Configuration.php 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Alexander Bergolth <leo@strike.wu.ac.at>
  6. * @author Alex Weirig <alex.weirig@technolink.lu>
  7. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  8. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  9. * @author Joas Schilling <coding@schilljs.com>
  10. * @author Jörn Friedrich Dreyer <jfd@butonic.de>
  11. * @author Lennart Rosam <hello@takuto.de>
  12. * @author Lukas Reschke <lukas@statuscode.ch>
  13. * @author Marc Hefter <marchefter@march42.net>
  14. * @author Morris Jobke <hey@morrisjobke.de>
  15. * @author Robin McCorkell <robin@mccorkell.me.uk>
  16. * @author Roeland Jago Douma <roeland@famdouma.nl>
  17. * @author Roger Szabo <roger.szabo@web.de>
  18. * @author Victor Dubiniuk <dubiniuk@owncloud.com>
  19. * @author Xuanwo <xuanwo@yunify.com>
  20. *
  21. * @license AGPL-3.0
  22. *
  23. * This code is free software: you can redistribute it and/or modify
  24. * it under the terms of the GNU Affero General Public License, version 3,
  25. * as published by the Free Software Foundation.
  26. *
  27. * This program is distributed in the hope that it will be useful,
  28. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  29. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  30. * GNU Affero General Public License for more details.
  31. *
  32. * You should have received a copy of the GNU Affero General Public License, version 3,
  33. * along with this program. If not, see <http://www.gnu.org/licenses/>
  34. *
  35. */
  36. namespace OCA\User_LDAP;
  37. use Psr\Log\LoggerInterface;
  38. /**
  39. * @property int ldapPagingSize holds an integer
  40. * @property string ldapUserAvatarRule
  41. */
  42. class Configuration {
  43. public const AVATAR_PREFIX_DEFAULT = 'default';
  44. public const AVATAR_PREFIX_NONE = 'none';
  45. public const AVATAR_PREFIX_DATA_ATTRIBUTE = 'data:';
  46. public const LDAP_SERVER_FEATURE_UNKNOWN = 'unknown';
  47. public const LDAP_SERVER_FEATURE_AVAILABLE = 'available';
  48. public const LDAP_SERVER_FEATURE_UNAVAILABLE = 'unavailable';
  49. /**
  50. * @var string
  51. */
  52. protected $configPrefix;
  53. /**
  54. * @var bool
  55. */
  56. protected $configRead = false;
  57. /**
  58. * @var string[]
  59. */
  60. protected array $unsavedChanges = [];
  61. /**
  62. * @var array<string, mixed> settings
  63. */
  64. protected $config = [
  65. 'ldapHost' => null,
  66. 'ldapPort' => null,
  67. 'ldapBackupHost' => null,
  68. 'ldapBackupPort' => null,
  69. 'ldapBackgroundHost' => null,
  70. 'ldapBackgroundPort' => null,
  71. 'ldapBase' => null,
  72. 'ldapBaseUsers' => null,
  73. 'ldapBaseGroups' => null,
  74. 'ldapAgentName' => null,
  75. 'ldapAgentPassword' => null,
  76. 'ldapTLS' => null,
  77. 'turnOffCertCheck' => null,
  78. 'ldapIgnoreNamingRules' => null,
  79. 'ldapUserDisplayName' => null,
  80. 'ldapUserDisplayName2' => null,
  81. 'ldapUserAvatarRule' => null,
  82. 'ldapGidNumber' => null,
  83. 'ldapUserFilterObjectclass' => null,
  84. 'ldapUserFilterGroups' => null,
  85. 'ldapUserFilter' => null,
  86. 'ldapUserFilterMode' => null,
  87. 'ldapGroupFilter' => null,
  88. 'ldapGroupFilterMode' => null,
  89. 'ldapGroupFilterObjectclass' => null,
  90. 'ldapGroupFilterGroups' => null,
  91. 'ldapGroupDisplayName' => null,
  92. 'ldapGroupMemberAssocAttr' => null,
  93. 'ldapLoginFilter' => null,
  94. 'ldapLoginFilterMode' => null,
  95. 'ldapLoginFilterEmail' => null,
  96. 'ldapLoginFilterUsername' => null,
  97. 'ldapLoginFilterAttributes' => null,
  98. 'ldapQuotaAttribute' => null,
  99. 'ldapQuotaDefault' => null,
  100. 'ldapEmailAttribute' => null,
  101. 'ldapCacheTTL' => null,
  102. 'ldapUuidUserAttribute' => 'auto',
  103. 'ldapUuidGroupAttribute' => 'auto',
  104. 'ldapOverrideMainServer' => false,
