wizard.php 38 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319
  1. <?php
  2. /**
  3. * @author Alexander Bergolth <leo@strike.wu.ac.at>
  4. * @author Arthur Schiwon <blizzz@owncloud.com>
  5. * @author Bart Visscher <bartv@thisnet.nl>
  6. * @author Jean-Louis Dupond <jean-louis@dupond.be>
  7. * @author Jörn Friedrich Dreyer <jfd@butonic.de>
  8. * @author Lukas Reschke <lukas@owncloud.com>
  9. * @author Morris Jobke <hey@morrisjobke.de>
  10. * @author Robin Appelman <icewind@owncloud.com>
  11. * @author Robin McCorkell <rmccorkell@karoshi.org.uk>
  12. * @author Scrutinizer Auto-Fixer <auto-fixer@scrutinizer-ci.com>
  13. * @author Victor Dubiniuk <dubiniuk@owncloud.com>
  14. *
  15. * @copyright Copyright (c) 2015, ownCloud, Inc.
  16. * @license AGPL-3.0
  17. *
  18. * This code is free software: you can redistribute it and/or modify
  19. * it under the terms of the GNU Affero General Public License, version 3,
  20. * as published by the Free Software Foundation.
  21. *
  22. * This program is distributed in the hope that it will be useful,
  23. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  24. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  25. * GNU Affero General Public License for more details.
  26. *
  27. * You should have received a copy of the GNU Affero General Public License, version 3,
  28. * along with this program. If not, see <http://www.gnu.org/licenses/>
  29. *
  30. */
  31. namespace OCA\user_ldap\lib;
  32. class Wizard extends LDAPUtility {
  33. static protected $l;
  34. protected $access;
  35. protected $cr;
  36. protected $configuration;
  37. protected $result;
  38. protected $resultCache = array();
  39. const LRESULT_PROCESSED_OK = 2;
  40. const LRESULT_PROCESSED_INVALID = 3;
  41. const LRESULT_PROCESSED_SKIP = 4;
  42. const LFILTER_LOGIN = 2;
  43. const LFILTER_USER_LIST = 3;
  44. const LFILTER_GROUP_LIST = 4;
  45. const LFILTER_MODE_ASSISTED = 2;
  46. const LFILTER_MODE_RAW = 1;
  47. const LDAP_NW_TIMEOUT = 4;
  48. /**
  49. * Constructor
  50. * @param Configuration $configuration an instance of Configuration
  51. * @param ILDAPWrapper $ldap an instance of ILDAPWrapper
  52. */
  53. public function __construct(Configuration $configuration, ILDAPWrapper $ldap, Access $access) {
  54. parent::__construct($ldap);
  55. $this->configuration = $configuration;
  56. if(is_null(Wizard::$l)) {
  57. Wizard::$l = \OC::$server->getL10N('user_ldap');
  58. }
  59. $this->access = $access;
  60. $this->result = new WizardResult();
  61. }
  62. public function __destruct() {
  63. if($this->result->hasChanges()) {
  64. $this->configuration->saveConfiguration();
  65. }
  66. }
  67. /**
  68. * counts entries in the LDAP directory
  69. * @param string $filter the LDAP search filter
  70. * @param string $type a string being either 'users' or 'groups';
  71. * @return int|bool
  72. */
  73. public function countEntries($filter, $type) {
  74. $reqs = array('ldapHost', 'ldapPort', 'ldapBase');
  75. if($type === 'users') {
  76. $reqs[] = 'ldapUserFilter';
  77. }
  78. if(!$this->checkRequirements($reqs)) {
  79. throw new \Exception('Requirements not met', 400);
  80. }
  81. if($type === 'groups') {
  82. $result = $this->access->countGroups($filter);
  83. } else if($type === 'users') {
  84. $result = $this->access->countUsers($filter);
  85. } else {
  86. throw new \Exception('internal error: invald object type', 500);
  87. }
  88. return $result;
  89. }
  90. public function countGroups() {
  91. $filter = $this->configuration->ldapGroupFilter;
  92. if(empty($filter)) {
  93. $output = self::$l->n('%s group found', '%s groups found', 0, array(0));
  94. $this->result->addChange('ldap_group_count', $output);
  95. return $this->result;
  96. }
  97. try {
  98. $groupsTotal = $this->countEntries($filter, 'groups');
  99. } catch (\Exception $e) {
  100. //400 can be ignored, 500 is forwarded
  101. if($e->getCode() === 500) {
  102. throw $e;
  103. }
  104. return false;
  105. }
  106. $groupsTotal = ($groupsTotal !== false) ? $groupsTotal : 0;
  107. $output = self::$l->n('%s group found', '%s groups found', $groupsTotal, array($groupsTotal));
  108. $this->result->addChange('ldap_group_count', $output);
  109. return $this->result;
  110. }
  111. /**
  112. * @return WizardResult
  113. * @throws \Exception
  114. */
  115. public function countUsers() {
  116. $filter = $this->access->getFilterForUserCount();
  117. $usersTotal = $this->countEntries($filter, 'users');
  118. $usersTotal = ($usersTotal !== false) ? $usersTotal : 0;
  119. $output = self::$l->n('%s user found', '%s users found', $usersTotal, array($usersTotal));
  120. $this->result->addChange('ldap_user_count', $output);
  121. return $this->result;
  122. }
  123. /**
  124. * counts users with a specified attribute
  125. * @param string $attr
  126. * @param bool $existsCheck
  127. * @return int|bool
  128. */
  129. public function countUsersWithAttribute($attr, $existsCheck = false) {
  130. if(!$this->checkRequirements(array('ldapHost',
  131. 'ldapPort',
  132. 'ldapBase',
  133. 'ldapUserFilter',
  134. ))) {
  135. return false;
  136. }
  137. $filter = $this->access->combineFilterWithAnd(array(
  138. $this->configuration->ldapUserFilter,
  139. $attr . '=*'
  140. ));
  141. $limit = ($existsCheck === false) ? null : 1;
  142. return $this->access->countUsers($filter, array('dn'), $limit);
  143. }
  144. /**
  145. * detects the display name attribute. If a setting is already present that
  146. * returns at least one hit, the detection will be canceled.
