diff options
| author | Arthur Schiwon <blizzz@owncloud.com> | 2015-12-11 01:56:53 +0100 |
|---|---|---|
| committer | Arthur Schiwon <blizzz@owncloud.com> | 2015-12-11 01:56:53 +0100 |
| commit | 4020d5b77a249e75ae81f5c3646db5692488a812 (patch) | |
| tree | c9114fa4696a6d39d94c1c36b5184504aa5b6efd /apps/user_ldap/lib | |
| parent | 8c7930015644fdd3121dd8399c975b7d15bf40a7 (diff) | |
| download | nextcloud-server-4020d5b77a249e75ae81f5c3646db5692488a812.tar.gz nextcloud-server-4020d5b77a249e75ae81f5c3646db5692488a812.zip | |
look for DN changes before marking a user as deleted
Diffstat (limited to 'apps/user_ldap/lib')
| -rw-r--r-- | apps/user_ldap/lib/access.php | 52 | ||||
| -rw-r--r-- | apps/user_ldap/lib/mapping/abstractmapping.php | 12 |
2 files changed, 63 insertions, 1 deletions
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php index 667f1076235..3be0b6818d0 100644 --- a/apps/user_ldap/lib/access.php +++ b/apps/user_ldap/lib/access.php @@ -1277,6 +1277,58 @@ class Access extends LDAPUtility implements user\IUserTools { } /** + * reverse lookup of a DN given a known UUID + * + * @param string $uuid + * @return string + * @throws \Exception + */ + public function getUserDnByUuid($uuid) { + $uuidOverride = $this->connection->ldapExpertUUIDUserAttr; + $filter = $this->connection->ldapUserFilter; + $base = $this->connection->ldapBaseUsers; + + if($this->connection->ldapUuidUserAttribute === 'auto' && empty($uuidOverride)) { + // Sacrebleu! The UUID attribute is unknown :( We need first an + // existing DN to be able to reliably detect it. + $result = $this->search($filter, $base, ['dn'], 1); + if(!isset($result[0]) || !isset($result[0]['dn'])) { + throw new \Exception('Cannot determine UUID attribute'); + } + $dn = $result[0]['dn'][0]; + if(!$this->detectUuidAttribute($dn, true)) { + throw new \Exception('Cannot determine UUID attribute'); + } + } else { + // The UUID attribute is either known or an override is given. + // By calling this method we ensure that $this->connection->$uuidAttr + // is definitely set + if(!$this->detectUuidAttribute('', true)) { + throw new \Exception('Cannot determine UUID attribute'); + } + } + + $uuidAttr = $this->connection->ldapUuidUserAttribute; + if($uuidAttr === 'guid' || $uuidAttr === 'objectguid') { + $dn = '<GUID={' . $uuid . '}>'; + $result = $this->readAttribute($dn, 'dn'); + if(is_array($result) && isset($result[0])) { + return $result[0]; + } + } else { + $filter = $uuidAttr . '=' . $uuid; + $result = $this->searchUsers($filter, ['dn'], 2); + if(is_array($result) && isset($result[0]) && isset($result[0]['dn']) && count($result) === 1) { + // we put the count into account to make sure that this is + // really unique + return $result[0]['dn'][0]; + } + } + + throw new \Exception('Cannot determine UUID attribute'); + } + + /** * auto-detects the directory's UUID attribute * @param string $dn a known DN used to check against * @param bool $isUser diff --git a/apps/user_ldap/lib/mapping/abstractmapping.php b/apps/user_ldap/lib/mapping/abstractmapping.php index f0f0f6df75e..c3d38ce8b71 100644 --- a/apps/user_ldap/lib/mapping/abstractmapping.php +++ b/apps/user_ldap/lib/mapping/abstractmapping.php @@ -158,7 +158,7 @@ abstract class AbstractMapping { } /** - * Gets the name based on the provided LDAP DN. + * Gets the name based on the provided LDAP UUID. * @param string $uuid * @return string|false */ @@ -167,6 +167,16 @@ abstract class AbstractMapping { } /** + * Gets the UUID based on the provided LDAP DN + * @param string $dn + * @return false|string + * @throws \Exception + */ + public function getUUIDByDN($dn) { + return $this->getXbyY('directory_uuid', 'ldap_dn', $dn); + } + + /** * gets a piece of the mapping list * @param int $offset * @param int $limit |