  105. 'ldapConfigurationActive' => false,
  106. 'ldapAttributesForUserSearch' => null,
  107. 'ldapAttributesForGroupSearch' => null,
  108. 'ldapExperiencedAdmin' => false,
  109. 'homeFolderNamingRule' => null,
  110. 'hasMemberOfFilterSupport' => false,
  111. 'useMemberOfToDetectMembership' => true,
  112. 'ldapExpertUsernameAttr' => null,
  113. 'ldapExpertUUIDUserAttr' => null,
  114. 'ldapExpertUUIDGroupAttr' => null,
  115. 'markRemnantsAsDisabled' => false,
  116. 'lastJpegPhotoLookup' => null,
  117. 'ldapNestedGroups' => false,
  118. 'ldapPagingSize' => null,
  119. 'turnOnPasswordChange' => false,
  120. 'ldapDynamicGroupMemberURL' => null,
  121. 'ldapDefaultPPolicyDN' => null,
  122. 'ldapExtStorageHomeAttribute' => null,
  123. 'ldapMatchingRuleInChainState' => self::LDAP_SERVER_FEATURE_UNKNOWN,
  124. 'ldapConnectionTimeout' => 15,
  125. 'ldapAttributePhone' => null,
  126. 'ldapAttributeWebsite' => null,
  127. 'ldapAttributeAddress' => null,
  128. 'ldapAttributeTwitter' => null,
  129. 'ldapAttributeFediverse' => null,
  130. 'ldapAttributeOrganisation' => null,
  131. 'ldapAttributeRole' => null,
  132. 'ldapAttributeHeadline' => null,
  133. 'ldapAttributeBiography' => null,
  134. 'ldapAdminGroup' => '',
  135. ];
  136. public function __construct(string $configPrefix, bool $autoRead = true) {
  137. $this->configPrefix = $configPrefix;
  138. if ($autoRead) {
  139. $this->readConfiguration();
  140. }
  141. }
  142. /**
  143. * @param string $name
  144. * @return mixed|null
  145. */
  146. public function __get($name) {
  147. if (isset($this->config[$name])) {
  148. return $this->config[$name];
  149. }
  150. return null;
  151. }
  152. /**
  153. * @param string $name
  154. * @param mixed $value
  155. */
  156. public function __set($name, $value) {
  157. $this->setConfiguration([$name => $value]);
  158. }
  159. public function getConfiguration(): array {
  160. return $this->config;
  161. }
  162. /**
  163. * set LDAP configuration with values delivered by an array, not read
  164. * from configuration. It does not save the configuration! To do so, you
  165. * must call saveConfiguration afterwards.
  166. * @param array $config array that holds the config parameters in an associated
  167. * array
  168. * @param array &$applied optional; array where the set fields will be given to
  169. */
  170. public function setConfiguration(array $config, array &$applied = null): void {
  171. $cta = $this->getConfigTranslationArray();
  172. foreach ($config as $inputKey => $val) {
  173. if (str_contains($inputKey, '_') && array_key_exists($inputKey, $cta)) {
  174. $key = $cta[$inputKey];
  175. } elseif (array_key_exists($inputKey, $this->config)) {
  176. $key = $inputKey;
  177. } else {
  178. continue;
  179. }
  180. $setMethod = 'setValue';
  181. switch ($key) {
  182. case 'ldapAgentPassword':
  183. $setMethod = 'setRawValue';
  184. break;
  185. case 'homeFolderNamingRule':
  186. $trimmedVal = trim($val);
  187. if ($trimmedVal !== '' && !str_contains($val, 'attr:')) {
  188. $val = 'attr:'.$trimmedVal;
  189. }
  190. break;
  191. case 'ldapBase':
  192. case 'ldapBaseUsers':
  193. case 'ldapBaseGroups':
  194. case 'ldapAttributesForUserSearch':
  195. case 'ldapAttributesForGroupSearch':
  196. case 'ldapUserFilterObjectclass':
  197. case 'ldapUserFilterGroups':
  198. case 'ldapGroupFilterObjectclass':
  199. case 'ldapGroupFilterGroups':
  200. case 'ldapLoginFilterAttributes':
  201. $setMethod = 'setMultiLine';
  202. break;
  203. }
  204. $this->$setMethod($key, $val);
  205. if (is_array($applied)) {
  206. $applied[] = $inputKey;
  207. // storing key as index avoids duplication, and as value for simplicity
  208. }
  209. $this->unsavedChanges[$key] = $key;
  210. }
  211. }
  212. public function readConfiguration(): void {
