From bc17b40650875102521214d5f8b7580c3193b8df Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Tue, 4 Feb 2014 17:56:53 +0100
Subject: LDAP: extend LDAP wrapper search method for sizelimit, improves
 performance in wizard

---
 apps/user_ldap/lib/ildapwrapper.php | 4 +++-
 apps/user_ldap/lib/ldap.php         | 6 +++---
 2 files changed, 6 insertions(+), 4 deletions(-)

(limited to 'apps/user_ldap')

diff --git a/apps/user_ldap/lib/ildapwrapper.php b/apps/user_ldap/lib/ildapwrapper.php
index 20587cba7db..e60cf5ec63f 100644
--- a/apps/user_ldap/lib/ildapwrapper.php
+++ b/apps/user_ldap/lib/ildapwrapper.php
@@ -145,9 +145,11 @@ interface ILDAPWrapper {
 	 * @param $baseDN The DN of the entry to read from
 	 * @param $filter An LDAP filter
 	 * @param $attr array of the attributes to read
+	 * @param $attrsonly optional, 1 if only attribute types shall be returned
+	 * @param $limit optional, limits the result entries
 	 * @return an LDAP search result resource, false on error
 	 */
-	public function search($link, $baseDN, $filter, $attr);
+	public function search($link, $baseDN, $filter, $attr, $attrsonly = 0, $limit = 0);
 
 	/**
 	 * @brief Sets the value of the specified option to be $value
diff --git a/apps/user_ldap/lib/ldap.php b/apps/user_ldap/lib/ldap.php
index dda8533c41f..a99c6480121 100644
--- a/apps/user_ldap/lib/ldap.php
+++ b/apps/user_ldap/lib/ldap.php
@@ -85,9 +85,9 @@ class LDAP implements ILDAPWrapper {
 		return $this->invokeLDAPMethod('read', $link, $baseDN, $filter, $attr);
 	}
 
-	public function search($link, $baseDN, $filter, $attr) {
-		return $this->invokeLDAPMethod('search', $link, $baseDN,
-										$filter, $attr);
+	public function search($link, $baseDN, $filter, $attr, $attrsonly = 0, $limit = 0) {
+		return $this->invokeLDAPMethod('search', $link, $baseDN, $filter,
+										$attr, $attrsonly, $limit);
 	}
 
 	public function setOption($link, $option, $value) {
-- 
cgit v1.2.3


From a908bd56953edb94f48dc483278f5427d51c17b2 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Tue, 4 Feb 2014 19:37:40 +0100
Subject: throw an info message, when base dn test failed

---
 apps/user_ldap/lib/wizard.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'apps/user_ldap')

diff --git a/apps/user_ldap/lib/wizard.php b/apps/user_ldap/lib/wizard.php
index b70ede8599c..30ce455274b 100644
--- a/apps/user_ldap/lib/wizard.php
+++ b/apps/user_ldap/lib/wizard.php
@@ -567,6 +567,10 @@ class Wizard extends LDAPUtility {
 		//get a result set > 0 on a proper base
 		$rr = $this->ldap->search($cr, $base, 'objectClass=*', array('dn'), 0, 1);
 		if(!$this->ldap->isResource($rr)) {
+			$errorNo  = $this->ldap->errno($cr);
+			$errorMsg = $this->ldap->error($cr);
+			\OCP\Util::writeLog('user_ldap', 'Wiz: Could not search base '.$base.
+							' Error '.$errorNo.': '.$errorMsg, \OCP\Util::INFO);
 			return false;
 		}
 		$entries = $this->ldap->countEntries($cr, $rr);
-- 
cgit v1.2.3


From e825a008c9b99199bc91b87cb0e5ca88109aa202 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Wed, 5 Feb 2014 10:29:09 +0100
Subject: Wizard: disable LDAP referrals, fixes #6670

---
 apps/user_ldap/lib/wizard.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'apps/user_ldap')

diff --git a/apps/user_ldap/lib/wizard.php b/apps/user_ldap/lib/wizard.php
index 30ce455274b..00623b74fb1 100644
--- a/apps/user_ldap/lib/wizard.php
+++ b/apps/user_ldap/lib/wizard.php
@@ -1014,6 +1014,7 @@ class Wizard extends LDAPUtility {
 			$this->configuration->ldapPort);
 
 		$this->ldap->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
+		$this->ldap->setOption($cr, LDAP_OPT_REFERRALS, 0);
 		$this->ldap->setOption($cr, LDAP_OPT_NETWORK_TIMEOUT, self::LDAP_NW_TIMEOUT);
 		if($this->configuration->ldapTLS === 1) {
 			$this->ldap->startTls($cr);
-- 
cgit v1.2.3


From a76840d20650b09d1a403c3f8e78dbf398a46fda Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Wed, 5 Feb 2014 10:30:56 +0100
Subject: Wizard: enable base DN for editing, if not base DN could have been
 detected. Also part of fix for #6670

---
 apps/user_ldap/js/settings.js | 1 +
 1 file changed, 1 insertion(+)

(limited to 'apps/user_ldap')

diff --git a/apps/user_ldap/js/settings.js b/apps/user_ldap/js/settings.js
index acf88ef58a4..792638f2b58 100644
--- a/apps/user_ldap/js/settings.js
+++ b/apps/user_ldap/js/settings.js
@@ -240,6 +240,7 @@ var LdapWizard = {
 					LdapWizard.hideSpinner('#ldap_base');
 					LdapWizard.showInfoBox('Please specify a Base DN');
 					LdapWizard.showInfoBox('Could not determine Base DN');
+					$('#ldap_base').prop('disabled', false);
 				}
 			);
 		}
-- 
cgit v1.2.3


