setName('ldap:test-user-settings') ->setDescription('Runs tests and show information about user related LDAP settings') ->addArgument( 'user', InputArgument::REQUIRED, 'the user name as used in Nextcloud, or the LDAP DN' ) ->addOption( 'group', 'g', InputOption::VALUE_REQUIRED, 'A group DN to check if the user is a member or not' ) ->addOption( 'clearcache', null, InputOption::VALUE_NONE, 'Clear the cache of the LDAP connection before the beginning of tests' ) ; } protected function execute(InputInterface $input, OutputInterface $output): int { try { $uid = $input->getArgument('user'); $access = $this->backend->getLDAPAccess($uid); $connection = $access->getConnection(); if ($input->getOption('clearcache')) { $connection->clearCache(); } $configPrefix = $connection->getConfigPrefix(); $knownDn = ''; if ($access->stringResemblesDN($uid)) { $knownDn = $uid; $username = $access->dn2username($uid); if ($username !== false) { $uid = $username; } } $dn = $this->mapping->getDNByName($uid); if ($dn !== false) { $output->writeln("User $dn is mapped with account name $uid."); $uuid = $this->mapping->getUUIDByDN($dn); $output->writeln("Known UUID is $uuid."); if ($knownDn === '') { $knownDn = $dn; } } else { $output->writeln("User $uid is not mapped."); } if ($knownDn === '') { return self::SUCCESS; } if (!$access->isDNPartOfBase($knownDn, $access->getConnection()->ldapBaseUsers)) { $output->writeln( "User $knownDn is not in one of the configured user bases: " . implode(',', $access->getConnection()->ldapBaseUsers) . '.' ); } $output->writeln("Configuration prefix is $configPrefix"); $output->writeln(''); $attributeNames = [ 'ldapExpertUsernameAttr', 'ldapUuidUserAttribute', 'ldapExpertUUIDUserAttr', 'ldapQuotaAttribute', 'ldapEmailAttribute', 'ldapUserDisplayName', 'ldapUserDisplayName2', 'ldapExtStorageHomeAttribute', 'ldapAttributePhone', 'ldapAttributeWebsite', 'ldapAttributeAddress', 'ldapAttributeTwitter', 'ldapAttributeFediverse', 'ldapAttributeOrganisation', 'ldapAttributeRole', 'ldapAttributeHeadline', 'ldapAttributeBiography', 'ldapAttributeBirthDate', 'ldapAttributePronouns', ]; $output->writeln('Attributes set in configuration:'); foreach ($attributeNames as $attributeName) { if ($connection->$attributeName !== '') { $output->writeln("- $attributeName: " . $connection->$attributeName . ''); } } $filter = $connection->ldapUserFilter; $attrs = $access->userManager->getAttributes(true); $attrs[] = strtolower($connection->ldapExpertUsernameAttr); if ($connection->ldapUuidUserAttribute !== 'auto') { $attrs[] = strtolower($connection->ldapUuidUserAttribute); } $attrs[] = 'memberof'; $attrs = array_values(array_unique($attrs)); $attributes = $access->readAttributes($knownDn, $attrs, $filter); if ($attributes === false) { $output->writeln( "LDAP read on $knownDn with filter $filter failed." ); return self::FAILURE; } $output->writeln("Attributes fetched from LDAP using filter $filter:"); foreach ($attributes as $attribute => $value) { $output->writeln( "- $attribute: " . json_encode($value) . '' ); } $uuid = $access->getUUID($knownDn); if ($connection->ldapUuidUserAttribute === 'auto') { $output->writeln('Failed to detect UUID attribute'); } else { $output->writeln('Detected UUID attribute: ' . $connection->ldapUuidUserAttribute . ''); } if ($uuid === false) { $output->writeln("Failed to find UUID for $knownDn"); } else { $output->writeln("UUID for $knownDn: $uuid"); } $groupLdapInstance = $this->groupBackend->getBackend($configPrefix); $output->writeln(''); $output->writeln('Group information:'); $attributeNames = [ 'ldapDynamicGroupMemberURL', 'ldapGroupFilter', 'ldapGroupMemberAssocAttr', ]; $output->writeln('Configuration:'); foreach ($attributeNames as $attributeName) { if ($connection->$attributeName !== '') { $output->writeln("- $attributeName: " . $connection->$attributeName . ''); } } $primaryGroup = $groupLdapInstance->getUserPrimaryGroup($knownDn); $output->writeln('Primary group: ' . ($primaryGroup !== false? $primaryGroup:'') . ''); $groupByGid = $groupLdapInstance->getUserGroupByGid($knownDn); $output->writeln('Group from gidNumber: ' . ($groupByGid !== false? $groupByGid:'') . ''); $groups = $groupLdapInstance->getUserGroups($uid); $output->writeln('All known groups: ' . json_encode($groups) . ''); $memberOfUsed = ((int)$access->connection->hasMemberOfFilterSupport === 1 && (int)$access->connection->useMemberOfToDetectMembership === 1); $output->writeln('MemberOf usage: ' . ($memberOfUsed ? 'on' : 'off') . ' (' . $access->connection->hasMemberOfFilterSupport . ',' . $access->connection->useMemberOfToDetectMembership . ')'); $gid = (string)$input->getOption('group'); if ($gid === '') { return self::SUCCESS; } $output->writeln(''); $output->writeln("Group $gid:"); $knownGroupDn = ''; if ($access->stringResemblesDN($gid)) { $knownGroupDn = $gid; $groupname = $access->dn2groupname($gid); if ($groupname !== false) { $gid = $groupname; } } $groupDn = $this->groupMapping->getDNByName($gid); if ($groupDn !== false) { $output->writeln("Group $groupDn is mapped with name $gid."); $groupUuid = $this->groupMapping->getUUIDByDN($groupDn); $output->writeln("Known UUID is $groupUuid."); if ($knownGroupDn === '') { $knownGroupDn = $groupDn; } } else { $output->writeln("Group $gid is not mapped."); } $members = $groupLdapInstance->usersInGroup($gid); $output->writeln('Members: ' . json_encode($members) . ''); return self::SUCCESS; } catch (\Exception $e) { $output->writeln('' . $e->getMessage() . ''); return self::FAILURE; } } }