diff options
Diffstat (limited to 'apps/user_ldap')
-rw-r--r-- | apps/user_ldap/ajax/testConfiguration.php | 10 | ||||
-rw-r--r-- | apps/user_ldap/appinfo/app.php | 4 | ||||
-rw-r--r-- | apps/user_ldap/appinfo/update.php | 4 | ||||
-rw-r--r-- | apps/user_ldap/group_ldap.php | 18 | ||||
-rw-r--r-- | apps/user_ldap/lib/access.php | 62 | ||||
-rw-r--r-- | apps/user_ldap/lib/connection.php | 88 | ||||
-rw-r--r-- | apps/user_ldap/lib/jobs.php | 34 | ||||
-rw-r--r-- | apps/user_ldap/templates/settings.php | 52 | ||||
-rw-r--r-- | apps/user_ldap/user_ldap.php | 18 |
9 files changed, 218 insertions, 72 deletions
diff --git a/apps/user_ldap/ajax/testConfiguration.php b/apps/user_ldap/ajax/testConfiguration.php index f8038e31469..cfc07ff263e 100644 --- a/apps/user_ldap/ajax/testConfiguration.php +++ b/apps/user_ldap/ajax/testConfiguration.php @@ -32,10 +32,14 @@ $connection = new \OCA\user_ldap\lib\Connection('', null); if($connection->setConfiguration($_POST)) { //Configuration is okay if($connection->bind()) { - OCP\JSON::success(array('message' => $l->t('The configuration is valid and the connection could be established!'))); + OCP\JSON::success(array('message' + => $l->t('The configuration is valid and the connection could be established!'))); } else { - OCP\JSON::error(array('message' => $l->t('The configuration is valid, but the Bind failed. Please check the server settings and credentials.'))); + OCP\JSON::error(array('message' + => $l->t('The configuration is valid, but the Bind failed.' + .' Please check the server settings and credentials.'))); } } else { - OCP\JSON::error(array('message' => $l->t('The configuration is invalid. Please look in the ownCloud log for further details.'))); + OCP\JSON::error(array('message' + => $l->t('The configuration is invalid. Please look in the ownCloud log for further details.'))); } diff --git a/apps/user_ldap/appinfo/app.php b/apps/user_ldap/appinfo/app.php index dec87684c9e..89410b5ef07 100644 --- a/apps/user_ldap/appinfo/app.php +++ b/apps/user_ldap/appinfo/app.php @@ -51,5 +51,7 @@ $entry = array( OCP\Backgroundjob::addRegularTask('OCA\user_ldap\lib\Jobs', 'updateGroups'); if(OCP\App::isEnabled('user_webdavauth')) { - OCP\Util::writeLog('user_ldap', 'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour', OCP\Util::WARN); + OCP\Util::writeLog('user_ldap', + 'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour', + OCP\Util::WARN); } diff --git a/apps/user_ldap/appinfo/update.php b/apps/user_ldap/appinfo/update.php index bc32d4ef4cc..2fcbf1902ac 100644 --- a/apps/user_ldap/appinfo/update.php +++ b/apps/user_ldap/appinfo/update.php @@ -58,7 +58,9 @@ foreach($objects as $object) { try { $updateQuery->execute(array($newDN, $uuid, $dn['ldap_dn'])); } catch(Exception $e) { - \OCP\Util::writeLog('user_ldap', 'Could not update '.$object.' '.$dn['ldap_dn'].' in the mappings table. ', \OCP\Util::WARN); + \OCP\Util::writeLog('user_ldap', + 'Could not update '.$object.' '.$dn['ldap_dn'].' in the mappings table. ', + \OCP\Util::WARN); } } diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php index 02ceecaea0b..4fd4c636913 100644 --- a/apps/user_ldap/group_ldap.php +++ b/apps/user_ldap/group_ldap.php @@ -177,7 +177,8 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface { if($isMemberUid) { //we got uids, need to get their DNs to 'tranlsate' them to usernames $filter = $this->combineFilterWithAnd(array( - \OCP\Util::mb_str_replace('%uid', $member, $this->connection>ldapLoginFilter, 'UTF-8'), + \OCP\Util::mb_str_replace('%uid', $member, + $this->connection>ldapLoginFilter, 'UTF-8'), $this->getFilterPartForUserSearch($search) )); $ldap_users = $this->fetchListOfUsers($filter, 'dn'); @@ -188,7 +189,9 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface { } else { //we got DNs, check if we need to filter by search or we can give back all of them if(!empty($search)) { - if(!$this->readAttribute($member, $this->connection->ldapUserDisplayName, $this->getFilterPartForUserSearch($search))) { + if(!$this->readAttribute($member, + $this->connection->ldapUserDisplayName, + $this->getFilterPartForUserSearch($search))) { continue; } } @@ -225,7 +228,8 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface { return $ldap_groups; } - // if we'd pass -1 to LDAP search, we'd end up in a Protocol error. With a limit of 0, we get 0 results. So we pass null. + // if we'd pass -1 to LDAP search, we'd end up in a Protocol + // error. With a limit of 0, we get 0 results. So we pass null. if($limit <= 0) { $limit = null; } @@ -234,7 +238,8 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface { $this->getFilterPartForGroupSearch($search) )); \OCP\Util::writeLog('user_ldap', 'getGroups Filter '.