1
0

User_LDAP.php 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  6. * @author Bart Visscher <bartv@thisnet.nl>
  7. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  8. * @author Daniel Kesselberg <mail@danielkesselberg.de>
  9. * @author Dominik Schmidt <dev@dominik-schmidt.de>
  10. * @author felixboehm <felix@webhippie.de>
  11. * @author Joas Schilling <coding@schilljs.com>
  12. * @author Jörn Friedrich Dreyer <jfd@butonic.de>
  13. * @author Lukas Reschke <lukas@statuscode.ch>
  14. * @author Morris Jobke <hey@morrisjobke.de>
  15. * @author Robin Appelman <robin@icewind.nl>
  16. * @author Robin McCorkell <robin@mccorkell.me.uk>
  17. * @author Roger Szabo <roger.szabo@web.de>
  18. * @author root <root@localhost.localdomain>
  19. * @author Thomas Müller <thomas.mueller@tmit.eu>
  20. * @author Tom Needham <tom@owncloud.com>
  21. * @author Victor Dubiniuk <dubiniuk@owncloud.com>
  22. * @author Vinicius Cubas Brand <vinicius@eita.org.br>
  23. *
  24. * @license AGPL-3.0
  25. *
  26. * This code is free software: you can redistribute it and/or modify
  27. * it under the terms of the GNU Affero General Public License, version 3,
  28. * as published by the Free Software Foundation.
  29. *
  30. * This program is distributed in the hope that it will be useful,
  31. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  32. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  33. * GNU Affero General Public License for more details.
  34. *
  35. * You should have received a copy of the GNU Affero General Public License, version 3,
  36. * along with this program. If not, see <http://www.gnu.org/licenses/>
  37. *
  38. */
  39. namespace OCA\User_LDAP;
  40. use OC\ServerNotAvailableException;
  41. use OC\User\Backend;
  42. use OC\User\NoUserException;
  43. use OCA\User_LDAP\Exceptions\NotOnLDAP;
  44. use OCA\User_LDAP\User\DeletedUsersIndex;
  45. use OCA\User_LDAP\User\OfflineUser;
  46. use OCA\User_LDAP\User\User;
  47. use OCP\IUserBackend;
  48. use OCP\Notification\IManager as INotificationManager;
  49. use OCP\User\Backend\ICountMappedUsersBackend;
  50. use OCP\User\Backend\ICountUsersBackend;
  51. use OCP\User\Backend\IProvideEnabledStateBackend;
  52. use OCP\UserInterface;
  53. use Psr\Log\LoggerInterface;
  54. class User_LDAP extends BackendUtility implements IUserBackend, UserInterface, IUserLDAP, ICountUsersBackend, ICountMappedUsersBackend, IProvideEnabledStateBackend {
  55. protected INotificationManager $notificationManager;
  56. protected UserPluginManager $userPluginManager;
  57. protected LoggerInterface $logger;
  58. protected DeletedUsersIndex $deletedUsersIndex;
  59. public function __construct(
  60. Access $access,
  61. INotificationManager $notificationManager,
  62. UserPluginManager $userPluginManager,
  63. LoggerInterface $logger,
  64. DeletedUsersIndex $deletedUsersIndex,
  65. ) {
  66. parent::__construct($access);
  67. $this->notificationManager = $notificationManager;
  68. $this->userPluginManager = $userPluginManager;
  69. $this->logger = $logger;
  70. $this->deletedUsersIndex = $deletedUsersIndex;
  71. }
  72. /**
  73. * checks whether the user is allowed to change his avatar in Nextcloud
  74. *
  75. * @param string $uid the Nextcloud user name
  76. * @return boolean either the user can or cannot
  77. * @throws \Exception
  78. */
  79. public function canChangeAvatar($uid) {
  80. if ($this->userPluginManager->implementsActions(Backend::PROVIDE_AVATAR)) {
  81. return $this->userPluginManager->canChangeAvatar($uid);
  82. }
  83. if (!$this->implementsActions(Backend::PROVIDE_AVATAR)) {
  84. return true;
  85. }
  86. $user = $this->access->userManager->get($uid);
  87. if (!$user instanceof User) {
  88. return false;
  89. }
  90. $imageData = $user->getAvatarImage();
  91. if ($imageData === false) {
  92. return true;
  93. }
  94. return !$user->updateAvatar(true);
  95. }
  96. /**
  97. * Return the username for the given login name, if available
  98. *
  99. * @param string $loginName
  100. * @return string|false
  101. * @throws \Exception
  102. */
  103. public function loginName2UserName($loginName) {
  104. $cacheKey = 'loginName2UserName-' . $loginName;
  105. $username = $this->access->connection->getFromCache($cacheKey);
  106. if ($username !== null) {
  107. return $username;
  108. }
  109. try {
  110. $ldapRecord = $this->getLDAPUserByLoginName($loginName);
  111. $user = $this->access->userManager->get($ldapRecord['dn'][0]);
  112. if ($user === null || $user instanceof OfflineUser) {
  113. // this path is not really possible, however get() is documented
  114. // to return User, OfflineUser or null so we are very defensive here.
