summaryrefslogtreecommitdiffstats
path: root/apps/user_ldap
diff options
context:
space:
mode:
authorThomas Müller <thomas.mueller@tmit.eu>2015-08-19 08:31:27 +0200
committerThomas Müller <thomas.mueller@tmit.eu>2015-08-19 08:31:27 +0200
commitd9172a19070051660e5a94d84e54eaad6854acfd (patch)
tree930ad91f0d9decbb86a43dfd8344259f02309b16 /apps/user_ldap
parent69e72eeb37b6d0084c137e1cffffe8717c2f1de0 (diff)
parent41ad4f46c8e1a02ef811d5a9205041bb7a619144 (diff)
downloadnextcloud-server-d9172a19070051660e5a94d84e54eaad6854acfd.tar.gz
nextcloud-server-d9172a19070051660e5a94d84e54eaad6854acfd.zip
Merge pull request #14401 from owncloud/ux-s2s-ldap
allow login names to be used for s2s with LDAP users
Diffstat (limited to 'apps/user_ldap')
-rw-r--r--apps/user_ldap/appinfo/app.php7
-rw-r--r--apps/user_ldap/lib/helper.php31
-rw-r--r--apps/user_ldap/user_ldap.php60
-rw-r--r--apps/user_ldap/user_proxy.php13
4 files changed, 98 insertions, 13 deletions
diff --git a/apps/user_ldap/appinfo/app.php b/apps/user_ldap/appinfo/app.php
index 5457e6b654f..68fd1b698e0 100644
--- a/apps/user_ldap/appinfo/app.php
+++ b/apps/user_ldap/appinfo/app.php
@@ -62,6 +62,13 @@ if(count($configPrefixes) > 0) {
OCP\Backgroundjob::registerJob('OCA\user_ldap\lib\Jobs');
OCP\Backgroundjob::registerJob('\OCA\User_LDAP\Jobs\CleanUp');
+\OCP\Util::connectHook(
+ '\OCA\Files_Sharing\API\Server2Server',
+ 'preLoginNameUsedAsUserName',
+ '\OCA\user_ldap\lib\Helper',
+ 'loginName2UserName'
+);
+
if(OCP\App::isEnabled('user_webdavauth')) {
OCP\Util::writeLog('user_ldap',
'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour',
diff --git a/apps/user_ldap/lib/helper.php b/apps/user_ldap/lib/helper.php
index 40874b2ef9f..57b75823a1d 100644
--- a/apps/user_ldap/lib/helper.php
+++ b/apps/user_ldap/lib/helper.php
@@ -27,6 +27,9 @@
namespace OCA\user_ldap\lib;
+use OCA\user_ldap\lib\LDAP;
+use OCA\user_ldap\User_Proxy;
+
class Helper {
/**
@@ -181,4 +184,32 @@ class Helper {
return $domain;
}
+
+ /**
+ * listens to a hook thrown by server2server sharing and replaces the given
+ * login name by a username, if it matches an LDAP user.
+ *
+ * @param array $param
+ * @throws \Exception
+ */
+ public static function loginName2UserName($param) {
+ if(!isset($param['uid'])) {
+ throw new \Exception('key uid is expected to be set in $param');
+ }
+
+ //ain't it ironic?
