1
0

User_LDAP.php 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  6. * @author Bart Visscher <bartv@thisnet.nl>
  7. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  8. * @author Daniel Kesselberg <mail@danielkesselberg.de>
  9. * @author Dominik Schmidt <dev@dominik-schmidt.de>
  10. * @author felixboehm <felix@webhippie.de>
  11. * @author Joas Schilling <coding@schilljs.com>
  12. * @author Jörn Friedrich Dreyer <jfd@butonic.de>
  13. * @author Lukas Reschke <lukas@statuscode.ch>
  14. * @author Morris Jobke <hey@morrisjobke.de>
  15. * @author Robin Appelman <robin@icewind.nl>
  16. * @author Robin McCorkell <robin@mccorkell.me.uk>
  17. * @author Roger Szabo <roger.szabo@web.de>
  18. * @author root <root@localhost.localdomain>
  19. * @author Thomas Müller <thomas.mueller@tmit.eu>
  20. * @author Tom Needham <tom@owncloud.com>
  21. * @author Victor Dubiniuk <dubiniuk@owncloud.com>
  22. * @author Vinicius Cubas Brand <vinicius@eita.org.br>
  23. *
  24. * @license AGPL-3.0
  25. *
  26. * This code is free software: you can redistribute it and/or modify
  27. * it under the terms of the GNU Affero General Public License, version 3,
  28. * as published by the Free Software Foundation.
  29. *
  30. * This program is distributed in the hope that it will be useful,
  31. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  32. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  33. * GNU Affero General Public License for more details.
  34. *
  35. * You should have received a copy of the GNU Affero General Public License, version 3,
  36. * along with this program. If not, see <http://www.gnu.org/licenses/>
  37. *
  38. */
  39. namespace OCA\User_LDAP;
  40. use OC\ServerNotAvailableException;
  41. use OC\User\Backend;
  42. use OC\User\NoUserException;
  43. use OCA\User_LDAP\Exceptions\NotOnLDAP;
  44. use OCA\User_LDAP\User\OfflineUser;
  45. use OCA\User_LDAP\User\User;
  46. use OCP\IConfig;
  47. use OCP\IUserBackend;
  48. use OCP\IUserSession;
  49. use OCP\Notification\IManager as INotificationManager;
  50. use OCP\User\Backend\ICountMappedUsersBackend;
  51. use OCP\User\Backend\ICountUsersBackend;
  52. use OCP\UserInterface;
  53. use Psr\Log\LoggerInterface;
  54. class User_LDAP extends BackendUtility implements IUserBackend, UserInterface, IUserLDAP, ICountUsersBackend, ICountMappedUsersBackend {
  55. /** @var \OCP\IConfig */
  56. protected $ocConfig;
  57. /** @var INotificationManager */
  58. protected $notificationManager;
  59. /** @var UserPluginManager */
  60. protected $userPluginManager;
  61. /** @var LoggerInterface */
  62. protected $logger;
  63. /**
  64. * @param Access $access
  65. * @param \OCP\IConfig $ocConfig
  66. * @param \OCP\Notification\IManager $notificationManager
  67. * @param IUserSession $userSession
  68. */
  69. public function __construct(Access $access, IConfig $ocConfig, INotificationManager $notificationManager, IUserSession $userSession, UserPluginManager $userPluginManager) {
  70. parent::__construct($access);
  71. $this->ocConfig = $ocConfig;
  72. $this->notificationManager = $notificationManager;
  73. $this->userPluginManager = $userPluginManager;
  74. $this->logger = \OC::$server->get(LoggerInterface::class);
  75. }
  76. /**
  77. * checks whether the user is allowed to change his avatar in Nextcloud
  78. *
  79. * @param string $uid the Nextcloud user name
  80. * @return boolean either the user can or cannot
  81. * @throws \Exception
  82. */
  83. public function canChangeAvatar($uid) {
  84. if ($this->userPluginManager->implementsActions(Backend::PROVIDE_AVATAR)) {
  85. return $this->userPluginManager->canChangeAvatar($uid);
  86. }
  87. if (!$this->implementsActions(Backend::PROVIDE_AVATAR)) {
  88. return true;
  89. }
  90. $user = $this->access->userManager->get($uid);
  91. if (!$user instanceof User) {
  92. return false;
  93. }
  94. $imageData = $user->getAvatarImage();
  95. if ($imageData === false) {
  96. return true;
  97. }
  98. return !$user->updateAvatar(true);
  99. }
  100. /**
  101. * Return the username for the given login name, if available
  102. *
  103. * @param string $loginName
  104. * @return string|false
  105. * @throws \Exception
  106. */
  107. public function loginName2UserName($loginName) {
  108. $cacheKey = 'loginName2UserName-' . $loginName;
  109. $username = $this->access->connection->getFromCache($cacheKey);
  110. if ($username !== null) {
  111. return $username;
  112. }
  113. try {
  114. $ldapRecord = $this->getLDAPUserByLoginName($loginName);
  115. $user = $this->access->userManager->get($ldapRecord['dn'][0]);
  116. if ($user === null || $user instanceof OfflineUser) {
  117. // this path is not really possible, however get() is documented
  118. // to return User, OfflineUser or null so we are very defensive here.
