Exemple #1
0
 public function testUseBackupServer()
 {
     $mainHost = 'ldap://nixda.ldap';
     $backupHost = 'ldap://fallback.ldap';
     $config = ['ldapConfigurationActive' => true, 'ldapHost' => $mainHost, 'ldapPort' => 389, 'ldapBackupHost' => $backupHost, 'ldapBackupPort' => 389, 'ldapAgentName' => 'uid=agent', 'ldapAgentPassword' => 'SuchASecret'];
     $this->connection->setIgnoreValidation(true);
     $this->connection->setConfiguration($config);
     $this->ldap->expects($this->any())->method('isResource')->will($this->returnValue(true));
     $this->ldap->expects($this->any())->method('setOption')->will($this->returnValue(true));
     $this->ldap->expects($this->exactly(3))->method('connect')->will($this->returnValue('ldapResource'));
     // Not called often enough? Then, the fallback to the backup server is broken.
     $this->connection->expects($this->exactly(4))->method('getFromCache')->with('overrideMainServer')->will($this->onConsecutiveCalls(false, false, true, true));
     $this->connection->expects($this->once())->method('writeToCache')->with('overrideMainServer', true);
     $isThrown = false;
     $this->ldap->expects($this->exactly(3))->method('bind')->will($this->returnCallback(function () use(&$isThrown) {
         if (!$isThrown) {
             $isThrown = true;
             throw new \OC\ServerNotAvailableException();
         }
         return true;
     }));
     $this->connection->init();
     $this->connection->resetConnectionResource();
     // with the second init() we test whether caching works
     $this->connection->init();
 }
Exemple #2
0
 /**
  * tests the specified connection
  * @param string $configID
  * @return int
  */
 protected function testConfig($configID)
 {
     $lw = new \OCA\user_ldap\lib\LDAP();
     $connection = new Connection($lw, $configID);
     //ensure validation is run before we attempt the bind
     $connection->getConfiguration();
     if (!$connection->setConfiguration(array('ldap_configuration_active' => 1))) {
         return 1;
     }
     if ($connection->bind()) {
         return 0;
     }
     return 2;
 }
Exemple #3
0
 /**
  * Prepares a paged search, if possible
  * @param string $filter the LDAP filter for the search
  * @param string[] $bases an array containing the LDAP subtree(s) that shall be searched
  * @param string[] $attr optional, when a certain attribute shall be filtered outside
  * @param int $limit
  * @param int $offset
  * @return bool|true
  */
 private function initPagedSearch($filter, $bases, $attr, $limit, $offset)
 {
     $pagedSearchOK = false;
     if ($this->connection->hasPagedResultSupport && $limit !== 0) {
         $offset = intval($offset);
         //can be null
         \OCP\Util::writeLog('user_ldap', 'initializing paged search for  Filter ' . $filter . ' base ' . print_r($bases, true) . ' attr ' . print_r($attr, true) . ' limit ' . $limit . ' offset ' . $offset, \OCP\Util::DEBUG);
         //get the cookie from the search for the previous search, required by LDAP
         foreach ($bases as $base) {
             $cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
             if (empty($cookie) && $cookie !== "0" && $offset > 0) {
                 // no cookie known, although the offset is not 0. Maybe cache run out. We need
                 // to start all over *sigh* (btw, Dear Reader, did you know LDAP paged
                 // searching was designed by MSFT?)
                 // 		Lukas: No, but thanks to reading that source I finally know!
                 // '0' is valid, because 389ds
                 $reOffset = $offset - $limit < 0 ? 0 : $offset - $limit;
                 //a bit recursive, $offset of 0 is the exit
                 \OCP\Util::writeLog('user_ldap', 'Looking for cookie L/O ' . $limit . '/' . $reOffset, \OCP\Util::INFO);
                 $this->search($filter, array($base), $attr, $limit, $reOffset, true);
                 $cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
                 //still no cookie? obviously, the server does not like us. Let's skip paging efforts.
                 //TODO: remember this, probably does not change in the next request...
                 if (empty($cookie) && $cookie !== '0') {
                     // '0' is valid, because 389ds
                     $cookie = null;
                 }
             }
             if (!is_null($cookie)) {
                 //since offset = 0, this is a new search. We abandon other searches that might be ongoing.
                 $this->abandonPagedSearch();
                 $pagedSearchOK = $this->ldap->controlPagedResult($this->connection->getConnectionResource(), $limit, false, $cookie);
                 if (!$pagedSearchOK) {
                     return false;
                 }
                 \OCP\Util::writeLog('user_ldap', 'Ready for a paged search', \OCP\Util::DEBUG);
             } else {
                 \OCP\Util::writeLog('user_ldap', 'No paged search for us, Cpt., Limit ' . $limit . ' Offset ' . $offset, \OCP\Util::INFO);
             }
         }
         /* ++ Fixing RHDS searches with pages with zero results ++
          * We coudn't get paged searches working with our RHDS for login ($limit = 0),
          * due to pages with zero results.
          * So we added "&& !empty($this->lastCookie)" to this test to ignore pagination
          * if we don't have a previous paged search.
          */
     } else {
         if ($this->connection->hasPagedResultSupport && $limit === 0 && !empty($this->lastCookie)) {
             // a search without limit was requested. However, if we do use
             // Paged Search once, we always must do it. This requires us to
             // initialize it with the configured page size.
             $this->abandonPagedSearch();
             // in case someone set it to 0 … use 500, otherwise no results will
             // be returned.
             $pageSize = intval($this->connection->ldapPagingSize) > 0 ? intval($this->connection->ldapPagingSize) : 500;
             $pagedSearchOK = $this->ldap->controlPagedResult($this->connection->getConnectionResource(), $pageSize, false, '');
         }
     }
     return $pagedSearchOK;
 }
Exemple #4
0
 public function getMemberOfGroups()
 {
     $cacheKey = 'getMemberOf' . $this->getUsername();
     if ($this->connection->isCached($cacheKey)) {
         return $this->connection->getFromCache($cacheKey);
     }
     $groupDNs = $this->access->readAttribute($this->getDN(), 'memberOf');
     $this->connection->writeToCache($cacheKey, $groupDNs);
     return $groupDNs;
 }
Exemple #5
0
	/**
	 * Prepares a paged search, if possible
	 * @param string $filter the LDAP filter for the search
	 * @param string[] $bases an array containing the LDAP subtree(s) that shall be searched
	 * @param string[] $attr optional, when a certain attribute shall be filtered outside
	 * @param int $limit
	 * @param int $offset
	 * @return bool|true
	 */
	private function initPagedSearch($filter, $bases, $attr, $limit, $offset) {
		$pagedSearchOK = false;
		if($this->connection->hasPagedResultSupport && ($limit !== 0)) {
			$offset = intval($offset); //can be null
			\OCP\Util::writeLog('user_ldap',
				'initializing paged search for  Filter '.$filter.' base '.print_r($bases, true)
				.' attr '.print_r($attr, true). ' limit ' .$limit.' offset '.$offset,
				\OCP\Util::DEBUG);
			//get the cookie from the search for the previous search, required by LDAP
			foreach($bases as $base) {

