1
0

Configuration.php 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Alexander Bergolth <leo@strike.wu.ac.at>
  6. * @author Alex Weirig <alex.weirig@technolink.lu>
  7. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  8. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  9. * @author Joas Schilling <coding@schilljs.com>
  10. * @author Jörn Friedrich Dreyer <jfd@butonic.de>
  11. * @author Lennart Rosam <hello@takuto.de>
  12. * @author Lukas Reschke <lukas@statuscode.ch>
  13. * @author Marc Hefter <marchefter@march42.net>
  14. * @author Morris Jobke <hey@morrisjobke.de>
  15. * @author Robin McCorkell <robin@mccorkell.me.uk>
  16. * @author Roeland Jago Douma <roeland@famdouma.nl>
  17. * @author Roger Szabo <roger.szabo@web.de>
  18. * @author Victor Dubiniuk <dubiniuk@owncloud.com>
  19. * @author Xuanwo <xuanwo@yunify.com>
  20. *
  21. * @license AGPL-3.0
  22. *
  23. * This code is free software: you can redistribute it and/or modify
  24. * it under the terms of the GNU Affero General Public License, version 3,
  25. * as published by the Free Software Foundation.
  26. *
  27. * This program is distributed in the hope that it will be useful,
  28. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  29. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  30. * GNU Affero General Public License for more details.
  31. *
  32. * You should have received a copy of the GNU Affero General Public License, version 3,
  33. * along with this program. If not, see <http://www.gnu.org/licenses/>
  34. *
  35. */
  36. namespace OCA\User_LDAP;
  37. /**
  38. * @property int ldapPagingSize holds an integer
  39. * @property string ldapUserAvatarRule
  40. */
  41. class Configuration {
  42. public const AVATAR_PREFIX_DEFAULT = 'default';
  43. public const AVATAR_PREFIX_NONE = 'none';
  44. public const AVATAR_PREFIX_DATA_ATTRIBUTE = 'data:';
  45. public const LDAP_SERVER_FEATURE_UNKNOWN = 'unknown';
  46. public const LDAP_SERVER_FEATURE_AVAILABLE = 'available';
  47. public const LDAP_SERVER_FEATURE_UNAVAILABLE = 'unavailable';
  48. /**
  49. * @var string
  50. */
  51. protected $configPrefix;
  52. /**
  53. * @var bool
  54. */
  55. protected $configRead = false;
  56. /**
  57. * @var string[]
  58. */
  59. protected array $unsavedChanges = [];
  60. /**
  61. * @var array<string, mixed> settings
  62. */
  63. protected $config = [
  64. 'ldapHost' => null,
  65. 'ldapPort' => null,
  66. 'ldapBackupHost' => null,
  67. 'ldapBackupPort' => null,
  68. 'ldapBackgroundHost' => null,
  69. 'ldapBackgroundPort' => null,
  70. 'ldapBase' => null,
  71. 'ldapBaseUsers' => null,
  72. 'ldapBaseGroups' => null,
  73. 'ldapAgentName' => null,
  74. 'ldapAgentPassword' => null,
  75. 'ldapTLS' => null,
  76. 'turnOffCertCheck' => null,
  77. 'ldapIgnoreNamingRules' => null,
  78. 'ldapUserDisplayName' => null,
  79. 'ldapUserDisplayName2' => null,
  80. 'ldapUserAvatarRule' => null,
  81. 'ldapGidNumber' => null,
  82. 'ldapUserFilterObjectclass' => null,
  83. 'ldapUserFilterGroups' => null,
  84. 'ldapUserFilter' => null,
  85. 'ldapUserFilterMode' => null,
  86. 'ldapGroupFilter' => null,
  87. 'ldapGroupFilterMode' => null,
  88. 'ldapGroupFilterObjectclass' => null,
  89. 'ldapGroupFilterGroups' => null,
  90. 'ldapGroupDisplayName' => null,
  91. 'ldapGroupMemberAssocAttr' => null,
  92. 'ldapLoginFilter' => null,
  93. 'ldapLoginFilterMode' => null,
  94. 'ldapLoginFilterEmail' => null,
  95. 'ldapLoginFilterUsername' => null,
  96. 'ldapLoginFilterAttributes' => null,
  97. 'ldapQuotaAttribute' => null,
  98. 'ldapQuotaDefault' => null,
  99. 'ldapEmailAttribute' => null,
  100. 'ldapCacheTTL' => null,
  101. 'ldapUuidUserAttribute' => 'auto',
  102. 'ldapUuidGroupAttribute' => 'auto',
  103. 'ldapOverrideMainServer' => false,
  104. 'ldapConfigurationActive' => false,