  147. * @return WizardResult|bool
  148. * @throws \Exception
  149. */
  150. public function detectUserDisplayNameAttribute() {
  151. if(!$this->checkRequirements(array('ldapHost',
  152. 'ldapPort',
  153. 'ldapBase',
  154. 'ldapUserFilter',
  155. ))) {
  156. return false;
  157. }
  158. $attr = $this->configuration->ldapUserDisplayName;
  159. if($attr !== 'displayName' && !empty($attr)) {
  160. // most likely not the default value with upper case N,
  161. // verify it still produces a result
  162. $count = intval($this->countUsersWithAttribute($attr, true));
  163. if($count > 0) {
  164. //no change, but we sent it back to make sure the user interface
  165. //is still correct, even if the ajax call was cancelled inbetween
  166. $this->result->addChange('ldap_display_name', $attr);
  167. return $this->result;
  168. }
  169. }
  170. // first attribute that has at least one result wins
  171. $displayNameAttrs = array('displayname', 'cn');
  172. foreach ($displayNameAttrs as $attr) {
  173. $count = intval($this->countUsersWithAttribute($attr, true));
  174. if($count > 0) {
  175. $this->applyFind('ldap_display_name', $attr);
  176. return $this->result;
  177. }
  178. };
  179. throw new \Exception(self::$l->t('Could not detect user display name attribute. Please specify it yourself in advanced ldap settings.'));
  180. }
  181. /**
  182. * detects the most often used email attribute for users applying to the
  183. * user list filter. If a setting is already present that returns at least
  184. * one hit, the detection will be canceled.
  185. * @return WizardResult|bool
  186. */
  187. public function detectEmailAttribute() {
  188. if(!$this->checkRequirements(array('ldapHost',
  189. 'ldapPort',
  190. 'ldapBase',
  191. 'ldapUserFilter',
  192. ))) {
  193. return false;
  194. }
  195. $attr = $this->configuration->ldapEmailAttribute;
  196. if(!empty($attr)) {
  197. $count = intval($this->countUsersWithAttribute($attr, true));
  198. if($count > 0) {
  199. return false;
  200. }
  201. $writeLog = true;
  202. } else {
  203. $writeLog = false;
  204. }
  205. $emailAttributes = array('mail', 'mailPrimaryAddress');
  206. $winner = '';
  207. $maxUsers = 0;
  208. foreach($emailAttributes as $attr) {
  209. $count = $this->countUsersWithAttribute($attr);
  210. if($count > $maxUsers) {
  211. $maxUsers = $count;
  212. $winner = $attr;
  213. }
  214. }
  215. if($winner !== '') {
  216. $this->applyFind('ldap_email_attr', $winner);
  217. if($writeLog) {
  218. \OCP\Util::writeLog('user_ldap', 'The mail attribute has ' .
  219. 'automatically been reset, because the original value ' .
  220. 'did not return any results.', \OCP\Util::INFO);
  221. }
  222. }
  223. return $this->result;
  224. }
  225. /**
  226. * @return WizardResult
  227. * @throws \Exception
  228. */
  229. public function determineAttributes() {
  230. if(!$this->checkRequirements(array('ldapHost',
  231. 'ldapPort',
  232. 'ldapBase',
  233. 'ldapUserFilter',
  234. ))) {
  235. return false;
  236. }
  237. $attributes = $this->getUserAttributes();
  238. natcasesort($attributes);
  239. $attributes = array_values($attributes);
  240. $this->result->addOptions('ldap_loginfilter_attributes', $attributes);
  241. $selected = $this->configuration->ldapLoginFilterAttributes;
  242. if(is_array($selected) && !empty($selected)) {
  243. $this->result->addChange('ldap_loginfilter_attributes', $selected);
  244. }
  245. return $this->result;
  246. }
  247. /**
  248. * return the state of the Group Filter Mode
  249. * @return WizardResult
  250. */
  251. public function getGroupFilterMode() {
  252. $this->getFilterMode('ldapGroupFilterMode');
  253. return $this->result;
  254. }
  255. /**
  256. * return the state of the Login Filter Mode
  257. * @return WizardResult
  258. */
  259. public function getLoginFilterMode() {
  260. $this->getFilterMode('ldapLoginFilterMode');
  261. return $this->result;
  262. }
  263. /**
  264. * return the state of the User Filter Mode
  265. * @return WizardResult
  266. */
  267. public function getUserFilterMode() {
  268. $this->getFilterMode('ldapUserFilterMode');
  269. return $this->result;
  270. }
  271. /**
  272. * return the state of the mode of the specified filter
  273. * @param string $confKey contains the access key of the Configuration
  274. */
  275. private function getFilterMode($confKey) {
  276. $mode = $this->configuration->$confKey;
  277. if(is_null($mode)) {
  278. $mode = $this->LFILTER_MODE_ASSISTED;
  279. }
  280. $this->result->addChange($confKey, $mode);
  281. }
  282. /**
  283. * detects the available LDAP attributes
  284. * @return array|false The instance's WizardResult instance
  285. * @throws \Exception
  286. */
  287. private function getUserAttributes() {
  288. if(!$this->checkRequirements(array('ldapHost',
  289. 'ldapPort',
  290. 'ldapBase',
  291. 'ldapUserFilter',
  292. ))) {
  293. return false;
  294. }
  295. $cr = $this->getConnection();
  296. if(!$cr) {
  297. throw new \Exception('Could not connect to LDAP');
  298. }
  299. $base = $this->configuration->ldapBase[0];
  300. $filter = $this->configuration->ldapUserFilter;
  301. $rr = $this->ldap->search($cr, $base, $filter, array(), 1, 1);
  302. if(!$this->ldap->isResource($rr)) {
  303. return false;
  304. }
  305. $er = $this->ldap->firstEntry($cr, $rr);
  306. $attributes = $this->ldap->getAttributes($cr, $er);
