switch($action) {
case 'guessPortAndTLS':
case 'guessBaseDN':
- case 'determineObjectClasses':
- case 'determineGroups':
+ case 'determineUserObjectClasses':
+ case 'determineGroupObjectClasses':
+ case 'determineGroupsForUsers':
+ case 'determineGroupsForGroups':
case 'determineAttributes':
case 'getUserListFilter':
case 'getUserLoginFilter':
+ case 'getGroupFilter':
case 'countUsers':
+ case 'countGroups':
try {
$result = $wizard->$action();
if($result !== false) {
action = 'getUserListFilter';
} else if(type == 'login') {
action = 'getUserLoginFilter';
+ } else if(type == 'group') {
+ action = 'getGroupFilter';
}
param = 'action='+action+
LdapWizard.ajax(param,
function(result) {
LdapWizard.applyChanges(result);
- LdapWizard.countUsers();
+ if(type == 'user') {
+ LdapWizard.countUsers();
+ } else if(type == 'group') {
+ LdapWizard.countGroups();
+ }
},
function (result) {
// error handling
);
},
- countUsers: function() {
- param = 'action=countUsers'+
+ _countThings: function(method) {
+ param = 'action='+method+
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
LdapWizard.ajax(param,
function(result) {
LdapWizard.applyChanges(result);
-// alert(result.changes['ldap_user_count']);
},
function (result) {
// error handling
);
},
+ countGroups: function() {
+ LdapWizard._countThings('countGroups');
+ },
+
+ countUsers: function() {
+ LdapWizard._countThings('countUsers');
+ },
+
findAttributes: function() {
param = 'action=determineAttributes'+
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
);
},
- findAvailableGroups: function() {
- param = 'action=determineGroups'+
+ findAvailableGroups: function(multisel, type) {
+ if(type != 'Users' && type != 'Groups') {
+ return false;
+ }
+ param = 'action=determineGroupsFor'+type+
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
LdapWizard.ajax(param,
function(result) {
- $('#ldap_userfilter_groups').find('option').remove();
- for (i in result.options['ldap_userfilter_groups']) {
+ $('#'+multisel).find('option').remove();
+ for (i in result.options[multisel]) {
//FIXME: move HTML into template
- objc = result.options['ldap_userfilter_groups'][i];
- $('#ldap_userfilter_groups').append("<option value='"+objc+"'>"+objc+"</option>");
+ objc = result.options[multisel][i];
+ $('#'+multisel).append("<option value='"+objc+"'>"+objc+"</option>");
}
LdapWizard.applyChanges(result);
- $('#ldap_userfilter_groups').multiselect('refresh');
- $('#ldap_userfilter_groups').multiselect('enable');
+ $('#'+multisel).multiselect('refresh');
+ $('#'+multisel).multiselect('enable');
},
function (result) {
- $('#ldap_userfilter_groups').multiselect('disable');
+ $('#'+multisel).multiselect('disable');
}
);
},
- findObjectClasses: function() {
- param = 'action=determineObjectClasses'+
+ findObjectClasses: function(multisel, type) {
+ if(type != 'User' && type != 'Group') {
+ return false;
+ }
+ param = 'action=determine'+type+'ObjectClasses'+
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
LdapWizard.ajax(param,
function(result) {
- $('#ldap_userfilter_objectclass').find('option').remove();
- for (i in result.options['ldap_userfilter_objectclass']) {
