LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.

5 files changed, 479 insertions, 372 deletions

diff --git a/apps/user_ldap/appinfo/app.php b/apps/user_ldap/appinfo/app.php
index b5dd718d710..537f56861c4 100644
--- a/apps/user_ldap/appinfo/app.php
+++ b/apps/user_ldap/appinfo/app.php
@@ -26,9 +26,15 @@ require_once('apps/user_ldap/lib_ldap.php');
 
 OCP\App::registerAdmin('user_ldap','settings');
 
+$connector = new OCA\user_ldap\lib\Connection('user_ldap');
+$userBackend  = new OCA\user_ldap\USER_LDAP();
+$userBackend->setConnector($connector);
+$groupBackend = new OCA\user_ldap\GROUP_LDAP();
+$groupBackend->setConnector($connector);
+
 // register user backend
-OC_User::useBackend(new OCA\user_ldap\USER_LDAP());
-OC_Group::useBackend(new OCA\user_ldap\GROUP_LDAP());
+OC_User::useBackend($userBackend);
+OC_Group::useBackend($groupBackend);
 
 // add settings page to navigation
 $entry = array(
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index 1585b905aa9..8f46a504f63 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -23,24 +23,21 @@
 
 namespace OCA\user_ldap;
 
-class GROUP_LDAP implements \OCP\GroupInterface {
+class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
 // 	//group specific settings
-	protected $ldapGroupFilter;
-	protected $ldapGroupMemberAssocAttr;
-	protected $configured = false;
+	protected $enabled = false;
 
 	protected $_group_user = array();
 	protected $_user_groups = array();
 	protected $_group_users = array();
 	protected $_groups = array();
 
-	public function __construct() {
-		$this->ldapGroupFilter          = \OCP\Config::getAppValue('user_ldap', 'ldap_group_filter', '(objectClass=posixGroup)');
-		$this->ldapGroupMemberAssocAttr = \OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember');
-
-		if(!empty($this->ldapGroupFilter) && !empty($this->ldapGroupMemberAssocAttr)) {
-			$this->configured = true;
+	public function setConnector(lib\Connection &$connection) {
+		parent::setConnector($connection);
+		if(empty($this->connection->ldapGroupFilter) || empty($this->connection->ldapGroupMemberAssocAttr)) {
+			$this->enabled = false;
 		}
+		$this->enabled = true;
 	}
 
 	/**
@@ -52,31 +49,31 @@ class GROUP_LDAP implements \OCP\GroupInterface {
 	 * Checks whether the user is member of a group or not.
 	 */
 	public function inGroup($uid, $gid) {
-		if(!$this->configured) {
+		if(!$this->enabled) {
 			return false;
 		}
 		if(isset($this->_group_user[$gid][$uid])) {
 			return $this->_group_user[$gid][$uid];
 		}
-		$dn_user = \OC_LDAP::username2dn($uid);
-		$dn_group = \OC_LDAP::groupname2dn($gid);
+		$dn_user = $this->username2dn($uid);
+		$dn_group = $this->groupname2dn($gid);
 		// just in case
 		if(!$dn_group || !$dn_user) {
 			return false;
 		}
 		//usually, LDAP attributes are said to be case insensitive. But there are exceptions of course.
-		$members = \OC_LDAP::readAttribute($dn_group, $this->ldapGroupMemberAssocAttr);
+		$members = $this->readAttribute($dn_group, $this->connection->ldapGroupMemberAssocAttr);
 		if(!$members) {
 			return false;
 		}
 
 		//extra work if we don't get back user DNs
 		//TODO: this can be done with one LDAP query
-		if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') {
+		if(strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid') {
 			$dns = array();
 			foreach($members as $mid) {
-				$filter = str_replace('%uid', $mid, \OC_LDAP::conf('ldapLoginFilter'));
-				$ldap_users = \OC_LDAP::fetchListOfUsers($filter, 'dn');
+				$filter = str_replace('%uid', $mid, $this->connection->ldapLoginFilter);
+				$ldap_users = $this->fetchListOfUsers($filter, 'dn');
 				if(count($ldap_users) < 1) {
 					continue;
 				}
@@ -98,36 +95,36 @@ class GROUP_LDAP implements \OCP\GroupInterface {
 	 * if the user exists at all.
 	 */
 	public function getUserGroups($uid) {
-		if(!$this->configured) {
+		if(!$this->enabled) {
 			return array();
 		}
 		if(isset($this->_user_groups[$uid])) {
 			return $this->_user_groups[$uid];
 		}
-		$userDN = \OC_LDAP::username2dn($uid);
+		$userDN = $this->username2dn($uid);
 		if(!$userDN) {
 			$this->_user_groups[$uid] = array();
 			return array();
 		}
 
 		//uniqueMember takes DN, memberuid the uid, so we need to distinguish
-		if((strtolower($this->ldapGroupMemberAssocAttr) == 'uniquemember')
-			|| (strtolower($this->ldapGroupMemberAssocAttr) == 'member')) {
+		if((strtolower($this->connection->ldapGroupMemberAssocAttr) == 'uniquemember')
+			|| (strtolower($this->connection->ldapGroupMemberAssocAttr) == 'member')) {
 			$uid = $userDN;
-		} else if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') {
-			$result = \OC_LDAP::readAttribute($userDN, 'uid');
+		} else if(strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid') {
+			$result = $this->readAttribute($userDN, 'uid');
 			$uid = $result[0];
 		} else {
 			// just in case
 			$uid = $userDN;
 		}
 
-		$filter = \OC_LDAP::combineFilterWithAnd(array(
-			$this->ldapGroupFilter,
-			$this->ldapGroupMemberAssocAttr.'='.$uid
+		$filter = $this->combineFilterWithAnd(array(
+			$this->connection->ldapGroupFilter,
+			$this->connection->ldapGroupMemberAssocAttr.'='.$uid
 		));
-		$groups = \OC_LDAP::fetchListOfGroups($filter, array(\OC_LDAP::conf('ldapGroupDisplayName'),'dn'));
-		$this->_user_groups[$uid] = array_unique(\OC_LDAP::ownCloudGroupNames($groups), SORT_LOCALE_STRING);
+		$groups = $this->fetchListOfGroups($filter, array($this->connection->ldapGroupDisplayName,'dn'));
+		$this->_user_groups[$uid] = array_unique($this->ownCloudGroupNames($groups), SORT_LOCALE_STRING);
 
 		return $this->_user_groups[$uid];
 	}
@@ -137,38 +134,38 @@ class GROUP_LDAP implements \OCP\GroupInterface {
 	 * @returns array with user ids
 	 */
 	public function usersInGroup($gid) {
-		if(!$this->configured) {
+		if(!$this->enabled) {
 			return array();
 		}
 		if(isset($this->_group_users[$gid])) {
 			return $this->_group_users[$gid];
 		}
 
-		$groupDN = \OC_LDAP::groupname2dn($gid);
+		$groupDN = $this->groupname2dn($gid);
 		if(!$groupDN) {
 			$this->_group_users[$gid] = array();
 			return array();
 		}
 
-		$members = \OC_LDAP::readAttribute($groupDN, $this->ldapGroupMemberAssocAttr);
+		$members = $this->readAttribute($groupDN, $this->connection->ldapGroupMemberAssocAttr);
 		if(!$members) {
 			$this->_group_users[$gid] = array();
 			return array();
 		}
 