$filter, \OCP\Util::DEBUG); - $ldap_groups = $this->fetchListOfGroups($filter, array($this->connection->ldapGroupDisplayName, 'dn'), $limit, $offset); + $ldap_groups = $this->fetchListOfGroups($filter, array($this->connection->ldapGroupDisplayName, 'dn'), + $limit, $offset); $ldap_groups = $this->ownCloudGroupNames($ldap_groups); $this->connection->writeToCache($cachekey, $ldap_groups); @@ -282,7 +287,8 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface { * compared with OC_USER_BACKEND_CREATE_USER etc. */ public function implementsActions($actions) { - //always returns false, because possible actions are modifying actions. We do not write to LDAP, at least for now. + //always returns false, because possible actions are modifying + // actions. We do not write to LDAP, at least for now. return false; } -}
\ No newline at end of file +} diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php index 4aa8ae8e8a4..32910b6e252 100644 --- a/apps/user_ldap/lib/access.php +++ b/apps/user_ldap/lib/access.php @@ -48,7 +48,9 @@ abstract class Access { */ public function readAttribute($dn, $attr, $filter = 'objectClass=*') { if(!$this->checkConnection()) { - \OCP\Util::writeLog('user_ldap', 'No LDAP Connector assigned, access impossible for readAttribute.', \OCP\Util::WARN); + \OCP\Util::writeLog('user_ldap', + 'No LDAP Connector assigned, access impossible for readAttribute.', + \OCP\Util::WARN); return false; } $cr = $this->connection->getConnectionResource(); @@ -123,7 +125,8 @@ abstract class Access { return $result; } - //OID sometimes gives back DNs with whitespace after the comma a la "uid=foo, cn=bar, dn=..." We need to tackle this! + //OID sometimes gives back DNs with whitespace after the comma + // a la "uid=foo, cn=bar, dn=..." We need to tackle this! $dn = preg_replace('/([^\\\]),(\s+)/u', '\1,', $dn); //make comparisons and everything work @@ -218,7 +221,8 @@ abstract class Access { * @param $ldapname optional, the display name of the object * @returns string with with the name to use in ownCloud, false on DN outside of search DN * - * returns the internal ownCloud name for the given LDAP DN of the group, false on DN outside of search DN or failure + * returns the internal ownCloud name for the given LDAP DN of the + * group, false on DN outside of search DN or failure */ public function dn2groupname($dn, $ldapname = null) { //To avoid bypassing the base DN settings under certain circumstances @@ -646,7 +650,9 @@ abstract class Access { $sr = ldap_search($linkResources, $base, $filter, $attr); $error = ldap_errno($link_resource); if(!is_array($sr) || $error > 0) { - \OCP\Util::writeLog('user_ldap', 'Error when searching: '.ldap_error($link_resource).' code '.ldap_errno($link_resource), \OCP\Util::ERROR); + \OCP\Util::writeLog('user_ldap', + 'Error when searching: '.ldap_error($link_resource).' code '.ldap_errno($link_resource), + \OCP\Util::ERROR); \OCP\Util::writeLog('user_ldap', 'Attempt for Paging? '.print_r($pagedSearchOK, true), \OCP\Util::ERROR); return array(); } @@ -668,7 +674,9 @@ abstract class Access { if($skipHandling) { return; } - //if count is bigger, then the server does not support paged search. Instead, he did a normal search. We set a flag here, so the callee knows how to deal with it. + // if count is bigger, then the server does not support + // paged search. Instead, he did a normal search. We set a + // flag here, so the callee knows how to deal with it. if($findings['count'] <= $limit) { $this->pagedSearchedSuccessful = true; } @@ -702,7 +710,9 @@ abstract class Access { $key = mb_strtolower($key, 'UTF-8'); if(isset($item[$key])) { if($key != 'dn') { - $selection[$i][$key] = $this->resemblesDN($key) ? $this->sanitizeDN($item[$key][0]) : $item[$key][0]; + $selection[$i][$key] = $this->resemblesDN($key) ? + $this->sanitizeDN($item[$key][0]) + : $item[$key][0]; } else { $selection[$i][$key] = $this->sanitizeDN($item[$key]); } @@ -806,7 +816,9 @@ abstract class Access { * @return string the final filter part to use in LDAP