				$cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
				if(empty($cookie) && ($offset > 0)) {
					// no cookie known, although the offset is not 0. Maybe cache run out. We need
					// to start all over *sigh* (btw, Dear Reader, did you know LDAP paged
					// searching was designed by MSFT?)
					// 		Lukas: No, but thanks to reading that source I finally know!
					$reOffset = ($offset - $limit) < 0 ? 0 : $offset - $limit;
					//a bit recursive, $offset of 0 is the exit
					\OCP\Util::writeLog('user_ldap', 'Looking for cookie L/O '.$limit.'/'.$reOffset, \OCP\Util::INFO);
					$this->search($filter, array($base), $attr, $limit, $reOffset, true);
					$cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
					//still no cookie? obviously, the server does not like us. Let's skip paging efforts.
					//TODO: remember this, probably does not change in the next request...
					if(empty($cookie)) {
						$cookie = null;
					}
				}
				if(!is_null($cookie)) {
					//since offset = 0, this is a new search. We abandon other searches that might be ongoing.
					$this->abandonPagedSearch();
					$pagedSearchOK = $this->ldap->controlPagedResult(
						$this->connection->getConnectionResource(), $limit,
						false, $cookie);
					if(!$pagedSearchOK) {
						return false;
					}
					\OCP\Util::writeLog('user_ldap', 'Ready for a paged search', \OCP\Util::DEBUG);
				} else {
					\OCP\Util::writeLog('user_ldap',
						'No paged search for us, Cpt., Limit '.$limit.' Offset '.$offset,
						\OCP\Util::INFO);
				}

			}
		}

		return $pagedSearchOK;
	}
	/**
	 * sets up the LDAP configuration to be used for the test
	 */
	private function initConnection() {
		$this->connection = new \OCA\user_ldap\lib\Connection($this->ldap, '', null);
		$this->connection->setConfiguration([
			'ldapHost' => $this->server['host'],
			'ldapPort' => $this->server['port'],
			'ldapBase' => $this->base,
			'ldapAgentName' => $this->server['dn'],
			'ldapAgentPassword' => $this->server['pwd'],
			'ldapUserFilter' => 'objectclass=inetOrgPerson',
			'ldapUserDisplayName' => 'displayName',
			'ldapGroupDisplayName' => 'cn',
			'ldapLoginFilter' => 'uid=%uid',
			'ldapCacheTTL' => 0,
			'ldapConfigurationActive' => 1,
		]);
	}
 /**
  * sets up the LDAP configuration to be used for the test
  */
 protected function initConnection()
 {
     $this->connection = new Connection($this->ldap, '', null);
     $this->connection->setConfiguration(['ldapHost' => $this->server['host'], 'ldapPort' => $this->server['port'], 'ldapBase' => $this->base, 'ldapAgentName' => $this->server['dn'], 'ldapAgentPassword' => $this->server['pwd'], 'ldapUserFilter' => 'objectclass=inetOrgPerson', 'ldapUserDisplayName' => 'cn', 'ldapGroupDisplayName' => 'cn', 'ldapLoginFilter' => '(|(uid=%uid)(samaccountname=%uid))', 'ldapCacheTTL' => 0, 'ldapConfigurationActive' => 1]);
 }