  213. if (!$this->configRead) {
  214. $cta = array_flip($this->getConfigTranslationArray());
  215. foreach ($this->config as $key => $val) {
  216. if (!isset($cta[$key])) {
  217. //some are determined
  218. continue;
  219. }
  220. $dbKey = $cta[$key];
  221. switch ($key) {
  222. case 'ldapBase':
  223. case 'ldapBaseUsers':
  224. case 'ldapBaseGroups':
  225. case 'ldapAttributesForUserSearch':
  226. case 'ldapAttributesForGroupSearch':
  227. case 'ldapUserFilterObjectclass':
  228. case 'ldapUserFilterGroups':
  229. case 'ldapGroupFilterObjectclass':
  230. case 'ldapGroupFilterGroups':
  231. case 'ldapLoginFilterAttributes':
  232. $readMethod = 'getMultiLine';
  233. break;
  234. case 'ldapIgnoreNamingRules':
  235. $readMethod = 'getSystemValue';
  236. $dbKey = $key;
  237. break;
  238. case 'ldapAgentPassword':
  239. $readMethod = 'getPwd';
  240. break;
  241. case 'ldapUserDisplayName2':
  242. case 'ldapGroupDisplayName':
  243. $readMethod = 'getLcValue';
  244. break;
  245. case 'ldapUserDisplayName':
  246. default:
  247. // user display name does not lower case because
  248. // we rely on an upper case N as indicator whether to
  249. // auto-detect it or not. FIXME
  250. $readMethod = 'getValue';
  251. break;
  252. }
  253. $this->config[$key] = $this->$readMethod($dbKey);
  254. }
  255. $this->configRead = true;
  256. }
  257. }
  258. /**
  259. * saves the current config changes in the database
  260. */
  261. public function saveConfiguration(): void {
  262. $cta = array_flip($this->getConfigTranslationArray());
  263. $changed = false;
  264. foreach ($this->unsavedChanges as $key) {
  265. $value = $this->config[$key];
  266. switch ($key) {
  267. case 'ldapAgentPassword':
  268. $value = base64_encode($value);
  269. break;
  270. case 'ldapBase':
  271. case 'ldapBaseUsers':
  272. case 'ldapBaseGroups':
  273. case 'ldapAttributesForUserSearch':
  274. case 'ldapAttributesForGroupSearch':
  275. case 'ldapUserFilterObjectclass':
  276. case 'ldapUserFilterGroups':
  277. case 'ldapGroupFilterObjectclass':
  278. case 'ldapGroupFilterGroups':
  279. case 'ldapLoginFilterAttributes':
  280. if (is_array($value)) {
  281. $value = implode("\n", $value);
  282. }
  283. break;
  284. //following options are not stored but detected, skip them
  285. case 'ldapIgnoreNamingRules':
  286. case 'ldapUuidUserAttribute':
  287. case 'ldapUuidGroupAttribute':
  288. continue 2;
  289. }
  290. if (is_null($value)) {
  291. $value = '';
  292. }
  293. $changed = true;
  294. $this->saveValue($cta[$key], $value);
  295. }
  296. if ($changed) {
  297. $this->saveValue('_lastChange', (string)time());
  298. }
  299. $this->unsavedChanges = [];
  300. }
  301. /**
  302. * @param string $varName
  303. * @return array|string
  304. */
  305. protected function getMultiLine($varName) {
  306. $value = $this->getValue($varName);
  307. if (empty($value)) {
  308. $value = '';
  309. } else {
  310. $value = preg_split('/\r\n|\r|\n/', $value);
  311. }
  312. return $value;
  313. }
  314. /**
  315. * Sets multi-line values as arrays
  316. *
  317. * @param string $varName name of config-key
  318. * @param array|string $value to set
  319. */
  320. protected function setMultiLine(string $varName, $value): void {
  321. if (empty($value)) {
  322. $value = '';
  323. } elseif (!is_array($value)) {
  324. $value = preg_split('/\r\n|\r|\n|;/', $value);
  325. if ($value === false) {
  326. $value = '';
  327. }
  328. }
  329. if (!is_array($value)) {
  330. $finalValue = trim($value);
  331. } else {
  332. $finalValue = [];
  333. foreach ($value as $key => $val) {
  334. if (is_string($val)) {
  335. $val = trim($val);
  336. if ($val !== '') {
  337. //accidental line breaks are not wanted and can cause
  338. // odd behaviour. Thus, away with them.