  105. 'ldapAttributesForUserSearch' => null,
  106. 'ldapAttributesForGroupSearch' => null,
  107. 'ldapExperiencedAdmin' => false,
  108. 'homeFolderNamingRule' => null,
  109. 'hasMemberOfFilterSupport' => false,
  110. 'useMemberOfToDetectMembership' => true,
  111. 'ldapExpertUsernameAttr' => null,
  112. 'ldapExpertUUIDUserAttr' => null,
  113. 'ldapExpertUUIDGroupAttr' => null,
  114. 'markRemnantsAsDisabled' => false,
  115. 'lastJpegPhotoLookup' => null,
  116. 'ldapNestedGroups' => false,
  117. 'ldapPagingSize' => null,
  118. 'turnOnPasswordChange' => false,
  119. 'ldapDynamicGroupMemberURL' => null,
  120. 'ldapDefaultPPolicyDN' => null,
  121. 'ldapExtStorageHomeAttribute' => null,
  122. 'ldapMatchingRuleInChainState' => self::LDAP_SERVER_FEATURE_UNKNOWN,
  123. 'ldapConnectionTimeout' => 15,
  124. 'ldapAttributePhone' => null,
  125. 'ldapAttributeWebsite' => null,
  126. 'ldapAttributeAddress' => null,
  127. 'ldapAttributeTwitter' => null,
  128. 'ldapAttributeFediverse' => null,
  129. 'ldapAttributeOrganisation' => null,
  130. 'ldapAttributeRole' => null,
  131. 'ldapAttributeHeadline' => null,
  132. 'ldapAttributeBiography' => null,
  133. 'ldapAdminGroup' => '',
  134. ];
  135. public function __construct(string $configPrefix, bool $autoRead = true) {
  136. $this->configPrefix = $configPrefix;
  137. if ($autoRead) {
  138. $this->readConfiguration();
  139. }
  140. }
  141. /**
  142. * @param string $name
  143. * @return mixed|null
  144. */
  145. public function __get($name) {
  146. if (isset($this->config[$name])) {
  147. return $this->config[$name];
  148. }
  149. return null;
  150. }
  151. /**
  152. * @param string $name
  153. * @param mixed $value
  154. */
  155. public function __set($name, $value) {
  156. $this->setConfiguration([$name => $value]);
  157. }
  158. public function getConfiguration(): array {
  159. return $this->config;
  160. }
  161. /**
  162. * set LDAP configuration with values delivered by an array, not read
  163. * from configuration. It does not save the configuration! To do so, you
  164. * must call saveConfiguration afterwards.
  165. * @param array $config array that holds the config parameters in an associated
  166. * array
  167. * @param array &$applied optional; array where the set fields will be given to
  168. */
  169. public function setConfiguration(array $config, array &$applied = null): void {
  170. $cta = $this->getConfigTranslationArray();
  171. foreach ($config as $inputKey => $val) {
  172. if (str_contains($inputKey, '_') && array_key_exists($inputKey, $cta)) {
  173. $key = $cta[$inputKey];
  174. } elseif (array_key_exists($inputKey, $this->config)) {
  175. $key = $inputKey;
  176. } else {
  177. continue;
  178. }
  179. $setMethod = 'setValue';
  180. switch ($key) {
  181. case 'ldapAgentPassword':
  182. $setMethod = 'setRawValue';
  183. break;
  184. case 'homeFolderNamingRule':
  185. $trimmedVal = trim($val);
  186. if ($trimmedVal !== '' && !str_contains($val, 'attr:')) {
  187. $val = 'attr:'.$trimmedVal;
  188. }
  189. break;
  190. case 'ldapBase':
  191. case 'ldapBaseUsers':
  192. case 'ldapBaseGroups':
  193. case 'ldapAttributesForUserSearch':
  194. case 'ldapAttributesForGroupSearch':
  195. case 'ldapUserFilterObjectclass':
  196. case 'ldapUserFilterGroups':
  197. case 'ldapGroupFilterObjectclass':
  198. case 'ldapGroupFilterGroups':
  199. case 'ldapLoginFilterAttributes':
  200. $setMethod = 'setMultiLine';
  201. break;
  202. }
  203. $this->$setMethod($key, $val);
  204. if (is_array($applied)) {
  205. $applied[] = $inputKey;
  206. // storing key as index avoids duplication, and as value for simplicity
  207. }
  208. $this->unsavedChanges[$key] = $key;
  209. }
  210. }
  211. public function readConfiguration(): void {