+ $('#'+multisel).find('option').remove();
+ for (i in result.options[multisel]) {
//FIXME: move HTML into template
- objc = result.options['ldap_userfilter_objectclass'][i];
- $('#ldap_userfilter_objectclass').append("<option value='"+objc+"'>"+objc+"</option>");
+ objc = result.options[multisel][i];
+ $('#'+multisel).append("<option value='"+objc+"'>"+objc+"</option>");
}
LdapWizard.applyChanges(result);
- $('#ldap_userfilter_objectclass').multiselect('refresh');
+ $('#'+multisel).multiselect('refresh');
},
function (result) {
//TODO: error handling
}
},
+ initGroupFilter: function() {
+ LdapWizard.findObjectClasses('ldap_groupfilter_objectclass', 'Group');
+ LdapWizard.findAvailableGroups('ldap_groupfilter_groups', 'Groups');
+ LdapWizard.countGroups();
+ },
+
initLoginFilter: function() {
LdapWizard.findAttributes();
},
},
initUserFilter: function() {
- LdapWizard.findObjectClasses();
- LdapWizard.findAvailableGroups();
+ LdapWizard.findObjectClasses('ldap_userfilter_objectclass', 'User');
+ LdapWizard.findAvailableGroups('ldap_userfilter_groups', 'Users');
LdapWizard.countUsers();
},
LdapWizard.initUserFilter();
} else if(ui.newTab[0].id === '#ldapWizard3') {
LdapWizard.initLoginFilter();
+ } else if(ui.newTab[0].id === '#ldapWizard4') {
+ LdapWizard.initGroupFilter();
}
},
if(triggerObj.id == 'ldap_userlist_filter') {
LdapWizard.countUsers();
+ } else if(triggerObj.id == 'ldap_group_filter') {
+ LdapWizard.countGroups();
}
if(triggerObj.id == 'ldap_loginfilter_username'
LdapWizard.composeFilter('user');
} else if(originalObj == 'ldap_loginfilter_attributes') {
LdapWizard.composeFilter('login');
+ } else if(originalObj == 'ldap_groupfilter_objectclass'
+ || originalObj == 'ldap_groupfilter_groups') {
+ LdapWizard.composeFilter('group');
}
-
},
_save: function(object, value) {
LdapWizard.checkInfoShown = true;
},
- toggleRawUserFilter: function() {
- if($('#rawUserFilterContainer').hasClass('invisible')) {
- $('#rawUserFilterContainer').removeClass('invisible');
- $('#ldap_userfilter_objectclass').multiselect('disable');
- if($('#ldap_userfilter_groups').multiselect().attr('disabled') == 'disabled') {
- userFilterGroupSelectState = 'disable';
+ toggleRawFilter: function(container, moc, mg, stateVar) {
+ if($(container).hasClass('invisible')) {
+ $(container).removeClass('invisible');
+ $(moc).multiselect('disable');
+ if($(mg).multiselect().attr('disabled') == 'disabled') {
+ LdapWizard[stateVar] = 'disable';
} else {
- userFilterGroupSelectState = 'enable';
+ LdapWizard[stateVar] = 'enable';
}
- $('#ldap_userfilter_groups').multiselect('disable');
+ $(mg).multiselect('disable');
} else {
- $('#rawUserFilterContainer').addClass('invisible');
- $('#ldap_userfilter_group').multiselect(userFilterGroupSelectState);
- $('#ldap_userfilter_objectclass').multiselect('enable');
+ $(container).addClass('invisible');
+ $(mg).multiselect(LdapWizard[stateVar]);
+ $(moc).multiselect('enable');
}
+ },
+
+ toggleRawGroupFilter: function() {
+ LdapWizard.toggleRawFilter('#rawGroupFilterContainer',
+ '#ldap_groupfilter_objectclass',
+ '#ldap_groupfilter_groups',
