7 files changed, 320 insertions, 3 deletions
diff --git a/build/integration/features/bootstrap/BasicStructure.php b/build/integration/features/bootstrap/BasicStructure.php
index 32e02bad2a3..f6c93aa5174 100644
--- a/build/integration/features/bootstrap/BasicStructure.php
+++ b/build/integration/features/bootstrap/BasicStructure.php
@@ -497,4 +497,11 @@ trait BasicStructure {
 			$file->isDir() ? rmdir($file) : unlink($file);
 		}
 	}
+
+	/**
+	 * @Given /^cookies are reset$/
+	 */
+	public function cookiesAreReset() {
+		$this->cookieJar = new CookieJar();
+	}
 }
diff --git a/build/integration/features/bootstrap/LDAPContext.php b/build/integration/features/bootstrap/LDAPContext.php
index e2b30011515..ee7acab6f5f 100644
--- a/build/integration/features/bootstrap/LDAPContext.php
+++ b/build/integration/features/bootstrap/LDAPContext.php
@@ -32,6 +32,14 @@ class LDAPContext implements Context {
 
 	protected $apiUrl;
 
+	/** @AfterScenario */
+	public function teardown() {
+		if($this->configID === null) {
+			return;
+		}
+		$this->sendingTo('DELETE', $this->apiUrl . '/' . $this->configID);
+	}
+
 	/**
 	 * @Given /^the response should contain a tag "([^"]*)"$/
 	 */
@@ -82,4 +90,110 @@ class LDAPContext implements Context {
 	public function settingTheLDAPConfigurationTo(TableNode $configData) {
 		$this->sendingToWith('PUT', $this->apiUrl . '/' . $this->configID, $configData);
 	}
+
+	/**
+	 * @Given /^having a valid LDAP configuration$/
+	 */
+	public function havingAValidLDAPConfiguration() {
+		$this->asAn('admin');
+		$this->creatingAnLDAPConfigurationAt('/apps/user_ldap/api/v1/config');
+		$data = new TableNode([
+			['configData[ldapHost]', 'openldap'],
+			['configData[ldapPort]', '389'],
+			['configData[ldapBase]', 'dc=nextcloud,dc=ci'],
+			['configData[ldapAgentName]', 'cn=admin,dc=nextcloud,dc=ci'],
+			['configData[ldapAgentPassword]', 'admin'],
+			['configData[ldapUserFilter]', '(&(objectclass=inetorgperson))'],
+			['configData[ldapLoginFilter]', '(&(objectclass=inetorgperson)(uid=%uid))'],
+			['configData[ldapUserDisplayName]', 'displayname'],
+			['configData[ldapGroupDisplayName]', 'cn'],
+			['configData[ldapEmailAttribute]', 'mail'],
+			['configData[ldapConfigurationActive]', '1'],
+		]);
+		$this->settingTheLDAPConfigurationTo($data);
+		$this->asAn('');
+	}
+
+	/**
+	 * @Given /^looking up details for the first result matches expectations$/
+	 * @param TableNode $expectations
+	 */
+	public function lookingUpDetailsForTheFirstResult(TableNode $expectations) {
+		$userResultElements = simplexml_load_string($this->response->getBody())->data[0]->users[0]->element;
+		$userResults = json_decode(json_encode($userResultElements), 1);
+		$userId = array_shift($userResults);
+
+		$this->sendingTo('GET', '/cloud/users/' . $userId);
+		$this->theRecordFieldsShouldMatch($expectations);
+	}
+
+	/**
+	 * @Given /^modify LDAP configuration$/
+	 */
+	public function modifyLDAPConfiguration(TableNode $table) {
+		$originalAsAn = $this->currentUser;
+		$this->asAn('admin');
+		$configData = $table->getRows();
+		foreach($configData as &$row) {
+			$row[0] = 'configData[' . $row[0] . ']';
+		}
+		$this->settingTheLDAPConfigurationTo(new TableNode($configData));
+		$this->asAn($originalAsAn);
+	}
+
+	/**
+	 * @Given /^the "([^"]*)" result should match$/
+	 */
+	public function theGroupResultShouldMatch(string $type, TableNode $expectations) {
+		$listReturnedElements = simplexml_load_string($this->response->getBody())->data[0]->$type[0]->element;
+		$extractedIDsArray = json_decode(json_encode($listReturnedElements), 1);
+		foreach($expectations->getRows() as $expectation) {
+			if((int)$expectation[1] === 1) {
+				Assert::assertContains($expectation[0], $extractedIDsArray);
+			} else {
+				Assert::assertNotContains($expectation[0], $extractedIDsArray);
+			}
+		}
+	}
+
+	/**
+	 * @Given /^Expect ServerException on failed web login as "([^"]*)"$/
+	 */
+	public function expectServerExceptionOnFailedWebLoginAs($login) {
+		try {
+			$this->loggingInUsingWebAs($login);
+		} catch (\GuzzleHttp\Exception\ServerException $e) {
+			Assert::assertEquals(500, $e->getResponse()->getStatusCode());
+			return;
+		}
+		Assert::assertTrue(false, 'expected Exception not received');
+	}
+
+	/**
+	 * @Given /^the "([^"]*)" result should contain "([^"]*)" of$/
+	 */
+	public function theResultShouldContainOf($type, $expectedCount, TableNode $expectations) {
+		$listReturnedElements = simplexml_load_string($this->response->getBody())->data[0]->$type[0]->element;
