summaryrefslogtreecommitdiffstats
path: root/apps/user_ldap/group_ldap.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/user_ldap/group_ldap.php')
-rw-r--r--apps/user_ldap/group_ldap.php170
1 files changed, 107 insertions, 63 deletions
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index a3117b5a41e..b29ebe30c51 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -21,24 +21,17 @@
*
*/
-class OC_GROUP_LDAP extends OC_Group_Backend {
-// //group specific settings
- protected $ldapGroupFilter;
- protected $ldapGroupMemberAssocAttr;
- protected $configured = false;
+namespace OCA\user_ldap;
- protected $_group_user = array();
- protected $_user_groups = array();
- protected $_group_users = array();
- protected $_groups = array();
+class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
+ protected $enabled = false;
- public function __construct() {
- $this->ldapGroupFilter = OCP\Config::getAppValue('user_ldap', 'ldap_group_filter', '(objectClass=posixGroup)');
- $this->ldapGroupMemberAssocAttr = OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember');
-
- if(!empty($this->ldapGroupFilter) && !empty($this->ldapGroupMemberAssocAttr)) {
- $this->configured = true;
+ public function setConnector(lib\Connection &$connection) {
+ parent::setConnector($connection);
+ if(empty($this->connection->ldapGroupFilter) || empty($this->connection->ldapGroupMemberAssocAttr)) {
+ $this->enabled = false;
}
+ $this->enabled = true;
}
/**
@@ -50,31 +43,33 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
* Checks whether the user is member of a group or not.
*/
public function inGroup($uid, $gid) {
- if(!$this->configured) {
+ if(!$this->enabled) {
return false;
}
- if(isset($this->_group_user[$gid][$uid])) {
- return $this->_group_user[$gid][$uid];
+ if($this->connection->isCached('inGroup'.$uid.':'.$gid)) {
+ return $this->connection->getFromCache('inGroup'.$uid.':'.$gid);
}
- $dn_user = OC_LDAP::username2dn($uid);
- $dn_group = OC_LDAP::groupname2dn($gid);
+ $dn_user = $this->username2dn($uid);
+ $dn_group = $this->groupname2dn($gid);
// just in case
if(!$dn_group || !$dn_user) {
+ $this->connection->writeToCache('inGroup'.$uid.':'.$gid, false);
return false;
}
//usually, LDAP attributes are said to be case insensitive. But there are exceptions of course.
- $members = OC_LDAP::readAttribute($dn_group, $this->ldapGroupMemberAssocAttr);
+ $members = $this->readAttribute($dn_group, $this->connection->ldapGroupMemberAssocAttr);
if(!$members) {
+ $this->connection->writeToCache('inGroup'.$uid.':'.$gid, false);
return false;
}
//extra work if we don't get back user DNs
//TODO: this can be done with one LDAP query
- if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') {
+ if(strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid') {
$dns = array();
foreach($members as $mid) {
- $filter = str_replace('%uid', $mid, OC_LDAP::conf('ldapLoginFilter'));
- $ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn');
+ $filter = str_replace('%uid', $mid, $this->connection->ldapLoginFilter);
+ $ldap_users = $this->fetchListOfUsers($filter, 'dn');
if(count($ldap_users) < 1) {
continue;
}
@@ -83,8 +78,10 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
$members = $dns;
}
- $this->_group_user[$gid][$uid] = in_array($dn_user, $members);
- return $this->_group_user[$gid][$uid];
+ $isInGroup = in_array($dn_user, $members);
+ $this->connection->writeToCache('inGroup'.$uid.':'.$gid, $isInGroup);
+
+ return $isInGroup;
}
/**
@@ -96,86 +93,105 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
* if the user exists at all.
*/
public function getUserGroups($uid) {
- if(!$this->configured) {
+ if(!$this->enabled) {
return array();
}
- if(isset($this->_user_groups[$uid])) {
- return $this->_user_groups[$uid];
+ if($this->connection->isCached('getUserGroups'.$uid)) {
+ return $this->connection->getFromCache('getUserGroups'.$uid);
}
- $userDN = OC_LDAP::username2dn($uid);
+ $userDN = $this->username2dn($uid);
if(!$userDN) {
- $this->_user_groups[$uid] = array();
+ $this->connection->writeToCache('getUserGroups'.$uid, array());
return array();
}
//uniqueMember takes DN, memberuid the uid, so we need to distinguish
- if((strtolower($this->ldapGroupMemberAssocAttr) == 'uniquemember')
- || (strtolower($this->ldapGroupMemberAssocAttr) == 'member')) {
+ if((strtolower($this->connection->ldapGroupMemberAssocAttr) == 'uniquemember')
+ || (strtolower($this->connection->ldapGroupMemberAssocAttr) == 'member')
+ ) {
$uid = $userDN;
- } else if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') {
- $result = OC_LDAP::readAttribute($userDN, 'uid');
+ } else if(strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid') {
+ $result = $this->readAttribute($userDN, 'uid');
$uid = $result[0];
} else {
// just in case
$uid = $userDN;
}
- $filter = OC_LDAP::combineFilterWithAnd(array(
- $this->ldapGroupFilter,
- $this->ldapGroupMemberAssocAttr.'='.$uid
+ $filter = $this->combineFilterWithAnd(array(
+ $this->connection->ldapGroupFilter,
+ $this->connection->ldapGroupMemberAssocAttr.'='.$uid
