1
0

testConfiguration.php 2.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869
  1. <?php
  2. use OCA\User_LDAP\LDAP;
  3. use OCP\Util;
  4. /**
  5. * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors
  6. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  7. * SPDX-License-Identifier: AGPL-3.0-only
  8. */
  9. // Check user and app status
  10. \OC_JSON::checkAdminUser();
  11. \OC_JSON::checkAppEnabled('user_ldap');
  12. \OC_JSON::callCheck();
  13. $l = Util::getL10N('user_ldap');
  14. $ldapWrapper = new LDAP();
  15. $connection = new \OCA\User_LDAP\Connection($ldapWrapper, $_POST['ldap_serverconfig_chooser']);
  16. try {
  17. $configurationOk = true;
  18. $conf = $connection->getConfiguration();
  19. if ($conf['ldap_configuration_active'] === '0') {
  20. //needs to be true, otherwise it will also fail with an irritating message
  21. $conf['ldap_configuration_active'] = '1';
  22. $configurationOk = $connection->setConfiguration($conf);
  23. }
  24. if ($configurationOk) {
  25. //Configuration is okay
  26. /*
  27. * Closing the session since it won't be used from this point on. There might be a potential
  28. * race condition if a second request is made: either this request or the other might not
  29. * contact the LDAP backup server the first time when it should, but there shouldn't be any
  30. * problem with that other than the extra connection.
  31. */
  32. \OC::$server->getSession()->close();
  33. if ($connection->bind()) {
  34. /*
  35. * This shiny if block is an ugly hack to find out whether anonymous
  36. * bind is possible on AD or not. Because AD happily and constantly
  37. * replies with success to any anonymous bind request, we need to
  38. * fire up a broken operation. If AD does not allow anonymous bind,
  39. * it will end up with LDAP error code 1 which is turned into an
  40. * exception by the LDAP wrapper. We catch this. Other cases may
  41. * pass (like e.g. expected syntax error).
  42. */
  43. try {
  44. $ldapWrapper->read($connection->getConnectionResource(), '', 'objectClass=*', ['dn']);
  45. } catch (\Exception $e) {
  46. if ($e->getCode() === 1) {
  47. \OC_JSON::error(['message' => $l->t('Invalid configuration: Anonymous binding is not allowed.')]);
  48. exit;
  49. }
  50. }
  51. \OC_JSON::success(['message'
  52. => $l->t('Valid configuration, connection established!')]);
  53. } else {
  54. \OC_JSON::error(['message'
  55. => $l->t('Valid configuration, but binding failed. Please check the server settings and credentials.')]);
  56. }
  57. } else {
  58. \OC_JSON::error(['message'
  59. => $l->t('Invalid configuration. Please have a look at the logs for further details.')]);
  60. }
  61. } catch (\Exception $e) {
  62. \OC_JSON::error(['message' => $e->getMessage()]);
  63. }