  307. $pureAttributes = array();
  308. for($i = 0; $i < $attributes['count']; $i++) {
  309. $pureAttributes[] = $attributes[$i];
  310. }
  311. return $pureAttributes;
  312. }
  313. /**
  314. * detects the available LDAP groups
  315. * @return WizardResult|false the instance's WizardResult instance
  316. */
  317. public function determineGroupsForGroups() {
  318. return $this->determineGroups('ldap_groupfilter_groups',
  319. 'ldapGroupFilterGroups',
  320. false);
  321. }
  322. /**
  323. * detects the available LDAP groups
  324. * @return WizardResult|false the instance's WizardResult instance
  325. */
  326. public function determineGroupsForUsers() {
  327. return $this->determineGroups('ldap_userfilter_groups',
  328. 'ldapUserFilterGroups');
  329. }
  330. /**
  331. * detects the available LDAP groups
  332. * @param string $dbKey
  333. * @param string $confKey
  334. * @param bool $testMemberOf
  335. * @return WizardResult|false the instance's WizardResult instance
  336. * @throws \Exception
  337. */
  338. private function determineGroups($dbKey, $confKey, $testMemberOf = true) {
  339. if(!$this->checkRequirements(array('ldapHost',
  340. 'ldapPort',
  341. 'ldapBase',
  342. ))) {
  343. return false;
  344. }
  345. $cr = $this->getConnection();
  346. if(!$cr) {
  347. throw new \Exception('Could not connect to LDAP');
  348. }
  349. $groups = $this->fetchGroups($dbKey, $confKey);
  350. if($testMemberOf) {
  351. $this->configuration->hasMemberOfFilterSupport = $this->testMemberOf($groups);
  352. $this->result->markChange();
  353. if(!$this->configuration->hasMemberOfFilterSupport) {
  354. throw new \Exception('memberOf is not supported by the server');
  355. }
  356. }
  357. return $this->result;
  358. }
  359. /**
  360. * fetches all groups from LDAP
  361. * @param string $dbKey
  362. * @param string $confKey
  363. * @return array $groupEntries
  364. */
  365. public function fetchGroups($dbKey, $confKey) {
  366. $obclasses = array('posixGroup', 'group', 'zimbraDistributionList', 'groupOfNames');
  367. $filterParts = array();
  368. foreach($obclasses as $obclass) {
  369. $filterParts[] = 'objectclass='.$obclass;
  370. }
  371. //we filter for everything
  372. //- that looks like a group and
  373. //- has the group display name set
  374. $filter = $this->access->combineFilterWithOr($filterParts);
  375. $filter = $this->access->combineFilterWithAnd(array($filter, 'cn=*'));
  376. $groupNames = array();
  377. $groupEntries = array();
  378. $limit = 400;
  379. $offset = 0;
  380. do {
  381. // we need to request dn additionally here, otherwise memberOf
  382. // detection will fail later
  383. $result = $this->access->searchGroups($filter, array('cn', 'dn'), $limit, $offset);
  384. foreach($result as $item) {
  385. $groupNames[] = $item['cn'];
  386. $groupEntries[] = $item;
  387. }
  388. $offset += $limit;
  389. } while (count($groupNames) > 0 && count($groupNames) % $limit === 0);
  390. if(count($groupNames) > 0) {
  391. natsort($groupNames);
  392. $this->result->addOptions($dbKey, array_values($groupNames));
  393. } else {
  394. throw new \Exception(self::$l->t('Could not find the desired feature'));
  395. }
  396. $setFeatures = $this->configuration->$confKey;
  397. if(is_array($setFeatures) && !empty($setFeatures)) {
  398. //something is already configured? pre-select it.
  399. $this->result->addChange($dbKey, $setFeatures);
  400. }
  401. return $groupEntries;
  402. }
  403. public function determineGroupMemberAssoc() {
  404. if(!$this->checkRequirements(array('ldapHost',
  405. 'ldapPort',
  406. 'ldapGroupFilter',
  407. ))) {
  408. return false;
  409. }
  410. $attribute = $this->detectGroupMemberAssoc();
  411. if($attribute === false) {
  412. return false;
  413. }
  414. $this->configuration->setConfiguration(array('ldapGroupMemberAssocAttr' => $attribute));
  415. //so it will be saved on destruct
  416. $this->result->markChange();
  417. return $this->result;
  418. }
  419. /**
  420. * Detects the available object classes
  421. * @return WizardResult|false the instance's WizardResult instance
  422. * @throws \Exception
  423. */
  424. public function determineGroupObjectClasses() {
  425. if(!$this->checkRequirements(array('ldapHost',
  426. 'ldapPort',
  427. 'ldapBase',
  428. ))) {
  429. return false;
  430. }
  431. $cr = $this->getConnection();
  432. if(!$cr) {
  433. throw new \Exception('Could not connect to LDAP');
  434. }
  435. $obclasses = array('group', 'posixGroup', '*');
  436. $this->determineFeature($obclasses,
  437. 'objectclass',
  438. 'ldap_groupfilter_objectclass',
  439. 'ldapGroupFilterObjectclass',
  440. false);
  441. return $this->result;
  442. }
  443. /**
  444. * detects the available object classes
  445. * @return WizardResult
  446. * @throws \Exception
  447. */
  448. public function determineUserObjectClasses() {
  449. if(!$this->checkRequirements(array('ldapHost',
  450. 'ldapPort',
  451. 'ldapBase',
  452. ))) {
  453. return false;
  454. }
  455. $cr = $this->getConnection();
  456. if(!$cr) {
  457. throw new \Exception('Could not connect to LDAP');
  458. }
  459. $obclasses = array('inetOrgPerson', 'person', 'organizationalPerson',
  460. 'user', 'posixAccount', '*');
  461. $filter = $this->configuration->ldapUserFilter;
  462. //if filter is empty, it is probably the first time the wizard is called
  463. //then, apply suggestions.
