diff options
Diffstat (limited to 'apps/user_ldap/lib/LDAPProvider.php')
-rw-r--r-- | apps/user_ldap/lib/LDAPProvider.php | 139 |
1 files changed, 121 insertions, 18 deletions
diff --git a/apps/user_ldap/lib/LDAPProvider.php b/apps/user_ldap/lib/LDAPProvider.php index bf8691006c6..060c478ae38 100644 --- a/apps/user_ldap/lib/LDAPProvider.php +++ b/apps/user_ldap/lib/LDAPProvider.php @@ -3,6 +3,10 @@ * * @copyright Copyright (c) 2016, Roger Szabo (roger.szabo@web.de) * + * @author Roger Szabo <roger.szabo@web.de> + * @author Vinicius Brand <vinicius@eita.org.br> + * @author Daniel Tygel <dtygel@eita.org.br> + * * @license GNU AGPL version 3 or any later version * * This program is free software: you can redistribute it and/or modify @@ -33,7 +37,8 @@ use OCA\User_LDAP\User\DeletedUsersIndex; */ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { - private $backend; + private $userBackend; + private $groupBackend; private $logger; private $helper; private $deletedUsersIndex; @@ -47,14 +52,28 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { $this->logger = $serverContainer->getLogger(); $this->helper = $helper; $this->deletedUsersIndex = $deletedUsersIndex; + $userBackendFound = false; + $groupBackendFound = false; foreach ($serverContainer->getUserManager()->getBackends() as $backend){ - $this->logger->debug('instance '.get_class($backend).' backend.', ['app' => 'user_ldap']); + $this->logger->debug('instance '.get_class($backend).' user backend.', ['app' => 'user_ldap']); if ($backend instanceof IUserLDAP) { - $this->backend = $backend; - return; + $this->userBackend = $backend; + $userBackendFound = true; + break; } } - throw new \Exception('To use the LDAPProvider, user_ldap app must be enabled'); + foreach ($serverContainer->getGroupManager()->getBackends() as $backend){ + $this->logger->debug('instance '.get_class($backend).' group backend.', ['app' => 'user_ldap']); + if ($backend instanceof IGroupLDAP) { + $this->groupBackend = $backend; + $groupBackendFound = true; + break; + } + } + + if (!$userBackendFound or !$groupBackendFound) { + throw new \Exception('To use the LDAPProvider, user_ldap app must be enabled'); + } } /** @@ -64,16 +83,33 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { * @throws \Exception if translation was unsuccessful */ public function getUserDN($uid) { - if(!$this->backend->userExists($uid)){ + if(!$this->userBackend->userExists($uid)){ throw new \Exception('User id not found in LDAP'); } - $result = $this->backend->getLDAPAccess($uid)->username2dn($uid); + $result = $this->userBackend->getLDAPAccess($uid)->username2dn($uid); if(!$result){ throw new \Exception('Translation to LDAP DN unsuccessful'); } return $result; } - + + /** + * Translate a group id to LDAP DN. + * @param string $gid group id + * @return string + * @throws \Exception + */ + public function getGroupDN($gid) { + if(!$this->groupBackend->groupExists($gid)){ + throw new \Exception('Group id not found in LDAP'); + } + $result = $this->groupBackend->getLDAPAccess($gid)->groupname2dn($gid); + if(!$result){ + throw new \Exception('Translation to LDAP DN unsuccessful'); + } + return $result; + } + /** * Translate a LDAP DN to an internal user name. If there is no mapping between * the DN and the user name, a new one will be created. @@ -82,7 +118,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { * @throws \Exception if translation was unsuccessful */ public function getUserName($dn) { - $result = $this->backend->dn2UserName($dn); + $result = $this->userBackend->dn2UserName($dn); if(!$result){ throw new \Exception('Translation to internal user name unsuccessful'); } @@ -115,10 +151,24 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { * @throws \Exception if user id was not found in LDAP */ public function getLDAPConnection($uid) { - if(!$this->backend->userExists($uid)){ + if(!$this->userBackend->userExists($uid)){ throw new \Exception('User id not found in LDAP'); } - return $this->backend->getNewLDAPConnection($uid); + return $this->userBackend->getNewLDAPConnection($uid); + } + + /** + * Return a new LDAP connection resource for the specified user. + * The connection must be closed manually. + * @param string $gid group id + * @return resource of the LDAP connection + * @throws \Exception if group id was not found in LDAP + */ + public function getGroupLDAPConnection($gid) { + if(!