;
+ $rr = $this->ldap->search($cr, $base, $filter, array(), 1, 1);
+ if(!$this->ldap->isResource($rr)) {
+ return false;
+ }
+ $er = $this->ldap->firstEntry($cr, $rr);
+ $attributes = $this->ldap->getAttributes($cr, $er);
+ $pureAttributes = array();
+ for($i = 0; $i < $attributes['count']; $i++) {
+ $pureAttributes[] = $attributes[$i];
+ }
+
+ return $pureAttributes;
+ }
+
/**
* @brief detects the available LDAP groups
* @returns the instance's WizardResult instance
return $this->result;
}
+ public function getUserLoginFilter() {
+ if(!$this->checkRequirements(array('ldapHost',
+ 'ldapPort',
+ 'ldapAgentName',
+ 'ldapAgentPassword',
+ 'ldapBase',
+ 'ldapUserFilter',
+ ))) {
+ return false;
+ }
+ $filter = $this->composeLdapFilter(self::LFILTER_LOGIN);
+ if(!$filter) {
+ throw new \Exception('Cannot create filter');
+ }
+
+ $this->applyFind('ldap_login_filter', $filter);
+ return $this->result;
+ }
+
/**
* Tries to determine the port, requires given Host, User DN and Password
* @returns mixed WizardResult on success, false otherwise
switch ($filterType) {
case self::LFILTER_USER_LIST:
$objcs = $this->configuration->ldapUserFilterObjectclass;
- \OCP\Util::writeLog('user_ldap', 'Wiz: '.print_r($objcs, true), \OCP\Util::DEBUG);
//glue objectclasses
if(is_array($objcs) && count($objcs) > 0) {
- \OCP\Util::writeLog('user_ldap', 'Wiz: Processing objectclasses', \OCP\Util::DEBUG);
$filter .= '(|';
foreach($objcs as $objc) {
$filter .= '(objectclass=' . $objc . ')';
$filter .= ')';
$parts++;
}
- \OCP\Util::writeLog('user_ldap', 'Wiz: Intermediate filter '.$filter, \OCP\Util::DEBUG);
//glue group memberships
if($this->configuration->hasMemberOfFilterSupport) {
$cns = $this->configuration->ldapUserFilterGroups;
- \OCP\Util::writeLog('user_ldap', 'Wiz: '.print_r($cns, true), \OCP\Util::DEBUG);
if(is_array($cns) && count($cns) > 0) {
- \OCP\Util::writeLog('user_ldap', 'Wiz: Processing groups', \OCP\Util::DEBUG);
$filter .= '(|';
$cr = $this->getConnection();
if(!$cr) {
$filter .= ')';
}
$parts++;
- \OCP\Util::writeLog('user_ldap', 'Wiz: Intermediate filter '.$filter, \OCP\Util::DEBUG);
}
//wrap parts in AND condition
if($parts > 1) {
$filter = '(&' . $filter . ')';
}
if(empty($filter)) {
- $filter = 'objectclass=*';
+ $filter = '(objectclass=*)';
+ }
+ break;
+
+ case self::LFILTER_LOGIN:
+ $ulf = $this->configuration->ldapUserFilter;
+ $loginpart = '=%uid';
+ $filterUsername = '';
+ $userAttributes = $this->getUserAttributes();
+ $userAttributes = array_change_key_case(array_flip($userAttributes));
+ $parts = 0;
+
+ $x = $this->configuration->ldapLoginFilterUsername;
+ if($this->configuration->ldapLoginFilterUsername === '1') {
+ $attr = '';
+ if(isset($userAttributes['uid'])) {
+ $attr = 'uid';
+ } else if(isset($userAttributes['samaccountname'])) {
+ $attr = 'samaccountname';
+ } else if(isset($userAttributes['cn'])) {
+ //fallback
+ $attr = 'cn';
+ }
+ if(!empty($attr)) {
+ $filterUsername = '(' . $attr . $loginpart . ')';
+ $parts++;
+ }
}
+
+ $filterEmail = '';
+ if($this->configuration->ldapLoginFilterEmail === '1') {
+ $filterEmail = '(|(mailPrimaryAddress=%uid)(mail=%uid))';
+ $parts++;
+ }
+
+ $filterAttributes = '';
+ $attrsToFilter = $this->configuration->ldapLoginFilterAttributes;
+ if(is_array($attrsToFilter) && count($attrsToFilter) > 0) {
+ $filterAttributes = '(|';
+ foreach($attrsToFilter as $attribute) {
+ $filterAttributes .= '(' . $attribute . $loginpart . ')';
+ }
+ $filterAttributes .= ')';
+ $parts++;
+ }
+
+ $filterLogin = '';
+ if($parts > 1) {
+ $filterLogin = '(|';
+ }
+ $filterLogin .= $filterUsername;
+ $filterLogin .= $filterEmail;
+ $filterLogin .= $filterAttributes;
+ if($parts > 1) {
+ $filterLogin .= ')';
+ }
+
+ $filter = '(&'.$ulf.$filterLogin.')';
break;
}
$wizardHtml .= $wizard2->fetchPage();
$toc['#ldapWizard2'] = 'User Filter';
+$wizard3 = new OCP\Template('user_ldap', 'part.wizard-loginfilter');
+$wizard3->assign('wizardControls', $wControls);
+$wizardHtml .= $wizard3->fetchPage();
+$toc['#ldapWizard3'] = 'Login Filter';
+
$tmpl->assign('tabs', $wizardHtml);
$tmpl->assign('toc', $toc);
projects / nextcloud-server.git / commitdiff