  339. $finalValue[] = $val;
  340. }
  341. } else {
  342. $finalValue[] = $val;
  343. }
  344. }
  345. }
  346. $this->setRawValue($varName, $finalValue);
  347. }
  348. protected function getPwd(string $varName): string {
  349. return base64_decode($this->getValue($varName));
  350. }
  351. protected function getLcValue(string $varName): string {
  352. return mb_strtolower($this->getValue($varName), 'UTF-8');
  353. }
  354. protected function getSystemValue(string $varName): string {
  355. //FIXME: if another system value is added, softcode the default value
  356. return \OC::$server->getConfig()->getSystemValue($varName, false);
  357. }
  358. protected function getValue(string $varName): string {
  359. static $defaults;
  360. if (is_null($defaults)) {
  361. $defaults = $this->getDefaults();
  362. }
  363. return \OC::$server->getConfig()->getAppValue('user_ldap',
  364. $this->configPrefix.$varName,
  365. $defaults[$varName]);
  366. }
  367. /**
  368. * Sets a scalar value.
  369. *
  370. * @param string $varName name of config key
  371. * @param mixed $value to set
  372. */
  373. protected function setValue(string $varName, $value): void {
  374. if (is_string($value)) {
  375. $value = trim($value);
  376. }
  377. $this->config[$varName] = $value;
  378. }
  379. /**
  380. * Sets a scalar value without trimming.
  381. *
  382. * @param string $varName name of config key
  383. * @param mixed $value to set
  384. */
  385. protected function setRawValue(string $varName, $value): void {
  386. $this->config[$varName] = $value;
  387. }
  388. protected function saveValue(string $varName, string $value): bool {
  389. \OC::$server->getConfig()->setAppValue(
  390. 'user_ldap',
  391. $this->configPrefix.$varName,
  392. $value
  393. );
  394. return true;
  395. }
  396. /**
  397. * @return array an associative array with the default values. Keys are correspond
  398. * to config-value entries in the database table
  399. */
  400. public function getDefaults(): array {
  401. return [
  402. 'ldap_host' => '',
  403. 'ldap_port' => '',
  404. 'ldap_backup_host' => '',
  405. 'ldap_backup_port' => '',
  406. 'ldap_background_host' => '',
  407. 'ldap_background_port' => '',
  408. 'ldap_override_main_server' => '',
  409. 'ldap_dn' => '',
  410. 'ldap_agent_password' => '',
  411. 'ldap_base' => '',
  412. 'ldap_base_users' => '',
  413. 'ldap_base_groups' => '',
  414. 'ldap_userlist_filter' => '',
  415. 'ldap_user_filter_mode' => 0,
  416. 'ldap_userfilter_objectclass' => '',
  417. 'ldap_userfilter_groups' => '',
  418. 'ldap_login_filter' => '',
  419. 'ldap_login_filter_mode' => 0,
  420. 'ldap_loginfilter_email' => 0,
  421. 'ldap_loginfilter_username' => 1,
  422. 'ldap_loginfilter_attributes' => '',
  423. 'ldap_group_filter' => '',
  424. 'ldap_group_filter_mode' => 0,
  425. 'ldap_groupfilter_objectclass' => '',
  426. 'ldap_groupfilter_groups' => '',
  427. 'ldap_gid_number' => 'gidNumber',
  428. 'ldap_display_name' => 'displayName',
  429. 'ldap_user_display_name_2' => '',
  430. 'ldap_group_display_name' => 'cn',
  431. 'ldap_tls' => 0,
  432. 'ldap_quota_def' => '',
  433. 'ldap_quota_attr' => '',
  434. 'ldap_email_attr' => '',
  435. 'ldap_group_member_assoc_attribute' => '',
  436. 'ldap_cache_ttl' => 600,
  437. 'ldap_uuid_user_attribute' => 'auto',
  438. 'ldap_uuid_group_attribute' => 'auto',