+		$extractedIDsArray = json_decode(json_encode($listReturnedElements), 1);
+		$uidsFound = 0;
+		foreach($expectations->getRows() as $expectation) {
+			if(in_array($expectation[0], $extractedIDsArray)) {
+				$uidsFound++;
+			}
+		}
+		Assert::assertSame((int)$expectedCount, $uidsFound);
+	}
+
+	/**
+	 * @Given /^the record's fields should match$/
+	 */
+	public function theRecordFieldsShouldMatch(TableNode $expectations) {
+		foreach($expectations->getRowsHash() as $k => $v) {
+			$value = (string)simplexml_load_string($this->response->getBody())->data[0]->$k;
+			Assert::assertEquals($v, $value, "got $value");
+		}
+
+		$backend = (string)simplexml_load_string($this->response->getBody())->data[0]->backend;
+		Assert::assertEquals('LDAP', $backend);
+	}
 }
diff --git a/build/integration/features/provisioning-v1.feature b/build/integration/features/provisioning-v1.feature
index 8e65f4c1a0e..10b4c1bc005 100644
--- a/build/integration/features/provisioning-v1.feature
+++ b/build/integration/features/provisioning-v1.feature
@@ -342,6 +342,7 @@ Feature: provisioning
 			| theming |
 			| twofactor_backupcodes |
 			| updatenotification |
+			| user_ldap |
 			| workflowengine |
 			| files_external |
 			| oauth2 |
diff --git a/build/integration/ldap_features/ldap-openldap.feature b/build/integration/ldap_features/ldap-openldap.feature
new file mode 100644
index 00000000000..4c507e74595
--- /dev/null
+++ b/build/integration/ldap_features/ldap-openldap.feature
@@ -0,0 +1,104 @@
+Feature: LDAP
+  Background:
+    Given using api version "2"
+    And having a valid LDAP configuration
+
+  Scenario: Test valid configuration by logging in
+    Given Logging in using web as "alice"
+    And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
+    Then the HTTP status code should be "200"
+
+  Scenario: Test valid configuration with port in the hostname by logging in
+    Given modify LDAP configuration
+      | ldapHost | openldap:389 |
+    And cookies are reset
+    And Logging in using web as "alice"
+    And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
+    Then the HTTP status code should be "200"
+
+  Scenario: Test valid configuration with LDAP protocol by logging in
+    Given modify LDAP configuration
+      | ldapHost | ldap://openldap |
+    And cookies are reset
+    And Logging in using web as "alice"
+    And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
+    Then the HTTP status code should be "200"
+
+  Scenario: Test valid configuration with LDAP protoccol and port by logging in
+    Given modify LDAP configuration
+      | ldapHost | ldap://openldap:389 |
+    And cookies are reset
+    And Logging in using web as "alice"
+    And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
+    Then the HTTP status code should be "200"
+
+  Scenario: Look for a known LDAP user
+    Given As an "admin"
+    And sending "GET" to "/cloud/users?search=alice"
+    Then the OCS status code should be "200"
+    And looking up details for the first result matches expectations
+      | email           | alice@nextcloud.ci |
+      | displayname     | Alice              |
+
+  Scenario: Test group filter with one specific group
+    Given modify LDAP configuration
+      | ldapGroupFilter | cn=RedGroup |
+      | ldapBaseGroups  | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci  |
+    And As an "admin"
+    And sending "GET" to "/cloud/groups"
+    Then the OCS status code should be "200"
+    And the "groups" result should match
+      | RedGroup     | 1 |
+      | GreenGroup   | 0 |
+      | BlueGroup    | 0 |
+      | PurpleGroup  | 0 |
+
+  Scenario: Test group filter with two specific groups
+    Given modify LDAP configuration
+      | ldapGroupFilter | (\|(cn=RedGroup)(cn=GreenGroup)) |
+      | ldapBaseGroups  | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci  |
+    And As an "admin"
+    And sending "GET" to "/cloud/groups"
+    Then the OCS status code should be "200"
+    And the "groups" result should match
+      | RedGroup     | 1 |
+      | GreenGroup   | 1 |
+      | BlueGroup    | 0 |
+      | PurpleGroup  | 0 |
+
+  Scenario: Test group filter ruling out a group from a different base
+    Given modify LDAP configuration
+      | ldapGroupFilter | (objectClass=groupOfNames) |
+      | ldapBaseGroups  | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci  |
+    And As an "admin"
+    And sending "GET" to "/cloud/groups"
+    Then the OCS status code should be "200"
+    And the "groups" result should match