  464. $this->determineFeature($obclasses,
  465. 'objectclass',
  466. 'ldap_userfilter_objectclass',
  467. 'ldapUserFilterObjectclass',
  468. empty($filter));
  469. return $this->result;
  470. }
  471. /**
  472. * @return WizardResult|false
  473. * @throws \Exception
  474. */
  475. public function getGroupFilter() {
  476. if(!$this->checkRequirements(array('ldapHost',
  477. 'ldapPort',
  478. 'ldapBase',
  479. ))) {
  480. return false;
  481. }
  482. //make sure the use display name is set
  483. $displayName = $this->configuration->ldapGroupDisplayName;
  484. if(empty($displayName)) {
  485. $d = $this->configuration->getDefaults();
  486. $this->applyFind('ldap_group_display_name',
  487. $d['ldap_group_display_name']);
  488. }
  489. $filter = $this->composeLdapFilter(self::LFILTER_GROUP_LIST);
  490. $this->applyFind('ldap_group_filter', $filter);
  491. return $this->result;
  492. }
  493. /**
  494. * @return WizardResult|false
  495. * @throws \Exception
  496. */
  497. public function getUserListFilter() {
  498. if(!$this->checkRequirements(array('ldapHost',
  499. 'ldapPort',
  500. 'ldapBase',
  501. ))) {
  502. return false;
  503. }
  504. //make sure the use display name is set
  505. $displayName = $this->configuration->ldapUserDisplayName;
  506. if(empty($displayName)) {
  507. $d = $this->configuration->getDefaults();
  508. $this->applyFind('ldap_display_name', $d['ldap_display_name']);
  509. }
  510. $filter = $this->composeLdapFilter(self::LFILTER_USER_LIST);
  511. if(!$filter) {
  512. throw new \Exception('Cannot create filter');
  513. }
  514. $this->applyFind('ldap_userlist_filter', $filter);
  515. return $this->result;
  516. }
  517. /**
  518. * @return bool|WizardResult
  519. * @throws \Exception
  520. */
  521. public function getUserLoginFilter() {
  522. if(!$this->checkRequirements(array('ldapHost',
  523. 'ldapPort',
  524. 'ldapBase',
  525. 'ldapUserFilter',
  526. ))) {
  527. return false;
  528. }
  529. $filter = $this->composeLdapFilter(self::LFILTER_LOGIN);
  530. if(!$filter) {
  531. throw new \Exception('Cannot create filter');
  532. }
  533. $this->applyFind('ldap_login_filter', $filter);
  534. return $this->result;
  535. }
  536. /**
  537. * Tries to determine the port, requires given Host, User DN and Password
  538. * @return WizardResult|false WizardResult on success, false otherwise
  539. * @throws \Exception
  540. */
  541. public function guessPortAndTLS() {
  542. if(!$this->checkRequirements(array('ldapHost',
  543. ))) {
  544. return false;
  545. }
  546. $this->checkHost();
  547. $portSettings = $this->getPortSettingsToTry();
  548. if(!is_array($portSettings)) {
  549. throw new \Exception(print_r($portSettings, true));
  550. }
  551. //proceed from the best configuration and return on first success
  552. foreach($portSettings as $setting) {
  553. $p = $setting['port'];
  554. $t = $setting['tls'];
  555. \OCP\Util::writeLog('user_ldap', 'Wiz: trying port '. $p . ', TLS '. $t, \OCP\Util::DEBUG);
  556. //connectAndBind may throw Exception, it needs to be catched by the
  557. //callee of this method
  558. if($this->connectAndBind($p, $t) === true) {
  559. $config = array('ldapPort' => $p,
  560. 'ldapTLS' => intval($t)
  561. );
  562. $this->configuration->setConfiguration($config);
  563. \OCP\Util::writeLog('user_ldap', 'Wiz: detected Port '. $p, \OCP\Util::DEBUG);
  564. $this->result->addChange('ldap_port', $p);
  565. return $this->result;
  566. }
  567. }
  568. //custom port, undetected (we do not brute force)
  569. return false;
  570. }
  571. /**
  572. * tries to determine a base dn from User DN or LDAP Host
  573. * @return WizardResult|false WizardResult on success, false otherwise
  574. */
  575. public function guessBaseDN() {
  576. if(!$this->checkRequirements(array('ldapHost',
  577. 'ldapPort',
  578. ))) {
  579. return false;
  580. }
  581. //check whether a DN is given in the agent name (99.9% of all cases)
  582. $base = null;
  583. $i = stripos($this->configuration->ldapAgentName, 'dc=');
  584. if($i !== false) {
  585. $base = substr($this->configuration->ldapAgentName, $i);
  586. if($this->testBaseDN($base)) {
  587. $this->applyFind('ldap_base', $base);
  588. return $this->result;
  589. }
  590. }
  591. //this did not help :(
  592. //Let's see whether we can parse the Host URL and convert the domain to
  593. //a base DN
  594. $helper = new Helper();
  595. $domain = $helper->getDomainFromURL($this->configuration->ldapHost);
  596. if(!$domain) {
  597. return false;
  598. }
  599. $dparts = explode('.', $domain);
  600. $base2 = implode('dc=', $dparts);
  601. if($base !== $base2 && $this->testBaseDN($base2)) {
  602. $this->applyFind('ldap_base', $base2);
  603. return $this->result;
  604. }
  605. return false;
  606. }
  607. /**
  608. * sets the found value for the configuration key in the WizardResult
  609. * as well as in the Configuration instance
  610. * @param string $key the configuration key
  611. * @param string $value the (detected) value
  612. *
  613. */
  614. private function applyFind($key, $value) {
  615. $this->result->addChange($key, $value);
  616. $this->configuration->setConfiguration(array($key => $value));
  617. }
  618. /**
  619. * Checks, whether a port was entered in the Host configuration
  620. * field. In this case the port will be stripped off, but also stored as
  621. * setting.