  439. 'home_folder_naming_rule' => '',
  440. 'ldap_turn_off_cert_check' => 0,
  441. 'ldap_configuration_active' => 0,
  442. 'ldap_attributes_for_user_search' => '',
  443. 'ldap_attributes_for_group_search' => '',
  444. 'ldap_expert_username_attr' => '',
  445. 'ldap_expert_uuid_user_attr' => '',
  446. 'ldap_expert_uuid_group_attr' => '',
  447. 'has_memberof_filter_support' => 0,
  448. 'use_memberof_to_detect_membership' => 1,
  449. 'ldap_mark_remnants_as_disabled' => 0,
  450. 'last_jpegPhoto_lookup' => 0,
  451. 'ldap_nested_groups' => 0,
  452. 'ldap_paging_size' => 500,
  453. 'ldap_turn_on_pwd_change' => 0,
  454. 'ldap_experienced_admin' => 0,
  455. 'ldap_dynamic_group_member_url' => '',
  456. 'ldap_default_ppolicy_dn' => '',
  457. 'ldap_user_avatar_rule' => 'default',
  458. 'ldap_ext_storage_home_attribute' => '',
  459. 'ldap_matching_rule_in_chain_state' => self::LDAP_SERVER_FEATURE_UNKNOWN,
  460. 'ldap_connection_timeout' => 15,
  461. 'ldap_attr_phone' => '',
  462. 'ldap_attr_website' => '',
  463. 'ldap_attr_address' => '',
  464. 'ldap_attr_twitter' => '',
  465. 'ldap_attr_fediverse' => '',
  466. 'ldap_attr_organisation' => '',
  467. 'ldap_attr_role' => '',
  468. 'ldap_attr_headline' => '',
  469. 'ldap_attr_biography' => '',
  470. 'ldap_admin_group' => '',
  471. ];
  472. }
  473. /**
  474. * @return array that maps internal variable names to database fields
  475. */
  476. public function getConfigTranslationArray(): array {
  477. //TODO: merge them into one representation
  478. static $array = [
  479. 'ldap_host' => 'ldapHost',
  480. 'ldap_port' => 'ldapPort',
  481. 'ldap_backup_host' => 'ldapBackupHost',
  482. 'ldap_backup_port' => 'ldapBackupPort',
  483. 'ldap_background_host' => 'ldapBackgroundHost',
  484. 'ldap_background_port' => 'ldapBackgroundPort',
  485. 'ldap_override_main_server' => 'ldapOverrideMainServer',
  486. 'ldap_dn' => 'ldapAgentName',
  487. 'ldap_agent_password' => 'ldapAgentPassword',
  488. 'ldap_base' => 'ldapBase',
  489. 'ldap_base_users' => 'ldapBaseUsers',
  490. 'ldap_base_groups' => 'ldapBaseGroups',
  491. 'ldap_userfilter_objectclass' => 'ldapUserFilterObjectclass',
  492. 'ldap_userfilter_groups' => 'ldapUserFilterGroups',
  493. 'ldap_userlist_filter' => 'ldapUserFilter',
  494. 'ldap_user_filter_mode' => 'ldapUserFilterMode',
  495. 'ldap_user_avatar_rule' => 'ldapUserAvatarRule',
  496. 'ldap_login_filter' => 'ldapLoginFilter',
  497. 'ldap_login_filter_mode' => 'ldapLoginFilterMode',
  498. 'ldap_loginfilter_email' => 'ldapLoginFilterEmail',
  499. 'ldap_loginfilter_username' => 'ldapLoginFilterUsername',
  500. 'ldap_loginfilter_attributes' => 'ldapLoginFilterAttributes',
  501. 'ldap_group_filter' => 'ldapGroupFilter',
  502. 'ldap_group_filter_mode' => 'ldapGroupFilterMode',
  503. 'ldap_groupfilter_objectclass' => 'ldapGroupFilterObjectclass',
  504. 'ldap_groupfilter_groups' => 'ldapGroupFilterGroups',
  505. 'ldap_gid_number' => 'ldapGidNumber',
  506. 'ldap_display_name' => 'ldapUserDisplayName',
  507. 'ldap_user_display_name_2' => 'ldapUserDisplayName2',
  508. 'ldap_group_display_name' => 'ldapGroupDisplayName',
  509. 'ldap_tls' => 'ldapTLS',
  510. 'ldap_quota_def' => 'ldapQuotaDefault',
  511. 'ldap_quota_attr' => 'ldapQuotaAttribute',
  512. 'ldap_email_attr' => 'ldapEmailAttribute',
  513. 'ldap_group_member_assoc_attribute' => 'ldapGroupMemberAssocAttr',