  115. $this->access->connection->writeToCache($cacheKey, false);
  116. return false;
  117. }
  118. $username = $user->getUsername();
  119. $this->access->connection->writeToCache($cacheKey, $username);
  120. return $username;
  121. } catch (NotOnLDAP $e) {
  122. $this->access->connection->writeToCache($cacheKey, false);
  123. return false;
  124. }
  125. }
  126. /**
  127. * returns the username for the given LDAP DN, if available
  128. *
  129. * @param string $dn
  130. * @return string|false with the username
  131. */
  132. public function dn2UserName($dn) {
  133. return $this->access->dn2username($dn);
  134. }
  135. /**
  136. * returns an LDAP record based on a given login name
  137. *
  138. * @param string $loginName
  139. * @return array
  140. * @throws NotOnLDAP
  141. */
  142. public function getLDAPUserByLoginName($loginName) {
  143. //find out dn of the user name
  144. $attrs = $this->access->userManager->getAttributes();
  145. $users = $this->access->fetchUsersByLoginName($loginName, $attrs);
  146. if (count($users) < 1) {
  147. throw new NotOnLDAP('No user available for the given login name on ' .
  148. $this->access->connection->ldapHost . ':' . $this->access->connection->ldapPort);
  149. }
  150. return $users[0];
  151. }
  152. /**
  153. * Check if the password is correct without logging in the user
  154. *
  155. * @param string $uid The username
  156. * @param string $password The password
  157. * @return false|string
  158. */
  159. public function checkPassword($uid, $password) {
  160. try {
  161. $ldapRecord = $this->getLDAPUserByLoginName($uid);
  162. } catch (NotOnLDAP $e) {
  163. $this->logger->debug(
  164. $e->getMessage(),
  165. ['app' => 'user_ldap', 'exception' => $e]
  166. );
  167. return false;
  168. }
  169. $dn = $ldapRecord['dn'][0];
  170. $user = $this->access->userManager->get($dn);
  171. if (!$user instanceof User) {
  172. $this->logger->warning(
  173. 'LDAP Login: Could not get user object for DN ' . $dn .
  174. '. Maybe the LDAP entry has no set display name attribute?',
  175. ['app' => 'user_ldap']
  176. );
  177. return false;
  178. }
  179. if ($user->getUsername() !== false) {
  180. //are the credentials OK?
  181. if (!$this->access->areCredentialsValid($dn, $password)) {
  182. return false;
  183. }
  184. $this->access->cacheUserExists($user->getUsername());
  185. $user->processAttributes($ldapRecord);
  186. $user->markLogin();
  187. return $user->getUsername();
  188. }
  189. return false;
  190. }
  191. /**
  192. * Set password
  193. * @param string $uid The username
  194. * @param string $password The new password
  195. * @return bool
  196. */
  197. public function setPassword($uid, $password) {
  198. if ($this->userPluginManager->implementsActions(Backend::SET_PASSWORD)) {
  199. return $this->userPluginManager->setPassword($uid, $password);
  200. }
  201. $user = $this->access->userManager->get($uid);
  202. if (!$user instanceof User) {
  203. throw new \Exception('LDAP setPassword: Could not get user object for uid ' . $uid .