+ 'groupFilterGroupSelectState'
+ );
+ },
+
+ toggleRawUserFilter: function() {
+ LdapWizard.toggleRawFilter('#rawUserFilterContainer',
+ '#ldap_userfilter_objectclass',
+ '#ldap_userfilter_groups',
+ 'userFilterGroupSelectState'
+ );
}
};
LdapWizard.initMultiSelect($('#ldap_loginfilter_attributes'),
'ldap_loginfilter_attributes',
t('user_ldap', 'Select attributes'));
+ LdapWizard.initMultiSelect($('#ldap_groupfilter_groups'),
+ 'ldap_groupfilter_groups',
+ t('user_ldap', 'Select groups'));
+ LdapWizard.initMultiSelect($('#ldap_groupfilter_objectclass'),
+ 'ldap_groupfilter_objectclass',
+ t('user_ldap', 'Select object classes'));
$('.lwautosave').change(function() { LdapWizard.save(this); });
$('#toggleRawUserFilter').click(LdapWizard.toggleRawUserFilter);
+ $('#toggleRawGroupFilter').click(LdapWizard.toggleRawGroupFilter);
LdapConfiguration.refreshConfig();
$('#ldap_action_test_connection').click(function(event){
event.preventDefault();
'ldapUserFilterGroups' => null,
'ldapUserFilter' => null,
'ldapGroupFilter' => null,
+ 'ldapGroupFilterObjectclass' => null,
+ 'ldapGroupFilterGroups' => null,
'ldapGroupDisplayName' => null,
'ldapGroupMemberAssocAttr' => null,
'ldapLoginFilter' => null,
case 'ldapAttributesForGroupSearch':
case 'ldapUserFilterObjectclass':
case 'ldapUserFilterGroups':
+ case 'ldapGroupFilterObjectclass':
+ case 'ldapGroupFilterGroups':
case 'ldapLoginFilterAttributes':
$setMethod = 'setMultiLine';
default:
case 'ldapAttributesForGroupSearch':
case 'ldapUserFilterObjectclass':
case 'ldapUserFilterGroups':
+ case 'ldapGroupFilterObjectclass':
+ case 'ldapGroupFilterGroups':
case 'ldapLoginFilterAttributes':
$readMethod = 'getMultiLine';
break;
case 'ldapAttributesForGroupSearch':
case 'ldapUserFilterObjectclass':
case 'ldapUserFilterGroups':
+ case 'ldapGroupFilterObjectclass':
+ case 'ldapGroupFilterGroups':
case 'ldapLoginFilterAttributes':
if(is_array($value)) {
$value = implode("\n", $value);
'ldap_loginfilter_username' => 1,
'ldap_loginfilter_attributes' => '',
'ldap_group_filter' => 'objectClass=posixGroup',
+ 'ldap_groupfilter_objectclass' => '',
+ 'ldap_groupfilter_groups' => '',
'ldap_display_name' => 'cn',
'ldap_group_display_name' => 'cn',
'ldap_tls' => 1,
'ldap_loginfilter_username' => 'ldapLoginFilterUsername',
'ldap_loginfilter_attributes' => 'ldapLoginFilterAttributes',
'ldap_group_filter' => 'ldapGroupFilter',
+ 'ldap_groupfilter_objectclass' => 'ldapGroupFilterObjectclass',
+ 'ldap_groupfilter_groups' => 'ldapGroupFilterGroups',
'ldap_display_name' => 'ldapUserDisplayName',
'ldap_group_display_name' => 'ldapGroupDisplayName',
'ldap_tls' => 'ldapTLS',
}
}
+ public function countGroups() {
+ if(!$this->checkRequirements(array('ldapHost',
+ 'ldapPort',
+ 'ldapAgentName',
+ 'ldapAgentPassword',
+ 'ldapBase',
+ ))) {
+ return false;
+ }
+
+ $base = $this->configuration->ldapBase[0];
+ $filter = $this->configuration->ldapGroupFilter;
+ \OCP\Util::writeLog('user_ldap', 'Wiz: g filter '. print_r($filter, true), \OCP\Util::DEBUG);
+ if(empty($filter)) {
+ $this->result->addChange('ldap_group_count', 0);
+ return $this->result;
+ }