  514. 'ldap_cache_ttl' => 'ldapCacheTTL',
  515. 'home_folder_naming_rule' => 'homeFolderNamingRule',
  516. 'ldap_turn_off_cert_check' => 'turnOffCertCheck',
  517. 'ldap_configuration_active' => 'ldapConfigurationActive',
  518. 'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch',
  519. 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch',
  520. 'ldap_expert_username_attr' => 'ldapExpertUsernameAttr',
  521. 'ldap_expert_uuid_user_attr' => 'ldapExpertUUIDUserAttr',
  522. 'ldap_expert_uuid_group_attr' => 'ldapExpertUUIDGroupAttr',
  523. 'has_memberof_filter_support' => 'hasMemberOfFilterSupport',
  524. 'use_memberof_to_detect_membership' => 'useMemberOfToDetectMembership',
  525. 'ldap_mark_remnants_as_disabled' => 'markRemnantsAsDisabled',
  526. 'last_jpegPhoto_lookup' => 'lastJpegPhotoLookup',
  527. 'ldap_nested_groups' => 'ldapNestedGroups',
  528. 'ldap_paging_size' => 'ldapPagingSize',
  529. 'ldap_turn_on_pwd_change' => 'turnOnPasswordChange',
  530. 'ldap_experienced_admin' => 'ldapExperiencedAdmin',
  531. 'ldap_dynamic_group_member_url' => 'ldapDynamicGroupMemberURL',
  532. 'ldap_default_ppolicy_dn' => 'ldapDefaultPPolicyDN',
  533. 'ldap_ext_storage_home_attribute' => 'ldapExtStorageHomeAttribute',
  534. 'ldap_matching_rule_in_chain_state' => 'ldapMatchingRuleInChainState',
  535. 'ldapIgnoreNamingRules' => 'ldapIgnoreNamingRules', // sysconfig
  536. 'ldap_connection_timeout' => 'ldapConnectionTimeout',
  537. 'ldap_attr_phone' => 'ldapAttributePhone',
  538. 'ldap_attr_website' => 'ldapAttributeWebsite',
  539. 'ldap_attr_address' => 'ldapAttributeAddress',
  540. 'ldap_attr_twitter' => 'ldapAttributeTwitter',
  541. 'ldap_attr_fediverse' => 'ldapAttributeFediverse',
  542. 'ldap_attr_organisation' => 'ldapAttributeOrganisation',
  543. 'ldap_attr_role' => 'ldapAttributeRole',
  544. 'ldap_attr_headline' => 'ldapAttributeHeadline',
  545. 'ldap_attr_biography' => 'ldapAttributeBiography',
  546. 'ldap_admin_group' => 'ldapAdminGroup',
  547. ];
  548. return $array;
  549. }
  550. /**
  551. * @throws \RuntimeException
  552. */
  553. public function resolveRule(string $rule): array {
  554. if ($rule === 'avatar') {
  555. return $this->getAvatarAttributes();
  556. }
  557. throw new \RuntimeException('Invalid rule');
  558. }
  559. public function getAvatarAttributes(): array {
  560. $value = $this->ldapUserAvatarRule ?: self::AVATAR_PREFIX_DEFAULT;
  561. $defaultAttributes = ['jpegphoto', 'thumbnailphoto'];
  562. if ($value === self::AVATAR_PREFIX_NONE) {
  563. return [];
  564. }
  565. if (str_starts_with($value, self::AVATAR_PREFIX_DATA_ATTRIBUTE)) {
  566. $attribute = trim(substr($value, strlen(self::AVATAR_PREFIX_DATA_ATTRIBUTE)));
  567. if ($attribute === '') {
  568. return $defaultAttributes;
  569. }
  570. return [strtolower($attribute)];
  571. }
  572. if ($value !== self::AVATAR_PREFIX_DEFAULT) {
  573. \OCP\Server::get(LoggerInterface::class)->warning('Invalid config value to ldapUserAvatarRule; falling back to default.');
  574. }
  575. return $defaultAttributes;
  576. }
  577. /**
  578. * Returns TRUE if the ldapHost variable starts with 'ldapi://'
  579. */
  580. public function usesLdapi(): bool {
  581. $host = $this->config['ldapHost'];
  582. return is_string($host) && (substr($host, 0, strlen('ldapi://')) === 'ldapi://');
  583. }
  584. }