  204. '. Maybe the LDAP entry has no set display name attribute?');
  205. }
  206. if ($user->getUsername() !== false && $this->access->setPassword($user->getDN(), $password)) {
  207. $ldapDefaultPPolicyDN = $this->access->connection->ldapDefaultPPolicyDN;
  208. $turnOnPasswordChange = $this->access->connection->turnOnPasswordChange;
  209. if (!empty($ldapDefaultPPolicyDN) && ((int)$turnOnPasswordChange === 1)) {
  210. //remove last password expiry warning if any
  211. $notification = $this->notificationManager->createNotification();
  212. $notification->setApp('user_ldap')
  213. ->setUser($uid)
  214. ->setObject('pwd_exp_warn', $uid)
  215. ;
  216. $this->notificationManager->markProcessed($notification);
  217. }
  218. return true;
  219. }
  220. return false;
  221. }
  222. /**
  223. * Get a list of all users
  224. *
  225. * @param string $search
  226. * @param integer $limit
  227. * @param integer $offset
  228. * @return string[] an array of all uids
  229. */
  230. public function getUsers($search = '', $limit = 10, $offset = 0) {
  231. $search = $this->access->escapeFilterPart($search, true);
  232. $cachekey = 'getUsers-'.$search.'-'.$limit.'-'.$offset;
  233. //check if users are cached, if so return
  234. $ldap_users = $this->access->connection->getFromCache($cachekey);
  235. if (!is_null($ldap_users)) {
  236. return $ldap_users;
  237. }
  238. // if we'd pass -1 to LDAP search, we'd end up in a Protocol
  239. // error. With a limit of 0, we get 0 results. So we pass null.
  240. if ($limit <= 0) {
  241. $limit = null;
  242. }
  243. $filter = $this->access->combineFilterWithAnd([
  244. $this->access->connection->ldapUserFilter,
  245. $this->access->connection->ldapUserDisplayName . '=*',
  246. $this->access->getFilterPartForUserSearch($search)
  247. ]);
  248. $this->logger->debug(
  249. 'getUsers: Options: search '.$search.' limit '.$limit.' offset '.$offset.' Filter: '.$filter,
  250. ['app' => 'user_ldap']
  251. );
  252. //do the search and translate results to Nextcloud names
  253. $ldap_users = $this->access->fetchListOfUsers(
  254. $filter,
  255. $this->access->userManager->getAttributes(true),
  256. $limit, $offset);
  257. $ldap_users = $this->access->nextcloudUserNames($ldap_users);
  258. $this->logger->debug(
  259. 'getUsers: '.count($ldap_users). ' Users found',
  260. ['app' => 'user_ldap']
  261. );
  262. $this->access->connection->writeToCache($cachekey, $ldap_users);
  263. return $ldap_users;
  264. }
  265. /**
  266. * checks whether a user is still available on LDAP
  267. *
  268. * @param string|\OCA\User_LDAP\User\User $user either the Nextcloud user
  269. * name or an instance of that user
  270. * @throws \Exception
  271. * @throws \OC\ServerNotAvailableException
  272. */
  273. public function userExistsOnLDAP($user, bool $ignoreCache = false): bool {
  274. if (is_string($user)) {
  275. $user = $this->access->userManager->get($user);
  276. }
  277. if (is_null($user)) {
  278. return false;
  279. }
  280. $uid = $user instanceof User ? $user->getUsername() : $user->getOCName();
  281. $cacheKey = 'userExistsOnLDAP' . $uid;
  282. if (!$ignoreCache) {
  283. $userExists = $this->access->connection->getFromCache($cacheKey);
  284. if (!is_null($userExists)) {
  285. return (bool)$userExists;
  286. }
  287. }
  288. $dn = $user->getDN();
  289. //check if user really still exists by reading its entry
  290. if (!is_array($this->access->readAttribute($dn, '', $this->access->connection->ldapUserFilter))) {
  291. try {
  292. $uuid = $this->access->getUserMapper()->getUUIDByDN($dn);
