From 3d56cf3a5b29e0c75f98646eafd22ee8cb7749dc Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Thu, 17 Jan 2013 13:31:14 +0100
Subject: [PATCH] LDAP: add support for backup/replica servers

---
 apps/user_ldap/lib/connection.php     | 40 +++++++++++++++++++++------
 apps/user_ldap/settings.php           |  2 +-
 apps/user_ldap/templates/settings.php |  3 ++
 3 files changed, 36 insertions(+), 9 deletions(-)

diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php
index 1dc1d1510ab..a22246c7091 100644
--- a/apps/user_ldap/lib/connection.php
+++ b/apps/user_ldap/lib/connection.php
@@ -36,6 +36,8 @@ class Connection {
 	protected $config = array(
 		'ldapHost' => null,
 		'ldapPort' => null,
+		'ldapBackupHost' => null,
+		'ldapBackupPort' => null,
 		'ldapBase' => null,
 		'ldapBaseUsers' => null,
 		'ldapBaseGroups' => null,
@@ -56,6 +58,7 @@ class Connection {
 		'ldapCacheTTL' => null,
 		'ldapUuidAttribute' => null,
 		'ldapOverrideUuidAttribute' => null,
+		'ldapOverrideMainServer' => false,
 		'homeFolderNamingRule' => null,
 		'hasPagedResultSupport' => false,
 	);
@@ -188,7 +191,10 @@ class Connection {
 	private function readConfiguration($force = false) {
 		if((!$this->configured || $force) && !is_null($this->configID)) {
 			$this->config['ldapHost']              = \OCP\Config::getAppValue($this->configID, $this->configPrefix.'ldap_host', '');
+			$this->config['ldapBackupHost']        = \OCP\Config::getAppValue($this->configID, $this->configPrefix.'ldap_backup_host', '');
 			$this->config['ldapPort']              = \OCP\Config::getAppValue($this->configID, $this->configPrefix.'ldap_port', 389);
+			$this->config['ldapBackupPort']        = \OCP\Config::getAppValue($this->configID, $this->configPrefix.'ldap_backup_port', $this->config['ldapPort']);
+			$this->config['ldapOverrideMainServer']= \OCP\Config::getAppValue($this->configID, $this->configPrefix.'ldap_override_main_server', false);
 			$this->config['ldapAgentName']         = \OCP\Config::getAppValue($this->configID, $this->configPrefix.'ldap_dn', '');
 			$this->config['ldapAgentPassword']     = base64_decode(\OCP\Config::getAppValue($this->configID, $this->configPrefix.'ldap_agent_password', ''));
 			$rawLdapBase                           = \OCP\Config::getAppValue($this->configID, $this->configPrefix.'ldap_base', '');
@@ -229,7 +235,7 @@ class Connection {
 			return false;
 		}
 
-		$params = array('ldap_host'=>'ldapHost', 'ldap_port'=>'ldapPort', 'ldap_dn'=>'ldapAgentName', 'ldap_agent_password'=>'ldapAgentPassword', 'ldap_base'=>'ldapBase', 'ldap_base_users'=>'ldapBaseUsers', 'ldap_base_groups'=>'ldapBaseGroups', 'ldap_userlist_filter'=>'ldapUserFilter', 'ldap_login_filter'=>'ldapLoginFilter', 'ldap_group_filter'=>'ldapGroupFilter', 'ldap_display_name'=>'ldapUserDisplayName', 'ldap_group_display_name'=>'ldapGroupDisplayName',
+		$params = array('ldap_host'=>'ldapHost', 'ldap_port'=>'ldapPort', 'ldap_backup_host'=>'ldapBackupHost', 'ldap_backup_port'=>'ldapBackupPort', 'ldapOverrideMainServer' => 'ldap_override_main_server', 'ldap_dn'=>'ldapAgentName', 'ldap_agent_password'=>'ldapAgentPassword', 'ldap_base'=>'ldapBase', 'ldap_base_users'=>'ldapBaseUsers', 'ldap_base_groups'=>'ldapBaseGroups', 'ldap_userlist_filter'=>'ldapUserFilter', 'ldap_login_filter'=>'ldapLoginFilter', 'ldap_group_filter'=>'ldapGroupFilter', 'ldap_display_name'=>'ldapUserDisplayName', 'ldap_group_display_name'=>'ldapGroupDisplayName',
 
 		'ldap_tls'=>'ldapTLS', 'ldap_nocase'=>'ldapNoCase', 'ldap_quota_def'=>'ldapQuotaDefault', 'ldap_quota_attr'=>'ldapQuotaAttribute', 'ldap_email_attr'=>'ldapEmailAttribute', 'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr', 'ldap_cache_ttl'=>'ldapCacheTTL', 'home_folder_naming_rule' => 'homeFolderNamingRule');
 