 		$result = array();
-		$isMemberUid = (strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid');
+		$isMemberUid = (strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid');
 		foreach($members as $member) {
 			if($isMemberUid) {
-				$filter = \OCP\Util::mb_str_replace('%uid', $member, \OC_LDAP::conf('ldapLoginFilter'), 'UTF-8');
-				$ldap_users = \OC_LDAP::fetchListOfUsers($filter, 'dn');
+				$filter = \OCP\Util::mb_str_replace('%uid', $member, $this->connection->ldapLoginFilter, 'UTF-8');
+				$ldap_users = $this->fetchListOfUsers($filter, 'dn');
 				if(count($ldap_users) < 1) {
 					continue;
 				}
-				$result[] = \OC_LDAP::dn2username($ldap_users[0]);
+				$result[] = $this->dn2username($ldap_users[0]);
 				continue;
 			} else {
-				if($ocname = \OC_LDAP::dn2username($member)){
+				if($ocname = $this->dn2username($member)){
 					$result[] = $ocname;
 				}
 			}
@@ -187,12 +184,12 @@ class GROUP_LDAP implements \OCP\GroupInterface {
 	 * Returns a list with all groups
 	 */
 	public function getGroups() {
-		if(!$this->configured) {
+		if(!$this->enabled) {
 			return array();
 		}
 		if(empty($this->_groups)) {
-			$ldap_groups = \OC_LDAP::fetchListOfGroups($this->ldapGroupFilter, array(\OC_LDAP::conf('ldapGroupDisplayName'), 'dn'));
-			$this->_groups = \OC_LDAP::ownCloudGroupNames($ldap_groups);
+			$ldap_groups = $this->fetchListOfGroups($this->connection->ldapGroupFilter, array($this->connection->ldapGroupDisplayName, 'dn'));
+			$this->_groups = $this->ownCloudGroupNames($ldap_groups);
 		}
 		return $this->_groups;
 	}
diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib/access.php
index 08b09304d78..eef471f1598 100644
--- a/apps/user_ldap/lib_ldap.php
+++ b/apps/user_ldap/lib/access.php
@@ -1,7 +1,7 @@
 <?php
 
 /**
- * ownCloud – LDAP lib
+ * ownCloud – LDAP Access
  *
  * @author Arthur Schiwon
  * @copyright 2012 Arthur Schiwon blizzz@owncloud.com
@@ -21,88 +21,82 @@
  *
  */
 
-define('LDAP_GROUP_MEMBER_ASSOC_ATTR','uniqueMember');
-define('LDAP_GROUP_DISPLAY_NAME_ATTR','cn');
+namespace OCA\user_ldap\lib;
 
-//needed to unbind, because we use OC_LDAP only statically
-class OC_LDAP_DESTRUCTOR {
-	public function __destruct() {
-		OC_LDAP::destruct();
+abstract class Access {
+	protected $connection;
+
+	public function setConnector(Connection &$connection) {
+		$this->connection = $connection;
+	}
+
+	private function checkConnection() {
+		return ($this->connection instanceof Connection);
 	}
-}
-
-class OC_LDAP {
-	static protected $ldapConnectionRes = false;
-	static protected $configured = false;
-
-	//cached settings
-	static protected $ldapHost;
-	static protected $ldapPort;
-	static protected $ldapBase;
-	static protected $ldapBaseUsers;
-	static protected $ldapBaseGroups;
-	static protected $ldapAgentName;
-	static protected $ldapAgentPassword;
-	static protected $ldapTLS;
-	static protected $ldapNoCase;
-	static protected $ldapIgnoreNamingRules;
-	// user and group settings, that are needed in both backends
-	static protected $ldapUserDisplayName;
-	static protected $ldapUserFilter;
-	static protected $ldapGroupDisplayName;
-	static protected $ldapLoginFilter;
-
-	static protected $__d;
 
 	/**
-	 * @brief initializes the LDAP backend
-	 * @param $force read the config settings no matter what
+	 * @brief reads a given attribute for an LDAP record identified by a DN
+	 * @param $dn the record in question
+	 * @param $attr the attribute that shall be retrieved
+	 * @returns the values in an array on success, false otherwise
 	 *
-	 * initializes the LDAP backend
+	 * Reads an attribute from an LDAP entry
 	 */
-	static public function init($force = false) {
-		if(is_null(self::$__d)) {
-			self::$__d = new OC_LDAP_DESTRUCTOR();
+	public function readAttribute($dn, $attr) {
+		if(!$this->checkConnection()) {
+			\OCP\Util::writeLog('user_ldap', 'No LDAP Connector assigned, access impossible for readAttribute.', \OCP\Util::WARN);
+			return false;
 		}
-		self::readConfiguration($force);
-		self::establishConnection();
-	}
+		$cr = $this->connection->getConnectionResource();
+		$rr = ldap_read($cr, $dn, 'objectClass=*', array($attr));
+		$er = ldap_first_entry($cr, $rr);
+		//LDAP attributes are not case sensitive
+		$result = \OCP\Util::mb_array_change_key_case(ldap_get_attributes($cr, $er), MB_CASE_LOWER, 'UTF-8');
+		$attr = mb_strtolower($attr, 'UTF-8');
 
-	static public function destruct() {
-		@ldap_unbind(self::$ldapConnectionRes);
+		if(isset($result[$attr]) && $result[$attr]['count'] > 0){
+			$values = array();
+			for($i=0;$i<$result[$attr]['count'];$i++) {
+				$values[] = $this->resemblesDN($attr) ? $this->sanitizeDN($result[$attr][$i]) : $result[$attr][$i];
+			}
+			return $values;
+		}
+		return false;
 	}
 
 	/**
-	 * @brief returns a read-only configuration value
-	 * @param $key the name of the configuration value
-	 * @returns the value on success, otherwise null
-	 *
-	 * returns a read-only configuration values
-	 *
-	 * we cannot work with getters, because it is a static class
+	 * @brief checks wether the given attribute`s valua is probably a DN
+	 * @param $attr the attribute in question
+	 * @return if so true, otherwise false
 	 */
-	static public function conf($key) {
-		if(!self::$configured) {
-			self::init();
-		}
-
-		$availableProperties = array(
-			'ldapUserDisplayName',
-			'ldapGroupDisplayName',
-			'ldapLoginFilter'
+	private function resemblesDN($attr) {
+		$resemblingAttributes = array(
+			'dn',
+			'uniquemember',
+			'member'
 		);
+		return in_array($attr, $resemblingAttributes);
+	}
 
-		if(in_array($key, $availableProperties)) {
-			return self::$$key;
-		}
+	/**
+	 * @brief sanitizes a DN received from the LDAP server
+	 * @param $dn the DN in question
+	 * @return the sanitized DN
+	 */
+	private function sanitizeDN($dn) {
+		//OID sometimes gives back DNs with whitespace after the comma a la "uid=foo, cn=bar, dn=..." We need to tackle this!
+		$dn = preg_replace('/([^\\\]),(\s+)/u','\1,',$dn);
 
-		return null;
+		//make comparisons and everything work
+		$dn = mb_strtolower($dn, 'UTF-8');
+
+		return $dn;
 	}
 
