class OC_GROUP_LDAP extends OC_Group_Backend {
// //group specific settings
protected $ldapGroupFilter;
+ protected $ldapGroupMemberAssocAttr;
public function __construct() {
- $this->ldapGroupFilter = OCP\Config::getAppValue('user_ldap', 'ldap_group_filter', '(objectClass=posixGroup)');
+ $this->ldapGroupFilter = OCP\Config::getAppValue('user_ldap', 'ldap_group_filter', '(objectClass=posixGroup)');
+ $this->ldapGroupMemberAssocAttr = OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember');
}
/**
if(!$dn_group || !$dn_user) {
return false;
}
- $members = OC_LDAP::readAttribute($dn_group, LDAP_GROUP_MEMBER_ASSOC_ATTR);
+ $members = OC_LDAP::readAttribute($dn_group, $this->ldapGroupMemberAssocAttr);
+
+ //extra work if we don't get back user DNs
+ //TODO: this can be done with one LDAP query
+ if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') {
+ $dns = array();
+ foreach($members as $uid) {
+ $filter = str_replace('%uid', $uid, OC_LDAP::conf('ldapLoginFilter'));
+ $ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn');
+ if(count($ldap_users) < 1) {
+ continue;
+ }
+ $dns[] = $ldap_users[0];
+ }
+ $members = $dns;
+ }
return in_array($dn_user, $members);
}
return array();
}
+ //uniqueMember takes DN, memberuid the uid, so we need to distinguish
+ if(strtolower($this->ldapGroupMemberAssocAttr) == 'uniquemember') {
+ $uid = $userDN;
+ } else if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') {
+ $result = OC_LDAP::readAttribute($userDN, 'uid');
+ $uid = $result[0];
+ } else {
+ // just in case
+ $uid = $userDN;
+ }
+
$filter = OC_LDAP::combineFilterWithAnd(array(
$this->ldapGroupFilter,
- LDAP_GROUP_MEMBER_ASSOC_ATTR.'='.$userDN
+ $this->ldapGroupMemberAssocAttr.'='.$uid
));
$groups = OC_LDAP::fetchListOfGroups($filter, array(OC_LDAP::conf('ldapGroupDisplayName'),'dn'));
$userGroups = OC_LDAP::ownCloudGroupNames($groups);
if(!$groupDN) {
return array();
}
- $members = OC_LDAP::readAttribute($groupDN, LDAP_GROUP_MEMBER_ASSOC_ATTR);
+ $members = OC_LDAP::readAttribute($groupDN, $this->ldapGroupMemberAssocAttr);
$result = array();
foreach($members as $member) {
+ if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') {
+ $filter = str_replace('%uid', $member, OC_LDAP::conf('ldapLoginFilter'));
+ $ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn');
+ if(count($ldap_users) < 1) {
+ continue;
+ }
+ $result[] = OC_LDAP::dn2username($ldap_users[0]);
+ continue;
+ }
+ //de-facto else
$result[] = OC_LDAP::dn2username($member);
}
return array_unique($result, SORT_LOCALE_STRING);
static protected $ldapUserDisplayName;
static protected $ldapUserFilter;
static protected $ldapGroupDisplayName;
+ static protected $ldapLoginFilter;
static public function init() {
self::readConfiguration();
$availableProperties = array(
'ldapUserDisplayName',
'ldapGroupDisplayName',
+ 'ldapLoginFilter'
);
if(in_array($key, $availableProperties)) {
self::$ldapNoCase = OCP\Config::getAppValue('user_ldap', 'ldap_nocase', 0);
self::$ldapUserDisplayName = OCP\Config::getAppValue('user_ldap', 'ldap_display_name', OC_USER_BACKEND_LDAP_DEFAULT_DISPLAY_NAME);
self::$ldapUserFilter = OCP\Config::getAppValue('user_ldap', 'ldap_userlist_filter','objectClass=person');
+ self::$ldapLoginFilter = OCP\Config::getAppValue('user_ldap', 'ldap_login_filter', '(uid=%uid)');
self::$ldapGroupDisplayName = OCP\Config::getAppValue('user_ldap', 'ldap_group_display_name', LDAP_GROUP_DISPLAY_NAME_ATTR);
if(empty(self::$ldapBaseUsers)) {
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
-$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr');
+$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute');
OCP\Util::addscript('user_ldap', 'settings');
// settings with default values
$tmpl->assign( 'ldap_port', OCP\Config::getAppValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT));
$tmpl->assign( 'ldap_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_display_name', OC_USER_BACKEND_LDAP_DEFAULT_DISPLAY_NAME));
+$tmpl->assign( 'ldap_group_member_assoc_attribute', OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember'));
return $tmpl->fetchPage();
<p><label for="ldap_port"><?php echo $l->t('Port');?></label><input type="text" id="ldap_port" name="ldap_port" value="<?php echo $_['ldap_port']; ?>" /></p>
<p><label for="ldap_base_users"><?php echo $l->t('Base User Tree');?></label><input type="text" id="ldap_base_users" name="ldap_base_users" value="<?php echo $_['ldap_base_users']; ?>" /></p>
<p><label for="ldap_base_groups"><?php echo $l->t('Base Group Tree');?></label><input type="text" id="ldap_base_groups" name="ldap_base_groups" value="<?php echo $_['ldap_base_groups']; ?>" /></p>
+ <p><label for="ldap_group_member_assoc_attribute"><?php echo $l->t('Group-Member association');?></label><select id="ldap_group_member_assoc_attribute" name="ldap_group_member_assoc_attribute"><option value="uniqueMember"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'uniqueMember')) echo ' selected'; ?>>uniqueMember</option><option value="memberUid"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'memberUid')) echo ' selected'; ?>>memberUid</option></select></p>
<p><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1"<?php if ($_['ldap_tls']) echo ' checked'; ?>><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label></p>
<p><input type="checkbox" id="ldap_nocase" name="ldap_nocase" value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) echo ' checked'; ?>><label for="ldap_nocase"><?php echo $l->t('Case insensitve LDAP server (Windows)');?></label></p>
<p><label for="ldap_display_name"><?php echo $l->t('Display Name Field');?></label><input type="text" id="ldap_display_name" name="ldap_display_name" value="<?php echo $_['ldap_display_name']; ?>" />
// cached settings
protected $ldapUserFilter;
- protected $ldapLoginFilter;
protected $ldapQuotaAttribute;
protected $ldapQuotaDefault;
protected $ldapEmailAttribute;
public function __construct() {
$this->ldapUserFilter = OCP\Config::getAppValue('user_ldap', 'ldap_userlist_filter', '(objectClass=posixAccount)');
- $this->ldapLoginFilter = OCP\Config::getAppValue('user_ldap', 'ldap_login_filter', '(uid=%uid)');
$this->ldapQuotaAttribute = OCP\Config::getAppValue('user_ldap', 'ldap_quota_attr', '');
$this->ldapQuotaDefault = OCP\Config::getAppValue('user_ldap', 'ldap_quota_def', '');
$this->ldapEmailAttribute = OCP\Config::getAppValue('user_ldap', 'ldap_email_attr', '');
*/
public function checkPassword($uid, $password){
//find out dn of the user name
- $filter = str_replace('%uid', $uid, $this->ldapLoginFilter);
+ $filter = str_replace('%uid', $uid, OC_LDAP::conf('ldapLoginFilter'));
$ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn');
if(count($ldap_users) < 1) {
return false;
projects / nextcloud-server.git / commitdiff