+      | RedGroup     | 1 |
+      | GreenGroup   | 1 |
+      | BlueGroup    | 1 |
+      | PurpleGroup  | 1 |
+      | SquareGroup  | 0 |
+
+  Scenario: Test backup server
+    Given modify LDAP configuration
+      | ldapBackupHost | openldap |
+      | ldapBackupPort | 389      |
+      | ldapHost       | foo.bar  |
+      | ldapPort       | 2456     |
+    And Logging in using web as "alice"
+    Then the HTTP status code should be "200"
+
+  Scenario: Test backup server offline
+    Given modify LDAP configuration
+      | ldapBackupHost | off.line |
+      | ldapBackupPort | 3892     |
+      | ldapHost       | foo.bar  |
+      | ldapPort       | 2456     |
+    Then Expect ServerException on failed web login as "alice"
+
+  Scenario: Test LDAP server offline, no backup server
+    Given modify LDAP configuration
+      | ldapHost       | foo.bar  |
+      | ldapPort       | 2456     |
+    Then Expect ServerException on failed web login as "alice"
diff --git a/build/integration/ldap_features/openldap-uid-username.feature b/build/integration/ldap_features/openldap-uid-username.feature
new file mode 100644
index 00000000000..d267870ca26
--- /dev/null
+++ b/build/integration/ldap_features/openldap-uid-username.feature
@@ -0,0 +1,88 @@
+Feature: LDAP
+  Background:
+    Given using api version "2"
+    And having a valid LDAP configuration
+    And modify LDAP configuration
+      | ldapExpertUsernameAttr | uid |
+
+  Scenario: Look for a expected LDAP users
+    Given As an "admin"
+    And sending "GET" to "/cloud/users"
+    Then the OCS status code should be "200"
+    And the "users" result should match
+      | alice | 1 |
+      | elisa | 1 |
+      | ghost | 0 |
+
+  Scenario: check default home of an LDAP user
+    Given As an "admin"
+    And sending "GET" to "/cloud/users/alice"
+    Then the OCS status code should be "200"
+    And the record's fields should match
+      | storageLocation | /dev/shm/nc_int/alice |
+
+  Scenario: check custom relative home of an LDAP user
+    Given modify LDAP configuration
+      | homeFolderNamingRule | sn |
+    And As an "admin"
+    And sending "GET" to "/cloud/users/alice"
+    Then the OCS status code should be "200"
+    And the record's fields should match
+      | storageLocation | /dev/shm/nc_int/Alfgeirdottir |
+
+  Scenario: check custom absolute home of an LDAP user
+    Given modify LDAP configuration
+      | homeFolderNamingRule | roomNumber |
+    And As an "admin"
+    And sending "GET" to "/cloud/users/elisa"
+    Then the OCS status code should be "200"
+    And the record's fields should match
+      | storageLocation | /dev/shm/elisa-data |
+
+  Scenario: Fetch all users, invoking pagination
+    Given modify LDAP configuration
+      | ldapBaseUsers  | ou=PagingTest,dc=nextcloud,dc=ci |
+      | ldapPagingSize | 2                                |
+    And As an "admin"
+    And sending "GET" to "/cloud/users"
+    Then the OCS status code should be "200"
+    And the "users" result should match
+      | ebba    | 1 |
+      | eindis  | 1 |
+      | fjolnir | 1 |
+      | gunna   | 1 |
+      | juliana | 1 |
+      | leo     | 1 |
+      | stigur  | 1 |
+
+  Scenario: Fetch all users, invoking pagination
+    Given modify LDAP configuration
+      | ldapBaseUsers  | ou=PagingTest,dc=nextcloud,dc=ci |
+      | ldapPagingSize | 2                                |
+    And As an "admin"
+    And sending "GET" to "/cloud/users?limit=10"
+    Then the OCS status code should be "200"
+    And the "users" result should match
+      | ebba    | 1 |
+      | eindis  | 1 |
+      | fjolnir | 1 |
+      | gunna   | 1 |
+      | juliana | 1 |
+      | leo     | 1 |
+      | stigur  | 1 |
+
+  Scenario: Fetch from second batch of all users, invoking pagination
+    Given modify LDAP configuration
+      | ldapBaseUsers  | ou=PagingTest,dc=nextcloud,dc=ci |
+      | ldapPagingSize | 2                                |
+    And As an "admin"
+    And sending "GET" to "/cloud/users?limit=10&offset=2"
+    Then the OCS status code should be "200"
+    And the "users" result should contain "5" of
+      | ebba    |
+      | eindis  |
+      | fjolnir |
+      | gunna   |
+      | juliana |
+      | leo     |
+      | stigur  |
diff --git a/build/integration/run.sh b/build/integration/run.sh
index b747bb52c6b..56f4ee7b07d 100755
--- a/build/integration/run.sh
+++ b/build/integration/run.sh
@@ -22,6 +22,7 @@ else
         exit 1
     fi
 fi
+NC_DATADIR=$($OCC config:system:get datadirectory)
 