+ $helper = new Helper();
+
+ $configPrefixes = $helper->getServerConfigurationPrefixes(true);
+ $ldapWrapper = new LDAP();
+ $ocConfig = \OC::$server->getConfig();
+
+ $userBackend = new User_Proxy(
+ $configPrefixes, $ldapWrapper, $ocConfig
+ );
+ $uid = $userBackend->loginName2UserName($param['uid'] );
+ if($uid !== false) {
+ $param['uid'] = $uid;
+ }
+ }
}
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index a2f4b4ee9e5..00cba718369 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -71,6 +71,43 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
}
/**
+ * returns the username for the given login name, if available
+ *
+ * @param string $loginName
+ * @return string|false
+ */
+ public function loginName2UserName($loginName) {
+ try {
+ $ldapRecord = $this->getLDAPUserByLoginName($loginName);
+ $user = $this->access->userManager->get($ldapRecord['dn']);
+ if($user instanceof OfflineUser) {
+ return false;
+ }
+ return $user->getUsername();
+ } catch (\Exception $e) {
+ return false;
+ }
+ }
+
+ /**
+ * returns an LDAP record based on a given login name
+ *
+ * @param string $loginName
+ * @return array
+ * @throws \Exception
+ */
+ public function getLDAPUserByLoginName($loginName) {
+ //find out dn of the user name
+ $attrs = array($this->access->connection->ldapUserDisplayName, 'dn',
+ 'uid', 'samaccountname');
+ $users = $this->access->fetchUsersByLoginName($loginName, $attrs);
+ if(count($users) < 1) {
+ throw new \Exception('No user available for the given login name.');
+ }
+ return $users[0];
+ }
+
+ /**
* Check if the password is correct
* @param string $uid The username
* @param string $password The password
@@ -79,15 +116,14 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
* Check if the password is correct without logging in the user
*/
public function checkPassword($uid, $password) {
- //find out dn of the user name
- $attrs = array($this->access->connection->ldapUserDisplayName, 'dn',
- 'uid', 'samaccountname');
- $users = $this->access->fetchUsersByLoginName($uid, $attrs);
- if(count($users) < 1) {
+ try {
+ $ldapRecord = $this->getLDAPUserByLoginName($uid);
+ } catch(\Exception $e) {
return false;
}
- $dn = $users[0]['dn'];
+ $dn = $ldapRecord['dn'];
$user = $this->access->userManager->get($dn);
+
if(!$user instanceof User) {
\OCP\Util::writeLog('user_ldap',
'LDAP Login: Could not get user object for DN ' . $dn .
@@ -102,14 +138,14 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
}
$user->markLogin();
- if(isset($users[0][$this->access->connection->ldapUserDisplayName])) {
- $dpn = $users[0][$this->access->connection->ldapUserDisplayName];
+ if(isset($ldapRecord[$this->access->connection->ldapUserDisplayName])) {
+ $dpn = $ldapRecord[$this->access->connection->ldapUserDisplayName];
$user->storeDisplayName($dpn);
}
- if(isset($users[0]['uid'])) {
- $user->storeLDAPUserName($users[0]['uid']);
- } else if(isset($users[0]['samaccountname'])) {
- $user->storeLDAPUserName($users[0]['samaccountname']);
+ if(isset($ldapRecord['uid'])) {
+ $user->storeLDAPUserName($ldapRecord['uid']);
+ } else if(isset($ldapRecord['samaccountname'])) {
+ $user->storeLDAPUserName($ldapRecord['samaccountname']);
}
return $user->getUsername();
diff --git a/apps/user_ldap/user_proxy.php b/apps/user_ldap/user_proxy.php
index 683529eb902..1491be3f394 100644
--- a/apps/user_ldap/user_proxy.php
+++ b/apps/user_ldap/user_proxy.php
@@ -161,7 +161,7 @@ class User_Proxy extends lib\Proxy implements \OCP\IUserBackend, \OCP\UserInterf
/**
* check if a user exists on LDAP
- * @param string|OCA\User_LDAP\lib\User\User $user either the ownCloud user
+ * @param string|\OCA\User_LDAP\lib\User\User $user either the ownCloud user
* name or an instance of that user
* @return boolean
*/
@@ -183,6 +183,17 @@ class User_Proxy extends lib\Proxy implements \OCP\IUserBackend, \OCP\UserInterf
}
/**
+ * returns the username for the given login name, if available
+ *
+ * @param string $loginName
+ * @return string|false
+ */
+ public function loginName2UserName($loginName) {
+ $id = 'LOGINNAME,' . $loginName;
+ return $this->handleRequest($id, 'loginName2UserName', array($loginName));
+ }
+
+ /**
* get the user's home directory
* @param string $uid the username
* @return boolean