searches */ public function getFilterPartForUserSearch($search) { - return $this->getFilterPartForSearch($search, $this->connection->ldapAttributesForUserSearch, $this->connection->ldapUserDisplayName); + return $this->getFilterPartForSearch($search, + $this->connection->ldapAttributesForUserSearch, + $this->connection->ldapUserDisplayName); } /** @@ -815,7 +827,9 @@ abstract class Access { * @return string the final filter part to use in LDAP searches */ public function getFilterPartForGroupSearch($search) { - return $this->getFilterPartForSearch($search, $this->connection->ldapAttributesForGroupSearch, $this->connection->ldapGroupDisplayName); + return $this->getFilterPartForSearch($search, + $this->connection->ldapAttributesForGroupSearch, + $this->connection->ldapGroupDisplayName); } /** @@ -874,13 +888,15 @@ abstract class Access { foreach($testAttributes as $attribute) { \OCP\Util::writeLog('user_ldap', 'Testing '.$attribute.' as UUID attr', \OCP\Util::DEBUG); - $value = $this->readAttribute($dn, $attribute); - if(is_array($value) && isset($value[0]) && !empty($value[0])) { + $value = $this->readAttribute($dn, $attribute); + if(is_array($value) && isset($value[0]) && !empty($value[0])) { \OCP\Util::writeLog('user_ldap', 'Setting '.$attribute.' as UUID attr', \OCP\Util::DEBUG); $this->connection->ldapUuidAttribute = $attribute; return true; - } - \OCP\Util::writeLog('user_ldap', 'The looked for uuid attr is not '.$attribute.', result was '.print_r($value, true), \OCP\Util::DEBUG); + } + \OCP\Util::writeLog('user_ldap', + 'The looked for uuid attr is not '.$attribute.', result was '.print_r($value, true), + \OCP\Util::DEBUG); } return false; @@ -888,7 +904,9 @@ abstract class Access { public function getUUID($dn) { if($this->detectUuidAttribute($dn)) { - \OCP\Util::writeLog('user_ldap', 'UUID Checking \ UUID for '.$dn.' using '. $this->connection->ldapUuidAttribute, \OCP\Util::DEBUG); + \OCP\Util::writeLog('user_ldap', + 'UUID Checking \ UUID for '.$dn.' using '. $this->connection->ldapUuidAttribute, + \OCP\Util::DEBUG); $uuid = $this->readAttribute($dn, $this->connection->ldapUuidAttribute); if(!is_array($uuid) && $this->connection->ldapOverrideUuidAttribute) { $this->detectUuidAttribute($dn, true); @@ -1027,13 +1045,20 @@ abstract class Access { $pagedSearchOK = false; if($this->connection->hasPagedResultSupport && !is_null($limit)) { $offset = intval($offset); //can be null - \OCP\Util::writeLog('user_ldap', 'initializing paged search for Filter'.$filter.' base '.print_r($bases, true).' attr '.print_r($attr, true). ' limit ' .$limit.' offset '.$offset, \OCP\Util::INFO); + \OCP\Util::writeLog('user_ldap', + 'initializing paged search for Filter'.$filter.' base '.print_r($bases, true) + .' attr '.print_r($attr, true). ' limit ' .$limit.' offset '.$offset, + \OCP\Util::INFO); //get the cookie from the search for the previous search, required by LDAP foreach($bases as $base) { $cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset); if(empty($cookie) && ($offset > 0)) { - //no cookie known, although the offset is not 0. Maybe cache run out. We need to start all over *sigh* (btw, Dear Reader, did you need LDAP paged searching was designed by MSFT?) + // no cookie known, although the offset + // is not 0. Maybe cache run out. We need + // to start all over *sigh* (btw, Dear + // Reader, did you need LDAP paged + // searching was designed by MSFT?) $reOffset = ($offset - $limit) < 0 ? 0 : $offset - $limit; //a bit recursive, $offset of 0 is the exit \OCP\Util::writeLog('user_ldap', 'Looking for cookie L/O '.$limit.'/'.$reOffset, \OCP\Util::INFO); @@ -1049,13 +1074,16 @@ abstract class Access { if($offset > 0) { \OCP\Util::writeLog('user_ldap', 'Cookie '.$cookie, \OCP\Util::INFO); } - $pagedSearchOK = ldap_control_paged_result($this->connection->getConnectionResource(), $limit, false, $cookie); + $pagedSearchOK = ldap_control_paged_result($this->connection->getConnectionResource(), + $limit, false, $cookie); if(!$pagedSearchOK) { return false; } \OCP\Util::writeLog('user_ldap', 'Ready for a paged search', \OCP\Util::INFO); } else { - \OCP\Util::writeLog('user_ldap', 'No paged search for us, Cpt., Limit '.$limit.' Offset '.$offset, \OCP\Util::INFO); + \OCP\Util::writeLog('user_ldap', + 'No paged search for us, Cpt., Limit '.$limit.' Offset '.