  622. */
  623. private function checkHost() {
  624. $host = $this->configuration->ldapHost;
  625. $hostInfo = parse_url($host);
  626. //removes Port from Host
  627. if(is_array($hostInfo) && isset($hostInfo['port'])) {
  628. $port = $hostInfo['port'];
  629. $host = str_replace(':'.$port, '', $host);
  630. $this->applyFind('ldap_host', $host);
  631. $this->applyFind('ldap_port', $port);
  632. }
  633. }
  634. /**
  635. * tries to detect the group member association attribute which is
  636. * one of 'uniqueMember', 'memberUid', 'member'
  637. * @return string|false, string with the attribute name, false on error
  638. * @throws \Exception
  639. */
  640. private function detectGroupMemberAssoc() {
  641. $possibleAttrs = array('uniqueMember', 'memberUid', 'member', 'unfugasdfasdfdfa');
  642. $filter = $this->configuration->ldapGroupFilter;
  643. if(empty($filter)) {
  644. return false;
  645. }
  646. $cr = $this->getConnection();
  647. if(!$cr) {
  648. throw new \Exception('Could not connect to LDAP');
  649. }
  650. $base = $this->configuration->ldapBase[0];
  651. $rr = $this->ldap->search($cr, $base, $filter, $possibleAttrs);
  652. if(!$this->ldap->isResource($rr)) {
  653. return false;
  654. }
  655. $er = $this->ldap->firstEntry($cr, $rr);
  656. while(is_resource($er)) {
  657. $this->ldap->getDN($cr, $er);
  658. $attrs = $this->ldap->getAttributes($cr, $er);
  659. $result = array();
  660. $possibleAttrsCount = count($possibleAttrs);
  661. for($i = 0; $i < $possibleAttrsCount; $i++) {
  662. if(isset($attrs[$possibleAttrs[$i]])) {
  663. $result[$possibleAttrs[$i]] = $attrs[$possibleAttrs[$i]]['count'];
  664. }
  665. }
  666. if(!empty($result)) {
  667. natsort($result);
  668. return key($result);
  669. }
  670. $er = $this->ldap->nextEntry($cr, $er);
  671. }
  672. return false;
  673. }
  674. /**
  675. * Checks whether for a given BaseDN results will be returned
  676. * @param string $base the BaseDN to test
  677. * @return bool true on success, false otherwise
  678. * @throws \Exception
  679. */
  680. private function testBaseDN($base) {
  681. $cr = $this->getConnection();
  682. if(!$cr) {
  683. throw new \Exception('Could not connect to LDAP');
  684. }
  685. //base is there, let's validate it. If we search for anything, we should
  686. //get a result set > 0 on a proper base
  687. $rr = $this->ldap->search($cr, $base, 'objectClass=*', array('dn'), 0, 1);
  688. if(!$this->ldap->isResource($rr)) {
  689. $errorNo = $this->ldap->errno($cr);
  690. $errorMsg = $this->ldap->error($cr);
  691. \OCP\Util::writeLog('user_ldap', 'Wiz: Could not search base '.$base.
  692. ' Error '.$errorNo.': '.$errorMsg, \OCP\Util::INFO);
  693. return false;
  694. }
  695. $entries = $this->ldap->countEntries($cr, $rr);
  696. return ($entries !== false) && ($entries > 0);
  697. }
  698. /**
  699. * Checks whether the server supports memberOf in LDAP Filter.
  700. * Requires that groups are determined, thus internally called from within
  701. * determineGroups()
  702. * @param array $groups
  703. * @return bool true if it does, false otherwise
  704. * @throws \Exception
  705. */
  706. private function testMemberOf($groups) {
  707. $cr = $this->getConnection();
  708. if(!$cr) {
  709. throw new \Exception('Could not connect to LDAP');
  710. }
  711. if(!is_array($this->configuration->ldapBase)
  712. || !isset($this->configuration->ldapBase[0])) {
  713. return false;
  714. }
  715. $base = $this->configuration->ldapBase[0];
  716. $filterPrefix = '(&(objectclass=*)(memberOf=';
  717. $filterSuffix = '))';
  718. foreach($groups as $groupProperties) {
  719. if(!isset($groupProperties['cn'])) {
  720. //assuming only groups have their cn cached :)
  721. continue;
  722. }
  723. $filter = strtolower($filterPrefix . $groupProperties['dn'] . $filterSuffix);
  724. $rr = $this->ldap->search($cr, $base, $filter, array('dn'));
  725. if(!$this->ldap->isResource($rr)) {
  726. continue;
  727. }
  728. $entries = $this->ldap->countEntries($cr, $rr);
  729. //we do not know which groups are empty, so test any and return
  730. //success on the first match that returns at least one user
  731. if(($entries !== false) && ($entries > 0)) {
  732. return true;
  733. }
  734. }
  735. return false;
  736. }
  737. /**
  738. * creates an LDAP Filter from given configuration
  739. * @param integer $filterType int, for which use case the filter shall be created
  740. * can be any of self::LFILTER_USER_LIST, self::LFILTER_LOGIN or
  741. * self::LFILTER_GROUP_LIST
  742. * @return string|false string with the filter on success, false otherwise
  743. * @throws \Exception
  744. */
  745. private function composeLdapFilter($filterType) {
  746. $filter = '';
  747. $parts = 0;
  748. switch ($filterType) {
  749. case self::LFILTER_USER_LIST:
  750. $objcs = $this->configuration->ldapUserFilterObjectclass;
  751. //glue objectclasses
  752. if(is_array($objcs) && count($objcs) > 0) {
  753. $filter .= '(|';
  754. foreach($objcs as $objc) {
  755. $filter .= '(objectclass=' . $objc . ')';
  756. }
  757. $filter .= ')';
  758. $parts++;
  759. }
  760. //glue group memberships
  761. if($this->configuration->hasMemberOfFilterSupport) {
  762. $cns = $this->configuration->ldapUserFilterGroups;
  763. if(is_array($cns) && count($cns) > 0) {
  764. $filter .= '(|';
  765. $cr = $this->getConnection();
  766. if(!$cr) {