@@ -342,16 +348,34 @@ class Connection {
 					\OCP\Util::writeLog('user_ldap', 'Could not turn off SSL certificate validation.', \OCP\Util::WARN);
 				}
 			}
-			$this->ldapConnectionRes = ldap_connect($this->config['ldapHost'], $this->config['ldapPort']);
-			if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
-				if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
-					if($this->config['ldapTLS']) {
-						ldap_start_tls($this->ldapConnectionRes);
+			if(!$this->config['ldapOverrideMainServer'] && !$this->getFromCache('overrideMainServer')) {
+				$this->doConnect($this->config['ldapHost'], $this->config['ldapPort']);
+				$bindStatus = $this->bind();
+			}
+
+			$error = null;
+			//if LDAP server is not reachable, try the Backup (Replica!) Server
+			if((!$bindStatus && ($error = ldap_errno($this->ldapConnectionRes)) == -1)
+				|| $this->config['ldapOverrideMainServer']
+				|| $this->getFromCache('overrideMainServer')) {
+					$this->doConnect($this->config['ldapBackupHost'], $this->config['ldapBackupPort']);
+					$bindStatus = $this->bind();
+					if($bindStatus && $error == -1) {
+						$this->writeToCache('overrideMainServer', true);
 					}
-				}
 			}
+			return $bindStatus;
+		}
+	}
 
-			return $this->bind();
+	private function doConnect($host, $port) {
+		$this->ldapConnectionRes = ldap_connect($host, $port);
+		if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
+			if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
+				if($this->config['ldapTLS']) {
+					ldap_start_tls($this->ldapConnectionRes);
+				}
+			}
 		}
 	}
 
diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index 58ec8e7f7a4..e49f37da2de 100644
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -23,7 +23,7 @@
 
 OC_Util::checkAdminUser();
 
-$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_agent_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_group_display_name', 'ldap_tls', 'ldap_turn_off_cert_check', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute', 'ldap_cache_ttl', 'home_folder_naming_rule');
+$params = array('ldap_host', 'ldap_port', 'ldap_backup_host', 'ldap_backup_port', 'ldap_override_main_server', 'ldap_dn', 'ldap_agent_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_group_display_name', 'ldap_tls', 'ldap_turn_off_cert_check', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute', 'ldap_cache_ttl', 'home_folder_naming_rule');
 
 OCP\Util::addscript('user_ldap', 'settings');
 OCP\Util::addstyle('user_ldap', 'settings');
diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index b24c6e2f025..030fbff4aac 100644
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -22,6 +22,9 @@
 	</fieldset>
 	<fieldset id="ldapSettings-2">
 		<p><label for="ldap_port"><?php echo $l->t('Port');?></label><input type="text" id="ldap_port" name="ldap_port" value="<?php echo $_['ldap_port']; ?>" /></p>
+		<p><label for="ldap_backup_host"><?php echo $l->t('Backup (Replica) Host');?></label><input type="text" id="ldap_backup_host" name="ldap_backup_host" value="<?php echo $_['ldap_backup_host']; ?>" title="<?php echo $l->t('Give an optional backup host. It must be a replica of the main LDAP/AD server.');?>"></p>
+		<p><label for="ldap_backup_port"><?php echo $l->t('Backup (Replica) Port');?></label><input type="text" id="ldap_backup_port" name="ldap_backup_port" value="<?php echo $_['ldap_backup_port']; ?>" /></p>
+		<p><label for="ldap_override_main_server"><?php echo $l->t('Disable Main Server');?></label><input type="checkbox" id="ldap_override_main_server" name="ldap_override_main_server" value="1"<?php if ($_['ldap_override_main_server']) echo ' checked'; ?> title="<?php echo $l->t('When switched on, ownCloud will only connect to the replica server.');?>" /></p>
 		<p><label for="ldap_base_users"><?php echo $l->t('Base User Tree');?></label><textarea id="ldap_base_users" name="ldap_base_users" placeholder="<?php echo $l->t('One User Base DN per line');?>" title="<?php echo $l->t('Base User Tree');?>"><?php echo $_['ldap_base_users']; ?></textarea></p>
 		<p><label for="ldap_base_groups"><?php echo $l->t('Base Group Tree');?></label><textarea id="ldap_base_groups" name="ldap_base_groups" placeholder="<?php echo $l->t('One Group Base DN per line');?>" title="<?php echo $l->t('Base Group Tree');?>"><?php echo $_['ldap_base_groups']; ?></textarea></p>
 		<p><label for="ldap_group_member_assoc_attribute"><?php echo $l->t('Group-Member association');?></label><select id="ldap_group_member_assoc_attribute" name="ldap_group_member_assoc_attribute"><option value="uniqueMember"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'uniqueMember')) echo ' selected'; ?>>uniqueMember</option><option value="memberUid"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'memberUid')) echo ' selected'; ?>>memberUid</option><option value="member"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'member')) echo ' selected'; ?>>member (AD)</option></select></p>
-- 
2.39.5