summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorblizzz <blizzz@owncloud.com>2013-05-16 05:40:31 -0700
committerblizzz <blizzz@owncloud.com>2013-05-16 05:40:31 -0700
commit2d51eefcb8ddfd39a9580ed31ffd11cd8d733309 (patch)
treefb0aa8e45cc3b938abc6093a5e30335948c518ee
parent966c2231e33682a04961e76ef75129f5412a0b7c (diff)
parentbeaa10b823a426b4cba16e2bf6d72fd532345290 (diff)
downloadnextcloud-server-2d51eefcb8ddfd39a9580ed31ffd11cd8d733309.tar.gz
nextcloud-server-2d51eefcb8ddfd39a9580ed31ffd11cd8d733309.zip
Merge pull request #3302 from owncloud/ldap_configurable_username_n_uuid
Ldap configurable username n uuid
-rw-r--r--apps/user_ldap/ajax/clearMappings.php35
-rw-r--r--apps/user_ldap/css/settings.css4
-rw-r--r--apps/user_ldap/js/settings.js30
-rw-r--r--apps/user_ldap/lib/access.php20
-rw-r--r--apps/user_ldap/lib/connection.php17
-rw-r--r--apps/user_ldap/lib/helper.php25
-rw-r--r--apps/user_ldap/settings.php2
-rw-r--r--apps/user_ldap/templates/settings.php12
-rw-r--r--apps/user_ldap/user_proxy.php2
9 files changed, 143 insertions, 4 deletions
diff --git a/apps/user_ldap/ajax/clearMappings.php b/apps/user_ldap/ajax/clearMappings.php
new file mode 100644
index 00000000000..5dab39839b6
--- /dev/null
+++ b/apps/user_ldap/ajax/clearMappings.php
@@ -0,0 +1,35 @@
+<?php
+
+/**
+ * ownCloud - user_ldap
+ *
+ * @author Arthur Schiwon
+ * @copyright 2013 Arthur Schiwon blizzz@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+// Check user and app status
+OCP\JSON::checkAdminUser();
+OCP\JSON::checkAppEnabled('user_ldap');
+OCP\JSON::callCheck();
+
+$subject = $_POST['ldap_clear_mapping'];
+if(\OCA\user_ldap\lib\Helper::clearMapping($subject)) {
+ OCP\JSON::success();
+} else {
+ $l=OC_L10N::get('user_ldap');
+ OCP\JSON::error(array('message' => $l->t('Failed to clear the mappings.')));
+} \ No newline at end of file
diff --git a/apps/user_ldap/css/settings.css b/apps/user_ldap/css/settings.css
index 84ada0832ab..185952e14bb 100644
--- a/apps/user_ldap/css/settings.css
+++ b/apps/user_ldap/css/settings.css
@@ -11,6 +11,10 @@
display: inline-block;
}
+.ldapIndent {
+ margin-left: 50px;
+}
+
.ldapwarning {
margin-left: 1.4em;
color: #FF3B3B;
diff --git a/apps/user_ldap/js/settings.js b/apps/user_ldap/js/settings.js
index 9279dc0203b..f47d49cf222 100644
--- a/apps/user_ldap/js/settings.js
+++ b/apps/user_ldap/js/settings.js
@@ -99,6 +99,26 @@ var LdapConfiguration = {
}
}
);
+ },
+
+ clearMappings: function(mappingSubject) {
+ $.post(
+ OC.filePath('user_ldap','ajax','clearMappings.php'),
+ 'ldap_clear_mapping='+mappingSubject,
+ function(result) {
+ if(result.status == 'success') {
+ OC.dialogs.info(
+ t('user_ldap', 'mappings cleared'),
+ t('user_ldap', 'Success')
+ );
+ } else {
+ OC.dialogs.alert(
+ result.message,
+ t('user_ldap', 'Error')
+ );
+ }
+ }
+ );
}
}
@@ -166,6 +186,16 @@ $(document).ready(function() {
);
});
+ $('#ldap_action_clear_user_mappings').click(function(event) {
+ event.preventDefault();
+ LdapConfiguration.clearMappings('user');
+ });
+
+ $('#ldap_action_clear_group_mappings').click(function(event) {
+ event.preventDefault();
+ LdapConfiguration.clearMappings('group');
+ });
+
$('#ldap_serverconfig_chooser').change(function(event) {
value = $('#ldap_serverconfig_chooser option:selected:first').attr('value');
if(value === 'NEW') {
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index ad355ce5e24..a7611eb3e84 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -317,7 +317,19 @@ abstract class Access {
}
$ldapname = $ldapname[0];
}
- $intname = $isUser ? $this->sanitizeUsername($uuid) : $ldapname;
+
+ if($isUser) {
+ $usernameAttribute = $this->connection->ldapExpertUsernameAttr;
+ if(!emptY($usernameAttribute)) {
+ $username = $this->readAttribute($dn, $usernameAttribute);
+ $username = $username[0];
+ } else {
+ $username = $uuid;
+ }
+ $intname = $this->sanitizeUsername($username);
+ } else {
+ $intname = $ldapname;
+ }
//a new user/group! Add it only if it doesn't conflict with other backend's users or existing groups
//disabling Cache is required to avoid that the new user is cached as not-existing in fooExists check
@@ -897,6 +909,12 @@ abstract class Access {
return true;
}