 	/**
 	 * gives back the database table for the query
 	 */
-	static private function getMapTable($isUser) {
+	private function getMapTable($isUser) {
 		if($isUser) {
 			return '*PREFIX*ldap_user_mapping';
 		} else {
@@ -117,8 +111,8 @@ class OC_LDAP {
 	 *
 	 * returns the LDAP DN for the given internal ownCloud name of the group
 	 */
-	static public function groupname2dn($name) {
-		return self::ocname2dn($name, false);
+	public function groupname2dn($name) {
+		return $this->ocname2dn($name, false);
 	}
 
 	/**
@@ -128,20 +122,19 @@ class OC_LDAP {
 	 *
 	 * returns the LDAP DN for the given internal ownCloud name of the user
 	 */
-	static public function username2dn($name) {
-		$dn = self::ocname2dn($name, true);
+	public function username2dn($name) {
+		$dn = $this->ocname2dn($name, true);
 		if($dn) {
 			return $dn;
 		} else {
 			//fallback: user is not mapped
-			self::init();
-			$filter = self::combineFilterWithAnd(array(
-				self::$ldapUserFilter,
-				self::$ldapUserDisplayName . '=' . $name,
+			$filter = $this->combineFilterWithAnd(array(
+				$this->connection->ldapUserFilter,
+				$this->connection->ldapUserDisplayName . '=' . $name,
 			));
-			$result = self::searchUsers($filter, 'dn');
+			$result = $this->searchUsers($filter, 'dn');
 			if(isset($result[0]['dn'])) {
-				self::mapUser($result[0], $name);
+				$this->mapComponent($result[0], $name, true);
 				return $result[0];
 			}
 		}
@@ -149,10 +142,18 @@ class OC_LDAP {
 		return false;
 	}
 
-	static private function ocname2dn($name, $isUser) {
-		$table = self::getMapTable($isUser);
+	/**
+	 * @brief returns the LDAP DN for the given internal ownCloud name
+	 * @param $name the ownCloud name in question
+	 * @param $isUser is it a user? otherwise group
+	 * @returns string with the LDAP DN on success, otherwise false
+	 *
+	 * returns the LDAP DN for the given internal ownCloud name
+	 */
+	private function ocname2dn($name, $isUser) {
+		$table = $this->getMapTable($isUser);
 
-		$query = OCP\DB::prepare('
+		$query = \OCP\DB::prepare('
 			SELECT ldap_dn
 			FROM '.$table.'
 			WHERE owncloud_name = ?
@@ -170,11 +171,11 @@ class OC_LDAP {
 	 *
 	 * returns the internal ownCloud name for the given LDAP DN of the group
 	 */
-	static public function dn2groupname($dn, $ldapname = null) {
-		if(mb_strripos($dn, self::$ldapBaseGroups, 0, 'UTF-8') !== (mb_strlen($dn, 'UTF-8')-mb_strlen(self::$ldapBaseGroups, 'UTF-8'))) {
+	public function dn2groupname($dn, $ldapname = null) {
+		if(mb_strripos($dn, $this->connection->ldapBaseGroups, 0, 'UTF-8') !== (mb_strlen($dn, 'UTF-8')-mb_strlen($this->connection->ldapBaseGroups, 'UTF-8'))) {
 			return false;
 		}
-		return self::dn2ocname($dn, $ldapname, false);
+		return $this->dn2ocname($dn, $ldapname, false);
 	}
 
 	/**
@@ -185,23 +186,32 @@ class OC_LDAP {
 	 *
 	 * returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN
 	 */
-	static public function dn2username($dn, $ldapname = null) {
-		if(mb_strripos($dn, self::$ldapBaseUsers, 0, 'UTF-8') !== (mb_strlen($dn, 'UTF-8')-mb_strlen(self::$ldapBaseUsers, 'UTF-8'))) {
+	public function dn2username($dn, $ldapname = null) {
+		if(mb_strripos($dn, $this->connection->ldapBaseUsers, 0, 'UTF-8') !== (mb_strlen($dn, 'UTF-8')-mb_strlen($this->connection->ldapBaseUsers, 'UTF-8'))) {
 			return false;
 		}
-		return self::dn2ocname($dn, $ldapname, true);
+		return $this->dn2ocname($dn, $ldapname, true);
 	}
 
-	static public function dn2ocname($dn, $ldapname = null, $isUser = true) {
-		$dn = self::sanitizeDN($dn);
-		$table = self::getMapTable($isUser);
+	/**
+	 * @brief returns an internal ownCloud name for the given LDAP DN
+	 * @param $dn the dn of the user object
+	 * @param $ldapname optional, the display name of the object
+	 * @param $isUser optional, wether it is a user object (otherwise group assumed)
+	 * @returns string with with the name to use in ownCloud
+	 *
+	 * returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN
+	 */
+	public function dn2ocname($dn, $ldapname = null, $isUser = true) {
+		$dn = $this->sanitizeDN($dn);
+		$table = $this->getMapTable($isUser);
 		if($isUser) {
-			$nameAttribute = self::conf('ldapUserDisplayName');
+			$nameAttribute = $this->connection->ldapUserDisplayName;
 		} else {
-			$nameAttribute = self::conf('ldapGroupDisplayName');
+			$nameAttribute = $this->connection->ldapGroupDisplayName;
 		}
 
-		$query = OCP\DB::prepare('
+		$query = \OCP\DB::prepare('
 			SELECT owncloud_name
 			FROM '.$table.'
 			WHERE ldap_dn = ?
@@ -213,22 +223,23 @@ class OC_LDAP {
 		}
 
 		if(is_null($ldapname)) {
-			$ldapname = self::readAttribute($dn, $nameAttribute);
+			$ldapname = $this->readAttribute($dn, $nameAttribute);
 			$ldapname = $ldapname[0];
 		}
-		$ldapname = self::sanitizeUsername($ldapname);
+		$ldapname = $this->sanitizeUsername($ldapname);
 
 		//a new user/group! Then let's try to add it. We're shooting into the blue with the user/group name, assuming that in most cases there will not be a conflict. Otherwise an error will occur and we will continue with our second shot.
-		if(self::mapComponent($dn, $ldapname, $isUser)) {
+		if($this->mapComponent($dn, $ldapname, $isUser)) {
 			return $ldapname;
 		}
 
 		//doh! There is a conflict. We need to distinguish between users/groups. Adding indexes is an idea, but not much of a help for the user. The DN is ugly, but for now the only reasonable way. But we transform it to a readable format and remove the first part to only give the path where this object is located.
-		$oc_name = self::alternateOwnCloudName($ldapname, $dn);
-		if(self::mapComponent($dn, $oc_name, $isUser)) {
+		$oc_name = $this->alternateOwnCloudName($ldapname, $dn);
+		if($this->mapComponent($dn, $oc_name, $isUser)) {
 			return $oc_name;
 		}
 
+		//TODO: do not simple die away!
 		//and this of course should never been thrown :)
 		throw new Exception('LDAP backend: unexpected collision of DN and ownCloud Name.');
 	}
@@ -240,8 +251,8 @@ class OC_LDAP {
 	 *
 	 * gives back the user names as they are used ownClod internally
 	 */
-	static public function ownCloudUserNames($ldapUsers) {
-		return self::ldap2ownCloudNames($ldapUsers, true);
+	public function ownCloudUserNames($ldapUsers) {
+		return $this->ldap2ownCloudNames($ldapUsers, true);
 	}
 