 composer install
 
@@ -48,6 +49,7 @@ if [ "$INSTALLED" == "true" ]; then
 
     #Enable external storage app
     $OCC app:enable files_external
+    $OCC app:enable user_ldap
 
     mkdir -p work/local_storage
     OUTPUT_CREATE_STORAGE=`$OCC files_external:create local_storage local null::null -c datadir=$PWD/work/local_storage`
@@ -70,10 +72,11 @@ if [ "$INSTALLED" == "true" ]; then
 
     #Disable external storage app
     $OCC app:disable files_external
+    $OCC app:disable user_ldap
 fi
 
 if [ -z $HIDE_OC_LOGS ]; then
-	tail "${OC_PATH}/data/nextcloud.log"
+	tail "${NC_DATADIR}/nextcloud.log"
 fi
 
 echo "runsh: Exit code: $RESULT"
diff --git a/build/signed-off-checker.php b/build/signed-off-checker.php
index f21854a83d1..32deceb47b7 100644
--- a/build/signed-off-checker.php
+++ b/build/signed-off-checker.php
@@ -60,9 +60,9 @@ if(!is_string($githubToken) || $githubToken === '') {
 
 $ch = curl_init();
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-curl_setopt($ch, CURLOPT_URL, 'https://api.github.com/repos/'.$repoOwner.'/'.$repoName.'/pulls/'.$pullRequestNumber.'/commits');
+curl_setopt($ch, CURLOPT_URL, 'https://api.github.com/repos/' . $repoOwner . '/' . $repoName . '/pulls/' . $pullRequestNumber . '/commits');
 curl_setopt($ch, CURLOPT_USERAGENT, 'CI for Nextcloud (https://github.com/nextcloud/server)');
-curl_setopt($ch, CURLOPT_HTTPHEADER, 'Authorization: token ' . $githubToken);
+curl_setopt($ch, CURLOPT_HTTPHEADER, ['Authorization: token ' . $githubToken]);
 $response = curl_exec($ch);
 curl_close($ch);