+ $fixedAttribute = $this->connection->ldapExpertUUIDAttr;
+ if(!empty($fixedAttribute)) {
+ $this->connection->ldapUuidAttribute = $fixedAttribute;
+ return true;
+ }
+
//for now, supported (known) attributes are entryUUID, nsuniqueid, objectGUID
$testAttributes = array('entryuuid', 'nsuniqueid', 'objectguid', 'guid');
diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php
index 88ff318586a..ba4de135341 100644
--- a/apps/user_ldap/lib/connection.php
+++ b/apps/user_ldap/lib/connection.php
@@ -65,6 +65,8 @@ class Connection {
'ldapAttributesForGroupSearch' => null,
'homeFolderNamingRule' => null,
'hasPagedResultSupport' => false,
+ 'ldapExpertUsernameAttr' => null,
+ 'ldapExpertUUIDAttr' => null,
);
/**
@@ -265,6 +267,10 @@ class Connection {
= preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_user_search'));
$this->config['ldapAttributesForGroupSearch']
= preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_group_search'));
+ $this->config['ldapExpertUsernameAttr']
+ = $this->$v('ldap_expert_username_attr');
+ $this->config['ldapExpertUUIDAttr']
+ = $this->$v('ldap_expert_uuid_attr');
$this->configured = $this->validateConfiguration();
}
@@ -290,7 +296,6 @@ class Connection {
'ldap_group_filter'=>'ldapGroupFilter',
'ldap_display_name'=>'ldapUserDisplayName',
'ldap_group_display_name'=>'ldapGroupDisplayName',
-
'ldap_tls'=>'ldapTLS',
'ldap_nocase'=>'ldapNoCase',
'ldap_quota_def'=>'ldapQuotaDefault',
@@ -302,7 +307,9 @@ class Connection {
'ldap_turn_off_cert_check' => 'turnOffCertCheck',
'ldap_configuration_active' => 'ldapConfigurationActive',
'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch',
- 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch'
+ 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch',
+ 'ldap_expert_username_attr' => 'ldapExpertUsernameAttr',
+ 'ldap_expert_uuid_attr' => 'ldapExpertUUIDAttr',
);
return $array;
}
@@ -505,6 +512,10 @@ class Connection {
$configurationOK = false;
}
+ if(!empty($this->config['ldapExpertUUIDAttr'])) {
+ $this->config['ldapUuidAttribute'] = $this->config['ldapExpertUUIDAttr'];
+ }
+
return $configurationOK;
}
@@ -543,6 +554,8 @@ class Connection {
'ldap_configuration_active' => 1,
'ldap_attributes_for_user_search' => '',
'ldap_attributes_for_group_search' => '',
+ 'ldap_expert_username_attr' => '',
+ 'ldap_expert_uuid_attr' => '',
);
}
diff --git a/apps/user_ldap/lib/helper.php b/apps/user_ldap/lib/helper.php
index 8bebd84c12e..07d13a806a6 100644
--- a/apps/user_ldap/lib/helper.php
+++ b/apps/user_ldap/lib/helper.php
@@ -102,4 +102,29 @@ class Helper {
return true;
}
+
+ /**
+ * Truncate's the given mapping table
+ *
+ * @param string $mapping either 'user' or 'group'
+ * @return boolean true on success, false otherwise
+ */
+ static public function clearMapping($mapping) {
+ if($mapping === 'user') {
+ $table = '`*PREFIX*ldap_user_mapping`';
+ } else if ($mapping === 'group') {
+ $table = '`*PREFIX*ldap_group_mapping`';
+ } else {
+ return false;
+ }
+
+ $query = \OCP\DB::prepare('TRUNCATE '.$table);
+ $res = $query->execute();
+
+ if(\OCP\DB::isError($res)) {
+ return false;
+ }
+
+ return true;
+ }
}
diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index 05497ae8a33..22e2dac6d26 100644
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -4,7 +4,9 @@
* ownCloud - user_ldap
*
* @author Dominik Schmidt
+ * @author Arthur Schiwon
* @copyright 2011 Dominik Schmidt dev@dominik-schmidt.de
+ * @copyright 2012-2013 Arthur Schiwon blizzz@owncloud.com
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index f0ee8c6b08a..972970aa3ef 100644
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -3,6 +3,7 @@
<ul>
<li><a href="#ldapSettings-1">LDAP Basic</a></li>
<li><a href="#ldapSettings-2">Advanced</a></li>
+ <li><a href="#ldapSettings-3">Expert</a></li>
</ul>
<?php if(OCP\App::isEnabled('user_webdavauth')) {
print_unescaped('<p class="ldapwarning">'.$l->t('<b>Warning:</b> Apps user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour. Please ask your system administrator to disable one of them.').'</p>');
@@ -96,6 +97,17 @@
</div>
</div>
</fieldset>
+ <fieldset id="ldapSettings-3">
+ <p><strong><?php p($l->t('Internal Username'));?></strong></p>