$offset, + \OCP\Util::INFO); } } diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php index 933f2f42074..63cd5e78da5 100644 --- a/apps/user_ldap/lib/connection.php +++ b/apps/user_ldap/lib/connection.php @@ -76,7 +76,8 @@ class Connection { $this->configPrefix = $configPrefix; $this->configID = $configID; $this->cache = \OC_Cache::getGlobalCache(); - $this->config['hasPagedResultSupport'] = (function_exists('ldap_control_paged_result') && function_exists('ldap_control_paged_result_response')); + $this->config['hasPagedResultSupport'] = (function_exists('ldap_control_paged_result') + && function_exists('ldap_control_paged_result_response')); } public function __destruct() { @@ -235,7 +236,7 @@ class Connection { $this->config['turnOffCertCheck'] = $this->$v('ldap_turn_off_cert_check'); $this->config['ldapUserDisplayName'] - = mb_strtolower($this->$v('ldap_display_name'),'UTF-8'); + = mb_strtolower($this->$v('ldap_display_name'), 'UTF-8'); $this->config['ldapUserFilter'] = $this->$v('ldap_userlist_filter'); $this->config['ldapGroupFilter'] = $this->$v('ldap_group_filter'); @@ -274,9 +275,36 @@ class Connection { * @return returns an array that maps internal variable names to database fields */ private function getConfigTranslationArray() { - static $array = array('ldap_host'=>'ldapHost', 'ldap_port'=>'ldapPort', 'ldap_backup_host'=>'ldapBackupHost', 'ldap_backup_port'=>'ldapBackupPort', 'ldap_override_main_server' => 'ldapOverrideMainServer', 'ldap_dn'=>'ldapAgentName', 'ldap_agent_password'=>'ldapAgentPassword', 'ldap_base'=>'ldapBase', 'ldap_base_users'=>'ldapBaseUsers', 'ldap_base_groups'=>'ldapBaseGroups', 'ldap_userlist_filter'=>'ldapUserFilter', 'ldap_login_filter'=>'ldapLoginFilter', 'ldap_group_filter'=>'ldapGroupFilter', 'ldap_display_name'=>'ldapUserDisplayName', 'ldap_group_display_name'=>'ldapGroupDisplayName', - - 'ldap_tls'=>'ldapTLS', 'ldap_nocase'=>'ldapNoCase', 'ldap_quota_def'=>'ldapQuotaDefault', 'ldap_quota_attr'=>'ldapQuotaAttribute', 'ldap_email_attr'=>'ldapEmailAttribute', 'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr', 'ldap_cache_ttl'=>'ldapCacheTTL', 'home_folder_naming_rule' => 'homeFolderNamingRule', 'ldap_turn_off_cert_check' => 'turnOffCertCheck', 'ldap_configuration_active' => 'ldapConfigurationActive', 'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch', 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch'); + static $array = array( + 'ldap_host'=>'ldapHost', + 'ldap_port'=>'ldapPort', + 'ldap_backup_host'=>'ldapBackupHost', + 'ldap_backup_port'=>'ldapBackupPort', + 'ldap_override_main_server' => 'ldapOverrideMainServer', + 'ldap_dn'=>'ldapAgentName', + 'ldap_agent_password'=>'ldapAgentPassword', + 'ldap_base'=>'ldapBase', + 'ldap_base_users'=>'ldapBaseUsers', + 'ldap_base_groups'=>'ldapBaseGroups', + 'ldap_userlist_filter'=>'ldapUserFilter', + 'ldap_login_filter'=>'ldapLoginFilter', + 'ldap_group_filter'=>'ldapGroupFilter', + 'ldap_display_name'=>'ldapUserDisplayName', + 'ldap_group_display_name'=>'ldapGroupDisplayName', + + 'ldap_tls'=>'ldapTLS', + 'ldap_nocase'=>'ldapNoCase', + 'ldap_quota_def'=>'ldapQuotaDefault', + 'ldap_quota_attr'=>'ldapQuotaAttribute', + 'ldap_email_attr'=>'ldapEmailAttribute', + 'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr', + 'ldap_cache_ttl'=>'ldapCacheTTL', + 'home_folder_naming_rule' => 'homeFolderNamingRule', + 'ldap_turn_off_cert_check' => 'turnOffCertCheck', + 'ldap_configuration_active' => 'ldapConfigurationActive', + 'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch', + 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch' + ); return $array; } @@ -387,7 +415,8 @@ class Connection { * @returns true if configuration seems OK, false otherwise */ private function validateConfiguration() { - //first step: "soft" checks: settings that are not really necessary, but advisable. If left empty, give an info message + // first step: "soft" checks: settings that are not really + // necessary, but advisable. If left empty, give an info message if(empty($this->config['ldapBaseUsers'])) { \OCP\Util::writeLog('user_ldap', 'Base tree for Users is empty, using Base DN', \OCP\Util::INFO); $this->config['ldapBaseUsers'] = $this->config['ldapBase']; @@ -397,11 +426,16 @@ class Connection { $this->config['ldapBaseGroups'] = $this->config['ldapBase']; } if(empty($this->config['ldapGroupFilter']) && empty($this->config['ldapGroupMemberAssocAttr'])) { - \OCP\Util::writeLog('user_ldap', 