diff options
Diffstat (limited to 'apps/user_ldap/lib')
| -rw-r--r-- | apps/user_ldap/lib/access.php | 70 | ||||
| -rw-r--r-- | apps/user_ldap/lib/connection.php | 69 |
2 files changed, 87 insertions, 52 deletions
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php index fdf9c24612d..f75a78bcb0b 100644 --- a/apps/user_ldap/lib/access.php +++ b/apps/user_ldap/lib/access.php @@ -288,7 +288,7 @@ class Access extends LDAPUtility { } //second try: get the UUID and check if it is known. Then, update the DN and return the name. - $uuid = $this->getUUID($dn); + $uuid = $this->getUUID($dn, $isUser); if($uuid) { $query = \OCP\DB::prepare(' SELECT `owncloud_name` @@ -580,7 +580,9 @@ class Access extends LDAPUtility { '); //feed the DB - $insRows = $insert->execute(array($dn, $ocname, $this->getUUID($dn), $dn, $ocname)); + $insRows = $insert->execute(array($dn, $ocname, + $this->getUUID($dn, $isUser), $dn, + $ocname)); if(\OCP\DB::isError($insRows)) { return false; @@ -905,55 +907,67 @@ class Access extends LDAPUtility { * @param $force the detection should be run, even if it is not set to auto * @returns true on success, false otherwise */ - private function detectUuidAttribute($dn, $force = false) { - if(($this->connection->ldapUuidAttribute !== 'auto') && !$force) { + private function detectUuidAttribute($dn, $isUser = true, $force = false) { + if($isUser) { + $uuidAttr = 'ldapUuidUserAttribute'; + $uuidOverride = $this->connection->ldapExpertUUIDUserAttr; + } else { + $uuidAttr = 'ldapUuidGroupAttribute'; + $uuidOverride = $this->connection->ldapExpertUUIDGroupAttr; + } + + if(($this->connection->$uuidAttr !== 'auto') && !$force) { return true; } - $fixedAttribute = $this->connection->ldapExpertUUIDAttr; - if(!empty($fixedAttribute)) { - $this->connection->ldapUuidAttribute = $fixedAttribute; + if(!empty($uuidOverride) && !$force) { + $this->connection->$uuidAttr = $uuidOverride; return true; } - //for now, supported (known) attributes are entryUUID, nsuniqueid, objectGUID + //for now, supported attributes are entryUUID, nsuniqueid, objectGUID $testAttributes = array('entryuuid', 'nsuniqueid', 'objectguid', 'guid'); foreach($testAttributes as $attribute) { - \OCP\Util::writeLog('user_ldap', 'Testing '.$attribute.' as UUID attr', \OCP\Util::DEBUG); - $value = $this->readAttribute($dn, $attribute); if(is_array($value) && isset($value[0]) && !empty($value[0])) { - \OCP\Util::writeLog('user_ldap', 'Setting '.$attribute.' as UUID attr', \OCP\Util::DEBUG); - $this->connection->ldapUuidAttribute = $attribute; + \OCP\Util::writeLog('user_ldap', + 'Setting '.$attribute.' as '.$uuidAttr, + \OCP\Util::DEBUG); + $this->connection->$uuidAttr = $attribute; return true; } - \OCP\Util::writeLog('user_ldap', - 'The looked for uuid attr is not '.$attribute.', result was '.print_r($value, true), - \OCP\Util::DEBUG); } + \OCP\Util::writeLog('user_ldap', + 'Could not autodetect the UUID attribute', + \OCP\Util::ERROR); return false; } - public function getUUID($dn) { - if($this->detectUuidAttribute($dn)) { - \OCP\Util::writeLog('user_ldap', - 'UUID Checking \ UUID for '.