 	/**
@@ -251,22 +262,26 @@ class OC_LDAP {
 	 *
 	 * gives back the group names as they are used ownClod internally
 	 */
-	static public function ownCloudGroupNames($ldapGroups) {
-		return self::ldap2ownCloudNames($ldapGroups, false);
+	public function ownCloudGroupNames($ldapGroups) {
+		return $this->ldap2ownCloudNames($ldapGroups, false);
 	}
 
-	static private function ldap2ownCloudNames($ldapObjects, $isUsers) {
+	private function ldap2ownCloudNames($ldapObjects, $isUsers) {
 		if($isUsers) {
-			$knownObjects = self::mappedUsers();
-			$nameAttribute = self::conf('ldapUserDisplayName');
+			$knownObjects = $this->mappedUsers();
+			$nameAttribute = $this->connection->ldapUserDisplayName;
 		} else {
-			$knownObjects = self::mappedGroups();
-			$nameAttribute = self::conf('ldapGroupDisplayName');
+			$knownObjects = $this->mappedGroups();
+			$nameAttribute = $this->connection->ldapGroupDisplayName;
 		}
 		$ownCloudNames = array();
 
 		foreach($ldapObjects as $ldapObject) {
-			$key = self::recursiveArraySearch($knownObjects, $ldapObject['dn']);
+// if(!isset($ldapObject['dn'])) {
+// 	print("<pre>");
+// 	die(var_dump($ldapObjects));
+// }
+			$key = \OCP\Util::recursiveArraySearch($knownObjects, $ldapObject['dn']);
 
 			//everything is fine when we know the group
 			if($key !== false) {
@@ -275,19 +290,20 @@ class OC_LDAP {
 			}
 
 			//a new group! Then let's try to add it. We're shooting into the blue with the group name, assuming that in most cases there will not be a conflict. But first make sure, that the display name contains only allowed characters.
-			$ocname = self::sanitizeUsername($ldapObject[$nameAttribute]);
-			if(self::mapComponent($ldapObject['dn'], $ocname, $isUsers)) {
+			$ocname = $this->sanitizeUsername($ldapObject[$nameAttribute]);
+			if($this->mapComponent($ldapObject['dn'], $ocname, $isUsers)) {
 				$ownCloudNames[] = $ocname;
 				continue;
 			}
 
 			//doh! There is a conflict. We need to distinguish between groups. Adding indexes is an idea, but not much of a help for the user. The DN is ugly, but for now the only reasonable way. But we transform it to a readable format and remove the first part to only give the path where this entry is located.
-			$ocname = self::alternateOwnCloudName($ocname, $ldapObject['dn']);
-			if(self::mapComponent($ldapObject['dn'], $ocname, $isUsers)) {
+			$ocname = $this->alternateOwnCloudName($ocname, $ldapObject['dn']);
+			if($this->mapComponent($ldapObject['dn'], $ocname, $isUsers)) {
 				$ownCloudNames[] = $ocname;
 				continue;
 			}
 
+			//TODO: do not simple die away
 			//and this of course should never been thrown :)
 			throw new Exception('LDAP backend: unexpected collision of DN and ownCloud Name.');
 		}
@@ -302,10 +318,10 @@ class OC_LDAP {
 	 *
 	 * creates a hopefully unique name for owncloud based on the display name and the dn of the LDAP object
 	 */
-	static private function alternateOwnCloudName($name, $dn) {
+	private function alternateOwnCloudName($name, $dn) {
 		$ufn = ldap_dn2ufn($dn);
-		$name = $name . '@' . trim(OCP\Util::mb_substr_replace($ufn, '', 0, mb_strpos($ufn, ',', 0, 'UTF-8'), 'UTF-8'));
-		$name = self::sanitizeUsername($name);
+		$name = $name . '@' . trim(\OCP\Util::mb_substr_replace($ufn, '', 0, mb_strpos($ufn, ',', 0, 'UTF-8'), 'UTF-8'));
+		$name = $this->sanitizeUsername($name);
 		return $name;
 	}
 
@@ -315,8 +331,8 @@ class OC_LDAP {
 	 *
 	 * retrieves all known groups from the mappings table
 	 */
-	static private function mappedGroups() {
-		return self::mappedComponents(false);
+	private function mappedGroups() {
+		return $this->mappedComponents(false);
 	}
 
 	/**
@@ -325,14 +341,14 @@ class OC_LDAP {
 	 *
 	 * retrieves all known users from the mappings table
 	 */
-	static private function mappedUsers() {
-		return self::mappedComponents(true);
+	private function mappedUsers() {
+		return $this->mappedComponents(true);
 	}
 
-	static private function mappedComponents($isUsers) {
-		$table = self::getMapTable($isUsers);
+	private function mappedComponents($isUsers) {
+		$table = $this->getMapTable($isUsers);
 
-		$query = OCP\DB::prepare('
+		$query = \OCP\DB::prepare('
 			SELECT ldap_dn, owncloud_name
 			FROM '. $table
 		);
@@ -349,17 +365,17 @@ class OC_LDAP {
 	 *
 	 * inserts a new user or group into the mappings table
 	 */
-	static private function mapComponent($dn, $ocname, $isUser = true) {
-		$table = self::getMapTable($isUser);
-		$dn = self::sanitizeDN($dn);
+	private function mapComponent($dn, $ocname, $isUser = true) {
+		$table = $this->getMapTable($isUser);
+		$dn = $this->sanitizeDN($dn);
 
 		$sqlAdjustment = '';
-		$dbtype = OCP\Config::getSystemValue('dbtype');
+		$dbtype = \OCP\Config::getSystemValue('dbtype');
 		if($dbtype == 'mysql') {
 			$sqlAdjustment = 'FROM dual';
 		}
 
-		$insert = OCP\DB::prepare('
+		$insert = \OCP\DB::prepare('
 			INSERT INTO '.$table.' (ldap_dn, owncloud_name)
 				SELECT ?,?
 				'.$sqlAdjustment.'
@@ -372,7 +388,7 @@ class OC_LDAP {
 
 		$res = $insert->execute(array($dn, $ocname, $dn, $ocname));
 
-		if(OCP\DB::isError($res)) {
+		if(\OCP\DB::isError($res)) {
 			return false;
 		}
 
@@ -385,15 +401,15 @@ class OC_LDAP {
 		return true;
 	}
 
-	static public function fetchListOfUsers($filter, $attr) {
-		return self::fetchList(OC_LDAP::searchUsers($filter, $attr), (count($attr) > 1));
+	public function fetchListOfUsers($filter, $attr) {
+		return $this->fetchList($this->searchUsers($filter, $attr), (count($attr) > 1));
 	}
 
-	static public function fetchListOfGroups($filter, $attr) {
-		return self::fetchList(OC_LDAP::searchGroups($filter, $attr), (count($attr) > 1));
+	public function fetchListOfGroups($filter, $attr) {
+		return $this->fetchList($this->searchGroups($filter, $attr), (count($attr) > 1));
 	}
 
-	static private function fetchList($list, $manyAttributes) {
+	private function fetchList($list, $manyAttributes) {
 		if(is_array($list)) {
 			if($manyAttributes) {
 				return $list;
@@ -407,32 +423,6 @@ class OC_LDAP {
 	}
 