'No group filter is specified, LDAP group feature will not be used.', \OCP\Util::INFO); + \OCP\Util::writeLog('user_ldap', + 'No group filter is specified, LDAP group feature will not be used.', + \OCP\Util::INFO); } - if(!in_array($this->config['ldapUuidAttribute'], array('auto', 'entryuuid', 'nsuniqueid', 'objectguid')) && (!is_null($this->configID))) { + if(!in_array($this->config['ldapUuidAttribute'], array('auto', 'entryuuid', 'nsuniqueid', 'objectguid')) + && (!is_null($this->configID))) { \OCP\Config::setAppValue($this->configID, $this->configPrefix.'ldap_uuid_attribute', 'auto'); - \OCP\Util::writeLog('user_ldap', 'Illegal value for the UUID Attribute, reset to autodetect.', \OCP\Util::INFO); + \OCP\Util::writeLog('user_ldap', + 'Illegal value for the UUID Attribute, reset to autodetect.', + \OCP\Util::INFO); } if(empty($this->config['ldapBackupPort'])) { //force default @@ -417,7 +451,9 @@ class Connection { if((strpos($this->config['ldapHost'], 'ldaps') === 0) && $this->config['ldapTLS']) { $this->config['ldapTLS'] = false; - \OCP\Util::writeLog('user_ldap', 'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.', \OCP\Util::INFO); + \OCP\Util::writeLog('user_ldap', + 'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.', + \OCP\Util::INFO); } @@ -434,20 +470,28 @@ class Connection { } if((empty($this->config['ldapAgentName']) && !empty($this->config['ldapAgentPassword'])) || (!empty($this->config['ldapAgentName']) && empty($this->config['ldapAgentPassword']))) { - \OCP\Util::writeLog('user_ldap', 'Either no password given for the user agent or a password is given, but no LDAP agent; won`t connect.', \OCP\Util::WARN); + \OCP\Util::writeLog('user_ldap', + 'Either no password given for the user agent or a password is given, but no LDAP agent; won`t connect.', + \OCP\Util::WARN); $configurationOK = false; } //TODO: check if ldapAgentName is in DN form - if(empty($this->config['ldapBase']) && (empty($this->config['ldapBaseUsers']) && empty($this->config['ldapBaseGroups']))) { + if(empty($this->config['ldapBase']) + && (empty($this->config['ldapBaseUsers']) + && empty($this->config['ldapBaseGroups']))) { \OCP\Util::writeLog('user_ldap', 'No Base DN given, won`t connect.', \OCP\Util::WARN); $configurationOK = false; } if(empty($this->config['ldapUserDisplayName'])) { - \OCP\Util::writeLog('user_ldap', 'No user display name attribute specified, won`t connect.', \OCP\Util::WARN); + \OCP\Util::writeLog('user_ldap', + 'No user display name attribute specified, won`t connect.', + \OCP\Util::WARN); $configurationOK = false; } if(empty($this->config['ldapGroupDisplayName'])) { - \OCP\Util::writeLog('user_ldap', 'No group display name attribute specified, won`t connect.', \OCP\Util::WARN); + \OCP\Util::writeLog('user_ldap', + 'No group display name attribute specified, won`t connect.', + \OCP\Util::WARN); $configurationOK = false; } if(empty($this->config['ldapLoginFilter'])) { @@ -455,7 +499,9 @@ class Connection { $configurationOK = false; } if(mb_strpos($this->config['ldapLoginFilter'], '%uid', 0, 'UTF-8') === false) { - \OCP\Util::writeLog('user_ldap', 'Login filter does not contain %uid place holder, won`t connect.', \OCP\Util::WARN); + \OCP\Util::writeLog('user_ldap', + 'Login filter does not contain %uid place holder, won`t connect.', + \OCP\Util::WARN); \OCP\Util::writeLog('user_ldap', 'Login filter was ' . $this->config['ldapLoginFilter'], \OCP\Util::DEBUG); $configurationOK = false; } @@ -519,13 +565,17 @@ class Connection { if(!$this->ldapConnectionRes) { if(!function_exists('ldap_connect')) { $phpLDAPinstalled = false; - \OCP\Util::writeLog('user_ldap', 'function ldap_connect is not available. Make sure that the PHP ldap module is installed.', \OCP\Util::ERROR); + \OCP\Util::writeLog('user_ldap', + 'function ldap_connect is not available. Make sure that the PHP ldap module is installed.', + \OCP\Util::ERROR); return false; } if($this->config['turnOffCertCheck']) { if(putenv('LDAPTLS_REQCERT=never')) { - \OCP\Util::writeLog('user_ldap', 'Turned off SSL certificate validation successfully.', \OCP\Util::WARN); + \OCP\Util::writeLog('user_ldap', + 'Turned off SSL certificate validation successfully.', + \OCP\Util::WARN); } else { \OCP\Util::writeLog('user_ldap', 'Could not turn off SSL certificate validation.', \OCP\Util::WARN); } @@ -583,7 +633,9 @@ class Connection { } $ldapLogin = @ldap_bind($cr, $this->config['ldapAgentName'], $this->config['ldapAgentPassword']); if(!