+ $cr = $this->getConnection();
+ if(!$cr) {
+ throw new \Excpetion('Could not connect to LDAP');
+ }
+ $rr = $this->ldap->search($cr, $base, $filter, array('dn'));
+ if(!$this->ldap->isResource($rr)) {
+ return false;
+ }
+ $entries = $this->ldap->countEntries($cr, $rr);
+ $entries = ($entries !== false) ? $entries : 0;
+ $this->result->addChange('ldap_group_count', $entries);
+
+ return $this->result;
+ }
+
public function countUsers() {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
* @brief detects the available LDAP groups
* @returns the instance's WizardResult instance
*/
- public function determineGroups() {
+ public function determineGroupsForGroups() {
+ return $this->determineGroups('ldap_groupfilter_groups',
+ 'ldapGroupFilterGroups',
+ false);
+ }
+
+ /**
+ * @brief detects the available LDAP groups
+ * @returns the instance's WizardResult instance
+ */
+ public function determineGroupsForUsers() {
+ return $this->determineGroups('ldap_userfilter_groups',
+ 'ldapUserFilterGroups');
+ }
+
+ /**
+ * @brief detects the available LDAP groups
+ * @returns the instance's WizardResult instance
+ */
+ private function determineGroups($dbkey, $confkey, $testMemberOf = true) {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
'ldapAgentName',
}
$obclasses = array('posixGroup', 'group', '*');
- $this->determineFeature($obclasses,
- 'cn',
- 'ldap_userfilter_groups',
- 'ldapUserFilterGroups');
+ $this->determineFeature($obclasses, 'cn', $dbkey, $confkey);
- $this->configuration->hasMemberOfFilterSupport = $this->testMemberOf();
- $filter = $this->composeLdapFilter(self::LFILTER_USER_LIST);
- if(!$this->configuration->hasMemberOfFilterSupport) {
- throw new \Exception('memberOf is not supported by the server');
+ if($testMemberOf) {
+ $this->configuration->hasMemberOfFilterSupport = $this->testMemberOf();
+ if(!$this->configuration->hasMemberOfFilterSupport) {
+ throw new \Exception('memberOf is not supported by the server');
+ }
}
return $this->result;
* @brief detects the available object classes
* @returns the instance's WizardResult instance
*/
- public function determineObjectClasses() {
+ public function determineGroupObjectClasses() {
+ if(!$this->checkRequirements(array('ldapHost',
+ 'ldapPort',
+ 'ldapAgentName',
+ 'ldapAgentPassword',
+ 'ldapBase',
+ ))) {
+ return false;
+ }
+ $cr = $this->getConnection();
+ if(!$cr) {
+ throw new \Excpetion('Could not connect to LDAP');
+ }
+
+ $obclasses = array('group', 'posixGroup', '*');
+ $this->determineFeature($obclasses,
+ 'objectclass',
+ 'ldap_groupfilter_objectclass',
+ 'ldapGroupFilterObjectclass',
+ false);
+
+ return $this->result;
+ }
+
+ /**
+ * @brief detects the available object classes
+ * @returns the instance's WizardResult instance
+ */
+ public function determineUserObjectClasses() {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
'ldapAgentName',
$obclasses = array('inetOrgPerson', 'person', 'organizationalPerson',
'user', 'posixAccount', '*');
+ $filter = $this->configuration->ldapUserFilter;
+ //if filter is empty, it is probably the first time the wizard is called
+ //then, apply suggestions.
