1
0

testConfiguration.php 2.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  5. * SPDX-License-Identifier: AGPL-3.0-only
  6. */
  7. // Check user and app status
  8. \OC_JSON::checkAdminUser();
  9. \OC_JSON::checkAppEnabled('user_ldap');
  10. \OC_JSON::callCheck();
  11. $l = \OCP\Util::getL10N('user_ldap');
  12. $ldapWrapper = new OCA\User_LDAP\LDAP();
  13. $connection = new \OCA\User_LDAP\Connection($ldapWrapper, $_POST['ldap_serverconfig_chooser']);
  14. try {
  15. $configurationOk = true;
  16. $conf = $connection->getConfiguration();
  17. if ($conf['ldap_configuration_active'] === '0') {
  18. //needs to be true, otherwise it will also fail with an irritating message
  19. $conf['ldap_configuration_active'] = '1';
  20. $configurationOk = $connection->setConfiguration($conf);
  21. }
  22. if ($configurationOk) {
  23. //Configuration is okay
  24. /*
  25. * Closing the session since it won't be used from this point on. There might be a potential
  26. * race condition if a second request is made: either this request or the other might not
  27. * contact the LDAP backup server the first time when it should, but there shouldn't be any
  28. * problem with that other than the extra connection.
  29. */
  30. \OC::$server->getSession()->close();
  31. if ($connection->bind()) {
  32. /*
  33. * This shiny if block is an ugly hack to find out whether anonymous
  34. * bind is possible on AD or not. Because AD happily and constantly
  35. * replies with success to any anonymous bind request, we need to
  36. * fire up a broken operation. If AD does not allow anonymous bind,
  37. * it will end up with LDAP error code 1 which is turned into an
  38. * exception by the LDAP wrapper. We catch this. Other cases may
  39. * pass (like e.g. expected syntax error).
  40. */
  41. try {
  42. $ldapWrapper->read($connection->getConnectionResource(), '', 'objectClass=*', ['dn']);
  43. } catch (\Exception $e) {
  44. if ($e->getCode() === 1) {
  45. \OC_JSON::error(['message' => $l->t('Invalid configuration: Anonymous binding is not allowed.')]);
  46. exit;
  47. }
  48. }
  49. \OC_JSON::success(['message'
  50. => $l->t('Valid configuration, connection established!')]);
  51. } else {
  52. \OC_JSON::error(['message'
  53. => $l->t('Valid configuration, but binding failed. Please check the server settings and credentials.')]);
  54. }
  55. } else {
  56. \OC_JSON::error(['message'
  57. => $l->t('Invalid configuration. Please have a look at the logs for further details.')]);
  58. }
  59. } catch (\Exception $e) {
  60. \OC_JSON::error(['message' => $e->getMessage()]);
  61. }