$ldapLogin) { - \OCP\Util::writeLog('user_ldap', 'Bind failed: ' . ldap_errno($cr) . ': ' . ldap_error($cr), \OCP\Util::ERROR); + \OCP\Util::writeLog('user_ldap', + 'Bind failed: ' . ldap_errno($cr) . ': ' . ldap_error($cr), + \OCP\Util::ERROR); $this->ldapConnectionRes = null; return false; } diff --git a/apps/user_ldap/lib/jobs.php b/apps/user_ldap/lib/jobs.php index b265a8339ef..094d11db3d5 100644 --- a/apps/user_ldap/lib/jobs.php +++ b/apps/user_ldap/lib/jobs.php @@ -42,7 +42,9 @@ class Jobs { $actualGroups = self::getGroupBE()->getGroups(); if(empty($actualGroups) && empty($knownGroups)) { - \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – groups do not seem to be configured properly, aborting.', \OCP\Util::INFO); + \OCP\Util::writeLog('user_ldap', + 'bgJ "updateGroups" – groups do not seem to be configured properly, aborting.', + \OCP\Util::INFO); \OCP\Config::setAppValue('user_ldap', 'bgjUpdateGroupsLastRun', time()); return; } @@ -75,19 +77,25 @@ class Jobs { $hasChanged = false; foreach(array_diff($knownUsers, $actualUsers) as $removedUser) { \OCP\Util::emitHook('OC_User', 'post_removeFromGroup', array('uid' => $removedUser, 'gid' => $group)); - \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – "'.$removedUser.'" removed from "'.$group.'".', \OCP\Util::INFO); + \OCP\Util::writeLog('user_ldap', + 'bgJ "updateGroups" – "'.$removedUser.'" removed from "'.$group.'".', + \OCP\Util::INFO); $hasChanged = true; } foreach(array_diff($actualUsers, $knownUsers) as $addedUser) { \OCP\Util::emitHook('OC_User', 'post_addFromGroup', array('uid' => $addedUser, 'gid' => $group)); - \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – "'.$addedUser.'" added to "'.$group.'".', \OCP\Util::INFO); + \OCP\Util::writeLog('user_ldap', + 'bgJ "updateGroups" – "'.$addedUser.'" added to "'.$group.'".', + \OCP\Util::INFO); $hasChanged = true; } if($hasChanged) { $query->execute(array(serialize($actualUsers), $group)); } } - \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – FINISHED dealing with known Groups.', \OCP\Util::DEBUG); + \OCP\Util::writeLog('user_ldap', + 'bgJ "updateGroups" – FINISHED dealing with known Groups.', + \OCP\Util::DEBUG); } static private function handleCreatedGroups($createdGroups) { @@ -98,11 +106,15 @@ class Jobs { VALUES (?, ?) '); foreach($createdGroups as $createdGroup) { - \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – new group "'.$createdGroup.'" found.', \OCP\Util::INFO); + \OCP\Util::writeLog('user_ldap', + 'bgJ "updateGroups" – new group "'.$createdGroup.'" found.', + \OCP\Util::INFO); $users = serialize(self::getGroupBE()->usersInGroup($createdGroup)); $query->execute(array($createdGroup, $users)); } - \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – FINISHED dealing with created Groups.', \OCP\Util::DEBUG); + \OCP\Util::writeLog('user_ldap', + 'bgJ "updateGroups" – FINISHED dealing with created Groups.', + \OCP\Util::DEBUG); } static private function handleRemovedGroups($removedGroups) { @@ -113,10 +125,14 @@ class Jobs { WHERE `owncloudname` = ? '); foreach($removedGroups as $removedGroup) { - \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – group "'.$removedGroup.'" was removed.', \OCP\Util::INFO); + \OCP\Util::writeLog('user_ldap', + 'bgJ "updateGroups" – group "'.$removedGroup.'" was removed.', + \OCP\Util::INFO); $query->execute(array($removedGroup)); } - \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – FINISHED dealing with removed groups.', \OCP\Util::DEBUG); + \OCP\Util::writeLog('user_ldap', + 'bgJ "updateGroups" – FINISHED dealing with removed groups.', + \OCP\Util::DEBUG); } static private function getConnector() { @@ -154,4 +170,4 @@ class Jobs { return self::$groupsFromDB; } -}