  293. if (!$uuid) {
  294. $this->access->connection->writeToCache($cacheKey, false);
  295. return false;
  296. }
  297. $newDn = $this->access->getUserDnByUuid($uuid);
  298. //check if renamed user is still valid by reapplying the ldap filter
  299. if ($newDn === $dn || !is_array($this->access->readAttribute($newDn, '', $this->access->connection->ldapUserFilter))) {
  300. $this->access->connection->writeToCache($cacheKey, false);
  301. return false;
  302. }
  303. $this->access->getUserMapper()->setDNbyUUID($newDn, $uuid);
  304. } catch (ServerNotAvailableException $e) {
  305. throw $e;
  306. } catch (\Exception $e) {
  307. $this->access->connection->writeToCache($cacheKey, false);
  308. return false;
  309. }
  310. }
  311. if ($user instanceof OfflineUser) {
  312. $user->unmark();
  313. }
  314. $this->access->connection->writeToCache($cacheKey, true);
  315. return true;
  316. }
  317. /**
  318. * check if a user exists
  319. * @param string $uid the username
  320. * @return boolean
  321. * @throws \Exception when connection could not be established
  322. */
  323. public function userExists($uid) {
  324. $userExists = $this->access->connection->getFromCache('userExists'.$uid);
  325. if (!is_null($userExists)) {
  326. return (bool)$userExists;
  327. }
  328. //getting dn, if false the user does not exist. If dn, he may be mapped only, requires more checking.
  329. $user = $this->access->userManager->get($uid);
  330. if (is_null($user)) {
  331. $this->logger->debug(
  332. 'No DN found for '.$uid.' on '.$this->access->connection->ldapHost,
  333. ['app' => 'user_ldap']
  334. );
  335. $this->access->connection->writeToCache('userExists'.$uid, false);
  336. return false;
  337. }
  338. $this->access->connection->writeToCache('userExists'.$uid, true);
  339. return true;
  340. }
  341. /**
  342. * returns whether a user was deleted in LDAP
  343. *
  344. * @param string $uid The username of the user to delete
  345. * @return bool
  346. */
  347. public function deleteUser($uid) {
  348. if ($this->userPluginManager->canDeleteUser()) {
  349. $status = $this->userPluginManager->deleteUser($uid);
  350. if ($status === false) {
  351. return false;
  352. }
  353. }
  354. $marked = $this->deletedUsersIndex->isUserMarked($uid);
  355. if (!$marked) {
  356. try {
  357. $user = $this->access->userManager->get($uid);
  358. if (($user instanceof User) && !$this->userExistsOnLDAP($uid, true)) {
  359. $user->markUser();
  360. $marked = true;
  361. }
  362. } catch (\Exception $e) {
  363. $this->logger->debug(
  364. $e->getMessage(),
  365. ['app' => 'user_ldap', 'exception' => $e]
  366. );
  367. }
  368. if (!$marked) {
  369. $this->logger->notice(
  370. 'User '.$uid . ' is not marked as deleted, not cleaning up.',
  371. ['app' => 'user_ldap']
  372. );
  373. return false;
  374. }
  375. }
  376. $this->logger->info('Cleaning up after user ' . $uid,
  377. ['app' => 'user_ldap']);
  378. $this->access->getUserMapper()->unmap($uid); // we don't emit unassign signals here, since it is implicit to delete signals fired from core
  379. $this->access->userManager->invalidate($uid);
  380. $this->access->connection->clearCache();
  381. return true;
  382. }
  383. /**
  384. * get the user's home directory
  385. *
  386. * @param string $uid the username
  387. * @return bool|string
  388. * @throws NoUserException
  389. * @throws \Exception
  390. */
  391. public function getHome($uid) {
  392. // user Exists check required as it is not done in user proxy!