  119. $this->access->connection->writeToCache($cacheKey, false);
  120. return false;
  121. }
  122. $username = $user->getUsername();
  123. $this->access->connection->writeToCache($cacheKey, $username);
  124. return $username;
  125. } catch (NotOnLDAP $e) {
  126. $this->access->connection->writeToCache($cacheKey, false);
  127. return false;
  128. }
  129. }
  130. /**
  131. * returns the username for the given LDAP DN, if available
  132. *
  133. * @param string $dn
  134. * @return string|false with the username
  135. */
  136. public function dn2UserName($dn) {
  137. return $this->access->dn2username($dn);
  138. }
  139. /**
  140. * returns an LDAP record based on a given login name
  141. *
  142. * @param string $loginName
  143. * @return array
  144. * @throws NotOnLDAP
  145. */
  146. public function getLDAPUserByLoginName($loginName) {
  147. //find out dn of the user name
  148. $attrs = $this->access->userManager->getAttributes();
  149. $users = $this->access->fetchUsersByLoginName($loginName, $attrs);
  150. if (count($users) < 1) {
  151. throw new NotOnLDAP('No user available for the given login name on ' .
  152. $this->access->connection->ldapHost . ':' . $this->access->connection->ldapPort);
  153. }
  154. return $users[0];
  155. }
  156. /**
  157. * Check if the password is correct without logging in the user
  158. *
  159. * @param string $uid The username
  160. * @param string $password The password
  161. * @return false|string
  162. */
  163. public function checkPassword($uid, $password) {
  164. try {
  165. $ldapRecord = $this->getLDAPUserByLoginName($uid);
  166. } catch (NotOnLDAP $e) {
  167. $this->logger->debug(
  168. $e->getMessage(),
  169. ['app' => 'user_ldap', 'exception' => $e]
  170. );
  171. return false;
  172. }
  173. $dn = $ldapRecord['dn'][0];
  174. $user = $this->access->userManager->get($dn);
  175. if (!$user instanceof User) {
  176. $this->logger->warning(
  177. 'LDAP Login: Could not get user object for DN ' . $dn .
  178. '. Maybe the LDAP entry has no set display name attribute?',
  179. ['app' => 'user_ldap']
  180. );
  181. return false;
  182. }
  183. if ($user->getUsername() !== false) {
  184. //are the credentials OK?
  185. if (!$this->access->areCredentialsValid($dn, $password)) {
  186. return false;
  187. }
  188. $this->access->cacheUserExists($user->getUsername());
  189. $user->processAttributes($ldapRecord);
  190. $user->markLogin();
  191. return $user->getUsername();
  192. }
  193. return false;
  194. }
  195. /**
  196. * Set password
  197. * @param string $uid The username
  198. * @param string $password The new password
  199. * @return bool
  200. */
  201. public function setPassword($uid, $password) {
  202. if ($this->userPluginManager->implementsActions(Backend::SET_PASSWORD)) {
  203. return $this->userPluginManager->setPassword($uid, $password);
  204. }
  205. $user = $this->access->userManager->get($uid);
  206. if (!$user instanceof User) {
  207. throw new \Exception('LDAP setPassword: Could not get user object for uid ' . $uid .
