diff options
| -rw-r--r-- | apps/user_ldap/ajax/wizard.php | 2 | ||||
| -rw-r--r-- | apps/user_ldap/js/settings.js | 68 | ||||
| -rw-r--r-- | apps/user_ldap/lib/configuration.php | 3 | ||||
| -rw-r--r-- | apps/user_ldap/lib/wizard.php | 121 | ||||
| -rw-r--r-- | apps/user_ldap/templates/part.wizard-userfilter.php | 14 |
5 files changed, 201 insertions, 7 deletions
diff --git a/apps/user_ldap/ajax/wizard.php b/apps/user_ldap/ajax/wizard.php index 497fe9dcf24..27359b908f6 100644 --- a/apps/user_ldap/ajax/wizard.php +++ b/apps/user_ldap/ajax/wizard.php @@ -48,6 +48,8 @@ switch($action) { case 'guessBaseDN': case 'determineObjectClasses': case 'determineGroups': + case 'getUserListFilter': + case 'countUsers': try { $result = $wizard->$action(); if($result !== false) { diff --git a/apps/user_ldap/js/settings.js b/apps/user_ldap/js/settings.js index 837b79e329c..d3c7aeea4f7 100644 --- a/apps/user_ldap/js/settings.js +++ b/apps/user_ldap/js/settings.js @@ -127,6 +127,7 @@ var LdapConfiguration = { var LdapWizard = { checkPortInfoShown: false, saveBlacklist: {}, + userFilterGroupSelectState: 'enable', ajax: function(param, fnOnSuccess, fnOnError) { $.post( @@ -148,7 +149,11 @@ var LdapWizard = { //no need to blacklist multiselect LdapWizard.saveBlacklist[id] = true; } - $('#'+id).val(result.changes[id]); + if(id.indexOf('count') > 0) { + $('#'+id).text(result.changes[id]); + } else { + $('#'+id).val(result.changes[id]); + } } }, @@ -202,6 +207,40 @@ var LdapWizard = { } }, + composeFilter: function(type) { + if(type == 'user') { + action = 'getUserListFilter'; + } + + param = 'action='+action+ + '&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val(); + + LdapWizard.ajax(param, + function(result) { + LdapWizard.applyChanges(result); + LdapWizard.countUsers(); + }, + function (result) { + // error handling + } + ); + }, + + countUsers: function() { + param = 'action=countUsers'+ + '&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val(); + + LdapWizard.ajax(param, + function(result) { + LdapWizard.applyChanges(result); +// alert(result.changes['ldap_user_count']); + }, + function (result) { + // error handling + } + ); + }, + findAvailableGroups: function() { param = 'action=determineGroups'+ '&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val(); @@ -273,6 +312,7 @@ var LdapWizard = { initUserFilter: function() { LdapWizard.findObjectClasses(); LdapWizard.findAvailableGroups(); + LdapWizard.countUsers(); }, onTabChange: function(event, ui) { @@ -289,6 +329,10 @@ var LdapWizard = { LdapWizard.checkPort(); LdapWizard.checkBaseDN(); } + + if(triggerObj.id == 'ldap_userlist_filter') { + LdapWizard.countUsers(); + } }, save: function(inputObj) { @@ -305,6 +349,10 @@ var LdapWizard = { values = values + "\n" + resultObj[i].value; } LdapWizard._save($('#'+originalObj)[0], $.trim(values)); + if(originalObj == 'ldap_userfilter_objectclass' + || originalObj == 'ldap_userfilter_groups') { + LdapWizard.composeFilter('user'); + } }, _save: function(object, value) { @@ -330,6 +378,23 @@ var LdapWizard = { $('#ldapWizard1 .ldapWizardInfo').text(t('user_ldap', text)); $('#ldapWizard1 .ldapWizardInfo').removeClass('invisible'); LdapWizard.checkInfoShown = true; + }, + + toggleRawUserFilter: function() { + if($('#rawUserFilterContainer').hasClass('invisible')) { + $('#rawUserFilterContainer').removeClass('invisible'); + $('#ldap_userfilter_objectclass').multiselect('disable'); + if($('#ldap_userfilter_groups').multiselect().attr('disabled') == 'disabled') { + userFilterGroupSelectState = 'disable'; + } else { + userFilterGroupSelectState = 'enable'; + } + $('#ldap_userfilter_groups').multiselect('disable'); + } else { + $('#rawUserFilterContainer').addClass('invisible'); + $('#ldap_userfilter_group').multiselect(userFilterGroupSelectState); + $('#ldap_userfilter_objectclass').multiselect('enable'); + } } }; @@ -346,6 +411,7 @@ $(document).ready(function() { 'ldap_userfilter_objectclass', t('user_ldap', 'Select object classes')); $('.lwautosave').change(function() { LdapWizard.save(this); }); + $('#toggleRawUserFilter').click(LdapWizard.toggleRawUserFilter); LdapConfiguration.refreshConfig(); $('#ldap_action_test_connection').click(function(event){ event.preventDefault(); diff --git a/apps/user_ldap/lib/configuration.php b/apps/user_ldap/lib/configuration.php index 33771cf9388..70c55458895 100644 --- a/apps/user_ldap/lib/configuration.php +++ b/apps/user_ldap/lib/configuration.php @@ -63,6 +63,7 @@ class Configuration { 'ldapAttributesForGroupSearch' => null, 'homeFolderNamingRule' => null, 'hasPagedResultSupport' => false, + 'hasMemberOfFilterSupport' => false, 'ldapExpertUsernameAttr' => null, 'ldapExpertUUIDAttr' => null, ); @@ -304,6 +305,7 @@ class Configuration { 'ldap_attributes_for_group_search' => '', 'ldap_expert_username_attr' => '', 'ldap_expert_uuid_attr' => '', + 'has_memberof_filter_support' => 0, ); } @@ -344,6 +346,7 @@ class Configuration { 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch', 'ldap_expert_username_attr' => 'ldapExpertUsernameAttr', 'ldap_expert_uuid_attr' => 'ldapExpertUUIDAttr', + 'has_memberof_filter_support' => 'hasMemberOfFilterSupport', ); return $array; } diff --git a/apps/user_ldap/lib/wizard.php b/apps/user_ldap/lib/wizard.php index 7e3dfa8610f..e85c7460748 100644 --- a/apps/user_ldap/lib/wizard.php +++ b/apps/user_ldap/lib/wizard.php @@ -34,6 +34,10 @@ class Wizard extends LDAPUtility { const LRESULT_PROCESSED_INVALID = 1; const LRESULT_PROCESSED_SKIP = 2; + const LFILTER_LOGIN = 0; + const LFILTER_USER_LIST = 1; + const LFILTER_GROUP_LIST = 2; + /** * @brief Constructor * @param $configuration an instance of Configuration @@ -54,6 +58,35 @@ class Wizard extends LDAPUtility { } } + public function countUsers() { + if(!$this->checkRequirements(array('ldapHost', + 'ldapPort', + 'ldapAgentName', + 'ldapAgentPassword', + 'ldapBase', + 'ldapUserFilter', + ))) { + return false; + } + + $cr = $this->getConnection(); + if(!$cr) { + throw new \Excpetion('Could not connect to LDAP'); + } + + $base = $this->configuration->ldapBase[0]; + $filter = $this->configuration->ldapUserFilter; + $rr = $this->ldap->search($cr, $base, $filter, array('dn')); + if(!$this->ldap->isResource($rr)) { + return false; + } + $entries = $this->ldap->countEntries($cr, $rr); + $entries = ($entries !== false) ? $entries : 0; + $this->result->addChange('ldap_user_count', $entries); + + return $this->result; + } + /** * @brief detects the available LDAP groups * @returns the instance's WizardResult instance @@ -78,7 +111,9 @@ class Wizard extends LDAPUtility { 'ldap_userfilter_groups', 'ldapUserFilterGroups'); - if(!$this->testMemberOf()) { + $this->configuration->hasMemberOfFilterSupport = $this->testMemberOf(); + $filter = $this->composeLdapFilter(self::LFILTER_USER_LIST); + if(!$this->configuration->hasMemberOfFilterSupport) { throw new \Exception('memberOf is not supported by the server'); } @@ -114,6 +149,24 @@ class Wizard extends LDAPUtility { return $this->result; } + public function getUserListFilter() { + if(!$this->checkRequirements(array('ldapHost', + 'ldapPort', + 'ldapAgentName', + 'ldapAgentPassword', + 'ldapBase', + ))) { + return false; + } + $filter = $this->composeLdapFilter(self::LFILTER_USER_LIST); + if(!