\ No newline at end of file +} diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php index c6f1834e013..43f87c076d7 100644 --- a/apps/user_ldap/templates/settings.php +++ b/apps/user_ldap/templates/settings.php @@ -5,26 +5,56 @@ <li><a href="#ldapSettings-2">Advanced</a></li> </ul> <?php if(OCP\App::isEnabled('user_webdavauth')) { - echo '<p class="ldapwarning">'.$l->t('<b>Warning:</b> Apps user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour. Please ask your system administrator to disable one of them.').'</p>'; + echo '<p class="ldapwarning">'.$l->t('<b>Warning:</b> Apps user_ldap and user_webdavauth are incompatible.' + .' You may experience unexpected behaviour.' + .' Please ask your system administrator to disable one of them.').'</p>'; } if(!function_exists('ldap_connect')) { - echo '<p class="ldapwarning">'.$l->t('<b>Warning:</b> The PHP LDAP module is not installed, the backend will not work. Please ask your system administrator to install it.').'</p>'; + echo '<p class="ldapwarning">'.$l->t('<b>Warning:</b> The PHP LDAP module is not installed,' + .' the backend will not work. Please ask your system administrator to install it.').'</p>'; } ?> <fieldset id="ldapSettings-1"> - <p><label for="ldap_serverconfig_chooser"><?php echo $l->t('Server configuration');?></label><select id="ldap_serverconfig_chooser" name="ldap_serverconfig_chooser"> + <p><label for="ldap_serverconfig_chooser"><?php echo $l->t('Server configuration');?></label> + <select id="ldap_serverconfig_chooser" name="ldap_serverconfig_chooser"> <?php echo $_['serverConfigurationOptions']; ?> <option value="NEW"><?php echo $l->t('Add Server Configuration');?></option> </select> - <button id="ldap_action_delete_configuration" name="ldap_action_delete_configuration">Delete Configuration</button> + <button id="ldap_action_delete_configuration" + name="ldap_action_delete_configuration">Delete Configuration</button> </p> - <p><label for="ldap_host"><?php echo $l->t('Host');?></label><input type="text" id="ldap_host" name="ldap_host" data-default="<?php echo $_['ldap_host_default']; ?>" title="<?php echo $l->t('You can omit the protocol, except you require SSL. Then start with ldaps://');?>"></p> - <p><label for="ldap_base"><?php echo $l->t('Base DN');?></label><textarea id="ldap_base" name="ldap_base" placeholder="<?php echo $l->t('One Base DN per line');?>" title="<?php echo $l->t('You can specify Base DN for users and groups in the Advanced tab');?>" data-default="<?php echo $_['ldap_base_default']; ?>" ></textarea></p> - <p><label for="ldap_dn"><?php echo $l->t('User DN');?></label><input type="text" id="ldap_dn" name="ldap_dn" data-default="<?php echo $_['ldap_dn_default']; ?>" title="<?php echo $l->t('The DN of the client user with which the bind shall be done, e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.');?>" /></p> - <p><label for="ldap_agent_password"><?php echo $l->t('Password');?></label><input type="password" id="ldap_agent_password" name="ldap_agent_password" data-default="<?php echo $_['ldap_agent_password_default']; ?>" title="<?php echo $l->t('For anonymous access, leave DN and Password empty.');?>" /></p> - <p><label for="ldap_login_filter"><?php echo $l->t('User Login Filter');?></label><input type="text" id="ldap_login_filter" name="ldap_login_filter" data-default="<?php echo $_['ldap_login_filter_default']; ?>" title="<?php echo $l->t('Defines the filter to apply, when login is attempted. %%uid replaces the username in the login action.');?>" /><br /><small><?php echo $l->t('use %%uid placeholder, e.g. "uid=%%uid"');?></small></p> - <p><label for="ldap_userlist_filter"><?php echo $l->t('User List Filter');?></label><input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter" data-default="<?php echo $_['ldap_userlist_filter_default']; ?>" title="<?php echo $l->t('Defines the filter to apply, when retrieving users.');?>" /><br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=person".');?></small></p> - <p><label for="ldap_group_filter"><?php echo $l->t('Group Filter');?></label><input type="text" id="ldap_group_filter" name="ldap_group_filter" data-default="<?php echo $_['ldap_group_filter_default']; ?>" title="<?php echo $l->t('Defines the filter to apply, when retrieving groups.');?>" /><br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=posixGroup".');?></small></p> + <p><label for="ldap_host"><?php echo $l->t('Host');?></label> + <input type="text" id="ldap_host" name="ldap_host" data-default="<?php echo $_['ldap_host_default']; ?>" + title="<?php echo $l->t('You can omit the protocol, except you require SSL.' + .' Then start with ldaps://');?>"></p> + <p><label for="ldap_base"><?php echo $l->t('Base DN');?></label> + <textarea id="ldap_base" name="ldap_base" placeholder="<?php echo $l->t('One Base DN per line');?