Merge pull request #44859 from nextcloud/feat/add-ldap-connection-setup-check

feat(user_ldap): Add setup check to verify connection configuration

4 files changed, 115 insertions, 0 deletions

diff --git a/apps/user_ldap/composer/composer/autoload_classmap.php b/apps/user_ldap/composer/composer/autoload_classmap.php
index e7fdc764d71..a748a9b4428 100644
--- a/apps/user_ldap/composer/composer/autoload_classmap.php
+++ b/apps/user_ldap/composer/composer/autoload_classmap.php
@@ -83,6 +83,7 @@ return array(
     'OCA\\User_LDAP\\Service\\UpdateGroupsService' => $baseDir . '/../lib/Service/UpdateGroupsService.php',
     'OCA\\User_LDAP\\Settings\\Admin' => $baseDir . '/../lib/Settings/Admin.php',
     'OCA\\User_LDAP\\Settings\\Section' => $baseDir . '/../lib/Settings/Section.php',
+    'OCA\\User_LDAP\\SetupChecks\\LdapConnection' => $baseDir . '/../lib/SetupChecks/LdapConnection.php',
     'OCA\\User_LDAP\\SetupChecks\\LdapInvalidUuids' => $baseDir . '/../lib/SetupChecks/LdapInvalidUuids.php',
     'OCA\\User_LDAP\\UserPluginManager' => $baseDir . '/../lib/UserPluginManager.php',
     'OCA\\User_LDAP\\User\\DeletedUsersIndex' => $baseDir . '/../lib/User/DeletedUsersIndex.php',
diff --git a/apps/user_ldap/composer/composer/autoload_static.php b/apps/user_ldap/composer/composer/autoload_static.php
index a1317d1df36..591a78b0f9e 100644
--- a/apps/user_ldap/composer/composer/autoload_static.php
+++ b/apps/user_ldap/composer/composer/autoload_static.php
@@ -98,6 +98,7 @@ class ComposerStaticInitUser_LDAP
         'OCA\\User_LDAP\\Service\\UpdateGroupsService' => __DIR__ . '/..' . '/../lib/Service/UpdateGroupsService.php',
         'OCA\\User_LDAP\\Settings\\Admin' => __DIR__ . '/..' . '/../lib/Settings/Admin.php',
         'OCA\\User_LDAP\\Settings\\Section' => __DIR__ . '/..' . '/../lib/Settings/Section.php',
+        'OCA\\User_LDAP\\SetupChecks\\LdapConnection' => __DIR__ . '/..' . '/../lib/SetupChecks/LdapConnection.php',
         'OCA\\User_LDAP\\SetupChecks\\LdapInvalidUuids' => __DIR__ . '/..' . '/../lib/SetupChecks/LdapInvalidUuids.php',
         'OCA\\User_LDAP\\UserPluginManager' => __DIR__ . '/..' . '/../lib/UserPluginManager.php',
         'OCA\\User_LDAP\\User\\DeletedUsersIndex' => __DIR__ . '/..' . '/../lib/User/DeletedUsersIndex.php',
diff --git a/apps/user_ldap/lib/AppInfo/Application.php b/apps/user_ldap/lib/AppInfo/Application.php
index e46d77b8066..4d8a11caf3c 100644
--- a/apps/user_ldap/lib/AppInfo/Application.php
+++ b/apps/user_ldap/lib/AppInfo/Application.php
@@ -40,6 +40,7 @@ use OCA\User_LDAP\ILDAPWrapper;
 use OCA\User_LDAP\LDAP;
 use OCA\User_LDAP\LoginListener;
 use OCA\User_LDAP\Notification\Notifier;
+use OCA\User_LDAP\SetupChecks\LdapConnection;
 use OCA\User_LDAP\SetupChecks\LdapInvalidUuids;
 use OCA\User_LDAP\User\Manager;
 use OCA\User_LDAP\User_Proxy;
@@ -118,6 +119,7 @@ class Application extends App implements IBootstrap {
 		);
 		$context->registerEventListener(PostLoginEvent::class, LoginListener::class);
 		$context->registerSetupCheck(LdapInvalidUuids::class);
+		$context->registerSetupCheck(LdapConnection::class);
 	}
 