  208. '. Maybe the LDAP entry has no set display name attribute?');
  209. }
  210. if ($user->getUsername() !== false && $this->access->setPassword($user->getDN(), $password)) {
  211. $ldapDefaultPPolicyDN = $this->access->connection->ldapDefaultPPolicyDN;
  212. $turnOnPasswordChange = $this->access->connection->turnOnPasswordChange;
  213. if (!empty($ldapDefaultPPolicyDN) && ((int)$turnOnPasswordChange === 1)) {
  214. //remove last password expiry warning if any
  215. $notification = $this->notificationManager->createNotification();
  216. $notification->setApp('user_ldap')
  217. ->setUser($uid)
  218. ->setObject('pwd_exp_warn', $uid)
  219. ;
  220. $this->notificationManager->markProcessed($notification);
  221. }
  222. return true;
  223. }
  224. return false;
  225. }
  226. /**
  227. * Get a list of all users
  228. *
  229. * @param string $search
  230. * @param integer $limit
  231. * @param integer $offset
  232. * @return string[] an array of all uids
  233. */
  234. public function getUsers($search = '', $limit = 10, $offset = 0) {
  235. $search = $this->access->escapeFilterPart($search, true);
  236. $cachekey = 'getUsers-'.$search.'-'.$limit.'-'.$offset;
  237. //check if users are cached, if so return
  238. $ldap_users = $this->access->connection->getFromCache($cachekey);
  239. if (!is_null($ldap_users)) {
  240. return $ldap_users;
  241. }
  242. // if we'd pass -1 to LDAP search, we'd end up in a Protocol
  243. // error. With a limit of 0, we get 0 results. So we pass null.
  244. if ($limit <= 0) {
  245. $limit = null;
  246. }
  247. $filter = $this->access->combineFilterWithAnd([
  248. $this->access->connection->ldapUserFilter,
  249. $this->access->connection->ldapUserDisplayName . '=*',
  250. $this->access->getFilterPartForUserSearch($search)
  251. ]);
  252. $this->logger->debug(
  253. 'getUsers: Options: search '.$search.' limit '.$limit.' offset '.$offset.' Filter: '.$filter,
  254. ['app' => 'user_ldap']
  255. );
  256. //do the search and translate results to Nextcloud names
  257. $ldap_users = $this->access->fetchListOfUsers(
  258. $filter,
  259. $this->access->userManager->getAttributes(true),
  260. $limit, $offset);
  261. $ldap_users = $this->access->nextcloudUserNames($ldap_users);
  262. $this->logger->debug(
  263. 'getUsers: '.count($ldap_users). ' Users found',
  264. ['app' => 'user_ldap']
  265. );
  266. $this->access->connection->writeToCache($cachekey, $ldap_users);
  267. return $ldap_users;
  268. }
  269. /**
  270. * checks whether a user is still available on LDAP
  271. *
  272. * @param string|\OCA\User_LDAP\User\User $user either the Nextcloud user
  273. * name or an instance of that user
  274. * @throws \Exception
  275. * @throws \OC\ServerNotAvailableException
  276. */
  277. public function userExistsOnLDAP($user, bool $ignoreCache = false): bool {
  278. if (is_string($user)) {
  279. $user = $this->access->userManager->get($user);
  280. }
  281. if (is_null($user)) {
  282. return false;
  283. }
  284. $uid = $user instanceof User ? $user->getUsername() : $user->getOCName();
  285. $cacheKey = 'userExistsOnLDAP' . $uid;
  286. if (!$ignoreCache) {
  287. $userExists = $this->access->connection->getFromCache($cacheKey);
  288. if (!is_null($userExists)) {
  289. return (bool)$userExists;
  290. }
  291. }
  292. $dn = $user->getDN();
  293. //check if user really still exists by reading its entry
  294. if (!is_array($this->access->readAttribute($dn, '', $this->access->connection->ldapUserFilter))) {
  295. try {
  296. $uuid = $this->access->getUserMapper()->getUUIDByDN($dn);
  297. if (!$uuid) {