 	/**
-	 * @brief reads a given attribute for an LDAP record identified by a DN
-	 * @param $dn the record in question
-	 * @param $attr the attribute that shall be retrieved
-	 * @returns the values in an array on success, false otherwise
-	 *
-	 * Reads an attribute from an LDAP entry
-	 */
-	static public function readAttribute($dn, $attr) {
-		$cr = self::getConnectionResource();
-		$rr = ldap_read($cr, $dn, 'objectClass=*', array($attr));
-		$er = ldap_first_entry($cr, $rr);
-		//LDAP attributes are not case sensitive
-		$result = OCP\Util::mb_array_change_key_case(ldap_get_attributes($cr, $er), MB_CASE_LOWER, 'UTF-8');
-		$attr = mb_strtolower($attr, 'UTF-8');
-
-		if(isset($result[$attr]) && $result[$attr]['count'] > 0){
-			$values = array();
-			for($i=0;$i<$result[$attr]['count'];$i++) {
-				$values[] = self::resemblesDN($attr) ? self::sanitizeDN($result[$attr][$i]) : $result[$attr][$i];
-			}
-			return $values;
-		}
-		return false;
-	}
-
-	/**
 	 * @brief executes an LDAP search, optimized for Users
 	 * @param $filter the LDAP filter for the search
 	 * @param $attr optional, when a certain attribute shall be filtered out
@@ -440,9 +430,8 @@ class OC_LDAP {
 	 *
 	 * Executes an LDAP search
 	 */
-	static public function searchUsers($filter, $attr = null) {
-		self::init();
-		return self::search($filter, self::$ldapBaseUsers, $attr);
+	public function searchUsers($filter, $attr = null) {
+		return $this->search($filter, $this->connection->ldapBaseUsers, $attr);
 	}
 
 	/**
@@ -453,9 +442,8 @@ class OC_LDAP {
 	 *
 	 * Executes an LDAP search
 	 */
-	static public function searchGroups($filter, $attr = null) {
-		self::init();
-		return self::search($filter, self::$ldapBaseGroups, $attr);
+	public function searchGroups($filter, $attr = null) {
+		return $this->search($filter, $this->connection->ldapBaseGroups, $attr);
 	}
 
 	/**
@@ -467,13 +455,13 @@ class OC_LDAP {
 	 *
 	 * Executes an LDAP search
 	 */
-	static private function search($filter, $base, $attr = null) {
+	private function search($filter, $base, $attr = null) {
 		if(!is_null($attr) && !is_array($attr)) {
 			$attr = array(mb_strtolower($attr, 'UTF-8'));
 		}
 
 		// See if we have a resource
-		$link_resource = self::getConnectionResource();
+		$link_resource = $this->connection->getConnectionResource();
 		if(is_resource($link_resource)) {
 			$sr = ldap_search($link_resource, $base, $filter, $attr);
 			$findings = ldap_get_entries($link_resource, $sr );
@@ -486,6 +474,7 @@ class OC_LDAP {
 		} else {
 			// Seems like we didn't find any resource.
 			// Return an empty array just like before.
+			\OCP\Util::writeLog('user_ldap', 'Could not search, because resource is missing.', \OCP\Util::DEBUG);
 			return array();
 		}
 
@@ -500,16 +489,16 @@ class OC_LDAP {
 				if(!is_array($item)) {
 					continue;
 				}
-				$item = OCP\Util::mb_array_change_key_case($item, MB_CASE_LOWER, 'UTF-8');
+				$item = \OCP\Util::mb_array_change_key_case($item, MB_CASE_LOWER, 'UTF-8');
 
 				if($multiarray) {
 					foreach($attr as $key) {
 						$key = mb_strtolower($key, 'UTF-8');
 						if(isset($item[$key])) {
 							if($key != 'dn'){
-								$selection[$i][$key] = self::resemblesDN($key) ? self::sanitizeDN($item[$key][0]) : $item[$key][0];
+								$selection[$i][$key] = $this->resemblesDN($key) ? $this->sanitizeDN($item[$key][0]) : $item[$key][0];
 							} else {
-								$selection[$i][$key] = self::sanitizeDN($item[$key]);
+								$selection[$i][$key] = $this->sanitizeDN($item[$key]);
 							}
 						}
 
@@ -520,47 +509,26 @@ class OC_LDAP {
 					$key = mb_strtolower($attr[0], 'UTF-8');
 
 					if(isset($item[$key])) {
-						if(self::resemblesDN($key)) {
-							$selection[] = self::sanitizeDN($item[$key]);
+						if($this->resemblesDN($key)) {
+							$selection[] = $this->sanitizeDN($item[$key]);
 						} else {
 							$selection[] = $item[$key];
 						}
 					}
 				}
-
 			}
 			return $selection;
 		}
-
 		return $findings;
 	}
 
-	static private function resemblesDN($attr) {
-		$resemblingAttributes = array(
-			'dn',
-			'uniquemember',
-			'member'
-		);
-		return in_array($attr, $resemblingAttributes);
-	}
-
-	static private function sanitizeDN($dn) {
-		//OID sometimes gives back DNs with whitespace after the comma a la "uid=foo, cn=bar, dn=..." We need to tackle this!
-		$dn = preg_replace('/([^\\\]),(\s+)/u','\1,',$dn);
-
-		//make comparisons and everything work
-		$dn = mb_strtolower($dn, 'UTF-8');
-
-		return $dn;
-	}
-
-	static private function sanitizeUsername($name) {
-		if(self::$ldapIgnoreNamingRules) {
+	public function sanitizeUsername($name) {
+		if($this->connection->ldapIgnoreNamingRules) {
 			return $name;
 		}
 
 		//REPLACEMENTS
-		$name = OCP\Util::mb_str_replace(' ', '_', $name, 'UTF-8');
+		$name = \OCP\Util::mb_str_replace(' ', '_', $name, 'UTF-8');
 
 		//every remaining unallowed characters will be removed
 		$name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name);
@@ -575,8 +543,8 @@ class OC_LDAP {
 	 *
 	 * Combines Filter arguments with AND
 	 */
-	static public function combineFilterWithAnd($filters) {
-		return self::combineFilter($filters,'&');
+	public function combineFilterWithAnd($filters) {
+		return $this->combineFilter($filters,'&');
 	}
 
 	/**
@@ -586,8 +554,8 @@ class OC_LDAP {
 	 *
 	 * Combines Filter arguments with AND
 	 */
-	static public function combineFilterWithOr($filters) {
-		return self::combineFilter($filters,'|');
+	public function combineFilterWithOr($filters) {
+		return $this->combineFilter($filters,'|');
 	}
 
 	/**
@@ -598,7 +566,7 @@ class OC_LDAP {
 	 *
 	 * Combines Filter arguments with AND
 	 */
-	static private function combineFilter($filters, $operator) {
+	private function combineFilter($filters, $operator) {
 		$combinedFilter = '('.$operator;
 		foreach($filters as $filter) {
 		    if($filter[0] != '(') {
@@ -610,112 +578,15 @@ class OC_LDAP {
 		return $combinedFilter;
 	}
 