  212. if (!$this->configRead) {
  213. $cta = array_flip($this->getConfigTranslationArray());
  214. foreach ($this->config as $key => $val) {
  215. if (!isset($cta[$key])) {
  216. //some are determined
  217. continue;
  218. }
  219. $dbKey = $cta[$key];
  220. switch ($key) {
  221. case 'ldapBase':
  222. case 'ldapBaseUsers':
  223. case 'ldapBaseGroups':
  224. case 'ldapAttributesForUserSearch':
  225. case 'ldapAttributesForGroupSearch':
  226. case 'ldapUserFilterObjectclass':
  227. case 'ldapUserFilterGroups':
  228. case 'ldapGroupFilterObjectclass':
  229. case 'ldapGroupFilterGroups':
  230. case 'ldapLoginFilterAttributes':
  231. $readMethod = 'getMultiLine';
  232. break;
  233. case 'ldapIgnoreNamingRules':
  234. $readMethod = 'getSystemValue';
  235. $dbKey = $key;
  236. break;
  237. case 'ldapAgentPassword':
  238. $readMethod = 'getPwd';
  239. break;
  240. case 'ldapUserDisplayName2':
  241. case 'ldapGroupDisplayName':
  242. $readMethod = 'getLcValue';
  243. break;
  244. case 'ldapUserDisplayName':
  245. default:
  246. // user display name does not lower case because
  247. // we rely on an upper case N as indicator whether to
  248. // auto-detect it or not. FIXME
  249. $readMethod = 'getValue';
  250. break;
  251. }
  252. $this->config[$key] = $this->$readMethod($dbKey);
  253. }
  254. $this->configRead = true;
  255. }
  256. }
  257. /**
  258. * saves the current config changes in the database
  259. */
  260. public function saveConfiguration(): void {
  261. $cta = array_flip($this->getConfigTranslationArray());
  262. $changed = false;
  263. foreach ($this->unsavedChanges as $key) {
  264. $value = $this->config[$key];
  265. switch ($key) {
  266. case 'ldapAgentPassword':
  267. $value = base64_encode($value);
  268. break;
  269. case 'ldapBase':
  270. case 'ldapBaseUsers':
  271. case 'ldapBaseGroups':
  272. case 'ldapAttributesForUserSearch':
  273. case 'ldapAttributesForGroupSearch':
  274. case 'ldapUserFilterObjectclass':
  275. case 'ldapUserFilterGroups':
  276. case 'ldapGroupFilterObjectclass':
  277. case 'ldapGroupFilterGroups':
  278. case 'ldapLoginFilterAttributes':
  279. if (is_array($value)) {
  280. $value = implode("\n", $value);
  281. }
  282. break;
  283. //following options are not stored but detected, skip them
  284. case 'ldapIgnoreNamingRules':
  285. case 'ldapUuidUserAttribute':
  286. case 'ldapUuidGroupAttribute':
  287. continue 2;
  288. }
  289. if (is_null($value)) {
  290. $value = '';
  291. }
  292. $changed = true;
  293. $this->saveValue($cta[$key], $value);
  294. }
  295. if ($changed) {
  296. $this->saveValue('_lastChange', (string)time());
  297. }
  298. $this->unsavedChanges = [];
  299. }
  300. /**
  301. * @param string $varName
  302. * @return array|string
  303. */
  304. protected function getMultiLine($varName) {
  305. $value = $this->getValue($varName);
  306. if (empty($value)) {
  307. $value = '';
  308. } else {
  309. $value = preg_split('/\r\n|\r|\n/', $value);
  310. }
  311. return $value;
  312. }
  313. /**
  314. * Sets multi-line values as arrays
  315. *
  316. * @param string $varName name of config-key
  317. * @param array|string $value to set
  318. */
  319. protected function setMultiLine(string $varName, $value): void {
  320. if (empty($value)) {
  321. $value = '';
  322. } elseif (!is_array($value)) {
  323. $value = preg_split('/\r\n|\r|\n|;/', $value);
  324. if ($value === false) {
  325. $value = '';
  326. }
  327. }
  328. if (!is_array($value)) {
  329. $finalValue = trim($value);
  330. } else {
  331. $finalValue = [];
  332. foreach ($value as $key => $val) {
  333. if (is_string($val)) {
  334. $val = trim($val);
  335. if ($val !== '') {
  336. //accidental line breaks are not wanted and can cause
  337. // odd behaviour. Thus, away with them.