From e156f85bfb7ea1b6d74227a49507e1a3b0e0e374 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Wed, 5 Feb 2014 10:33:44 +0100
Subject: Rephrase and clarify log message

---
 apps/user_ldap/lib/access.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'apps/user_ldap')

diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index 72f9c740921..b619f62f296 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -729,7 +729,7 @@ class Access extends LDAPUtility {
 			}
 		} else {
 			if(!is_null($limit)) {
-				\OCP\Util::writeLog('user_ldap', 'Paged search failed :(', \OCP\Util::INFO);
+				\OCP\Util::writeLog('user_ldap', 'Paged search was not available', \OCP\Util::INFO);
 			}
 		}
 	}
-- 
cgit v1.2.3


From 299d37154b749855915c8dbc7ab8a123c4aa27f2 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Fri, 7 Feb 2014 15:55:35 +0100
Subject: LDAP: add documentation info in info.xml

---
 apps/user_ldap/appinfo/info.xml | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'apps/user_ldap')

diff --git a/apps/user_ldap/appinfo/info.xml b/apps/user_ldap/appinfo/info.xml
index 148a72cecbb..9cc908e8522 100644
--- a/apps/user_ldap/appinfo/info.xml
+++ b/apps/user_ldap/appinfo/info.xml
@@ -14,4 +14,7 @@
 	<types>
 		<authentication/>
 	</types>
+	<documentation>
+		<admin>http://doc.owncloud.org/server/6.0/go.php?to=admin-ldap</admin>
+	</documentation>
 </info>
-- 
cgit v1.2.3


From 18e1a10e96a341e3333d0d8453dd270e62192b4d Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Thu, 6 Feb 2014 22:18:38 +0100
Subject: LDAP: also try MS AD's thumbnailPhoto when looking for an avatar
 image

---
 apps/user_ldap/user_ldap.php | 30 ++++++++++++++++++++++++------
 1 file changed, 24 insertions(+), 6 deletions(-)

(limited to 'apps/user_ldap')

diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index a19af86086c..8b6521010f1 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -85,15 +85,14 @@ class USER_LDAP extends BackendUtility implements \OCP\UserInterface {
 			return;
 		}
 
-		$jpegPhoto = $this->access->readAttribute($dn, 'jpegPhoto');
-		\OCP\Config::setUserValue($uid, 'user_ldap', 'lastJpegPhotoLookup', time());
-		if(!$jpegPhoto || !is_array($jpegPhoto) || !isset($jpegPhoto[0])) {
+		$avatarImage = $this->getAvatarImage($uid, $dn);
+		if($avatarImage === false) {
 			//not set, nothing left to do;
 			return;
 		}
 
 		$image = new \OCP\Image();
-		$image->loadFromBase64(base64_encode($jpegPhoto[0]));
+		$image->loadFromBase64(base64_encode($avatarImage));
 
 		if(!$image->valid()) {
 			\OCP\Util::writeLog('user_ldap', 'jpegPhoto data invalid for '.$dn,
@@ -128,8 +127,7 @@ class USER_LDAP extends BackendUtility implements \OCP\UserInterface {
 		if(!$dn) {
 			return false;
 		}
-		$jpegPhoto = $this->access->readAttribute($dn, 'jpegPhoto');
-		if(!$jpegPhoto || !is_array($jpegPhoto) || !isset($jpegPhoto[0])) {
+		if($this->getAvatarImage($uid, $dn) === false) {
 			//The user is allowed to change his avatar in ownCloud only if no
 			//avatar is provided by LDAP
 			return true;
@@ -137,6 +135,26 @@ class USER_LDAP extends BackendUtility implements \OCP\UserInterface {
 		return false;
 	}
 
+	/**
+	 * @brief reads the image from LDAP that shall be used as Avatar
+	 * @param $uid string, the ownCloud user name
+	 * @param $dn string, the user DN
+	 * @return image data (provided by LDAP) | false
+	 */
+	private function getAvatarImage($uid, $dn) {
+		$attributes = array('jpegPhoto', 'thumbnailPhoto');
+		foreach($attributes as $attribute) {
+			$result = $this->access->readAttribute($dn, $attribute);
+			\OCP\Config::setUserValue($uid, 'user_ldap', 'lastJpegPhotoLookup',
+									  time());
+			if($result !== false && is_array($result) && isset($result[0])) {
+				return $result[0];
+			}
+		}
+
+		return false;
+	}
+
 	/**
 	 * @brief Check if the password is correct
 	 * @param $uid The username
-- 
cgit v1.2.3


From 14d1abf63f88943d376b29e31ac04265456db2a4 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Fri, 7 Feb 2014 08:42:38 +0100
Subject: LDAP: improve debug message

---
 apps/user_ldap/user_ldap.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'apps/user_ldap')

diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index 8b6521010f1..619a992bd12 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -256,7 +256,8 @@ class USER_LDAP extends BackendUtility implements \OCP\UserInterface {
 		}
 		//check if user really still exists by reading its entry
 		if(!is_array($this->access->readAttribute($dn, ''))) {
-			\OCP\Util::writeLog('user_ldap', 'LDAP says no user '.$dn, \OCP\Util::DEBUG);
+			\OCP\Util::writeLog('user_ldap', 'LDAP says no user '.$dn.' on '.
+				$this->access->connection->ldapHost, \OCP\Util::DEBUG);
 			$this->access->connection->writeToCache('userExists'.$uid, false);
 			return false;
 		}
-- 
cgit v1.2.3