  767. throw new \Exception('Could not connect to LDAP');
  768. }
  769. $base = $this->configuration->ldapBase[0];
  770. foreach($cns as $cn) {
  771. $rr = $this->ldap->search($cr, $base, 'cn=' . $cn, array('dn', 'primaryGroupToken'));
  772. if(!$this->ldap->isResource($rr)) {
  773. continue;
  774. }
  775. $er = $this->ldap->firstEntry($cr, $rr);
  776. $attrs = $this->ldap->getAttributes($cr, $er);
  777. $dn = $this->ldap->getDN($cr, $er);
  778. if(empty($dn)) {
  779. continue;
  780. }
  781. $filterPart = '(memberof=' . $dn . ')';
  782. if(isset($attrs['primaryGroupToken'])) {
  783. $pgt = $attrs['primaryGroupToken'][0];
  784. $primaryFilterPart = '(primaryGroupID=' . $pgt .')';
  785. $filterPart = '(|' . $filterPart . $primaryFilterPart . ')';
  786. }
  787. $filter .= $filterPart;
  788. }
  789. $filter .= ')';
  790. }
  791. $parts++;
  792. }
  793. //wrap parts in AND condition
  794. if($parts > 1) {
  795. $filter = '(&' . $filter . ')';
  796. }
  797. if(empty($filter)) {
  798. $filter = '(objectclass=*)';
  799. }
  800. break;
  801. case self::LFILTER_GROUP_LIST:
  802. $objcs = $this->configuration->ldapGroupFilterObjectclass;
  803. //glue objectclasses
  804. if(is_array($objcs) && count($objcs) > 0) {
  805. $filter .= '(|';
  806. foreach($objcs as $objc) {
  807. $filter .= '(objectclass=' . $objc . ')';
  808. }
  809. $filter .= ')';
  810. $parts++;
  811. }
  812. //glue group memberships
  813. $cns = $this->configuration->ldapGroupFilterGroups;
  814. if(is_array($cns) && count($cns) > 0) {
  815. $filter .= '(|';
  816. $base = $this->configuration->ldapBase[0];
  817. foreach($cns as $cn) {
  818. $filter .= '(cn=' . $cn . ')';
  819. }
  820. $filter .= ')';
  821. }
  822. $parts++;
  823. //wrap parts in AND condition
  824. if($parts > 1) {
  825. $filter = '(&' . $filter . ')';
  826. }
  827. break;
  828. case self::LFILTER_LOGIN:
  829. $ulf = $this->configuration->ldapUserFilter;
  830. $loginpart = '=%uid';
  831. $filterUsername = '';
  832. $userAttributes = $this->getUserAttributes();
  833. $userAttributes = array_change_key_case(array_flip($userAttributes));
  834. $parts = 0;
  835. $x = $this->configuration->ldapLoginFilterUsername;
  836. if($this->configuration->ldapLoginFilterUsername === '1') {
  837. $attr = '';
  838. if(isset($userAttributes['uid'])) {
  839. $attr = 'uid';
  840. } else if(isset($userAttributes['samaccountname'])) {
  841. $attr = 'samaccountname';
  842. } else if(isset($userAttributes['cn'])) {
  843. //fallback
  844. $attr = 'cn';
  845. }
  846. if(!empty($attr)) {
  847. $filterUsername = '(' . $attr . $loginpart . ')';
  848. $parts++;
  849. }
  850. }
  851. $filterEmail = '';
  852. if($this->configuration->ldapLoginFilterEmail === '1') {
  853. $filterEmail = '(|(mailPrimaryAddress=%uid)(mail=%uid))';
  854. $parts++;
  855. }
  856. $filterAttributes = '';
  857. $attrsToFilter = $this->configuration->ldapLoginFilterAttributes;
  858. if(is_array($attrsToFilter) && count($attrsToFilter) > 0) {
  859. $filterAttributes = '(|';
  860. foreach($attrsToFilter as $attribute) {
  861. $filterAttributes .= '(' . $attribute . $loginpart . ')';
  862. }
  863. $filterAttributes .= ')';
  864. $parts++;
  865. }
  866. $filterLogin = '';
  867. if($parts > 1) {
  868. $filterLogin = '(|';
  869. }
  870. $filterLogin .= $filterUsername;
  871. $filterLogin .= $filterEmail;
  872. $filterLogin .= $filterAttributes;
  873. if($parts > 1) {
  874. $filterLogin .= ')';
  875. }
  876. $filter = '(&'.$ulf.$filterLogin.')';
  877. break;
  878. }
  879. \OCP\Util::writeLog('user_ldap', 'Wiz: Final filter '.$filter, \OCP\Util::DEBUG);
  880. return $filter;
  881. }
  882. /**
  883. * Connects and Binds to an LDAP Server
  884. * @param int $port the port to connect with
  885. * @param bool $tls whether startTLS is to be used
  886. * @param bool $ncc
  887. * @return bool
  888. * @throws \Exception
  889. */
  890. private function connectAndBind($port = 389, $tls = false, $ncc = false) {
  891. if($ncc) {
  892. //No certificate check
  893. //FIXME: undo afterwards
  894. putenv('LDAPTLS_REQCERT=never');
  895. }
  896. //connect, does not really trigger any server communication
  897. \OCP\Util::writeLog('user_ldap', 'Wiz: Checking Host Info ', \OCP\Util::DEBUG);
  898. $host = $this->configuration->ldapHost;
  899. $hostInfo = parse_url($host);
  900. if(!$hostInfo) {
  901. throw new \Exception($this->l->t('Invalid Host'));
  902. }
  903. if(isset($hostInfo['scheme'])) {
  904. if(isset($hostInfo['port'])) {
  905. //problem
  906. } else {
  907. $host .= ':' . $port;
  908. }
  909. }
  910. \OCP\Util::writeLog('user_ldap', 'Wiz: Attempting to connect ', \OCP\Util::DEBUG);
  911. $cr = $this->ldap->connect($host, $port);
  912. if(!is_resource($cr)) {
  913. throw new \Exception($this->l->t('Invalid Host'));
  914. }
  915. \OCP\Util::writeLog('user_ldap', 'Wiz: Setting LDAP Options ', \OCP\Util::DEBUG);
  916. //set LDAP options
  917. $this->ldap->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
  918. $this->ldap->setOption($cr, LDAP_OPT_REFERRALS, 0);
  919. $this->ldap->setOption($cr, LDAP_OPT_NETWORK_TIMEOUT, self::LDAP_NW_TIMEOUT);
  920. if($tls) {
  921. $isTlsWorking = @$this->ldap->startTls($cr);
  922. if(!$isTlsWorking) {
  923. return false;
  924. }
  925. }
  926. \OCP\Util::writeLog('user_ldap', 'Wiz: Attemping to Bind ', \OCP\Util::DEBUG);
  927. //interesting part: do the bind!