  338. $finalValue[] = $val;
  339. }
  340. } else {
  341. $finalValue[] = $val;
  342. }
  343. }
  344. }
  345. $this->setRawValue($varName, $finalValue);
  346. }
  347. protected function getPwd(string $varName): string {
  348. return base64_decode($this->getValue($varName));
  349. }
  350. protected function getLcValue(string $varName): string {
  351. return mb_strtolower($this->getValue($varName), 'UTF-8');
  352. }
  353. protected function getSystemValue(string $varName): string {
  354. //FIXME: if another system value is added, softcode the default value
  355. return \OC::$server->getConfig()->getSystemValue($varName, false);
  356. }
  357. protected function getValue(string $varName): string {
  358. static $defaults;
  359. if (is_null($defaults)) {
  360. $defaults = $this->getDefaults();
  361. }
  362. return \OC::$server->getConfig()->getAppValue('user_ldap',
  363. $this->configPrefix.$varName,
  364. $defaults[$varName]);
  365. }
  366. /**
  367. * Sets a scalar value.
  368. *
  369. * @param string $varName name of config key
  370. * @param mixed $value to set
  371. */
  372. protected function setValue(string $varName, $value): void {
  373. if (is_string($value)) {
  374. $value = trim($value);
  375. }
  376. $this->config[$varName] = $value;
  377. }
  378. /**
  379. * Sets a scalar value without trimming.
  380. *
  381. * @param string $varName name of config key
  382. * @param mixed $value to set
  383. */
  384. protected function setRawValue(string $varName, $value): void {
  385. $this->config[$varName] = $value;
  386. }
  387. protected function saveValue(string $varName, string $value): bool {
  388. \OC::$server->getConfig()->setAppValue(
  389. 'user_ldap',
  390. $this->configPrefix.$varName,
  391. $value
  392. );
  393. return true;
  394. }
  395. /**
  396. * @return array an associative array with the default values. Keys are correspond
  397. * to config-value entries in the database table
  398. */
  399. public function getDefaults(): array {
  400. return [
  401. 'ldap_host' => '',
  402. 'ldap_port' => '',
  403. 'ldap_backup_host' => '',
  404. 'ldap_backup_port' => '',
  405. 'ldap_background_host' => '',
  406. 'ldap_background_port' => '',
  407. 'ldap_override_main_server' => '',
  408. 'ldap_dn' => '',
  409. 'ldap_agent_password' => '',
  410. 'ldap_base' => '',
  411. 'ldap_base_users' => '',
  412. 'ldap_base_groups' => '',
  413. 'ldap_userlist_filter' => '',
  414. 'ldap_user_filter_mode' => 0,
  415. 'ldap_userfilter_objectclass' => '',
  416. 'ldap_userfilter_groups' => '',
  417. 'ldap_login_filter' => '',
  418. 'ldap_login_filter_mode' => 0,
  419. 'ldap_loginfilter_email' => 0,
  420. 'ldap_loginfilter_username' => 1,
  421. 'ldap_loginfilter_attributes' => '',
  422. 'ldap_group_filter' => '',
  423. 'ldap_group_filter_mode' => 0,
  424. 'ldap_groupfilter_objectclass' => '',
  425. 'ldap_groupfilter_groups' => '',
  426. 'ldap_gid_number' => 'gidNumber',
  427. 'ldap_display_name' => 'displayName',
  428. 'ldap_user_display_name_2' => '',
  429. 'ldap_group_display_name' => 'cn',
  430. 'ldap_tls' => 0,
  431. 'ldap_quota_def' => '',
  432. 'ldap_quota_attr' => '',
  433. 'ldap_email_attr' => '',
  434. 'ldap_group_member_assoc_attribute' => '',
  435. 'ldap_cache_ttl' => 600,
  436. 'ldap_uuid_user_attribute' => 'auto',
