mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 1010 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
40470 Commits
429 Branches
Tree: e481971155
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e481971155'
${ noResults }
nextcloud/apps/user_ldap/lib/LDAPProvider.php

LDAPProvider.php 5.4KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187 
  1. <?php

  2. /**

  3.  *

  4.  * @copyright Copyright (c) 2016, Roger Szabo (roger.szabo@web.de)

  5.  *

  6.  * @license GNU AGPL version 3 or any later version

  7.  *

  8.  * This program is free software: you can redistribute it and/or modify

  9.  * it under the terms of the GNU Affero General Public License as

  10.  * published by the Free Software Foundation, either version 3 of the

  11.  * License, or (at your option) any later version.

  12.  *

  13.  * This program is distributed in the hope that it will be useful,

  14.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  15.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  16.  * GNU Affero General Public License for more details.

  17.  *

  18.  * You should have received a copy of the GNU Affero General Public License

  19.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.

  20.  *

  21.  */

  22. 

  23. namespace OCA\User_LDAP;

  24. 

  25. 

  26. use OCP\LDAP\ILDAPProvider;

  27. use OCP\LDAP\IDeletionFlagSupport;

  28. use OCP\IServerContainer;

  29. use OCA\User_LDAP\User\DeletedUsersIndex;

  30. 

  31. /**

  32.  * LDAP provider for pulic access to the LDAP backend.

  33.  */

  34. class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {

  35. 

  36. 	private $backend;

  37. 	private $logger;

  38. 	private $helper;

  39. 	private $deletedUsersIndex;

  40. 	

  41. 	/**

  42. 	 * Create new LDAPProvider

  43. 	 * @param \OCP\IServerContainer $serverContainer

  44. 	 * @throws \Exception if user_ldap app was not enabled

  45. 	 */

  46. 	public function __construct(IServerContainer $serverContainer, Helper $helper, DeletedUsersIndex $deletedUsersIndex) {

  47. 		$this->logger = $serverContainer->getLogger();

  48. 		$this->helper = $helper;

  49. 		$this->deletedUsersIndex = $deletedUsersIndex;

  50. 		foreach ($serverContainer->getUserManager()->getBackends() as $backend){

  51. 			$this->logger->debug('instance '.get_class($backend).' backend.', ['app' => 'user_ldap']);

  52. 			if ($backend instanceof IUserLDAP) {

  53. 				$this->backend = $backend;

  54. 				return;

  55. 			}

  56.         }

  57. 		throw new \Exception('To use the LDAPProvider, user_ldap app must be enabled');

  58. 	}

  59. 	

  60. 	/**

  61. 	 * Translate an user id to LDAP DN

  62. 	 * @param string $uid user id

  63. 	 * @return string with the LDAP DN

  64. 	 * @throws \Exception if translation was unsuccessful

  65. 	 */

  66. 	public function getUserDN($uid) {

  67. 		if(!$this->backend->userExists($uid)){

  68. 			throw new \Exception('User id not found in LDAP');

  69. 		}

  70. 		$result = $this->backend->getLDAPAccess($uid)->username2dn($uid);

  71. 		if(!$result){

  72. 			throw new \Exception('Translation to LDAP DN unsuccessful');

  73. 		}

  74. 		return $result;

  75. 	}

  76. 	

  77. 	/**

  78. 	 * Translate a LDAP DN to an internal user name. If there is no mapping between 

  79. 	 * the DN and the user name, a new one will be created.

  80. 	 * @param string $dn LDAP DN

  81. 	 * @return string with the internal user name

  82. 	 * @throws \Exception if translation was unsuccessful

  83. 	 */

  84. 	public function getUserName($dn) {

  85. 		$result = $this->backend->dn2UserName($dn);

  86. 		if(!$result){

  87. 			throw new \Exception('Translation to internal user name unsuccessful');

  88. 		}

  89. 		return $result;

  90. 	}

  91. 	

  92. 	/**

  93. 	 * Convert a stored DN so it can be used as base parameter for LDAP queries.

  94. 	 * @param string $dn the DN in question

  95. 	 * @return string

  96. 	 */

  97. 	public function DNasBaseParameter($dn) {

  98. 		return $this->helper->DNasBaseParameter($dn);

  99. 	}

  100. 	

  101. 	/**

  102. 	 * Sanitize a DN received from the LDAP server.

  103. 	 * @param array $dn the DN in question

  104. 	 * @return array the sanitized DN

  105. 	 */

  106. 	public function sanitizeDN($dn) {

  107. 		return $this->helper->sanitizeDN($dn);

  108. 	}

  109. 	

  110. 	/**

  111. 	 * Return a new LDAP connection resource for the specified user. 

  112. 	 * The connection must be closed manually.

  113. 	 * @param string $uid user id

  114. 	 * @return resource of the LDAP connection

  115. 	 * @throws \Exception if user id was not found in LDAP

  116. 	 */

  117. 	public function getLDAPConnection($uid) {

  118. 		if(!$this->backend->userExists($uid)){

  119. 			throw new \Exception('User id not found in LDAP');

  120. 		}

  121. 		return $this->backend->getNewLDAPConnection($uid);

  122. 	}

  123. 	

  124. 	/**

  125. 	 * Get the LDAP base for users.

  126. 	 * @param string $uid user id

  127. 	 * @return string the base for users

  128. 	 * @throws \Exception if user id was not found in LDAP

  129. 	 */

  130. 	public function getLDAPBaseUsers($uid) {

  131. 		if(!$this->backend->userExists($uid)){

  132. 			throw new \Exception('User id not found in LDAP');

  133. 		}	

  134. 		return $this->backend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_base_users'];

  135. 	}

  136. 	

  137. 	/**

  138. 	 * Get the LDAP base for groups.

  139. 	 * @param string $uid user id

  140. 	 * @return string the base for groups

  141. 	 * @throws \Exception if user id was not found in LDAP

  142. 	 */

  143. 	public function getLDAPBaseGroups($uid) {

  144. 		if(!$this->backend->userExists($uid)){

  145. 			throw new \Exception('User id not found in LDAP');

  146. 		}

  147. 		return $this->backend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_base_groups'];

  148. 	}

  149. 	

  150. 	/**

  151. 	 * Clear the cache if a cache is used, otherwise do nothing.

  152. 	 * @param string $uid user id

  153. 	 * @throws \Exception if user id was not found in LDAP

  154. 	 */

  155. 	public function clearCache($uid) {

  156. 		if(!$this->backend->userExists($uid)){

  157. 			throw new \Exception('User id not found in LDAP');

  158. 		}

  159. 		$this->backend->getLDAPAccess($uid)->getConnection()->clearCache();

  160. 	}

  161. 	

  162. 	/**

  163. 	 * Check whether a LDAP DN exists

  164. 	 * @param string $dn LDAP DN

  165. 	 * @return bool whether the DN exists

  166. 	 */

  167. 	public function dnExists($dn) {

  168. 		$result = $this->backend->dn2UserName($dn);

  169. 		return !$result ? false : true;

  170. 	}

  171. 	

  172. 	/**

  173. 	 * Flag record for deletion.

  174. 	 * @param string $uid user id

  175. 	 */

  176. 	public function flagRecord($uid) {

  177. 		$this->deletedUsersIndex->markUser($uid);

  178. 	}

  179. 	

  180. 	/**

  181. 	 * Unflag record for deletion.

  182. 	 * @param string $uid user id

  183. 	 */

  184. 	public function unflagRecord($uid) {

  185. 		//do nothing

  186. 	}

  187. }