/** * @brief get a list of all groups * @returns array with group names * * Returns a list with all groups */ public function getGroups() { if (!$this->configured) { return array(); } if (empty($this->_groups)) { $ldap_groups = OC_LDAP::fetchListOfGroups($this->ldapGroupFilter, array(OC_LDAP::conf('ldapGroupDisplayName'), 'dn')); $this->_groups = OC_LDAP::ownCloudGroupNames($ldap_groups); } return $this->_groups; }
/** * @brief Get a list of all users * @returns array with all uids * * Get a list of all users. */ public function getUsers() { if (is_null($this->_users)) { $ldap_users = OC_LDAP::fetchListOfUsers($this->ldapUserFilter, array(OC_LDAP::conf('ldapUserDisplayName'), 'dn')); $this->_users = OC_LDAP::ownCloudUserNames($ldap_users); } return $this->_users; }
//from version 0.1 to 0.2 //settings $pw = OCP\Config::getAppValue('user_ldap', 'ldap_password'); if (!is_null($pw)) { $pwEnc = base64_encode($pw); OCP\Config::setAppValue('user_ldap', 'ldap_agent_password', $pwEnc); OC_Appconfig::deleteKey('user_ldap', 'ldap_password'); } //detect if we can switch on naming guidelines. We won't do it on conflicts. //it's a bit spaghetti, but hey. $state = OCP\Config::getSystemValue('ldapIgnoreNamingRules', 'doCheck'); if ($state == 'doCheck') { $sqlCleanMap = 'DELETE FROM *PREFIX*ldap_user_mapping'; require_once OC::$APPSROOT . '/apps/user_ldap/lib_ldap.php'; require_once OC::$APPSROOT . '/apps/user_ldap/user_ldap.php'; OCP\Config::setSystemValue('ldapIgnoreNamingRules', true); $LDAP_USER = new OC_USER_LDAP(); $users_old = $LDAP_USER->getUsers(); $query = OCP\DB::prepare($sqlCleanMap); $query->execute(); OCP\Config::setSystemValue('ldapIgnoreNamingRules', false); OC_LDAP::init(true); $users_new = $LDAP_USER->getUsers(); $query = OCP\DB::prepare($sqlCleanMap); $query->execute(); if ($users_old !== $users_new) { //we don't need to check Groups, because they were not supported in 3' OCP\Config::setSystemValue('ldapIgnoreNamingRules', true); } }
/** * Connects and Binds to LDAP */ private static function establishConnection() { if (!self::$configured) { OCP\Util::writeLog('ldap', 'Configuration is invalid, cannot connect', OCP\Util::INFO); return false; } if (!self::$ldapConnectionRes) { self::$ldapConnectionRes = ldap_connect(self::$ldapHost, self::$ldapPort); if (ldap_set_option(self::$ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) { if (ldap_set_option(self::$ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) { if (self::$ldapTLS) { ldap_start_tls(self::$ldapConnectionRes); } } } $ldapLogin = @ldap_bind(self::$ldapConnectionRes, self::$ldapAgentName, self::$ldapAgentPassword); if (!$ldapLogin) { OCP\Util::writeLog('ldap', 'Bind failed: ' . ldap_errno(self::$ldapConnectionRes) . ': ' . ldap_error(self::$ldapConnectionRes), OCP\Util::ERROR); return false; } } }
/** * check if a group exists * @param string $gid * @return bool */ public function groupExists($gid) { //getting dn, if false the group does not exist. If dn, it may be mapped only, requires more checking. $dn = OC_LDAP::groupname2dn($gid); if (!$dn) { return false; } //if user really still exists, we will be able to read his cn $exists = OC_LDAP::readAttribute($dn, 'objectclass'); if (!$exists || empty($exists)) { return false; } return true; }
/** * Connects and Binds to LDAP */ private static function establishConnection() { static $phpLDAPinstalled = true; if (!$phpLDAPinstalled) { return false; } if (!self::$configured) { OCP\Util::writeLog('ldap', 'Configuration is invalid, cannot connect', OCP\Util::INFO); return false; } if (!self::$ldapConnectionRes) { //check if php-ldap is installed if (!function_exists('ldap_connect')) { $phpLDAPinstalled = false; OCP\Util::writeLog('user_ldap', 'function ldap_connect is not available. Make sure that the PHP ldap module is installed.', OCP\Util::ERROR); return false; } self::$ldapConnectionRes = ldap_connect(self::$ldapHost, self::$ldapPort); if (ldap_set_option(self::$ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) { if (ldap_set_option(self::$ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) { if (self::$ldapTLS) { ldap_start_tls(self::$ldapConnectionRes); } } } $ldapLogin = @ldap_bind(self::$ldapConnectionRes, self::$ldapAgentName, self::$ldapAgentPassword); if (!$ldapLogin) { OCP\Util::writeLog('ldap', 'Bind failed: ' . ldap_errno(self::$ldapConnectionRes) . ': ' . ldap_error(self::$ldapConnectionRes), OCP\Util::ERROR); return false; } } }
/** * @brief check if a user exists * @param string $uid the username * @return boolean */ public function userExists($uid) { //getting dn, if false the user does not exist. If dn, he may be mapped only, requires more checking. $dn = OC_LDAP::username2dn($uid); if (!$dn) { return false; } //if user really still exists, we will be able to read his cn $cn = OC_LDAP::readAttribute($dn, 'cn'); if (!$cn || empty($cn)) { return false; } return true; }