$this->determineFeature($obclasses,
'objectclass',
'ldap_userfilter_objectclass',
'ldapUserFilterObjectclass',
- true);
+ empty($filter));
+
+ return $this->result;
+ }
+
+ public function getGroupFilter() {
+ if(!$this->checkRequirements(array('ldapHost',
+ 'ldapPort',
+ 'ldapAgentName',
+ 'ldapAgentPassword',
+ 'ldapBase',
+ ))) {
+ return false;
+ }
+ $filter = $this->composeLdapFilter(self::LFILTER_GROUP_LIST);
+ $this->applyFind('ldap_group_filter', $filter);
return $this->result;
}
}
break;
+ case self::LFILTER_GROUP_LIST:
+ $objcs = $this->configuration->ldapGroupFilterObjectclass;
+ //glue objectclasses
+ if(is_array($objcs) && count($objcs) > 0) {
+ $filter .= '(|';
+ foreach($objcs as $objc) {
+ $filter .= '(objectclass=' . $objc . ')';
+ }
+ $filter .= ')';
+ $parts++;
+ }
+ //glue group memberships
+ $cns = $this->configuration->ldapGroupFilterGroups;
+ if(is_array($cns) && count($cns) > 0) {
+ $filter .= '(|';
+ $base = $this->configuration->ldapBase[0];
+ foreach($cns as $cn) {
+ $filter .= '(cn=' . $cn . ')';
+ }
+ $filter .= ')';
+ }
+ $parts++;
+ //wrap parts in AND condition
+ if($parts > 1) {
+ $filter = '(&' . $filter . ')';
+ }
+ break;
+
case self::LFILTER_LOGIN:
$ulf = $this->configuration->ldapUserFilter;
$loginpart = '=%uid';
\OCP\Util::writeLog('user_ldap', 'Wiz: Final filter '.$filter, \OCP\Util::DEBUG);
- return empty($filter) ? false : $filter;
+ return $filter;
}
/**
} else if($po && !empty($maxEntryObjC)) {
//pre-select objectclass with most result entries
$maxEntryObjC = str_replace($p, '', $maxEntryObjC);
- $this->result->addChange($dbkey, $maxEntryObjC);
+ $this->applyFind($dbkey, $maxEntryObjC);
+// $this->result->addChange($dbkey, $maxEntryObjC);
}
return $availableFeatures;
$sControls = new OCP\Template('user_ldap', 'part.settingcontrols');
$sControls = $sControls->fetchPage();
-$wizard1 = new OCP\Template('user_ldap', 'part.wizard-server');
-$wizard1->assign('serverConfigurationPrefixes', $prefixes);
-$wizard1->assign('serverConfigurationHosts', $hosts);
-$wizard1->assign('wizardControls', $wControls);
-$wizardHtml .= $wizard1->fetchPage();
-$toc['#ldapWizard1'] = 'Server';
+$wizTabs = array();
+$wizTabs[] = array('tpl' => 'part.wizard-server', 'cap' => 'Server');
+$wizTabs[] = array('tpl' => 'part.wizard-userfilter', 'cap' => 'User Filter');
+$wizTabs[] = array('tpl' => 'part.wizard-loginfilter', 'cap' => 'Login Filter');
+$wizTabs[] = array('tpl' => 'part.wizard-groupfilter', 'cap' => 'Group Filter');
-$wizard2 = new OCP\Template('user_ldap', 'part.wizard-userfilter');
-$wizard2->assign('wizardControls', $wControls);
-$wizardHtml .= $wizard2->fetchPage();
-$toc['#ldapWizard2'] = 'User Filter';
-
-$wizard3 = new OCP\Template('user_ldap', 'part.wizard-loginfilter');
-$wizard3->assign('wizardControls', $wControls);
-$wizardHtml .= $wizard3->fetchPage();
-$toc['#ldapWizard3'] = 'Login Filter';
+for($i = 0; $i < count($wizTabs); $i++) {
+ $tab = new OCP\Template('user_ldap', $wizTabs[$i]['tpl']);
+ if($i === 0) {
+ $tab->assign('serverConfigurationPrefixes', $prefixes);
+ $tab->assign('serverConfigurationHosts', $hosts);
+ }
+ $tab->assign('wizardControls', $wControls);
+ $wizardHtml .= $tab->fetchPage();
+ $toc['#ldapWizard'.($i+1)] = $wizTabs[$i]['cap'];
+}
$tmpl->assign('tabs', $wizardHtml);
$tmpl->assign('toc', $toc);
projects / nextcloud-server.git / commitdiff