  298. $this->access->connection->writeToCache($cacheKey, false);
  299. return false;
  300. }
  301. $newDn = $this->access->getUserDnByUuid($uuid);
  302. //check if renamed user is still valid by reapplying the ldap filter
  303. if ($newDn === $dn || !is_array($this->access->readAttribute($newDn, '', $this->access->connection->ldapUserFilter))) {
  304. $this->access->connection->writeToCache($cacheKey, false);
  305. return false;
  306. }
  307. $this->access->getUserMapper()->setDNbyUUID($newDn, $uuid);
  308. $this->access->connection->writeToCache($cacheKey, true);
  309. return true;
  310. } catch (ServerNotAvailableException $e) {
  311. throw $e;
  312. } catch (\Exception $e) {
  313. $this->access->connection->writeToCache($cacheKey, false);
  314. return false;
  315. }
  316. }
  317. if ($user instanceof OfflineUser) {
  318. $user->unmark();
  319. }
  320. $this->access->connection->writeToCache($cacheKey, true);
  321. return true;
  322. }
  323. /**
  324. * check if a user exists
  325. * @param string $uid the username
  326. * @return boolean
  327. * @throws \Exception when connection could not be established
  328. */
  329. public function userExists($uid) {
  330. $userExists = $this->access->connection->getFromCache('userExists'.$uid);
  331. if (!is_null($userExists)) {
  332. return (bool)$userExists;
  333. }
  334. //getting dn, if false the user does not exist. If dn, he may be mapped only, requires more checking.
  335. $user = $this->access->userManager->get($uid);
  336. if (is_null($user)) {
  337. $this->logger->debug(
  338. 'No DN found for '.$uid.' on '.$this->access->connection->ldapHost,
  339. ['app' => 'user_ldap']
  340. );
  341. $this->access->connection->writeToCache('userExists'.$uid, false);
  342. return false;
  343. }
  344. $this->access->connection->writeToCache('userExists'.$uid, true);
  345. return true;
  346. }
  347. /**
  348. * returns whether a user was deleted in LDAP
  349. *
  350. * @param string $uid The username of the user to delete
  351. * @return bool
  352. */
  353. public function deleteUser($uid) {
  354. if ($this->userPluginManager->canDeleteUser()) {
  355. $status = $this->userPluginManager->deleteUser($uid);
  356. if ($status === false) {
  357. return false;
  358. }
  359. }
  360. $marked = (int)$this->ocConfig->getUserValue($uid, 'user_ldap', 'isDeleted', 0);
  361. if ($marked === 0) {
  362. try {
  363. $user = $this->access->userManager->get($uid);
  364. if (($user instanceof User) && !$this->userExistsOnLDAP($uid, true)) {
  365. $user->markUser();
  366. $marked = 1;
  367. }
  368. } catch (\Exception $e) {
  369. $this->logger->debug(
  370. $e->getMessage(),
  371. ['app' => 'user_ldap', 'exception' => $e]
  372. );
  373. }
  374. if ($marked === 0) {
  375. $this->logger->notice(
  376. 'User '.$uid . ' is not marked as deleted, not cleaning up.',
  377. ['app' => 'user_ldap']
  378. );
  379. return false;
  380. }
  381. }
  382. $this->logger->info('Cleaning up after user ' . $uid,
  383. ['app' => 'user_ldap']);
  384. $this->access->getUserMapper()->unmap($uid); // we don't emit unassign signals here, since it is implicit to delete signals fired from core
  385. $this->access->userManager->invalidate($uid);
  386. $this->access->connection->clearCache();
  387. return true;
  388. }
  389. /**
  390. * get the user's home directory
  391. *
  392. * @param string $uid the username
  393. * @return bool|string
  394. * @throws NoUserException
  395. * @throws \Exception
  396. */
  397. public function getHome($uid) {
  398. // user Exists check required as it is not done in user proxy!