-	/**
-	 * Returns the LDAP handler
-	 */
-	static private function getConnectionResource() {
-		if(!self::$ldapConnectionRes) {
-			self::init();
-		}
-		if(is_null(self::$ldapConnectionRes)) {
-			OCP\Util::writeLog('ldap', 'Connection could not be established', OCP\Util::INFO);
-		}
-		return self::$ldapConnectionRes;
-	}
-
-	/**
-	 * Caches the general LDAP configuration.
-	 */
-	static private function readConfiguration($force = false) {
-		if(!self::$configured || $force) {
-			self::$ldapHost              = OCP\Config::getAppValue('user_ldap', 'ldap_host', '');
-			self::$ldapPort              = OCP\Config::getAppValue('user_ldap', 'ldap_port', 389);
-			self::$ldapAgentName         = OCP\Config::getAppValue('user_ldap', 'ldap_dn','');
-			self::$ldapAgentPassword     = base64_decode(OCP\Config::getAppValue('user_ldap', 'ldap_agent_password',''));
-			self::$ldapBase              = OCP\Config::getAppValue('user_ldap', 'ldap_base', '');
-			self::$ldapBaseUsers         = OCP\Config::getAppValue('user_ldap', 'ldap_base_users',self::$ldapBase);
-			self::$ldapBaseGroups        = OCP\Config::getAppValue('user_ldap', 'ldap_base_groups', self::$ldapBase);
-			self::$ldapTLS               = OCP\Config::getAppValue('user_ldap', 'ldap_tls',0);
-			self::$ldapNoCase            = OCP\Config::getAppValue('user_ldap', 'ldap_nocase', 0);
-			self::$ldapUserDisplayName   = mb_strtolower(OCP\Config::getAppValue('user_ldap', 'ldap_display_name', 'uid'), 'UTF-8');
-			self::$ldapUserFilter        = OCP\Config::getAppValue('user_ldap', 'ldap_userlist_filter','objectClass=person');
-			self::$ldapLoginFilter       = OCP\Config::getAppValue('user_ldap', 'ldap_login_filter', '(uid=%uid)');
-			self::$ldapGroupDisplayName  = mb_strtolower(OCP\Config::getAppValue('user_ldap', 'ldap_group_display_name', LDAP_GROUP_DISPLAY_NAME_ATTR), 'UTF-8');
-			self::$ldapIgnoreNamingRules = OCP\Config::getSystemValue('ldapIgnoreNamingRules', false);
-
-			if(empty(self::$ldapBaseUsers)) {
-				OCP\Util::writeLog('ldap', 'Base for Users is empty, using Base DN', OCP\Util::INFO);
-				self::$ldapBaseUsers = self::$ldapBase;
-			}
-			if(empty(self::$ldapBaseGroups)) {
-				OCP\Util::writeLog('ldap', 'Base for Groups is empty, using Base DN', OCP\Util::INFO);
-				self::$ldapBaseGroups = self::$ldapBase;
-			}
-
-			if(
-				   !empty(self::$ldapHost)
-				&& !empty(self::$ldapPort)
-				&& (
-					   (!empty(self::$ldapAgentName) && !empty(self::$ldapAgentPassword))
-					|| ( empty(self::$ldapAgentName) &&  empty(self::$ldapAgentPassword))
-				)
-				&& !empty(self::$ldapBase)
-				&& !empty(self::$ldapUserDisplayName)
-			)
-			{
-				self::$configured = true;
-			}
-		}
-	}
-
-	/**
-	 * Connects and Binds to LDAP
-	 */
-	static private function establishConnection() {
-		if(!self::$configured) {
-			OCP\Util::writeLog('ldap', 'Configuration is invalid, cannot connect', OCP\Util::INFO);
+	public function areCredentialsValid($name, $password) {
+		$testConnection = clone $this->connection;
+		$credentials = array(
+			'ldapAgentName' => $name,
+			'ldapAgentPassword' => $password
+		);
+		if(!$testConnection->setConfiguration($credentials)) {
 			return false;
 		}
-		if(!self::$ldapConnectionRes) {
-			self::$ldapConnectionRes = ldap_connect(self::$ldapHost, self::$ldapPort);
-			if(ldap_set_option(self::$ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
-					if(ldap_set_option(self::$ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
-						if(self::$ldapTLS) {
-							ldap_start_tls(self::$ldapConnectionRes);
-						}
-					}
-			}
-
-			$ldapLogin = @ldap_bind(self::$ldapConnectionRes, self::$ldapAgentName, self::$ldapAgentPassword );
-			if(!$ldapLogin) {
-				OCP\Util::writeLog('ldap', 'Bind failed: ' . ldap_errno(self::$ldapConnectionRes) . ': ' . ldap_error(self::$ldapConnectionRes), OCP\Util::ERROR);
-				self::$ldapConnectionRes = null;
-				return false;
-			}
-		}
-	}
-
-	static public function areCredentialsValid($name, $password) {
-		return @ldap_bind(self::getConnectionResource(), $name, $password);
-	}
-
-	/**
-	* taken from http://www.php.net/manual/en/function.array-search.php#97645
-	* TODO: move somewhere, where its better placed since it is not LDAP specific. OC_Helper maybe?
-	*/
-	static public function recursiveArraySearch($haystack, $needle, $index = null) {
-		$aIt = new RecursiveArrayIterator($haystack);
-		$it = new RecursiveIteratorIterator($aIt);
-
-		while($it->valid()) {
-			if (((isset($index) AND ($it->key() == $index)) OR (!isset($index))) AND ($it->current() == $needle)) {
-				return $aIt->key();
-			}
-
-			$it->next();
-		}
-
-		return false;
+		return $testConnection->bind();
 	}
-
- }
+}
\ No newline at end of file
diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php
new file mode 100644
index 00000000000..44b1c20214b
--- /dev/null
+++ b/apps/user_ldap/lib/connection.php
@@ -0,0 +1,245 @@
+<?php
+
+/**
+ * ownCloud – LDAP Access
+ *
+ * @author Arthur Schiwon
+ * @copyright 2012 Arthur Schiwon blizzz@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\user_ldap\lib;
+
+class Connection {
+	private $ldapConnectionRes = null;
+	private $configID;
+	private $configured = false;
+
+	//cached settings
+	protected $config = array(
+		'ldapHost' => null,
+		'ldapPort' => null,
+		'ldapBase' => null,
+		'ldapBaseUsers' => null,
+		'ldapBaseGroups' => null,
+		'ldapAgentName' => null,
+		'ldapAgentPassword' => null,
+		'ldapTLS' => null,
+		'ldapNoCase' => null,
+		'ldapIgnoreNamingRules' => null,
+		'ldapUserDisplayName' => null,
+		'ldapUserFilter' => null,
+		'ldapGroupFilter' => null,
+		'ldapGroupDisplayName' => null,
+		'ldapLoginFilter' => null,
+		'ldapQuotaAttribute' => null,
+		'ldapQuotaDefault' => null,
+		'ldapEmailAttribute' => null,
+	);
+
+	public function __construct($configID = 'user_ldap') {
+		$this->configID = $configID;
+	}
+
+	public function __destruct() {
+		@ldap_unbind($this->ldapConnectionRes);
+	}
+
+	public function __get($name) {
+		if(!$this->configured) {
+			$this->readConfiguration();
+		}
+
+		if(isset($this->config[$name])) {
+			return $this->config[$name];
+		}
+	}
+
+	/**
+	 * @brief initializes the LDAP backend
+	 * @param $force read the config settings no matter what
+	 *
+	 * initializes the LDAP backend
+	 */
+	public function init($force = false) {
+		$this->readConfiguration($force);
+		$this->establishConnection();
+	}
+
+	/**
+	 * Returns the LDAP handler
+	 */
+	public function getConnectionResource() {
+		if(!$this->ldapConnectionRes) {
+			$this->init();
+		}
+		if(is_null($this->ldapConnectionRes)) {
+			\OCP\Util::writeLog('user_ldap', 'Connection could not be established', \OCP\Util::ERROR);
+		}
+		return $this->ldapConnectionRes;
+	}
+
+	/**
+	 * Caches the general LDAP configuration.
+	 */
+	private function readConfiguration($force = false) {
+		\OCP\Util::writeLog('user_ldap','Checking conf state: isConfigured? '.print_r($this->configured, true).' isForce? '.print_r($force, true).' configID? '.print_r($this->configID, true), \OCP\Util::DEBUG);
+		if((!$this->configured || $force) && !is_null($this->configID)) {
+			\OCP\Util::writeLog('user_ldap','Reading the configuration', \OCP\Util::DEBUG);
+			$this->config['ldapHost']              = \OCP\Config::getAppValue($this->configID, 'ldap_host', '');
+			$this->config['ldapPort']              = \OCP\Config::getAppValue($this->configID, 'ldap_port', 389);
