LDAP Wizard: add detection, load and save of LDAP groups for filter purposes

5 files changed, 99 insertions, 32 deletions

diff --git a/apps/user_ldap/ajax/wizard.php b/apps/user_ldap/ajax/wizard.php
index 807f04ca696..497fe9dcf24 100644
--- a/apps/user_ldap/ajax/wizard.php
+++ b/apps/user_ldap/ajax/wizard.php
@@ -47,6 +47,7 @@ switch($action) {
 	case 'guessPortAndTLS':
 	case 'guessBaseDN':
 	case 'determineObjectClasses':
+	case 'determineGroups':
 		try {
 			$result = $wizard->$action();
 			if($result !== false) {
diff --git a/apps/user_ldap/js/settings.js b/apps/user_ldap/js/settings.js
index 88f63e25ca2..8949f5002ca 100644
--- a/apps/user_ldap/js/settings.js
+++ b/apps/user_ldap/js/settings.js
@@ -202,6 +202,27 @@ var LdapWizard = {
 		}
 	},
 
+	findAvailableGroups: function() {
+		param = 'action=determineGroups'+
+				'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
+
+		LdapWizard.ajax(param,
+			function(result) {
+				$('#ldap_userfilter_groups').find('option').remove();
+				for (i in result.options['ldap_userfilter_groups']) {
+					//FIXME: move HTML into template
+					objc = result.options['ldap_userfilter_groups'][i];
+					$('#ldap_userfilter_groups').append("<option value='"+objc+"'>"+objc+"</option>");
+				}
+				LdapWizard.applyChanges(result);
+				$('#ldap_userfilter_groups').multiselect('refresh');
+			},
+			function (result) {
+				//TODO: error handling
+			}
+		);
+	},
+
 	findObjectClasses: function() {
 		param = 'action=determineObjectClasses'+
 				'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
@@ -236,8 +257,21 @@ var LdapWizard = {
 		}
 	},
 
+	initMultiSelect: function(object, id, caption) {
+		object.multiselect({
+			header: false,
+			selectedList: 9,
+			noneSelectedText: caption,
+			click: function(event, ui) {
+				LdapWizard.saveMultiSelect(id,
+										   $('#'+id).multiselect("getChecked"));
+			}
+		});
+	},
+
 	initUserFilter: function() {
 		LdapWizard.findObjectClasses();
+		LdapWizard.findAvailableGroups();
 	},
 