  393. if (!$this->userExists($uid)) {
  394. return false;
  395. }
  396. if ($this->userPluginManager->implementsActions(Backend::GET_HOME)) {
  397. return $this->userPluginManager->getHome($uid);
  398. }
  399. $cacheKey = 'getHome'.$uid;
  400. $path = $this->access->connection->getFromCache($cacheKey);
  401. if (!is_null($path)) {
  402. return $path;
  403. }
  404. // early return path if it is a deleted user
  405. $user = $this->access->userManager->get($uid);
  406. if ($user instanceof User || $user instanceof OfflineUser) {
  407. $path = $user->getHomePath() ?: false;
  408. } else {
  409. throw new NoUserException($uid . ' is not a valid user anymore');
  410. }
  411. $this->access->cacheUserHome($uid, $path);
  412. return $path;
  413. }
  414. /**
  415. * get display name of the user
  416. * @param string $uid user ID of the user
  417. * @return string|false display name
  418. */
  419. public function getDisplayName($uid) {
  420. if ($this->userPluginManager->implementsActions(Backend::GET_DISPLAYNAME)) {
  421. return $this->userPluginManager->getDisplayName($uid);
  422. }
  423. if (!$this->userExists($uid)) {
  424. return false;
  425. }
  426. $cacheKey = 'getDisplayName'.$uid;
  427. if (!is_null($displayName = $this->access->connection->getFromCache($cacheKey))) {
  428. return $displayName;
  429. }
  430. //Check whether the display name is configured to have a 2nd feature
  431. $additionalAttribute = $this->access->connection->ldapUserDisplayName2;
  432. $displayName2 = '';
  433. if ($additionalAttribute !== '') {
  434. $displayName2 = $this->access->readAttribute(
  435. $this->access->username2dn($uid),
  436. $additionalAttribute);
  437. }
  438. $displayName = $this->access->readAttribute(
  439. $this->access->username2dn($uid),
  440. $this->access->connection->ldapUserDisplayName);
  441. if ($displayName && (count($displayName) > 0)) {
  442. $displayName = $displayName[0];
  443. if (is_array($displayName2)) {
  444. $displayName2 = count($displayName2) > 0 ? $displayName2[0] : '';
  445. }
  446. $user = $this->access->userManager->get($uid);
  447. if ($user instanceof User) {
  448. $displayName = $user->composeAndStoreDisplayName($displayName, $displayName2);
  449. $this->access->connection->writeToCache($cacheKey, $displayName);
  450. }
  451. if ($user instanceof OfflineUser) {
  452. /** @var OfflineUser $user*/
  453. $displayName = $user->getDisplayName();
  454. }
  455. return $displayName;
  456. }
  457. return null;
  458. }
  459. /**
  460. * set display name of the user
  461. * @param string $uid user ID of the user
  462. * @param string $displayName new display name of the user
  463. * @return string|false display name
  464. */
  465. public function setDisplayName($uid, $displayName) {
  466. if ($this->userPluginManager->implementsActions(Backend::SET_DISPLAYNAME)) {
  467. $this->userPluginManager->setDisplayName($uid, $displayName);
  468. $this->access->cacheUserDisplayName($uid, $displayName);
  469. return $displayName;
  470. }
  471. return false;
  472. }
  473. /**
  474. * Get a list of all display names
  475. *
  476. * @param string $search
  477. * @param int|null $limit
  478. * @param int|null $offset
  479. * @return array an array of all displayNames (value) and the corresponding uids (key)
  480. */
  481. public function getDisplayNames($search = '', $limit = null, $offset = null) {
  482. $cacheKey = 'getDisplayNames-'.$search.'-'.$limit.'-'.$offset;
  483. if (!is_null($displayNames = $this->access->connection->getFromCache($cacheKey))) {
  484. return $displayNames;
  485. }
  486. $displayNames = [];
  487. $users = $this->getUsers($search, $limit, $offset);
  488. foreach ($users as $user) {
  489. $displayNames[$user] = $this->getDisplayName($user);
  490. }
  491. $this->access->connection->writeToCache($cacheKey, $displayNames);
  492. return $displayNames;
  493. }
  494. /**
  495. * Check if backend implements actions
  496. * @param int $actions bitwise-or'ed actions
  497. * @return boolean
  498. *
  499. * Returns the supported actions as int to be
  500. * compared with \OC\User\Backend::CREATE_USER etc.