+			$this->config['ldapAgentName']         = \OCP\Config::getAppValue($this->configID, 'ldap_dn','');
+			$this->config['ldapAgentPassword']     = base64_decode(\OCP\Config::getAppValue($this->configID, 'ldap_agent_password',''));
+			$this->config['ldapBase']              = \OCP\Config::getAppValue($this->configID, 'ldap_base', '');
+			$this->config['ldapBaseUsers']         = \OCP\Config::getAppValue($this->configID, 'ldap_base_users',$this->config['ldapBase']);
+			$this->config['ldapBaseGroups']        = \OCP\Config::getAppValue($this->configID, 'ldap_base_groups', $this->config['ldapBase']);
+			$this->config['ldapTLS']               = \OCP\Config::getAppValue($this->configID, 'ldap_tls',0);
+			$this->config['ldapNoCase']            = \OCP\Config::getAppValue($this->configID, 'ldap_nocase', 0);
+			$this->config['ldapUserDisplayName']   = mb_strtolower(\OCP\Config::getAppValue($this->configID, 'ldap_display_name', 'uid'), 'UTF-8');
+			$this->config['ldapUserFilter']        = \OCP\Config::getAppValue($this->configID, 'ldap_userlist_filter','objectClass=person');
+			$this->config['ldapGroupFilter']        = \OCP\Config::getAppValue($this->configID, 'ldap_group_filter','(objectClass=posixGroup)');
+			$this->config['ldapLoginFilter']       = \OCP\Config::getAppValue($this->configID, 'ldap_login_filter', '(uid=%uid)');
+			$this->config['ldapGroupDisplayName']  = mb_strtolower(\OCP\Config::getAppValue($this->configID, 'ldap_group_display_name', LDAP_GROUP_DISPLAY_NAME_ATTR), 'UTF-8');
+			$this->config['ldapQuotaAttribute']    = \OCP\Config::getAppValue($this->configID, 'ldap_quota_attr', '');
+			$this->config['ldapQuotaDefault']      = \OCP\Config::getAppValue($this->configID, 'ldap_quota_def', '');
+			$this->config['ldapEmailAttribute']      = \OCP\Config::getAppValue($this->configID, 'ldap_email_attr', '');
+			$this->config['ldapGroupMemberAssocAttr']      = \OCP\Config::getAppValue($this->configID, 'ldap_group_member_assoc_attribute', 'uniqueMember');
+			$this->config['ldapIgnoreNamingRules'] = \OCP\Config::getSystemValue('ldapIgnoreNamingRules', false);
+
+			$this->configured = $this->validateConfiguration();
+		}
+	}
+
+	/**
+	 * @brief set LDAP configuration with values delivered by an array, not read from configuration
+	 * @param $config array that holds the config parameters in an associated array
+	 * @param &$setParameters optional; array where the set fields will be given to
+	 * @return true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters
+	 */
+	public function setConfiguration($config, &$setParameters = null) {
+		if(!is_array($config)) {
+			return false;
+		}
+
+		foreach($config as $parameter => $value) {
+		    if(isset($this->config[$parameter])) {
+				$this->config[$parameter] = $value;
+				if(is_array($setParameters)) {
+					$setParameters[] = $parameter;
+				}
+		    }
+		}
+
+		$this->configured = $this->validateConfiguration();
+
+		return $this->configured;
+	}
+
+	/**
+	 * @brief Validates the user specified configuration
+	 * @returns true if configuration seems OK, false otherwise
+	 */
+	private function validateConfiguration() {
+		//first step: "soft" checks: settings that are not really necessary, but advisable. If left empty, give an info message
+		if(empty($this->config['ldapBaseUsers'])) {
+			\OCP\Util::writeLog('user_ldap', 'Base tree for Users is empty, using Base DN', \OCP\Util::INFO);
+			$this->config['ldapBaseUsers'] = $this->config['ldapBase'];
+		}
+		if(empty($this->config['ldapBaseGroups'])) {
+			\OCP\Util::writeLog('user_ldap', 'Base tree for Groups is empty, using Base DN', \OCP\Util::INFO);
+			$this->config['ldapBaseGroups'] = $this->config['ldapBase'];
+		}
+		if(empty($this->config['ldapGroupFilter']) && empty($this->config['ldapGroupMemberAssocAttr'])) {
+			\OCP\Util::writeLog('user_ldap', 'No group filter is specified, LDAP group feature will not be used.', \OCP\Util::INFO);
+		}
+
+		//second step: critical checks. If left empty or filled wrong, set as unconfigured and give a warning.
+		$configurationOK = true;
+		if(empty($this->config['ldapHost'])) {
+			\OCP\Util::writeLog('user_ldap', 'No LDAP host given, won`t connect.', \OCP\Util::WARN);
+			$configurationOK = false;
+		}
+		if(empty($this->config['ldapPort'])) {
+			\OCP\Util::writeLog('user_ldap', 'No LDAP Port given, won`t connect.', \OCP\Util::WARN);
+			$configurationOK = false;
+		}
+		if((empty($this->config['ldapAgentName']) && !empty($this->config['ldapAgentPassword']))
+			|| (!empty($this->config['ldapAgentName']) && empty($this->config['ldapAgentPassword']))) {
+			\OCP\Util::writeLog('user_ldap', 'Either no password given for the user agent or a password is given, but no LDAP agent; won`t connect.', \OCP\Util::WARN);
+			$configurationOK = false;
+		}
+		//TODO: check if ldapAgentName is in DN form
+		if(empty($this->config['ldapBase']) && (empty($this->config['ldapBaseUsers']) && empty($this->config['ldapBaseGroups']))) {
+			\OCP\Util::writeLog('user_ldap', 'No Base DN given, won`t connect.', \OCP\Util::WARN);
+			$configurationOK = false;
+		}
+		if(empty($this->config['ldapUserDisplayName'])) {
+			\OCP\Util::writeLog('user_ldap', 'No user display name attribute specified, won`t connect.', \OCP\Util::WARN);
+			$configurationOK = false;
+		}
+		if(empty($this->config['ldapGroupDisplayName'])) {
+			\OCP\Util::writeLog('user_ldap', 'No group display name attribute specified, won`t connect.', \OCP\Util::WARN);
+			$configurationOK = false;
+		}
+		if(empty($this->config['ldapLoginFilter'])) {
+			\OCP\Util::writeLog('user_ldap', 'No login filter specified, won`t connect.', \OCP\Util::WARN);
+			$configurationOK = false;
+		}
+		if(mb_strpos($this->config['ldapLoginFilter'], '%uid', 0, 'UTF-8') === false) {
+			\OCP\Util::writeLog('user_ldap', 'Login filter does not contain %uid place holder, won`t connect.', \OCP\Util::WARN);
+			\OCP\Util::writeLog('user_ldap', 'Login filter was ' . $this->config['ldapLoginFilter'], \OCP\Util::DEBUG);
+			$configurationOK = false;
+		}
+
+		return $configurationOK;
+	}
+
+	/**
+	 * Connects and Binds to LDAP
+	 */
+	private function establishConnection() {
+		if(!$this->configured) {
+			\OCP\Util::writeLog('user_ldap', 'Configuration is invalid, cannot connect', \OCP\Util::WARN);
+			return false;
+		}
+		if(!$this->ldapConnectionRes) {
+			$this->ldapConnectionRes = ldap_connect($this->config['ldapHost'], $this->config['ldapPort']);
+			if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
+					if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
+						if($this->config['ldapTLS']) {
+							ldap_start_tls($this->ldapConnectionRes);
+						}
+					}
+			}
+
+			return $this->bind();
+		}
+	}
+
+	/**
+	 * Binds to LDAP
+	 */
+	public function bind() {
+		$ldapLogin = @ldap_bind($this->getConnectionResource(), $this->config['ldapAgentName'], $this->config['ldapAgentPassword']);
+		if(!$ldapLogin) {
+			\OCP\Util::writeLog('user_ldap', 'Bind failed: ' . ldap_errno($this->ldapConnectionRes) . ': ' . ldap_error($this->ldapConnectionRes), \OCP\Util::ERROR);
+			$this->ldapConnectionRes = null;
+			return false;
+		}
+		return true;
+	}
+
+}
\ No newline at end of file
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index e7ed4dae280..5a7e308f006 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -27,51 +27,38 @@ namespace OCA\user_ldap;
 