  437. 'ldap_uuid_group_attribute' => 'auto',
  438. 'home_folder_naming_rule' => '',
  439. 'ldap_turn_off_cert_check' => 0,
  440. 'ldap_configuration_active' => 0,
  441. 'ldap_attributes_for_user_search' => '',
  442. 'ldap_attributes_for_group_search' => '',
  443. 'ldap_expert_username_attr' => '',
  444. 'ldap_expert_uuid_user_attr' => '',
  445. 'ldap_expert_uuid_group_attr' => '',
  446. 'has_memberof_filter_support' => 0,
  447. 'use_memberof_to_detect_membership' => 1,
  448. 'ldap_mark_remnants_as_disabled' => 0,
  449. 'last_jpegPhoto_lookup' => 0,
  450. 'ldap_nested_groups' => 0,
  451. 'ldap_paging_size' => 500,
  452. 'ldap_turn_on_pwd_change' => 0,
  453. 'ldap_experienced_admin' => 0,
  454. 'ldap_dynamic_group_member_url' => '',
  455. 'ldap_default_ppolicy_dn' => '',
  456. 'ldap_user_avatar_rule' => 'default',
  457. 'ldap_ext_storage_home_attribute' => '',
  458. 'ldap_matching_rule_in_chain_state' => self::LDAP_SERVER_FEATURE_UNKNOWN,
  459. 'ldap_connection_timeout' => 15,
  460. 'ldap_attr_phone' => '',
  461. 'ldap_attr_website' => '',
  462. 'ldap_attr_address' => '',
  463. 'ldap_attr_twitter' => '',
  464. 'ldap_attr_fediverse' => '',
  465. 'ldap_attr_organisation' => '',
  466. 'ldap_attr_role' => '',
  467. 'ldap_attr_headline' => '',
  468. 'ldap_attr_biography' => '',
  469. 'ldap_admin_group' => '',
  470. ];
  471. }
  472. /**
  473. * @return array that maps internal variable names to database fields
  474. */
  475. public function getConfigTranslationArray(): array {
  476. //TODO: merge them into one representation
  477. static $array = [
  478. 'ldap_host' => 'ldapHost',
  479. 'ldap_port' => 'ldapPort',
  480. 'ldap_backup_host' => 'ldapBackupHost',
  481. 'ldap_backup_port' => 'ldapBackupPort',
  482. 'ldap_background_host' => 'ldapBackgroundHost',
  483. 'ldap_background_port' => 'ldapBackgroundPort',
  484. 'ldap_override_main_server' => 'ldapOverrideMainServer',
  485. 'ldap_dn' => 'ldapAgentName',
  486. 'ldap_agent_password' => 'ldapAgentPassword',
  487. 'ldap_base' => 'ldapBase',
  488. 'ldap_base_users' => 'ldapBaseUsers',
  489. 'ldap_base_groups' => 'ldapBaseGroups',
  490. 'ldap_userfilter_objectclass' => 'ldapUserFilterObjectclass',
  491. 'ldap_userfilter_groups' => 'ldapUserFilterGroups',
  492. 'ldap_userlist_filter' => 'ldapUserFilter',
  493. 'ldap_user_filter_mode' => 'ldapUserFilterMode',
  494. 'ldap_user_avatar_rule' => 'ldapUserAvatarRule',
  495. 'ldap_login_filter' => 'ldapLoginFilter',
  496. 'ldap_login_filter_mode' => 'ldapLoginFilterMode',
  497. 'ldap_loginfilter_email' => 'ldapLoginFilterEmail',
  498. 'ldap_loginfilter_username' => 'ldapLoginFilterUsername',
  499. 'ldap_loginfilter_attributes' => 'ldapLoginFilterAttributes',
  500. 'ldap_group_filter' => 'ldapGroupFilter',
  501. 'ldap_group_filter_mode' => 'ldapGroupFilterMode',
  502. 'ldap_groupfilter_objectclass' => 'ldapGroupFilterObjectclass',
  503. 'ldap_groupfilter_groups' => 'ldapGroupFilterGroups',
  504. 'ldap_gid_number' => 'ldapGidNumber',
  505. 'ldap_display_name' => 'ldapUserDisplayName',
  506. 'ldap_user_display_name_2' => 'ldapUserDisplayName2',
  507. 'ldap_group_display_name' => 'ldapGroupDisplayName',
  508. 'ldap_tls' => 'ldapTLS',
  509. 'ldap_quota_def' => 'ldapQuotaDefault',
  510. 'ldap_quota_attr' => 'ldapQuotaAttribute',
  511. 'ldap_email_attr' => 'ldapEmailAttribute',