$dn.' using '. $this->connection->ldapUuidAttribute, - \OCP\Util::DEBUG); - $uuid = $this->readAttribute($dn, $this->connection->ldapUuidAttribute); - if(!is_array($uuid) && $this->connection->ldapOverrideUuidAttribute) { - $this->detectUuidAttribute($dn, true); - $uuid = $this->readAttribute($dn, $this->connection->ldapUuidAttribute); + public function getUUID($dn, $isUser = true) { + if($isUser) { + $uuidAttr = 'ldapUuidUserAttribute'; + $uuidOverride = $this->connection->ldapExpertUUIDUserAttr; + } else { + $uuidAttr = 'ldapUuidGroupAttribute'; + $uuidOverride = $this->connection->ldapExpertUUIDGroupAttr; + } + + $uuid = false; + if($this->detectUuidAttribute($dn, $isUser)) { + $uuid = $this->readAttribute($dn, $this->connection->$uuidAttr); + if( !is_array($uuid) + && !empty($uuidOverride) + && $this->detectUuidAttribute($dn, $isUser, true)) { + $uuid = $this->readAttribute($dn, + $this->connection->$uuidAttr); } if(is_array($uuid) && isset($uuid[0]) && !empty($uuid[0])) { $uuid = $uuid[0]; - } else { - $uuid = false; } - } else { - $uuid = false; } + return $uuid; } diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php index a53022c27b3..93efdb4c9cb 100644 --- a/apps/user_ldap/lib/connection.php +++ b/apps/user_ldap/lib/connection.php @@ -60,7 +60,8 @@ class Connection extends LDAPUtility { 'ldapQuotaDefault' => null, 'ldapEmailAttribute' => null, 'ldapCacheTTL' => null, - 'ldapUuidAttribute' => 'auto', + 'ldapUuidUserAttribute' => 'auto', + 'ldapUuidGroupAttribute' => 'auto', 'ldapOverrideUuidAttribute' => null, 'ldapOverrideMainServer' => false, 'ldapConfigurationActive' => false, @@ -69,7 +70,8 @@ class Connection extends LDAPUtility { 'homeFolderNamingRule' => null, 'hasPagedResultSupport' => false, 'ldapExpertUsernameAttr' => null, - 'ldapExpertUUIDAttr' => null, + 'ldapExpertUUIDUserAttr' => null, + 'ldapExpertUUIDGroupAttr' => null, ); /** @@ -120,11 +122,11 @@ class Connection extends LDAPUtility { public function __set($name, $value) { $changed = false; //only few options are writable - if($name === 'ldapUuidAttribute') { - \OCP\Util::writeLog('user_ldap', 'Set config ldapUuidAttribute to '.$value, \OCP\Util::DEBUG); + if($name === 'ldapUuidUserAttribute' || $name === 'ldapUuidGroupAttribute') { + \OCP\Util::writeLog('user_ldap', 'Set config '.$name.' to '.$value, \OCP\Util::DEBUG); $this->config[$name] = $value; if(!empty($this->configID)) { - \OCP\Config::setAppValue($this->configID, $this->configPrefix.'ldap_uuid_attribute', $value); + \OCP\Config::setAppValue($this->configID, $this->configPrefix.$name, $value); } $changed = true; } @@ -285,8 +287,10 @@ class Connection extends LDAPUtility { $this->config['ldapIgnoreNamingRules'] = \OCP\Config::getSystemValue('ldapIgnoreNamingRules', false); $this->config['ldapCacheTTL'] = $this->$v('ldap_cache_ttl'); - $this->config['ldapUuidAttribute'] - = $this->$v('ldap_uuid_attribute'); + $this->config['ldapUuidUserAttribute'] + = $this->$v('ldap_uuid_user_attribute'); + $this->config['ldapUuidGroupAttribute'] + = $this->$v('ldap_uuid_group_attribute'); $this->config['ldapOverrideUuidAttribute'] = $this->$v('ldap_override_uuid_attribute'); $this->config['homeFolderNamingRule'] @@ -299,8 +303,10 @@ class Connection extends LDAPUtility { = preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_group_search')); $this->config['ldapExpertUsernameAttr'] = $this->$v('ldap_expert_username_attr'); - $this->config['ldapExpertUUIDAttr'] - = $this->$v('ldap_expert_uuid_attr'); + $this->config['ldapExpertUUIDUserAttr'] + = $this->$v('ldap_expert_uuid_user_attr'); + $this->config['ldapExpertUUIDGroupAttr'] + = $this->$v('ldap_expert_uuid_group_attr'); $this->configured = $this->validateConfiguration(); } @@ -339,7 +345,8 @@ class Connection extends LDAPUtility { 'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch', 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch', 'ldap_expert_username_attr' => 'ldapExpertUsernameAttr', - 'ldap_expert_uuid_attr' => 'ldapExpertUUIDAttr', + 'ldap_expert_uuid_user_attr' => 'ldapExpertUUIDUserAttr', + 'ldap_expert_uuid_group_attr' => 'ldapExpertUUIDGroupAttr', ); return $array; } @@ -413,7 +420,8 @@ class Connection extends LDAPUtility { break; case 'ldapIgnoreNamingRules': case 'ldapOverrideUuidAttribute': - case 'ldapUuidAttribute': + case 'ldapUuidUserAttribute': + case 'ldapUuidGroupAttribute': case 'hasPagedResultSupport': continue 2; } @@ -476,13 +484,23 @@ class Connection extends LDAPUtility { } $uuidAttributes = array( 'auto', 'entryuuid', 'nsuniqueid', 'objectguid', 'guid'); - if(!in_array($this->config['ldapUuidAttribute'], $uuidAttributes) - && (!is_null($this->configID))) { - \OCP\Config::setAppValue($this->configID, $this->configPrefix.'ldap_uuid_attribute', 'auto'); - \OCP\Util::writeLog('user_ldap', - 'Illegal value for the UUID Attribute, reset to autodetect.', - \OCP\Util::INFO); + $uuidSettings = array( + 'ldapUuidUserAttribute' => 'ldapExpertUUIDUserAttr', + 'ldapUuidGroupAttribute' => 'ldapExpertUUIDGroupAttr'); + $cta = array_flip($this->getConfigTranslationArray()); + foreach($uuidSettings as $defaultKey => $overrideKey) { + if( !in_array($this->config[$defaultKey], $uuidAttributes) + && is_null($this->config[$overrideKey]) + && !is_null($this->configID)) { + \OCP\Config::setAppValue($this->configID, + $this->configPrefix.$cta[$defaultKey], + 'auto'); + \OCP\Util::writeLog('user_ldap', + 'Illegal value for'.$defaultKey.', reset to autodetect.', + \OCP\Util::DEBUG); + } } + if(empty($this->config['ldapBackupPort'])) { //force default $this->config['ldapBackupPort'] = $this->config['ldapPort']; @@ -502,8 +520,6 @@ class Connection extends LDAPUtility { \OCP\Util::INFO); } - - //second step: critical checks. If left empty or filled wrong, set as unconfigured and give a warning. $configurationOK = true; if(empty($this->config['ldapHost'])) { @@ -552,8 +568,11 @@ class Connection extends LDAPUtility { $configurationOK = false; } - if(!empty($this->config['ldapExpertUUIDAttr'])) { - $this->config['ldapUuidAttribute'] = $this->config['ldapExpertUUIDAttr']; + if(!empty($this->config['ldapExpertUUIDUserAttr'])) { + $this->config['ldapUuidUserAttribute'] = $this->config['ldapExpertUUIDUserAttr']; + } + if(!empty($this->config['ldapExpertUUIDGroupAttr'])) { + $this->config['ldapUuidGroupAttribute'] = $this->config['ldapExpertUUIDGroupAttr']; } return $configurationOK; @@ -587,15 +606,17 @@ class Connection extends LDAPUtility { 'ldap_email_attr' => '', 'ldap_group_member_assoc_attribute' => 'uniqueMember', 'ldap_cache_ttl' => 600, - 'ldap_uuid_attribute' => 'auto', + 'ldap_uuid_user_attribute' => 'auto', + 'ldap_uuid_group_attribute' => 'auto', 'ldap_override_uuid_attribute' => 0, 'home_folder_naming_rule' => '', 'ldap_turn_off_cert_check' => 0, 'ldap_configuration_active' => 1, 'ldap_attributes_for_user_search' => '', 'ldap_attributes_for_group_search' => '', - 'ldap_expert_username_attr' => '', - 'ldap_expert_uuid_attr' => '', + 'ldap_expert_username_attr' => '', + 'ldap_expert_uuid_user_attr' => '', + 'ldap_expert_uuid_group_attr' => '', ); } |