return array();
}
- $search = empty($search) ? '*' : '*'.$search.'*';
$groupUsers = array();
$isMemberUid = (strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid');
foreach($members as $member) {
//we got uids, need to get their DNs to 'tranlsate' them to usernames
$filter = $this->combineFilterWithAnd(array(
\OCP\Util::mb_str_replace('%uid', $member, $this->connection>ldapLoginFilter, 'UTF-8'),
- $this->connection->ldapUserDisplayName.'='.$search
+ $this->getFilterPartForUserSearch($search)
));
$ldap_users = $this->fetchListOfUsers($filter, 'dn');
if(count($ldap_users) < 1) {
$groupUsers[] = $this->dn2username($ldap_users[0]);
} else {
//we got DNs, check if we need to filter by search or we can give back all of them
- if($search != '*') {
- if(!$this->readAttribute($member, $this->connection->ldapUserDisplayName, $this->connection->ldapUserDisplayName.'='.$search)) {
+ if(!empty($search)) {
+ if(!$this->readAttribute($member, $this->connection->ldapUserDisplayName, $this->getFilterPartForUserSearch($search))) {
continue;
}
}
if($limit <= 0) {
$limit = null;
}
- $search = empty($search) ? '*' : '*'.$search.'*';
$filter = $this->combineFilterWithAnd(array(
$this->connection->ldapGroupFilter,
- $this->connection->ldapGroupDisplayName.'='.$search
+ $this->getFilterPartForGroupSearch($search)
));
\OCP\Util::writeLog('user_ldap', 'getGroups Filter '.$filter, \OCP\Util::DEBUG);
$ldap_groups = $this->fetchListOfGroups($filter, array($this->connection->ldapGroupDisplayName, 'dn'), $limit, $offset);
return $combinedFilter;
}
+ /**
+ * @brief creates a filter part for to perfrom search for users
+ * @param string $search the search term
+ * @return string the final filter part to use in LDAP searches
+ */
+ public function getFilterPartForUserSearch($search) {
+ return $this->getFilterPartForSearch($search, $this->connection->ldapAttributesForUserSearch, $this->connection->ldapUserDisplayName);
+ }
+
+ /**
+ * @brief creates a filter part for to perfrom search for groups
+ * @param string $search the search term
+ * @return string the final filter part to use in LDAP searches
+ */
+ public function getFilterPartForGroupSearch($search) {
+ return $this->getFilterPartForSearch($search, $this->connection->ldapAttributesForGroupSearch, $this->connection->ldapGroupDisplayName);
+ }
+
+ /**
+ * @brief creates a filter part for searches
+ * @param string $search the search term
+ * @param string $fallbackAttribute a fallback attribute in case the user
+ * did not define search attributes. Typically the display name attribute.
+ * @returns string the final filter part to use in LDAP searches
+ */
+ private function getFilterPartForSearch($search, $searchAttributes, $fallbackAttribute) {
+ $filter = array();
+ $search = empty($search) ? '*' : '*'.$search.'*';
+ if(!is_array($searchAttributes) || count($searchAttributes) == 0) {
+ if(empty($fallbackAttribute)) {
+ return '';
+ }
+ $filter[] = $fallbackAttribute . '=' . $search;
+ } else {
+ foreach($searchAttributes as $attribute) {
+ $filter[] = $attribute . '=' . $search;
+ }
+ }
+ if(count($filter) == 1) {
+ return '('.$filter[0].')';
+ }
+ return $this->combineFilterWithOr($filter);
+ }
+
public function areCredentialsValid($name, $password) {
$name = $this->DNasBaseParameter($name);
$testConnection = clone $this->connection;
'ldapOverrideUuidAttribute' => null,
'ldapOverrideMainServer' => false,
'ldapConfigurationActive' => false,
+ 'ldapAttributesForUserSearch' => null,
+ 'ldapAttributesForGroupSearch' => null,
'homeFolderNamingRule' => null,
'hasPagedResultSupport' => false,
);
= $this->$v('home_folder_naming_rule');