  399. if (!$this->userExists($uid)) {
  400. return false;
  401. }
  402. if ($this->userPluginManager->implementsActions(Backend::GET_HOME)) {
  403. return $this->userPluginManager->getHome($uid);
  404. }
  405. $cacheKey = 'getHome'.$uid;
  406. $path = $this->access->connection->getFromCache($cacheKey);
  407. if (!is_null($path)) {
  408. return $path;
  409. }
  410. // early return path if it is a deleted user
  411. $user = $this->access->userManager->get($uid);
  412. if ($user instanceof User || $user instanceof OfflineUser) {
  413. $path = $user->getHomePath() ?: false;
  414. } else {
  415. throw new NoUserException($uid . ' is not a valid user anymore');
  416. }
  417. $this->access->cacheUserHome($uid, $path);
  418. return $path;
  419. }
  420. /**
  421. * get display name of the user
  422. * @param string $uid user ID of the user
  423. * @return string|false display name
  424. */
  425. public function getDisplayName($uid) {
  426. if ($this->userPluginManager->implementsActions(Backend::GET_DISPLAYNAME)) {
  427. return $this->userPluginManager->getDisplayName($uid);
  428. }
  429. if (!$this->userExists($uid)) {
  430. return false;
  431. }
  432. $cacheKey = 'getDisplayName'.$uid;
  433. if (!is_null($displayName = $this->access->connection->getFromCache($cacheKey))) {
  434. return $displayName;
  435. }
  436. //Check whether the display name is configured to have a 2nd feature
  437. $additionalAttribute = $this->access->connection->ldapUserDisplayName2;
  438. $displayName2 = '';
  439. if ($additionalAttribute !== '') {
  440. $displayName2 = $this->access->readAttribute(
  441. $this->access->username2dn($uid),
  442. $additionalAttribute);
  443. }
  444. $displayName = $this->access->readAttribute(
  445. $this->access->username2dn($uid),
  446. $this->access->connection->ldapUserDisplayName);
  447. if ($displayName && (count($displayName) > 0)) {
  448. $displayName = $displayName[0];
  449. if (is_array($displayName2)) {
  450. $displayName2 = count($displayName2) > 0 ? $displayName2[0] : '';
  451. }
  452. $user = $this->access->userManager->get($uid);
  453. if ($user instanceof User) {
  454. $displayName = $user->composeAndStoreDisplayName($displayName, $displayName2);
  455. $this->access->connection->writeToCache($cacheKey, $displayName);
  456. }
  457. if ($user instanceof OfflineUser) {
  458. /** @var OfflineUser $user*/
  459. $displayName = $user->getDisplayName();
  460. }
  461. return $displayName;
  462. }
  463. return null;
  464. }
  465. /**
  466. * set display name of the user
  467. * @param string $uid user ID of the user
  468. * @param string $displayName new display name of the user
  469. * @return string|false display name
  470. */
  471. public function setDisplayName($uid, $displayName) {
  472. if ($this->userPluginManager->implementsActions(Backend::SET_DISPLAYNAME)) {
  473. $this->userPluginManager->setDisplayName($uid, $displayName);
  474. $this->access->cacheUserDisplayName($uid, $displayName);
  475. return $displayName;
  476. }
  477. return false;
  478. }
  479. /**
  480. * Get a list of all display names
  481. *
  482. * @param string $search
  483. * @param int|null $limit
  484. * @param int|null $offset
  485. * @return array an array of all displayNames (value) and the corresponding uids (key)
  486. */
  487. public function getDisplayNames($search = '', $limit = null, $offset = null) {
  488. $cacheKey = 'getDisplayNames-'.$search.'-'.$limit.'-'.$offset;
  489. if (!is_null($displayNames = $this->access->connection->getFromCache($cacheKey))) {
  490. return $displayNames;
  491. }
  492. $displayNames = [];
  493. $users = $this->getUsers($search, $limit, $offset);
  494. foreach ($users as $user) {
  495. $displayNames[$user] = $this->getDisplayName($user);
  496. }
  497. $this->access->connection->writeToCache($cacheKey, $displayNames);
  498. return $displayNames;
  499. }
  500. /**
  501. * Check if backend implements actions
  502. * @param int $actions bitwise-or'ed actions
  503. * @return boolean
  504. *
  505. * Returns the supported actions as int to be
  506. * compared with \OC\User\Backend::CREATE_USER etc.