  501. */
  502. public function implementsActions($actions) {
  503. return (bool)((Backend::CHECK_PASSWORD
  504. | Backend::GET_HOME
  505. | Backend::GET_DISPLAYNAME
  506. | (($this->access->connection->ldapUserAvatarRule !== 'none') ? Backend::PROVIDE_AVATAR : 0)
  507. | Backend::COUNT_USERS
  508. | (((int)$this->access->connection->turnOnPasswordChange === 1)? Backend::SET_PASSWORD :0)
  509. | $this->userPluginManager->getImplementedActions())
  510. & $actions);
  511. }
  512. /**
  513. * @return bool
  514. */
  515. public function hasUserListings() {
  516. return true;
  517. }
  518. /**
  519. * counts the users in LDAP
  520. *
  521. * @return int|false
  522. */
  523. public function countUsers() {
  524. if ($this->userPluginManager->implementsActions(Backend::COUNT_USERS)) {
  525. return $this->userPluginManager->countUsers();
  526. }
  527. $filter = $this->access->getFilterForUserCount();
  528. $cacheKey = 'countUsers-'.$filter;
  529. if (!is_null($entries = $this->access->connection->getFromCache($cacheKey))) {
  530. return $entries;
  531. }
  532. $entries = $this->access->countUsers($filter);
  533. $this->access->connection->writeToCache($cacheKey, $entries);
  534. return $entries;
  535. }
  536. public function countMappedUsers(): int {
  537. return $this->access->getUserMapper()->count();
  538. }
  539. /**
  540. * Backend name to be shown in user management
  541. * @return string the name of the backend to be shown
  542. */
  543. public function getBackendName() {
  544. return 'LDAP';
  545. }
  546. /**
  547. * Return access for LDAP interaction.
  548. * @param string $uid
  549. * @return Access instance of Access for LDAP interaction
  550. */
  551. public function getLDAPAccess($uid) {
  552. return $this->access;
  553. }
  554. /**
  555. * Return LDAP connection resource from a cloned connection.
  556. * The cloned connection needs to be closed manually.
  557. * of the current access.
  558. * @param string $uid
  559. * @return resource|\LDAP\Connection The LDAP connection
  560. */
  561. public function getNewLDAPConnection($uid) {
  562. $connection = clone $this->access->getConnection();
  563. return $connection->getConnectionResource();
  564. }
  565. /**
  566. * create new user
  567. * @param string $username username of the new user
  568. * @param string $password password of the new user
  569. * @throws \UnexpectedValueException
  570. * @return bool
  571. */
  572. public function createUser($username, $password) {
  573. if ($this->userPluginManager->implementsActions(Backend::CREATE_USER)) {
  574. if ($dn = $this->userPluginManager->createUser($username, $password)) {
  575. if (is_string($dn)) {
  576. // the NC user creation work flow requires a know user id up front
  577. $uuid = $this->access->getUUID($dn, true);
  578. if (is_string($uuid)) {
  579. $this->access->mapAndAnnounceIfApplicable(
  580. $this->access->getUserMapper(),
  581. $dn,
  582. $username,
  583. $uuid,
  584. true
  585. );
  586. $this->access->cacheUserExists($username);
  587. } else {
  588. $this->logger->warning(
  589. 'Failed to map created LDAP user with userid {userid}, because UUID could not be determined',
  590. [
  591. 'app' => 'user_ldap',
  592. 'userid' => $username,
  593. ]
  594. );
  595. }
  596. } else {
  597. throw new \UnexpectedValueException("LDAP Plugin: Method createUser changed to return the user DN instead of boolean.");
  598. }
  599. }
  600. return (bool) $dn;
  601. }
  602. return false;
  603. }
  604. public function isUserEnabled(string $uid, callable $queryDatabaseValue): bool {
  605. if ($this->deletedUsersIndex->isUserMarked($uid) && ((int)$this->access->connection->markRemnantsAsDisabled === 1)) {
  606. return false;
  607. } else {
  608. return $queryDatabaseValue();
  609. }
  610. }
  611. public function setUserEnabled(string $uid, bool $enabled, callable $queryDatabaseValue, callable $setDatabaseValue): bool {
  612. $setDatabaseValue($enabled);
  613. return $enabled;
  614. }
  615. public function getDisabledUserList(?int $limit = null, int $offset = 0, string $search = ''): array {
  616. throw new \Exception('This is implemented directly in User_Proxy');
  617. }
  618. }