$this->config['ldapConfigurationActive']
= $this->$v('ldap_configuration_active');
+ $this->config['ldapAttributesForUserSearch']
+ = preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_user_search'));
+ $this->config['ldapAttributesForGroupSearch']
+ = preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_group_search'));
$this->configured = $this->validateConfiguration();
}
private function getConfigTranslationArray() {
static $array = array('ldap_host'=>'ldapHost', 'ldap_port'=>'ldapPort', 'ldap_backup_host'=>'ldapBackupHost', 'ldap_backup_port'=>'ldapBackupPort', 'ldap_override_main_server' => 'ldapOverrideMainServer', 'ldap_dn'=>'ldapAgentName', 'ldap_agent_password'=>'ldapAgentPassword', 'ldap_base'=>'ldapBase', 'ldap_base_users'=>'ldapBaseUsers', 'ldap_base_groups'=>'ldapBaseGroups', 'ldap_userlist_filter'=>'ldapUserFilter', 'ldap_login_filter'=>'ldapLoginFilter', 'ldap_group_filter'=>'ldapGroupFilter', 'ldap_display_name'=>'ldapUserDisplayName', 'ldap_group_display_name'=>'ldapGroupDisplayName',
- 'ldap_tls'=>'ldapTLS', 'ldap_nocase'=>'ldapNoCase', 'ldap_quota_def'=>'ldapQuotaDefault', 'ldap_quota_attr'=>'ldapQuotaAttribute', 'ldap_email_attr'=>'ldapEmailAttribute', 'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr', 'ldap_cache_ttl'=>'ldapCacheTTL', 'home_folder_naming_rule' => 'homeFolderNamingRule', 'ldap_turn_off_cert_check' => 'turnOffCertCheck', 'ldap_configuration_active' => 'ldapConfigurationActive');
+ 'ldap_tls'=>'ldapTLS', 'ldap_nocase'=>'ldapNoCase', 'ldap_quota_def'=>'ldapQuotaDefault', 'ldap_quota_attr'=>'ldapQuotaAttribute', 'ldap_email_attr'=>'ldapEmailAttribute', 'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr', 'ldap_cache_ttl'=>'ldapCacheTTL', 'home_folder_naming_rule' => 'homeFolderNamingRule', 'ldap_turn_off_cert_check' => 'turnOffCertCheck', 'ldap_configuration_active' => 'ldapConfigurationActive', 'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch', 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch');
return $array;
}
case 'ldapBase':
case 'ldapBaseUsers':
case 'ldapBaseGroups':
+ case 'ldapAttributesForUserSearch':
+ case 'ldapAttributesForGroupSearch':
if(is_array($value)){
$value = implode("\n", $value);
}
$config[$dbKey] = substr($this->config[$dbKey], 5);
}
continue;
- } else if(strpos($classKey, 'ldapBase') !== false) {
+ } else if((strpos($classKey, 'ldapBase') !== false)
+ || (strpos($classKey, 'ldapAttributes') !== false)) {
$config[$dbKey] = implode("\n", $this->config[$classKey]);
continue;
}
//force default
$this->config['ldapBackupPort'] = $this->config['ldapPort'];
}
+ foreach(array('ldapAttributesForUserSearch', 'ldapAttributesForGroupSearch') as $key) {
+ if(is_array($this->config[$key])
+ && count($this->config[$key]) == 1
+ && empty($this->config[$key][0])) {
+ $this->config[$key] = array();
+ }
+ }
+
//second step: critical checks. If left empty or filled wrong, set as unconfigured and give a warning.
'home_folder_naming_rule' => 'opt:username',
'ldap_turn_off_cert_check' => 0,
'ldap_configuration_active' => 1,
+ 'ldap_attributes_for_user_search' => '',
+ 'ldap_attributes_for_group_search' => '',
);
}
if($limit <= 0) {
$limit = null;
}
- $search = empty($search) ? '*' : '*'.$search.'*';
$filter = $this->combineFilterWithAnd(array(
$this->connection->ldapUserFilter,
- $this->connection->ldapUserDisplayName.'='.$search
+ $this->getFilterPartForUserSearch($search)
));
\OCP\Util::writeLog('user_ldap', 'getUsers: Options: search '.$search.' limit '.$limit.' offset '.$offset.' Filter: '.$filter, \OCP\Util::DEBUG);
projects / nextcloud-server.git / commitdiff