  928. $login = $this->ldap->bind($cr,
  929. $this->configuration->ldapAgentName,
  930. $this->configuration->ldapAgentPassword);
  931. if($login === true) {
  932. $this->ldap->unbind($cr);
  933. if($ncc) {
  934. throw new \Exception('Certificate cannot be validated.');
  935. }
  936. \OCP\Util::writeLog('user_ldap', 'Wiz: Bind successful to Port '. $port . ' TLS ' . intval($tls), \OCP\Util::DEBUG);
  937. return true;
  938. }
  939. $errNo = $this->ldap->errno($cr);
  940. $error = ldap_error($cr);
  941. $this->ldap->unbind($cr);
  942. if($errNo === -1 || ($errNo === 2 && $ncc)) {
  943. //host, port or TLS wrong
  944. return false;
  945. } else if ($errNo === 2) {
  946. return $this->connectAndBind($port, $tls, true);
  947. }
  948. throw new \Exception($error);
  949. }
  950. /**
  951. * checks whether a valid combination of agent and password has been
  952. * provided (either two values or nothing for anonymous connect)
  953. * @return bool, true if everything is fine, false otherwise
  954. */
  955. private function checkAgentRequirements() {
  956. $agent = $this->configuration->ldapAgentName;
  957. $pwd = $this->configuration->ldapAgentPassword;
  958. return ( (!empty($agent) && !empty($pwd))
  959. || (empty($agent) && empty($pwd)));
  960. }
  961. /**
  962. * @param array $reqs
  963. * @return bool
  964. */
  965. private function checkRequirements($reqs) {
  966. $this->checkAgentRequirements();
  967. foreach($reqs as $option) {
  968. $value = $this->configuration->$option;
  969. if(empty($value)) {
  970. return false;
  971. }
  972. }
  973. return true;
  974. }
  975. /**
  976. * does a cumulativeSearch on LDAP to get different values of a
  977. * specified attribute
  978. * @param string[] $filters array, the filters that shall be used in the search
  979. * @param string $attr the attribute of which a list of values shall be returned
  980. * @param int $dnReadLimit the amount of how many DNs should be analyzed.
  981. * The lower, the faster
  982. * @param string $maxF string. if not null, this variable will have the filter that
  983. * yields most result entries
  984. * @return array|false an array with the values on success, false otherwise
  985. */
  986. public function cumulativeSearchOnAttribute($filters, $attr, $dnReadLimit = 3, &$maxF = null) {
  987. $dnRead = array();
  988. $foundItems = array();
  989. $maxEntries = 0;
  990. if(!is_array($this->configuration->ldapBase)
  991. || !isset($this->configuration->ldapBase[0])) {
  992. return false;
  993. }
  994. $base = $this->configuration->ldapBase[0];
  995. $cr = $this->getConnection();
  996. if(!$this->ldap->isResource($cr)) {
  997. return false;
  998. }
  999. $lastFilter = null;
  1000. if(isset($filters[count($filters)-1])) {
  1001. $lastFilter = $filters[count($filters)-1];
  1002. }
  1003. foreach($filters as $filter) {
  1004. if($lastFilter === $filter && count($foundItems) > 0) {
  1005. //skip when the filter is a wildcard and results were found
  1006. continue;
  1007. }
  1008. $rr = $this->ldap->search($cr, $base, $filter, array($attr));
  1009. if(!$this->ldap->isResource($rr)) {
  1010. continue;
  1011. }
  1012. $entries = $this->ldap->countEntries($cr, $rr);
  1013. $getEntryFunc = 'firstEntry';
  1014. if(($entries !== false) && ($entries > 0)) {
  1015. if(!is_null($maxF) && $entries > $maxEntries) {
  1016. $maxEntries = $entries;
  1017. $maxF = $filter;
  1018. }
  1019. $dnReadCount = 0;
  1020. do {
  1021. $entry = $this->ldap->$getEntryFunc($cr, $rr);
  1022. $getEntryFunc = 'nextEntry';
  1023. if(!$this->ldap->isResource($entry)) {
  1024. continue 2;
  1025. }
  1026. $rr = $entry; //will be expected by nextEntry next round
  1027. $attributes = $this->ldap->getAttributes($cr, $entry);
  1028. $dn = $this->ldap->getDN($cr, $entry);
  1029. if($dn === false || in_array($dn, $dnRead)) {
  1030. continue;
  1031. }
  1032. $newItems = array();
  1033. $state = $this->getAttributeValuesFromEntry($attributes,
  1034. $attr,
  1035. $newItems);
  1036. $dnReadCount++;
  1037. $foundItems = array_merge($foundItems, $newItems);
  1038. $this->resultCache[$dn][$attr] = $newItems;
  1039. $dnRead[] = $dn;
  1040. } while(($state === self::LRESULT_PROCESSED_SKIP
  1041. || $this->ldap->isResource($entry))
  1042. && ($dnReadLimit === 0 || $dnReadCount < $dnReadLimit));
  1043. }
  1044. }
  1045. return array_unique($foundItems);
  1046. }
  1047. /**
  1048. * determines if and which $attr are available on the LDAP server
  1049. * @param string[] $objectclasses the objectclasses to use as search filter
  1050. * @param string $attr the attribute to look for
  1051. * @param string $dbkey the dbkey of the setting the feature is connected to
  1052. * @param string $confkey the confkey counterpart for the $dbkey as used in the
  1053. * Configuration class
  1054. * @param bool $po whether the objectClass with most result entries
  1055. * shall be pre-selected via the result
  1056. * @return array|false list of found items.