>" + title="<?php echo $l->t('You can specify Base DN for users and groups in the Advanced tab');?>" + data-default="<?php echo $_['ldap_base_default']; ?>" ></textarea></p> + <p><label for="ldap_dn"><?php echo $l->t('User DN');?></label> + <input type="text" id="ldap_dn" name="ldap_dn" data-default="<?php echo $_['ldap_dn_default']; ?>" + title="<?php echo $l->t('The DN of the client user with which the bind shall be done,' + .' e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.');?>" /></p> + <p><label for="ldap_agent_password"><?php echo $l->t('Password');?></label> + <input type="password" id="ldap_agent_password" name="ldap_agent_password" + data-default="<?php echo $_['ldap_agent_password_default']; ?>" + title="<?php echo $l->t('For anonymous access, leave DN and Password empty.');?>" /></p> + <p><label for="ldap_login_filter"><?php echo $l->t('User Login Filter');?></label> + <input type="text" id="ldap_login_filter" name="ldap_login_filter" + data-default="<?php echo $_['ldap_login_filter_default']; ?>" + title="<?php echo $l->t('Defines the filter to apply, when login is attempted.' + .' %%uid replaces the username in the login action.');?>" /> + <br /><small><?php echo $l->t('use %%uid placeholder, e.g. "uid=%%uid"');?></small></p> + <p><label for="ldap_userlist_filter"><?php echo $l->t('User List Filter');?></label> + <input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter" + data-default="<?php echo $_['ldap_userlist_filter_default']; ?>" + title="<?php echo $l->t('Defines the filter to apply, when retrieving users.');?>" /> + <br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=person".');?></small></p> + <p><label for="ldap_group_filter"><?php echo $l->t('Group Filter');?></label> + <input type="text" id="ldap_group_filter" name="ldap_group_filter" + data-default="<?php echo $_['ldap_group_filter_default']; ?>" + title="<?php echo $l->t('Defines the filter to apply, when retrieving groups.');?>" /> + <br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=posixGroup".');?></small></p> </fieldset> <fieldset id="ldapSettings-2"> <div id="ldapAdvancedAccordion"> diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php index 7778c37c794..2b247362448 100644 --- a/apps/user_ldap/user_ldap.php +++ b/apps/user_ldap/user_ldap.php @@ -112,7 +112,8 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface { return $ldap_users; } - // if we'd pass -1 to LDAP search, we'd end up in a Protocol error. With a limit of 0, we get 0 results. So we pass null. + // if we'd pass -1 to LDAP search, we'd end up in a Protocol + // error. With a limit of 0, we get 0 results. So we pass null. if($limit <= 0) { $limit = null; } @@ -121,9 +122,12 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface { $this->getFilterPartForUserSearch($search) )); - \OCP\Util::writeLog('user_ldap', 'getUsers: Options: search '.$search.' limit '.$limit.' offset '.$offset.' Filter: '.$filter, \OCP\Util::DEBUG); + \OCP\Util::writeLog('user_ldap', + 'getUsers: Options: search '.$search.' limit '.$limit.' offset '.$offset.' Filter: '.$filter, + \OCP\Util::DEBUG); //do the search and translate results to owncloud names - $ldap_users = $this->fetchListOfUsers($filter, array($this->connection->ldapUserDisplayName, 'dn'), $limit, $offset); + $ldap_users = $this->fetchListOfUsers($filter, array($this->connection->ldapUserDisplayName, 'dn'), + $limit, $offset); $ldap_users = $this->ownCloudUserNames($ldap_users); \OCP\Util::writeLog('user_ldap', 'getUsers: '.count($ldap_users). ' Users found', \OCP\Util::DEBUG); @@ -189,11 +193,13 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface { //check for / at the beginning or pattern c:\ resp. c:/ if( '/' == $path[0] - || (3 < strlen($path) && ctype_alpha($path[0]) && $path[1] == ':' && ('\\' == $path[2] || '/' == $path[2])) + || (3 < strlen($path) && ctype_alpha($path[0]) + && $path[1] == ':' && ('\\' == $path[2] || '/' == $path[2])) ) { $homedir = $path; } else { - $homedir = \OCP\Config::getSystemValue('datadirectory', \OC::$SERVERROOT.'/data' ) . '/' . $homedir[0]; + $homedir = \OCP\Config::getSystemValue('datadirectory', + \OC::$SERVERROOT.'/data' ) . '/' . $homedir[0]; } $this->connection->writeToCache($cacheKey, $homedir); return $homedir; @@ -267,4 +273,4 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface { public function hasUserListings() { return true; } -}
\ No newline at end of file +} |