 	onTabChange: function(event, ui) {
@@ -304,17 +338,12 @@ $(document).ready(function() {
 	$('#ldap_submit').button();
 	$('#ldap_action_test_connection').button();
 	$('#ldap_action_delete_configuration').button();
-	$('#ldap_userfilter_groups').multiselect();
-	$('#ldap_userfilter_objectclass').multiselect({
-		header: false,
-		selectedList: 9,
-		noneSelectedText: t('user_ldap', 'Select object classes'),
-		click: function(event, ui) {
-			LdapWizard.saveMultiSelect('ldap_userfilter_objectclass',
-										$('#ldap_userfilter_objectclass').multiselect("getChecked")
-			);
-		}
-	});
+	LdapWizard.initMultiSelect($('#ldap_userfilter_groups'),
+							   'ldap_userfilter_groups',
+							   t('user_ldap', 'Select groups'));
+	LdapWizard.initMultiSelect($('#ldap_userfilter_objectclass'),
+							   'ldap_userfilter_objectclass',
+							   t('user_ldap', 'Select object classes'));
 	$('.lwautosave').change(function() { LdapWizard.save(this); });
 	LdapConfiguration.refreshConfig();
 	$('#ldap_action_test_connection').click(function(event){
diff --git a/apps/user_ldap/lib/configuration.php b/apps/user_ldap/lib/configuration.php
index e67e0d8d00b..33771cf9388 100644
--- a/apps/user_ldap/lib/configuration.php
+++ b/apps/user_ldap/lib/configuration.php
@@ -45,6 +45,7 @@ class Configuration {
 		'ldapIgnoreNamingRules' => null,
 		'ldapUserDisplayName' => null,
 		'ldapUserFilterObjectclass' => null,
+		'ldapUserFilterGroups' => null,
 		'ldapUserFilter' => null,
 		'ldapGroupFilter' => null,
 		'ldapGroupDisplayName' => null,
@@ -123,6 +124,7 @@ class Configuration {
 				case 'ldapAttributesForUserSearch':
 				case 'ldapAttributesForGroupSearch':
 				case 'ldapUserFilterObjectclass':
+				case 'ldapUserFilterGroups':
 					$setMethod = 'setMultiLine';
 				default:
 					$this->$setMethod($key, $val);
@@ -150,6 +152,7 @@ class Configuration {
 					case 'ldapAttributesForUserSearch':
 					case 'ldapAttributesForGroupSearch':
 					case 'ldapUserFilterObjectclass':
+					case 'ldapUserFilterGroups':
 						$readMethod = 'getMultiLine';
 						break;
 					case 'ldapIgnoreNamingRules':
@@ -189,6 +192,7 @@ class Configuration {
 				case 'ldapAttributesForUserSearch':
 				case 'ldapAttributesForGroupSearch':
 				case 'ldapUserFilterObjectclass':
+				case 'ldapUserFilterGroups':
 					if(is_array($value)) {
 						$value = implode("\n", $value);
 					}
@@ -279,6 +283,7 @@ class Configuration {
 			'ldap_base_groups'					=> '',
 			'ldap_userlist_filter'				=> 'objectClass=person',
 			'ldap_userfilter_objectclass'		=> '',
+			'ldap_userfilter_groups'			=> '',
 			'ldap_login_filter'					=> 'uid=%uid',
 			'ldap_group_filter'					=> 'objectClass=posixGroup',
 			'ldap_display_name'					=> 'cn',
@@ -319,6 +324,7 @@ class Configuration {
 			'ldap_base_users'					=> 'ldapBaseUsers',
 			'ldap_base_groups'					=> 'ldapBaseGroups',
 			'ldap_userfilter_objectclass' 		=> 'ldapUserFilterObjectclass',
+			'ldap_userfilter_groups'	 		=> 'ldapUserFilterGroups',
 			'ldap_userlist_filter'				=> 'ldapUserFilter',
 			'ldap_login_filter'					=> 'ldapLoginFilter',
 			'ldap_group_filter'					=> 'ldapGroupFilter',
diff --git a/apps/user_ldap/lib/wizard.php b/apps/user_ldap/lib/wizard.php
index f785042f874..c72e832fbcd 100644
--- a/apps/user_ldap/lib/wizard.php
+++ b/apps/user_ldap/lib/wizard.php
@@ -52,6 +52,27 @@ class Wizard extends LDAPUtility {
 		}
 	}
 
+	public function determineGroups() {
+		if(!$this->checkRequirements(array('ldapHost',
+										   'ldapPort',
+										   'ldapAgentName',
+										   'ldapAgentPassword',
+										   'ldapBase',
+										   ))) {
+			return  false;
+		}
+		$cr = $this->getConnection();
+		if(!$cr) {
+			throw new \Excpetion('Could not connect to LDAP');
+		}
+
+		$obclasses = array('posixGroup', 'group', '*');
+		return $this->determineFeature($obclasses,
+									   'cn',
+									   'ldap_userfilter_groups',
+									   'ldapUserFilterGroups');
+	}
+
 	public function determineObjectClasses() {
 		if(!$this->checkRequirements(array('ldapHost',
 										   'ldapPort',
@@ -66,31 +87,44 @@ class Wizard extends LDAPUtility {
 			throw new \Excpetion('Could not connect to LDAP');
 		}
 