 class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 
-	// cached settings
-	protected $ldapUserFilter;
-	protected $ldapQuotaAttribute;
-	protected $ldapQuotaDefault;
-	protected $ldapEmailAttribute;
-
 	// will be retrieved from LDAP server
 	protected $ldap_dc = false;
 
 	// cache getUsers()
 	protected $_users = null;
 
-	public function __construct() {
-		$this->ldapUserFilter      = \OCP\Config::getAppValue('user_ldap', 'ldap_userlist_filter', '(objectClass=posixAccount)');
-		$this->ldapQuotaAttribute  = \OCP\Config::getAppValue('user_ldap', 'ldap_quota_attr', '');
-		$this->ldapQuotaDefault    = \OCP\Config::getAppValue('user_ldap', 'ldap_quota_def', '');
-		$this->ldapEmailAttribute  = \OCP\Config::getAppValue('user_ldap', 'ldap_email_attr', '');
-	}
-
 	private function updateQuota($dn) {
 		$quota = null;
-		if(!empty($this->ldapQuotaDefault)) {
-			$quota = $this->ldapQuotaDefault;
+		if(!empty($this->connection->ldapQuotaDefault)) {
+			$quota = $this->connection->ldapQuotaDefault;
 		}
-		if(!empty($this->ldapQuotaAttribute)) {
-			$aQuota = \OC_LDAP::readAttribute($dn, $this->ldapQuotaAttribute);
+		if(!empty($this->connection->ldapQuotaAttribute)) {
+			$aQuota = $this->readAttribute($dn, $this->connection->ldapQuotaAttribute);
 
 			if($aQuota && (count($aQuota) > 0)) {
 				$quota = $aQuota[0];
 			}
 		}
 		if(!is_null($quota)) {
-			\OCP\Config::setUserValue(\OC_LDAP::dn2username($dn), 'files', 'quota', \OCP\Util::computerFileSize($quota));
+			\OCP\Config::setUserValue($this->dn2username($dn), 'files', 'quota', \OCP\Util::computerFileSize($quota));
 		}
 	}
 
 	private function updateEmail($dn) {
 		$email = null;
-		if(!empty($this->ldapEmailAttribute)) {
-			$aEmail = \OC_LDAP::readAttribute($dn, $this->ldapEmailAttribute);
+		if(!empty($this->connection->ldapEmailAttribute)) {
+			$aEmail = $this->readAttribute($dn, $this->connection->ldapEmailAttribute);
 			if($aEmail && (count($aEmail) > 0)) {
 				$email = $aEmail[0];
 			}
 			if(!is_null($email)){
-				\OCP\Config::setUserValue(\OC_LDAP::dn2username($dn), 'settings', 'email', $email);
+				\OCP\Config::setUserValue($this->dn2username($dn), 'settings', 'email', $email);
 			}
 		}
 	}
@@ -86,15 +73,16 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 	 */
 	public function checkPassword($uid, $password){
 		//find out dn of the user name
-		$filter = \OCP\Util::mb_str_replace('%uid', $uid, \OC_LDAP::conf('ldapLoginFilter'), 'UTF-8');
-		$ldap_users = \OC_LDAP::fetchListOfUsers($filter, 'dn');
+		$filter = \OCP\Util::mb_str_replace('%uid', $uid, $this->connection->ldapLoginFilter, 'UTF-8');
+		\OCP\Util::writeLog('user_ldap', 'Getting DN for login, filter '.$filter.' originating from '.$this->connection->ldapLoginFilter,\OCP\Util::DEBUG);
+		$ldap_users = $this->fetchListOfUsers($filter, 'dn');
 		if(count($ldap_users) < 1) {
 			return false;
 		}
 		$dn = $ldap_users[0];
 
 		//are the credentials OK?
-		if(!\OC_LDAP::areCredentialsValid($dn, $password)) {
+		if(!$this->areCredentialsValid($dn, $password)) {
 			return false;
 		}
 
@@ -103,7 +91,7 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 		$this->updateEmail($dn);
 
 		//give back the display name
-		return \OC_LDAP::dn2username($dn);
+		return $this->dn2username($dn);
 	}
 
 	/**
@@ -114,8 +102,8 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 	 */
 	public function getUsers(){
 		if(is_null($this->_users)) {
-			$ldap_users = \OC_LDAP::fetchListOfUsers($this->ldapUserFilter, array(\OC_LDAP::conf('ldapUserDisplayName'), 'dn'));
-			$this->_users = \OC_LDAP::ownCloudUserNames($ldap_users);
+			$ldap_users = $this->fetchListOfUsers($this->connection->ldapUserFilter, array($this->connection->ldapUserDisplayName, 'dn'));
+			$this->_users = $this->ownCloudUserNames($ldap_users);
 		}
 		return $this->_users;
 	}
@@ -127,13 +115,13 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 	 */
 	public function userExists($uid){
 		//getting dn, if false the user does not exist. If dn, he may be mapped only, requires more checking.
-		$dn = \OC_LDAP::username2dn($uid);
+		$dn = $this->username2dn($uid);
 		if(!$dn) {
 			return false;
 		}
 
 		//if user really still exists, we will be able to read his cn
-		$cn = \OC_LDAP::readAttribute($dn, 'cn');
+		$cn = $this->readAttribute($dn, 'cn');
 		if(!$cn || empty($cn)) {
 			return false;
 		}