  1057. * @throws \Exception
  1058. */
  1059. private function determineFeature($objectclasses, $attr, $dbkey, $confkey, $po = false) {
  1060. $cr = $this->getConnection();
  1061. if(!$cr) {
  1062. throw new \Exception('Could not connect to LDAP');
  1063. }
  1064. $p = 'objectclass=';
  1065. foreach($objectclasses as $key => $value) {
  1066. $objectclasses[$key] = $p.$value;
  1067. }
  1068. $maxEntryObjC = '';
  1069. //how deep to dig?
  1070. //When looking for objectclasses, testing few entries is sufficient,
  1071. $dig = 3;
  1072. $availableFeatures =
  1073. $this->cumulativeSearchOnAttribute($objectclasses, $attr,
  1074. $dig, $maxEntryObjC);
  1075. if(is_array($availableFeatures)
  1076. && count($availableFeatures) > 0) {
  1077. natcasesort($availableFeatures);
  1078. //natcasesort keeps indices, but we must get rid of them for proper
  1079. //sorting in the web UI. Therefore: array_values
  1080. $this->result->addOptions($dbkey, array_values($availableFeatures));
  1081. } else {
  1082. throw new \Exception(self::$l->t('Could not find the desired feature'));
  1083. }
  1084. $setFeatures = $this->configuration->$confkey;
  1085. if(is_array($setFeatures) && !empty($setFeatures)) {
  1086. //something is already configured? pre-select it.
  1087. $this->result->addChange($dbkey, $setFeatures);
  1088. } else if($po && !empty($maxEntryObjC)) {
  1089. //pre-select objectclass with most result entries
  1090. $maxEntryObjC = str_replace($p, '', $maxEntryObjC);
  1091. $this->applyFind($dbkey, $maxEntryObjC);
  1092. $this->result->addChange($dbkey, $maxEntryObjC);
  1093. }
  1094. return $availableFeatures;
  1095. }
  1096. /**
  1097. * appends a list of values fr
  1098. * @param resource $result the return value from ldap_get_attributes
  1099. * @param string $attribute the attribute values to look for
  1100. * @param array &$known new values will be appended here
  1101. * @return int, state on of the class constants LRESULT_PROCESSED_OK,
  1102. * LRESULT_PROCESSED_INVALID or LRESULT_PROCESSED_SKIP
  1103. */
  1104. private function getAttributeValuesFromEntry($result, $attribute, &$known) {
  1105. if(!is_array($result)
  1106. || !isset($result['count'])
  1107. || !$result['count'] > 0) {
  1108. return self::LRESULT_PROCESSED_INVALID;
  1109. }
  1110. // strtolower on all keys for proper comparison
  1111. $result = \OCP\Util::mb_array_change_key_case($result);
  1112. $attribute = strtolower($attribute);
  1113. if(isset($result[$attribute])) {
  1114. foreach($result[$attribute] as $key => $val) {
  1115. if($key === 'count') {
  1116. continue;
  1117. }
  1118. if(!in_array($val, $known)) {
  1119. $known[] = $val;
  1120. }
  1121. }
  1122. return self::LRESULT_PROCESSED_OK;
  1123. } else {
  1124. return self::LRESULT_PROCESSED_SKIP;
  1125. }
  1126. }
  1127. /**
  1128. * @return bool|mixed
  1129. */
  1130. private function getConnection() {
  1131. if(!is_null($this->cr)) {
  1132. return $this->cr;
  1133. }
  1134. $cr = $this->ldap->connect(
  1135. $this->configuration->ldapHost.':'.$this->configuration->ldapPort,
  1136. $this->configuration->ldapPort);
  1137. $this->ldap->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
  1138. $this->ldap->setOption($cr, LDAP_OPT_REFERRALS, 0);
  1139. $this->ldap->setOption($cr, LDAP_OPT_NETWORK_TIMEOUT, self::LDAP_NW_TIMEOUT);
  1140. if($this->configuration->ldapTLS === 1) {
  1141. $this->ldap->startTls($cr);
  1142. }
  1143. $lo = @$this->ldap->bind($cr,
  1144. $this->configuration->ldapAgentName,
  1145. $this->configuration->ldapAgentPassword);
  1146. if($lo === true) {
  1147. $this->$cr = $cr;
  1148. return $cr;
  1149. }
  1150. return false;
  1151. }
  1152. /**
  1153. * @return array
  1154. */
  1155. private function getDefaultLdapPortSettings() {
  1156. static $settings = array(
  1157. array('port' => 7636, 'tls' => false),
  1158. array('port' => 636, 'tls' => false),
  1159. array('port' => 7389, 'tls' => true),
  1160. array('port' => 389, 'tls' => true),
  1161. array('port' => 7389, 'tls' => false),
  1162. array('port' => 389, 'tls' => false),
  1163. );
  1164. return $settings;
  1165. }
  1166. /**
  1167. * @return array
  1168. */
  1169. private function getPortSettingsToTry() {
  1170. //389 ← LDAP / Unencrypted or StartTLS
  1171. //636 ← LDAPS / SSL
  1172. //7xxx ← UCS. need to be checked first, because both ports may be open
  1173. $host = $this->configuration->ldapHost;
  1174. $port = intval($this->configuration->ldapPort);
  1175. $portSettings = array();
  1176. //In case the port is already provided, we will check this first
  1177. if($port > 0) {
  1178. $hostInfo = parse_url($host);
  1179. if(!(is_array($hostInfo)
  1180. && isset($hostInfo['scheme'])
  1181. && stripos($hostInfo['scheme'], 'ldaps') !== false)) {
  1182. $portSettings[] = array('port' => $port, 'tls' => true);
  1183. }
  1184. $portSettings[] =array('port' => $port, 'tls' => false);
  1185. }
  1186. //default ports
  1187. $portSettings = array_merge($portSettings,
  1188. $this->getDefaultLdapPortSettings());
  1189. return $portSettings;
  1190. }
  1191. }