));
- $groups = OC_LDAP::fetchListOfGroups($filter, array(OC_LDAP::conf('ldapGroupDisplayName'),'dn'));
- $this->_user_groups[$uid] = array_unique(OC_LDAP::ownCloudGroupNames($groups), SORT_LOCALE_STRING);
+ $groups = $this->fetchListOfGroups($filter, array($this->connection->ldapGroupDisplayName,'dn'));
+ $groups = array_unique($this->ownCloudGroupNames($groups), SORT_LOCALE_STRING);
+ $this->connection->writeToCache('getUserGroups'.$uid, $groups);
- return $this->_user_groups[$uid];
+ return $groups;
}
/**
* @brief get a list of all users in a group
* @returns array with user ids
*/
- public function usersInGroup($gid) {
- if(!$this->configured) {
+ public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
+ if(!$this->enabled) {
return array();
}
- if(isset($this->_group_users[$gid])) {
- return $this->_group_users[$gid];
+ $this->groupSearch = $search;
+ if($this->connection->isCached('usersInGroup'.$gid)) {
+ $groupUsers = $this->connection->getFromCache('usersInGroup'.$gid);
+ if(!empty($this->groupSearch)) {
+ $groupUsers = array_filter($groupUsers, array($this, 'groupMatchesFilter'));
+ }
+ if($limit = -1) {
+ $limit = null;
+ }
+ return array_slice($groupUsers, $offset, $limit);
}
- $groupDN = OC_LDAP::groupname2dn($gid);
+ $groupDN = $this->groupname2dn($gid);
if(!$groupDN) {
- $this->_group_users[$gid] = array();
+ $this->connection->writeToCache('usersInGroup'.$gid, array());
return array();
}
- $members = OC_LDAP::readAttribute($groupDN, $this->ldapGroupMemberAssocAttr);
+ $members = $this->readAttribute($groupDN, $this->connection->ldapGroupMemberAssocAttr);
if(!$members) {
- $this->_group_users[$gid] = array();
+ $this->connection->writeToCache('usersInGroup'.$gid, array());
return array();
}
$result = array();
- $isMemberUid = (strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid');
+ $isMemberUid = (strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid');
foreach($members as $member) {
if($isMemberUid) {
- $filter = str_replace('%uid', $member, OC_LDAP::conf('ldapLoginFilter'));
- $ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn');
+ $filter = \OCP\Util::mb_str_replace('%uid', $member, $this->connection->ldapLoginFilter, 'UTF-8');
+ $ldap_users = $this->fetchListOfUsers($filter, 'dn');
if(count($ldap_users) < 1) {
continue;
}
- $result[] = OC_LDAP::dn2username($ldap_users[0]);
+ $result[] = $this->dn2username($ldap_users[0]);
continue;
} else {
- if($ocname = OC_LDAP::dn2username($member)){
+ if($ocname = $this->dn2username($member)) {
$result[] = $ocname;
}
}
}
if(!$isMemberUid) {
- $result = array_intersect($result, OCP\User::getUsers());
+ $result = array_intersect($result, \OCP\User::getUsers());
}
- $this->_group_users[$gid] = array_unique($result, SORT_LOCALE_STRING);
- return $this->_group_users[$gid];
+ $groupUsers = array_unique($result, SORT_LOCALE_STRING);
+ $this->connection->writeToCache('usersInGroup'.$gid, $groupUsers);
+
+ if(!empty($this->groupSearch)) {
+ $groupUsers = array_filter($groupUsers, array($this, 'groupMatchesFilter'));
+ }
+ if($limit = -1) {
+ $limit = null;
+ }
+ return array_slice($groupUsers, $offset, $limit);
+
}
/**
@@ -184,15 +200,30 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
*
* Returns a list with all groups
*/
- public function getGroups() {
- if(!$this->configured) {
+ public function getGroups($search = '', $limit = -1, $offset = 0) {
+ if(!$this->enabled) {
return array();
}
- if(empty($this->_groups)) {
- $ldap_groups = OC_LDAP::fetchListOfGroups($this->ldapGroupFilter, array(OC_LDAP::conf('ldapGroupDisplayName'), 'dn'));
- $this->_groups = OC_LDAP::ownCloudGroupNames($ldap_groups);
+
+ if($this->connection->isCached('getGroups')) {
+ $ldap_groups = $this->connection->getFromCache('getGroups');
+ } else {
+ $ldap_groups = $this->fetchListOfGroups($this->connection->ldapGroupFilter, array($this->connection->ldapGroupDisplayName, 'dn'));
+ $ldap_groups = $this->ownCloudGroupNames($ldap_groups);
+ $this->connection->writeToCache('getGroups', $ldap_groups);
+ }
+ $this->groupSearch = $search;
+ if(!empty($this->groupSearch)) {
+ $ldap_groups = array_filter($ldap_groups, array($this, 'groupMatchesFilter'));
}
- return $this->_groups;
+ if($limit = -1) {
+ $limit = null;
+ }
+ return array_slice($ldap_groups, $offset, $limit);
+ }
+
+ public function groupMatchesFilter($group) {
+ return (strripos($group, $this->groupSearch) !== false);
}
/**
@@ -203,4 +234,17 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
public function groupExists($gid){
return in_array($gid, $this->getGroups());
}
+
+ /**
+ * @brief Check if backend implements actions
+ * @param $actions bitwise-or'ed actions
+ * @returns boolean
+ *
+ * Returns the supported actions as int to be
+ * compared with OC_USER_BACKEND_CREATE_USER etc.
+ */
+ public function implementsActions($actions) {
+ //always returns false, because possible actions are modifying actions. We do not write to LDAP, at least for now.
+ return false;
+ }
} \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-23 17:16:16 +0000