$filter) { + throw new \Exception('Cannot create filter'); + } + + $this->applyFind('ldap_userlist_filter', $filter); + return $this->result; + } + /** * Tries to determine the port, requires given Host, User DN and Password * @returns mixed WizardResult on success, false otherwise @@ -296,6 +349,72 @@ class Wizard extends LDAPUtility { } /** + * @brief creates an LDAP Filter from given configuration + * @param $filterType int, for which use case the filter shall be created + * can be any of self::LFILTER_USER_LIST, self::LFILTER_LOGIN or + * self::LFILTER_GROUP_LIST + * @return mixed, string with the filter on success, false otherwise + */ + private function composeLdapFilter($filterType) { + $filter = ''; + $parts = 0; + switch ($filterType) { + case self::LFILTER_USER_LIST: + $objcs = $this->configuration->ldapUserFilterObjectclass; + \OCP\Util::writeLog('user_ldap', 'Wiz: '.print_r($objcs, true), \OCP\Util::DEBUG); + //glue objectclasses + if(is_array($objcs) && count($objcs) > 0) { + \OCP\Util::writeLog('user_ldap', 'Wiz: Processing objectclasses', \OCP\Util::DEBUG); + $filter .= '(|'; + foreach($objcs as $objc) { + $filter .= '(objectclass=' . $objc . ')'; + } + $filter .= ')'; + $parts++; + } + \OCP\Util::writeLog('user_ldap', 'Wiz: Intermediate filter '.$filter, \OCP\Util::DEBUG); + //glue group memberships + if($this->configuration->hasMemberOfFilterSupport) { + $cns = $this->configuration->ldapUserFilterGroups; + \OCP\Util::writeLog('user_ldap', 'Wiz: '.print_r($cns, true), \OCP\Util::DEBUG); + if(is_array($cns) && count($cns) > 0) { + \OCP\Util::writeLog('user_ldap', 'Wiz: Processing groups', \OCP\Util::DEBUG); + $filter .= '(|'; + $cr = $this->getConnection(); + if(!$cr) { + throw new \Excpetion('Could not connect to LDAP'); + } + $base = $this->configuration->ldapBase[0]; + foreach($cns as $cn) { + $rr = $this->ldap->search($cr, $base, 'cn=' . $cn, array('dn')); + if(!$this->ldap->isResource($rr)) { + continue; + } + $er = $this->ldap->firstEntry($cr, $rr); + $dn = $this->ldap->getDN($cr, $er); + $filter .= '(memberof=' . $dn . ')'; + } + $filter .= ')'; + } + $parts++; + \OCP\Util::writeLog('user_ldap', 'Wiz: Intermediate filter '.$filter, \OCP\Util::DEBUG); + } + //wrap parts in AND condition + if($parts > 1) { + $filter = '(&' . $filter . ')'; + } + if(empty($filter)) { + $filter = 'objectclass=*'; + } + break; + } + + \OCP\Util::writeLog('user_ldap', 'Wiz: Final filter '.$filter, \OCP\Util::DEBUG); + + return empty($filter) ? false : $filter; + } + + /** * Connects and Binds to an LDAP Server * @param $port the port to connect with * @param $tls whether startTLS is to be used diff --git a/apps/user_ldap/templates/part.wizard-userfilter.php b/apps/user_ldap/templates/part.wizard-userfilter.php index 56dd16e8a61..879af95b2bc 100644 --- a/apps/user_ldap/templates/part.wizard-userfilter.php +++ b/apps/user_ldap/templates/part.wizard-userfilter.php @@ -2,7 +2,7 @@ <div> <p> - <?php p($l->t('Limit the access to ownCloud to users meetignthis criteria:'));?> + <?php p($l->t('Limit the access to ownCloud to users meeting this criteria:'));?> </p> <p> @@ -28,13 +28,13 @@ </p> <p> - <label><a>↓ <?php p($l->t('Edit raw filter instead'));?></a></label> + <label><a id='toggleRawUserFilter'>↓ <?php p($l->t('Edit raw filter instead'));?></a></label> </p> - <p class="invisible"> - <input type="text" id="ldap_userlistfilter_raw" name="ldap_userlistfilter_raw" + <p id="rawUserFilterContainer" class="invisible"> + <input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter" class="lwautosave" - data-default="<?php p($_['ldap_userlistfilter_raw_default']); ?>" + data-default="<?php p($_['ldap_userlist_filter_default']); ?>" placeholder="<?php p($l->t('Raw LDAP filter'));?>" title="<?php p($l->t('The filter specifies which LDAP users shall have access to the ownCloud instance.'));?>" /> @@ -43,6 +43,10 @@ <p> <div class="ldapWizardInfo invisible"> </div> </p> + + <p> + <span id="ldap_user_count">0</span> <span><?php p($l->t('user(s) found'));?></span> + </p> <?php print_unescaped($_['wizardControls']); ?> </div> </fieldset>
\ No newline at end of file |