123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350 |
- <?php
- namespace OCA\User_LDAP;
- use OCA\User_LDAP\User\DeletedUsersIndex;
- use OCP\IServerContainer;
- use OCP\LDAP\IDeletionFlagSupport;
- use OCP\LDAP\ILDAPProvider;
- class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
- private $userBackend;
- private $groupBackend;
- private $logger;
- private $helper;
- private $deletedUsersIndex;
-
- public function __construct(IServerContainer $serverContainer, Helper $helper, DeletedUsersIndex $deletedUsersIndex) {
- $this->logger = $serverContainer->getLogger();
- $this->helper = $helper;
- $this->deletedUsersIndex = $deletedUsersIndex;
- $userBackendFound = false;
- $groupBackendFound = false;
- foreach ($serverContainer->getUserManager()->getBackends() as $backend) {
- $this->logger->debug('instance '.get_class($backend).' user backend.', ['app' => 'user_ldap']);
- if ($backend instanceof IUserLDAP) {
- $this->userBackend = $backend;
- $userBackendFound = true;
- break;
- }
- }
- foreach ($serverContainer->getGroupManager()->getBackends() as $backend) {
- $this->logger->debug('instance '.get_class($backend).' group backend.', ['app' => 'user_ldap']);
- if ($backend instanceof IGroupLDAP) {
- $this->groupBackend = $backend;
- $groupBackendFound = true;
- break;
- }
- }
- if (!$userBackendFound or !$groupBackendFound) {
- throw new \Exception('To use the LDAPProvider, user_ldap app must be enabled');
- }
- }
-
- public function getUserDN($uid) {
- if (!$this->userBackend->userExists($uid)) {
- throw new \Exception('User id not found in LDAP');
- }
- $result = $this->userBackend->getLDAPAccess($uid)->username2dn($uid);
- if (!$result) {
- throw new \Exception('Translation to LDAP DN unsuccessful');
- }
- return $result;
- }
-
- public function getGroupDN($gid) {
- if (!$this->groupBackend->groupExists($gid)) {
- throw new \Exception('Group id not found in LDAP');
- }
- $result = $this->groupBackend->getLDAPAccess($gid)->groupname2dn($gid);
- if (!$result) {
- throw new \Exception('Translation to LDAP DN unsuccessful');
- }
- return $result;
- }
-
- public function getUserName($dn) {
- $result = $this->userBackend->dn2UserName($dn);
- if (!$result) {
- throw new \Exception('Translation to internal user name unsuccessful');
- }
- return $result;
- }
-
- public function DNasBaseParameter($dn) {
- return $this->helper->DNasBaseParameter($dn);
- }
-
- public function sanitizeDN($dn) {
- return $this->helper->sanitizeDN($dn);
- }
-
- public function getLDAPConnection($uid) {
- if (!$this->userBackend->userExists($uid)) {
- throw new \Exception('User id not found in LDAP');
- }
- return $this->userBackend->getNewLDAPConnection($uid);
- }
-
- public function getGroupLDAPConnection($gid) {
- if (!$this->groupBackend->groupExists($gid)) {
- throw new \Exception('Group id not found in LDAP');
- }
- return $this->groupBackend->getNewLDAPConnection($gid);
- }
-
- public function getLDAPBaseUsers($uid) {
- if (!$this->userBackend->userExists($uid)) {
- throw new \Exception('User id not found in LDAP');
- }
- $access = $this->userBackend->getLDAPAccess($uid);
- $bases = $access->getConnection()->ldapBaseUsers;
- $dn = $this->getUserDN($uid);
- foreach ($bases as $base) {
- if ($access->isDNPartOfBase($dn, [$base])) {
- return $base;
- }
- }
-
- $this->logger->info(
- 'No matching user base found for user {dn}, available: {bases}.',
- [
- 'app' => 'user_ldap',
- 'dn' => $dn,
- 'bases' => $bases,
- ]
- );
- return array_shift($bases);
- }
-
- public function getLDAPBaseGroups($uid) {
- if (!$this->userBackend->userExists($uid)) {
- throw new \Exception('User id not found in LDAP');
- }
- $bases = $this->userBackend->getLDAPAccess($uid)->getConnection()->ldapBaseGroups;
- return array_shift($bases);
- }
-
- public function clearCache($uid) {
- if (!$this->userBackend->userExists($uid)) {
- throw new \Exception('User id not found in LDAP');
- }
- $this->userBackend->getLDAPAccess($uid)->getConnection()->clearCache();
- }
-
- public function clearGroupCache($gid) {
- if (!$this->groupBackend->groupExists($gid)) {
- throw new \Exception('Group id not found in LDAP');
- }
- $this->groupBackend->getLDAPAccess($gid)->getConnection()->clearCache();
- }
-
- public function dnExists($dn) {
- $result = $this->userBackend->dn2UserName($dn);
- return !$result ? false : true;
- }
-
- public function flagRecord($uid) {
- $this->deletedUsersIndex->markUser($uid);
- }
-
- public function unflagRecord($uid) {
-
- }
-
- public function getLDAPDisplayNameField($uid) {
- if (!$this->userBackend->userExists($uid)) {
- throw new \Exception('User id not found in LDAP');
- }
- return $this->userBackend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_display_name'];
- }
-
- public function getLDAPEmailField($uid) {
- if (!$this->userBackend->userExists($uid)) {
- throw new \Exception('User id not found in LDAP');
- }
- return $this->userBackend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_email_attr'];
- }
-
- public function getLDAPGroupMemberAssoc($gid) {
- if (!$this->groupBackend->groupExists($gid)) {
- throw new \Exception('Group id not found in LDAP');
- }
- return $this->groupBackend->getLDAPAccess($gid)->getConnection()->getConfiguration()['ldap_group_member_assoc_attribute'];
- }
-
- public function getUserAttribute(string $uid, string $attribute): ?string {
- $values = $this->getMultiValueUserAttribute($uid, $attribute);
- if (count($values) === 0) {
- return null;
- }
- return current($values);
- }
-
- public function getMultiValueUserAttribute(string $uid, string $attribute): array {
- if (!$this->userBackend->userExists($uid)) {
- throw new \Exception('User id not found in LDAP');
- }
- $access = $this->userBackend->getLDAPAccess($uid);
- $connection = $access->getConnection();
- $key = $uid . '-' . $attribute;
- $cached = $connection->getFromCache($key);
- if (is_array($cached)) {
- return $cached;
- }
- $values = $access->readAttribute($access->username2dn($uid), $attribute);
- if ($values === false) {
- $values = [];
- }
- $connection->writeToCache($key, $values);
- return $values;
- }
- }
|