-		$p = 'objectclass=';
-		$obclasses = array($p.'inetOrgPerson',        $p.'person',
-						   $p.'organizationalPerson', $p.'user',
-						   $p.'posixAccount',         $p.'*');
+		$obclasses = array('inetOrgPerson', 'person', 'organizationalPerson',
+						   'user', 'posixAccount', '*');
+		return $this->determineFeature($obclasses,
+									   'objectclass',
+									   'ldap_userfilter_objectclass',
+									   'ldapUserFilterObjectclass');
+	}
 
+	private function determineFeature($objectclasses, $attr, $dbkey, $confkey) {
+		$cr = $this->getConnection();
+		if(!$cr) {
+			throw new \Excpetion('Could not connect to LDAP');
+		}
+		$p = 'objectclass=';
+		foreach($objectclasses as $key => $value) {
+			$objectclasses[$key] = $p.$value;
+		}
 		$maxEntryObjC = '';
-		$availableObjectClasses =
-			$this->cumulativeSearchOnAttribute($obclasses, 'objectclass',
-												true, $maxEntryObjC);
-		if(is_array($availableObjectClasses)
-		   && count($availableObjectClasses) > 0) {
-			$this->result->addOptions('ldap_userfilter_objectclass',
-										$availableObjectClasses);
+		$availableFeatures =
+			$this->cumulativeSearchOnAttribute($objectclasses, $attr,
+											   true, $maxEntryObjC);
+		if(is_array($availableFeatures)
+		   && count($availableFeatures) > 0) {
+			$this->result->addOptions($dbkey, $availableFeatures);
 		} else {
-			throw new \Exception(self::$l->t('Could not find any objectClass'));
+			throw new \Exception(self::$l->t('Could not find the desired feature'));
 		}
-		$setOCs = $this->configuration->ldapUserFilterObjectclass;
-		if(is_array($setOCs) && !empty($setOCs)) {
+
+		$setFeatures = $this->configuration->$confkey;
+		if(is_array($setFeatures) && !empty($setFeatures)) {
 			//something is already configured? pre-select it.
-			$this->result->addChange('ldap_userfilter_objectclass', $setOCs);
+			$this->result->addChange($dbkey, $setFeatures);
 		} else if(!empty($maxEntryObjC)) {
+			//TODO / FIXME: this is great for objectclasses, but wrong for groups
+			//isolate it in another method and call it from this method's callee
 			//new? pre-select something hopefully sane
 			$maxEntryObjC = str_replace($p, '', $maxEntryObjC);
-			$this->result->addChange('ldap_userfilter_objectclass',
-									 $maxEntryObjC);
+			$this->result->addChange($dbkey, $maxEntryObjC);
 		}
 
 		return $this->result;
diff --git a/apps/user_ldap/templates/part.wizard-userfilter.php b/apps/user_ldap/templates/part.wizard-userfilter.php
index b58784b680f..56dd16e8a61 100644
--- a/apps/user_ldap/templates/part.wizard-userfilter.php
+++ b/apps/user_ldap/templates/part.wizard-userfilter.php
@@ -13,7 +13,6 @@
 			<select id="ldap_userfilter_objectclass" multiple="multiple"
 			 name="ldap_userfilter_objectclass"
 			 data-default="<?php p($_['ldap_userfilter_objectclass_default']); ?>">
-<!-- 				<option><?php p($l->t('Any'));?></option> -->
 			</select>
 		</p>
 
@@ -23,10 +22,8 @@
 			</label>
 
 			<select id="ldap_userfilter_groups" multiple="multiple"
-			 name="ldap_userfilter_groups" class="lwautosave"
+			 name="ldap_userfilter_groups"
 			 data-default="<?php p($_['ldap_userfilter_groups_default']); ?>">
-<!-- 				<option value="TODOfillIn">TODO: fill in object classes via Ajax</option> -->
-<!-- 				<option value="TODOfillIn2">22222</option> -->
 			</select>
 		</p>