 	public function boot(IBootContext $context): void {
diff --git a/apps/user_ldap/lib/SetupChecks/LdapConnection.php b/apps/user_ldap/lib/SetupChecks/LdapConnection.php
new file mode 100644
index 00000000000..63877ff06ae
--- /dev/null
+++ b/apps/user_ldap/lib/SetupChecks/LdapConnection.php
@@ -0,0 +1,111 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright Copyright (c) 2024 Côme Chilliet <come.chilliet@nextcloud.com>
+ *
+ * @author Côme Chilliet <come.chilliet@nextcloud.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\User_LDAP\SetupChecks;
+
+use OCA\User_LDAP\AccessFactory;
+use OCA\User_LDAP\ConnectionFactory;
+use OCA\User_LDAP\Helper;
+use OCP\IL10N;
+use OCP\SetupCheck\ISetupCheck;
+use OCP\SetupCheck\SetupResult;
+
+class LdapConnection implements ISetupCheck {
+	public function __construct(
+		private IL10N $l10n,
+		private Helper $helper,
+		private ConnectionFactory $connectionFactory,
+		private AccessFactory $accessFactory,
+	) {
+	}
+
+	public function getCategory(): string {
+		return 'ldap';
+	}
+
+	public function getName(): string {
+		return $this->l10n->t('LDAP Connection');
+	}
+
+	public function run(): SetupResult {
+		$availableConfigs = $this->helper->getServerConfigurationPrefixes();
+		$inactiveConfigurations = [];
+		$bindFailedConfigurations = [];
+		$searchFailedConfigurations = [];
+		foreach ($availableConfigs as $configID) {
+			$connection = $this->connectionFactory->get($configID);
+			if (!$connection->ldapConfigurationActive) {
+				$inactiveConfigurations[] = $configID;
+				continue;
+			}
+			if (!$connection->bind()) {
+				$bindFailedConfigurations[] = $configID;
+				continue;
+			}
+			$access = $this->accessFactory->get($connection);
+			$result = $access->countObjects(1);
+			if (!is_int($result) || ($result <= 0)) {
+				$searchFailedConfigurations[] = $configID;
+			}
+		}
+		$output = '';
+		if (!empty($bindFailedConfigurations)) {
+			$output .= $this->l10n->n(
+				'Binding failed for this LDAP configuration: %s',
+				'Binding failed for these LDAP configurations: %s',
+				count($bindFailedConfigurations),
+				[implode(',', $bindFailedConfigurations)]
+			)."\n";
+		}
+		if (!empty($searchFailedConfigurations)) {
+			$output .= $this->l10n->n(
+				'Searching failed for this LDAP configuration: %s',
+				'Searching failed for these LDAP configurations: %s',
+				count($searchFailedConfigurations),
+				[implode(',', $searchFailedConfigurations)]
+			)."\n";
+		}
+		if (!empty($inactiveConfigurations)) {
+			$output .= $this->l10n->n(
+				'There is an inactive LDAP configuration: %s',
+				'There are inactive LDAP configurations: %s',
+				count($inactiveConfigurations),
+				[implode(',', $inactiveConfigurations)]
+			)."\n";
+		}
+		if (!empty($bindFailedConfigurations) || !empty($searchFailedConfigurations)) {
+			return SetupResult::error($output);
+		} elseif (!empty($inactiveConfigurations)) {
+			return SetupResult::warning($output);
+		}
+		return SetupResult::success($this->l10n->n(
+			'Binding and searching works on the configured LDAP connection (%s)',
+			'Binding and searching works on all of the configured LDAP connections (%s)',
+			count($availableConfigs),
+			[implode(',', $availableConfigs)]
+		));
+	}
+}