1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
<?php
use OCA\User_LDAP\Exceptions\ConfigurationIssueException;
use OCA\User_LDAP\LDAP;
use OCP\ISession;
use OCP\Server;
use OCP\Util;
/**
* SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-FileCopyrightText: 2016 ownCloud, Inc.
* SPDX-License-Identifier: AGPL-3.0-only
*/
// Check user and app status
\OC_JSON::checkAdminUser();
\OC_JSON::checkAppEnabled('user_ldap');
\OC_JSON::callCheck();
$l = Util::getL10N('user_ldap');
$ldapWrapper = new LDAP();
$connection = new \OCA\User_LDAP\Connection($ldapWrapper, $_POST['ldap_serverconfig_chooser']);
try {
$configurationError = '';
$conf = $connection->getConfiguration();
if ($conf['ldap_configuration_active'] === '0') {
//needs to be true, otherwise it will also fail with an irritating message
$conf['ldap_configuration_active'] = '1';
}
try {
$connection->setConfiguration($conf, throw:true);
} catch (ConfigurationIssueException $e) {
$configurationError = $e->getHint();
}
if ($configurationError === '') {
//Configuration is okay
/*
* Closing the session since it won't be used from this point on. There might be a potential
* race condition if a second request is made: either this request or the other might not
* contact the LDAP backup server the first time when it should, but there shouldn't be any
* problem with that other than the extra connection.
*/
Server::get(ISession::class)->close();
if ($connection->bind()) {
/*
* This shiny if block is an ugly hack to find out whether anonymous
* bind is possible on AD or not. Because AD happily and constantly
* replies with success to any anonymous bind request, we need to
* fire up a broken operation. If AD does not allow anonymous bind,
* it will end up with LDAP error code 1 which is turned into an
* exception by the LDAP wrapper. We catch this. Other cases may
* pass (like e.g. expected syntax error).
*/
try {
$ldapWrapper->read($connection->getConnectionResource(), '', 'objectClass=*', ['dn']);
} catch (\Exception $e) {
if ($e->getCode() === 1) {
\OC_JSON::error(['message' => $l->t('Invalid configuration: Anonymous binding is not allowed.')]);
exit;
}
}
\OC_JSON::success(['message'
=> $l->t('Valid configuration, connection established!')]);
} else {
\OC_JSON::error(['message'
=> $l->t('Valid configuration, but binding failed. Please check the server settings and credentials.')]);
}
} else {
\OC_JSON::error(['message'
=> $l->t('Invalid configuration: %s', $configurationError)]);
}
} catch (\Exception $e) {
\OC_JSON::error(['message' => $e->getMessage()]);
}
|