  512. 'ldap_group_member_assoc_attribute' => 'ldapGroupMemberAssocAttr',
  513. 'ldap_cache_ttl' => 'ldapCacheTTL',
  514. 'home_folder_naming_rule' => 'homeFolderNamingRule',
  515. 'ldap_turn_off_cert_check' => 'turnOffCertCheck',
  516. 'ldap_configuration_active' => 'ldapConfigurationActive',
  517. 'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch',
  518. 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch',
  519. 'ldap_expert_username_attr' => 'ldapExpertUsernameAttr',
  520. 'ldap_expert_uuid_user_attr' => 'ldapExpertUUIDUserAttr',
  521. 'ldap_expert_uuid_group_attr' => 'ldapExpertUUIDGroupAttr',
  522. 'has_memberof_filter_support' => 'hasMemberOfFilterSupport',
  523. 'use_memberof_to_detect_membership' => 'useMemberOfToDetectMembership',
  524. 'ldap_mark_remnants_as_disabled' => 'markRemnantsAsDisabled',
  525. 'last_jpegPhoto_lookup' => 'lastJpegPhotoLookup',
  526. 'ldap_nested_groups' => 'ldapNestedGroups',
  527. 'ldap_paging_size' => 'ldapPagingSize',
  528. 'ldap_turn_on_pwd_change' => 'turnOnPasswordChange',
  529. 'ldap_experienced_admin' => 'ldapExperiencedAdmin',
  530. 'ldap_dynamic_group_member_url' => 'ldapDynamicGroupMemberURL',
  531. 'ldap_default_ppolicy_dn' => 'ldapDefaultPPolicyDN',
  532. 'ldap_ext_storage_home_attribute' => 'ldapExtStorageHomeAttribute',
  533. 'ldap_matching_rule_in_chain_state' => 'ldapMatchingRuleInChainState',
  534. 'ldapIgnoreNamingRules' => 'ldapIgnoreNamingRules', // sysconfig
  535. 'ldap_connection_timeout' => 'ldapConnectionTimeout',
  536. 'ldap_attr_phone' => 'ldapAttributePhone',
  537. 'ldap_attr_website' => 'ldapAttributeWebsite',
  538. 'ldap_attr_address' => 'ldapAttributeAddress',
  539. 'ldap_attr_twitter' => 'ldapAttributeTwitter',
  540. 'ldap_attr_fediverse' => 'ldapAttributeFediverse',
  541. 'ldap_attr_organisation' => 'ldapAttributeOrganisation',
  542. 'ldap_attr_role' => 'ldapAttributeRole',
  543. 'ldap_attr_headline' => 'ldapAttributeHeadline',
  544. 'ldap_attr_biography' => 'ldapAttributeBiography',
  545. 'ldap_admin_group' => 'ldapAdminGroup',
  546. ];
  547. return $array;
  548. }
  549. /**
  550. * @throws \RuntimeException
  551. */
  552. public function resolveRule(string $rule): array {
  553. if ($rule === 'avatar') {
  554. return $this->getAvatarAttributes();
  555. }
  556. throw new \RuntimeException('Invalid rule');
  557. }
  558. public function getAvatarAttributes(): array {
  559. $value = $this->ldapUserAvatarRule ?: self::AVATAR_PREFIX_DEFAULT;
  560. $defaultAttributes = ['jpegphoto', 'thumbnailphoto'];
  561. if ($value === self::AVATAR_PREFIX_NONE) {
  562. return [];
  563. }
  564. if (str_starts_with($value, self::AVATAR_PREFIX_DATA_ATTRIBUTE)) {
  565. $attribute = trim(substr($value, strlen(self::AVATAR_PREFIX_DATA_ATTRIBUTE)));
  566. if ($attribute === '') {
  567. return $defaultAttributes;
  568. }
  569. return [strtolower($attribute)];
  570. }
  571. if ($value !== self::AVATAR_PREFIX_DEFAULT) {
  572. \OC::$server->getLogger()->warning('Invalid config value to ldapUserAvatarRule; falling back to default.');
  573. }
  574. return $defaultAttributes;
  575. }
  576. /**
  577. * Returns TRUE if the ldapHost variable starts with 'ldapi://'
  578. */
  579. public function usesLdapi(): bool {
  580. return (substr($this->config['ldapHost'], 0, strlen('ldapi://')) === 'ldapi://');
  581. }
  582. }