+ <p class="ldapIndent"><?php p($l->t('By default the internal username will be created from the UUID attribute. It makes sure that the username is unique and characters do not need to be converted. The internal username has the restriction that only these characters are allowed: [ a-zA-Z0-9_.@- ]. Other characters are replaced with their ASCII correspondence or simply omitted. On collisions a number will be added/increased. The internal username is used to identify a user internally. It is also the default name for the user home folder in ownCloud. It is also a port of remote URLs, for instance for all *DAV services. With this setting, the default behaviour can be overriden. To achieve a similar behaviour as before ownCloud 5 enter the user display name attribute in the following field. Leave it empty for default behaviour. Changes will have effect only on newly mapped (added) LDAP users.'));?></p>
+ <p class="ldapIndent"><label for="ldap_expert_username_attr"><?php p($l->t('Internal Username Attribute:'));?></label><input type="text" id="ldap_expert_username_attr" name="ldap_expert_username_attr" data-default="<?php p($_['ldap_expert_username_attr_default']); ?>" /></p>
+ <p><strong><?php p($l->t('Override UUID detection'));?></strong></p>
+ <p class="ldapIndent"><?php p($l->t('By default, ownCloud autodetects the UUID attribute. The UUID attribute is used to doubtlessly identify LDAP users and groups. Also, the internal username will be created based on the UUID, if not specified otherwise above. You can override the setting and pass an attribute of your choice. You must make sure that the attribute of your choice can be fetched for both users and groups and it is unique. Leave it empty for default behaviour. Changes will have effect only on newly mapped (added) LDAP users and groups.'));?></p>
+ <p class="ldapIndent"><label for="ldap_expert_uuid_attr"><?php p($l->t('UUID Attribute:'));?></label><input type="text" id="ldap_expert_uuid_attr" name="ldap_expert_uuid_attr" data-default="<?php p($_['ldap_expert_uuid_attr_default']); ?>" /></p>
+ <p><strong><?php p($l->t('Username-LDAP User Mapping'));?></strong></p>
+ <p class="ldapIndent"><?php p($l->t('ownCloud uses usernames to store and assign (meta) data. In order to precisely identify and recognize users, each LDAP user will have a internal username. This requires a mapping from ownCloud username to LDAP user. The created username is mapped to the UUID of the LDAP user. Additionally the DN is cached as well to reduce LDAP interaction, but it is not used for identification. If the DN changes, the changes will be found by ownCloud. The internal ownCloud name is used all over in ownCloud. Clearing the Mappings will have leftovers everywhere. Clearing the Mappings is not configuration sensitive, it affects all LDAP configurations! Do never clear the mappings in a production environment. Only clear mappings in a testing or experimental stage.'));?></p>
+ <p class="ldapIndent"><button id="ldap_action_clear_user_mappings" name="ldap_action_clear_user_mappings"><?php p($l->t('Clear Username-LDAP User Mapping'));?></button><br/><button id="ldap_action_clear_group_mappings" name="ldap_action_clear_group_mappings"><?php p($l->t('Clear Groupname-LDAP Group Mapping'));?></button></p>
+ </fieldset>
<input id="ldap_submit" type="submit" value="Save" /> <button id="ldap_action_test_connection" name="ldap_action_test_connection"><?php p($l->t('Test Configuration'));?></button> <a href="http://doc.owncloud.org/server/5.0/admin_manual/auth_ldap.html" target="_blank"><img src="<?php print_unescaped(OCP\Util::imagePath('', 'actions/info.png')); ?>" style="height:1.75ex" /> <?php p($l->t('Help'));?></a>
</div>
diff --git a/apps/user_ldap/user_proxy.php b/apps/user_ldap/user_proxy.php
index 7e5b9045df3..73cc0963182 100644
--- a/apps/user_ldap/user_proxy.php
+++ b/apps/user_ldap/user_proxy.php
@@ -174,7 +174,7 @@ class User_Proxy extends lib\Proxy implements \OCP\UserInterface {
foreach($this->backends as $backend) {
$backendUsers = $backend->getDisplayNames($search, $limit, $offset);
if (is_array($backendUsers)) {
- $users = array_merge($users, $backendUsers);
+ $users = $users + $backendUsers;
}
}
return $users;