  507. */
  508. public function implementsActions($actions) {
  509. return (bool)((Backend::CHECK_PASSWORD
  510. | Backend::GET_HOME
  511. | Backend::GET_DISPLAYNAME
  512. | (($this->access->connection->ldapUserAvatarRule !== 'none') ? Backend::PROVIDE_AVATAR : 0)
  513. | Backend::COUNT_USERS
  514. | (((int)$this->access->connection->turnOnPasswordChange === 1)? Backend::SET_PASSWORD :0)
  515. | $this->userPluginManager->getImplementedActions())
  516. & $actions);
  517. }
  518. /**
  519. * @return bool
  520. */
  521. public function hasUserListings() {
  522. return true;
  523. }
  524. /**
  525. * counts the users in LDAP
  526. *
  527. * @return int|false
  528. */
  529. public function countUsers() {
  530. if ($this->userPluginManager->implementsActions(Backend::COUNT_USERS)) {
  531. return $this->userPluginManager->countUsers();
  532. }
  533. $filter = $this->access->getFilterForUserCount();
  534. $cacheKey = 'countUsers-'.$filter;
  535. if (!is_null($entries = $this->access->connection->getFromCache($cacheKey))) {
  536. return $entries;
  537. }
  538. $entries = $this->access->countUsers($filter);
  539. $this->access->connection->writeToCache($cacheKey, $entries);
  540. return $entries;
  541. }
  542. public function countMappedUsers(): int {
  543. return $this->access->getUserMapper()->count();
  544. }
  545. /**
  546. * Backend name to be shown in user management
  547. * @return string the name of the backend to be shown
  548. */
  549. public function getBackendName() {
  550. return 'LDAP';
  551. }
  552. /**
  553. * Return access for LDAP interaction.
  554. * @param string $uid
  555. * @return Access instance of Access for LDAP interaction
  556. */
  557. public function getLDAPAccess($uid) {
  558. return $this->access;
  559. }
  560. /**
  561. * Return LDAP connection resource from a cloned connection.
  562. * The cloned connection needs to be closed manually.
  563. * of the current access.
  564. * @param string $uid
  565. * @return resource|\LDAP\Connection The LDAP connection
  566. */
  567. public function getNewLDAPConnection($uid) {
  568. $connection = clone $this->access->getConnection();
  569. return $connection->getConnectionResource();
  570. }
  571. /**
  572. * create new user
  573. * @param string $username username of the new user
  574. * @param string $password password of the new user
  575. * @throws \UnexpectedValueException
  576. * @return bool
  577. */
  578. public function createUser($username, $password) {
  579. if ($this->userPluginManager->implementsActions(Backend::CREATE_USER)) {
  580. if ($dn = $this->userPluginManager->createUser($username, $password)) {
  581. if (is_string($dn)) {
  582. // the NC user creation work flow requires a know user id up front
  583. $uuid = $this->access->getUUID($dn, true);
  584. if (is_string($uuid)) {
  585. $this->access->mapAndAnnounceIfApplicable(
  586. $this->access->getUserMapper(),
  587. $dn,
  588. $username,
  589. $uuid,
  590. true
  591. );
  592. $this->access->cacheUserExists($username);
  593. } else {
  594. $this->logger->warning(
  595. 'Failed to map created LDAP user with userid {userid}, because UUID could not be determined',
  596. [
  597. 'app' => 'user_ldap',
  598. 'userid' => $username,
  599. ]
  600. );
  601. }
  602. } else {
  603. throw new \UnexpectedValueException("LDAP Plugin: Method createUser changed to return the user DN instead of boolean.");
  604. }
  605. }
  606. return (bool) $dn;
  607. }
  608. return false;
  609. }
  610. }