diff options
| author | Robin Appelman <robin@icewind.nl> | 2021-01-04 19:11:29 +0100 |
|---|---|---|
| committer | Robin Appelman <robin@icewind.nl> | 2021-01-04 19:53:07 +0100 |
| commit | 58f3f5cc28630f77a32c3600d2f8c106c9bdd8eb (patch) | |
| tree | 5e12439a708193644a49e38dcc7dc44e7d6b2268 | |
| parent | 1f48a83b09061f3f19ec12adb37959f4eb45914c (diff) | |
| download | nextcloud-server-58f3f5cc28630f77a32c3600d2f8c106c9bdd8eb.tar.gz nextcloud-server-58f3f5cc28630f77a32c3600d2f8c106c9bdd8eb.zip | |
allow using any ldap property as login name when using external storage login credentials
Signed-off-by: Robin Appelman <robin@icewind.nl>
| -rw-r--r-- | apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php | 40 |
1 files changed, 38 insertions, 2 deletions
diff --git a/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php b/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php index 6bf6b61f164..889030d87cd 100644 --- a/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php +++ b/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php @@ -30,6 +30,7 @@ use OCA\Files_External\Lib\Auth\AuthMechanism; use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException; use OCA\Files_External\Lib\StorageConfig; use OCA\Files_External\Listener\StorePasswordListener; +use OCA\User_LDAP\IUserLDAP; use OCP\Authentication\Exceptions\CredentialsUnavailableException; use OCP\Authentication\LoginCredentials\IStore as CredentialsStore; use OCP\EventDispatcher\IEventDispatcher; @@ -81,7 +82,7 @@ class LoginCredentials extends AuthMechanism { $credentials = [ 'user' => $sessionCredentials->getLoginName(), - 'password' => $sessionCredentials->getPassword() + 'password' => $sessionCredentials->getPassword(), ]; $this->credentialsManager->store($user->getUID(), self::CREDENTIALS_IDENTIFIER, $credentials); @@ -99,7 +100,42 @@ class LoginCredentials extends AuthMechanism { } $credentials = $this->getCredentials($user); - $storage->setBackendOption('user', $credentials['user']); + $loginKey = $storage->getBackendOption("login_ldap_attr"); + if ($loginKey) { + $backend = $user->getBackend(); + if ($backend instanceof IUserLDAP) { + $value = $this->getLdapPropertyForUser($backend, $user, $loginKey); + if ($value === null) { + throw new InsufficientDataForMeaningfulAnswerException('Custom ldap attribute not set for user ' . $user->getUID()); + } + $storage->setBackendOption('user', $value); + } else { + throw new InsufficientDataForMeaningfulAnswerException('Custom ldap attribute configured but user ' . $user->getUID() . ' is not an ldap user'); + } + } else { + $storage->setBackendOption('user', $credentials['user']); + } $storage->setBackendOption('password', $credentials['password']); } + + private function getLdapPropertyForUser(IUserLDAP $ldap, IUser $user, string $property): ?string { + $access = $ldap->getLDAPAccess($user->getUID()); + $connection = $access->getConnection(); + $key = "external_login::" . $user->getUID() . "::" . $property; + $cached = $connection->getFromCache($key); + + if ($cached !== null) { + return $cached; + } + + $value = $access->readAttribute($access->username2dn($user->getUID()), $property); + if (count($value) > 0) { + $value = current($value); + } else { + return null; + } + $connection->writeToCache($key, $value); + + return $value; + } } |