$this->groupBackend->groupExists($gid)){ + throw new \Exception('Group id not found in LDAP'); + } + return $this->groupBackend->getNewLDAPConnection($gid); } /** @@ -128,10 +178,10 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { * @throws \Exception if user id was not found in LDAP */ public function getLDAPBaseUsers($uid) { - if(!$this->backend->userExists($uid)){ + if(!$this->userBackend->userExists($uid)){ throw new \Exception('User id not found in LDAP'); } - return $this->backend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_base_users']; + return $this->userBackend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_base_users']; } /** @@ -141,10 +191,10 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { * @throws \Exception if user id was not found in LDAP */ public function getLDAPBaseGroups($uid) { - if(!$this->backend->userExists($uid)){ + if(!$this->userBackend->userExists($uid)){ throw new \Exception('User id not found in LDAP'); } - return $this->backend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_base_groups']; + return $this->userBackend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_base_groups']; } /** @@ -153,10 +203,23 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { * @throws \Exception if user id was not found in LDAP */ public function clearCache($uid) { - if(!$this->backend->userExists($uid)){ + if(!$this->userBackend->userExists($uid)){ throw new \Exception('User id not found in LDAP'); } - $this->backend->getLDAPAccess($uid)->getConnection()->clearCache(); + $this->userBackend->getLDAPAccess($uid)->getConnection()->clearCache(); + } + + /** + * Clear the cache if a cache is used, otherwise do nothing. + * Acts on the LDAP connection of a group + * @param string $gid group id + * @throws \Exception if user id was not found in LDAP + */ + public function clearGroupCache($gid) { + if(!$this->groupBackend->groupExists($gid)){ + throw new \Exception('Group id not found in LDAP'); + } + $this->groupBackend->getLDAPAccess($gid)->getConnection()->clearCache(); } /** @@ -165,7 +228,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { * @return bool whether the DN exists */ public function dnExists($dn) { - $result = $this->backend->dn2UserName($dn); + $result = $this->userBackend->dn2UserName($dn); return !$result ? false : true; } @@ -184,4 +247,44 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { public function unflagRecord($uid) { //do nothing } + + /** + * Get the LDAP attribute name for the user's display name + * @param string $uid user id + * @return string the display name field + * @throws \Exception if user id was not found in LDAP + */ + public function getLDAPDisplayNameField($uid) { + if(!$this->userBackend->userExists($uid)){ + throw new \Exception('User id not found in LDAP'); + } + return $this->userBackend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_display_name']; + } + + /** + * Get the LDAP attribute name for the email + * @param string $uid user id + * @return string the email field + * @throws \Exception if user id was not found in LDAP + */ + public function getLDAPEmailField($uid) { + if(!$this->userBackend->userExists($uid)){ + throw new \Exception('User id not found in LDAP'); + } + return $this->userBackend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_email_attr']; + } + + /** + * Get the LDAP type of association between users and groups + * @param string $gid group id + * @return string the configuration, one of: 'memberUid', 'uniqueMember', 'member', 'gidNumber' + * @throws \Exception if group id was not found in LDAP + */ + public function getLDAPGroupMemberAssoc($gid) { + if(!$this->groupBackend->groupExists($gid)){ + throw new \Exception('Group id not found in LDAP'); + } + return $this->groupBackend->getLDAPAccess($gid)->getConnection()->getConfiguration()['ldap_group_member_assoc_attribute']; + } + } |