testConfiguration.php 3.3 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  6. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  7. * @author Joas Schilling <coding@schilljs.com>
  8. * @author Juan Pablo Villafáñez <jvillafanez@solidgear.es>
  9. * @author Robin Appelman <robin@icewind.nl>
  10. * @author Roeland Jago Douma <roeland@famdouma.nl>
  11. * @author Thomas Müller <thomas.mueller@tmit.eu>
  12. *
  13. * @license AGPL-3.0
  14. *
  15. * This code is free software: you can redistribute it and/or modify
  16. * it under the terms of the GNU Affero General Public License, version 3,
  17. * as published by the Free Software Foundation.
  18. *
  19. * This program is distributed in the hope that it will be useful,
  20. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  21. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  22. * GNU Affero General Public License for more details.
  23. *
  24. * You should have received a copy of the GNU Affero General Public License, version 3,
  25. * along with this program. If not, see <http://www.gnu.org/licenses/>
  26. *
  27. */
  28. // Check user and app status
  29. \OC_JSON::checkAdminUser();
  30. \OC_JSON::checkAppEnabled('user_ldap');
  31. \OC_JSON::callCheck();
  32. $l = \OC::$server->getL10N('user_ldap');
  33. $ldapWrapper = new OCA\User_LDAP\LDAP();
  34. $connection = new \OCA\User_LDAP\Connection($ldapWrapper, $_POST['ldap_serverconfig_chooser']);
  35. try {
  36. $configurationOk = true;
  37. $conf = $connection->getConfiguration();
  38. if ($conf['ldap_configuration_active'] === '0') {
  39. //needs to be true, otherwise it will also fail with an irritating message
  40. $conf['ldap_configuration_active'] = '1';
  41. $configurationOk = $connection->setConfiguration($conf);
  42. }
  43. if ($configurationOk) {
  44. //Configuration is okay
  45. /*
  46. * Clossing the session since it won't be used from this point on. There might be a potential
  47. * race condition if a second request is made: either this request or the other might not
  48. * contact the LDAP backup server the first time when it should, but there shouldn't be any
  49. * problem with that other than the extra connection.
  50. */
  51. \OC::$server->getSession()->close();
  52. if ($connection->bind()) {
  53. /*
  54. * This shiny if block is an ugly hack to find out whether anonymous
  55. * bind is possible on AD or not. Because AD happily and constantly
  56. * replies with success to any anonymous bind request, we need to
  57. * fire up a broken operation. If AD does not allow anonymous bind,
  58. * it will end up with LDAP error code 1 which is turned into an
  59. * exception by the LDAP wrapper. We catch this. Other cases may
  60. * pass (like e.g. expected syntax error).
  61. */
  62. try {
  63. $ldapWrapper->read($connection->getConnectionResource(), '', 'objectClass=*', ['dn']);
  64. } catch (\Exception $e) {
  65. if ($e->getCode() === 1) {
  66. \OC_JSON::error(['message' => $l->t('Invalid configuration: Anonymous binding is not allowed.')]);
  67. exit;
  68. }
  69. }
  70. \OC_JSON::success(['message'
  71. => $l->t('Valid configuration, connection established!')]);
  72. } else {
  73. \OC_JSON::error(['message'
  74. => $l->t('Valid configuration, but binding failed. Please check the server settings and credentials.')]);
  75. }
  76. } else {
  77. \OC_JSON::error(['message'
  78. => $l->t('Invalid configuration. Please have a look at the logs for further details.')]);
  79. }
  80. } catch (\Exception $e) {
  81. \OC_JSON::error(['message' => $e->getMessage()]);
  82. }