diff options
| author | blizzz <blizzz@arthur-schiwon.de> | 2021-01-22 14:31:19 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-01-22 14:31:19 +0100 |
| commit | 939433363ebcbad6212e4fe0413183a190a92eb0 (patch) | |
| tree | b4cd02e9f37f45a97d2bd7b2416e66357346eb06 /apps | |
| parent | b28cea626857a6ffa458558c9e45d451ac6ec9a2 (diff) | |
| parent | f15148f695d68b9bdf55af983f09e2067f6bc3db (diff) | |
| download | nextcloud-server-939433363ebcbad6212e4fe0413183a190a92eb0.tar.gz nextcloud-server-939433363ebcbad6212e4fe0413183a190a92eb0.zip | |
Merge pull request #25128 from nextcloud/ldapprovider-get-property
extend ILDAPProvider to allow reading arbitrairy ldap attributes for users
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/user_ldap/lib/LDAPProvider.php | 53 |
1 files changed, 42 insertions, 11 deletions
diff --git a/apps/user_ldap/lib/LDAPProvider.php b/apps/user_ldap/lib/LDAPProvider.php index 370cc3e2820..c63bca9724a 100644 --- a/apps/user_ldap/lib/LDAPProvider.php +++ b/apps/user_ldap/lib/LDAPProvider.php @@ -42,7 +42,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { private $logger; private $helper; private $deletedUsersIndex; - + /** * Create new LDAPProvider * @param \OCP\IServerContainer $serverContainer @@ -77,7 +77,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { throw new \Exception('To use the LDAPProvider, user_ldap app must be enabled'); } } - + /** * Translate an user id to LDAP DN * @param string $uid user id @@ -126,7 +126,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { } return $result; } - + /** * Convert a stored DN so it can be used as base parameter for LDAP queries. * @param string $dn the DN in question @@ -135,7 +135,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { public function DNasBaseParameter($dn) { return $this->helper->DNasBaseParameter($dn); } - + /** * Sanitize a DN received from the LDAP server. * @param array $dn the DN in question @@ -144,7 +144,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { public function sanitizeDN($dn) { return $this->helper->sanitizeDN($dn); } - + /** * Return a new LDAP connection resource for the specified user. * The connection must be closed manually. @@ -172,7 +172,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { } return $this->groupBackend->getNewLDAPConnection($gid); } - + /** * Get the LDAP base for users. * @param string $uid user id @@ -202,7 +202,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { ); return array_shift($bases); } - + /** * Get the LDAP base for groups. * @param string $uid user id @@ -216,7 +216,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { $bases = $this->userBackend->getLDAPAccess($uid)->getConnection()->ldapBaseGroups; return array_shift($bases); } - + /** * Clear the cache if a cache is used, otherwise do nothing. * @param string $uid user id @@ -241,7 +241,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { } $this->groupBackend->getLDAPAccess($gid)->getConnection()->clearCache(); } - + /** * Check whether a LDAP DN exists * @param string $dn LDAP DN @@ -251,7 +251,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { $result = $this->userBackend->dn2UserName($dn); return !$result ? false : true; } - + /** * Flag record for deletion. * @param string $uid user id @@ -259,7 +259,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { public function flagRecord($uid) { $this->deletedUsersIndex->markUser($uid); } - + /** * Unflag record for deletion. * @param string $uid user id @@ -306,4 +306,35 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { } return $this->groupBackend->getLDAPAccess($gid)->getConnection()->getConfiguration()['ldap_group_member_assoc_attribute']; } + + /** + * Get an LDAP attribute for a nextcloud user + * @param string $uid the nextcloud user id to get the attribute for + * @param string $attribute the name of the attribute to read + * @return string|null + * @throws \Exception if user id was not found in LDAP + */ + public function getUserAttribute(string $uid, string $attribute): ?string { + if (!$this->userBackend->userExists($uid)) { + throw new \Exception('User id not found in LDAP'); + } + $access = $this->userBackend->getLDAPAccess($uid); + $connection = $access->getConnection(); + $key = $uid . "::" . $attribute; + $cached = $connection->getFromCache($key); + + if ($cached !== null) { + return $cached; + } + + $value = $access->readAttribute($access->username2dn($uid), $attribute); + if (is_array($value) && count($value) > 0) { + $value = current($value); + } else { + return null; + } + $connection->writeToCache($key, $value); + + return $value; + } } |