Skip to content
Snippets Groups Projects
Unverified Commit fdc8635a authored by Robin Appelman's avatar Robin Appelman
Browse files

extend ILDAPProvider to allow reading arbitrairy ldap attributes for users 


Signed-off-by: default avatarRobin Appelman <robin@icewind.nl>
parent b9287f97
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
apps/user_ldap/lib/LDAPProvider.php
+ 42
11
View file @ fdc8635a
...@@ -42,7 +42,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { ...@@ -42,7 +42,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
private $logger; private $logger;
private $helper; private $helper;
private $deletedUsersIndex; private $deletedUsersIndex;
/** /**
* Create new LDAPProvider * Create new LDAPProvider
* @param \OCP\IServerContainer $serverContainer * @param \OCP\IServerContainer $serverContainer
...@@ -77,7 +77,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { ...@@ -77,7 +77,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
throw new \Exception('To use the LDAPProvider, user_ldap app must be enabled'); throw new \Exception('To use the LDAPProvider, user_ldap app must be enabled');
} }
} }
/** /**
* Translate an user id to LDAP DN * Translate an user id to LDAP DN
* @param string $uid user id * @param string $uid user id
...@@ -126,7 +126,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { ...@@ -126,7 +126,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
} }
return $result; return $result;
} }
/** /**
* Convert a stored DN so it can be used as base parameter for LDAP queries. * Convert a stored DN so it can be used as base parameter for LDAP queries.
* @param string $dn the DN in question * @param string $dn the DN in question
...@@ -135,7 +135,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { ...@@ -135,7 +135,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
public function DNasBaseParameter($dn) { public function DNasBaseParameter($dn) {
return $this->helper->DNasBaseParameter($dn); return $this->helper->DNasBaseParameter($dn);
} }
/** /**
* Sanitize a DN received from the LDAP server. * Sanitize a DN received from the LDAP server.
* @param array $dn the DN in question * @param array $dn the DN in question
...@@ -144,7 +144,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { ...@@ -144,7 +144,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
public function sanitizeDN($dn) { public function sanitizeDN($dn) {
return $this->helper->sanitizeDN($dn); return $this->helper->sanitizeDN($dn);
} }
/** /**
* Return a new LDAP connection resource for the specified user. * Return a new LDAP connection resource for the specified user.
* The connection must be closed manually. * The connection must be closed manually.
...@@ -172,7 +172,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { ...@@ -172,7 +172,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
} }
return $this->groupBackend->getNewLDAPConnection($gid); return $this->groupBackend->getNewLDAPConnection($gid);
} }
/** /**
* Get the LDAP base for users. * Get the LDAP base for users.
* @param string $uid user id * @param string $uid user id
...@@ -202,7 +202,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { ...@@ -202,7 +202,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
); );
return array_shift($bases); return array_shift($bases);
} }
/** /**
* Get the LDAP base for groups. * Get the LDAP base for groups.
* @param string $uid user id * @param string $uid user id
...@@ -216,7 +216,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { ...@@ -216,7 +216,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
$bases = $this->userBackend->getLDAPAccess($uid)->getConnection()->ldapBaseGroups; $bases = $this->userBackend->getLDAPAccess($uid)->getConnection()->ldapBaseGroups;
return array_shift($bases); return array_shift($bases);
} }
/** /**
* Clear the cache if a cache is used, otherwise do nothing. * Clear the cache if a cache is used, otherwise do nothing.
* @param string $uid user id * @param string $uid user id
...@@ -241,7 +241,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { ...@@ -241,7 +241,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
} }
$this->groupBackend->getLDAPAccess($gid)->getConnection()->clearCache(); $this->groupBackend->getLDAPAccess($gid)->getConnection()->clearCache();
} }
/** /**
* Check whether a LDAP DN exists * Check whether a LDAP DN exists
* @param string $dn LDAP DN * @param string $dn LDAP DN
...@@ -251,7 +251,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { ...@@ -251,7 +251,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
$result = $this->userBackend->dn2UserName($dn); $result = $this->userBackend->dn2UserName($dn);
return !$result ? false : true; return !$result ? false : true;
} }
/** /**
* Flag record for deletion. * Flag record for deletion.
* @param string $uid user id * @param string $uid user id
...@@ -259,7 +259,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { ...@@ -259,7 +259,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
public function flagRecord($uid) { public function flagRecord($uid) {
$this->deletedUsersIndex->markUser($uid); $this->deletedUsersIndex->markUser($uid);
} }
/** /**
* Unflag record for deletion. * Unflag record for deletion.
* @param string $uid user id * @param string $uid user id
...@@ -306,4 +306,35 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { ...@@ -306,4 +306,35 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
} }
return $this->groupBackend->getLDAPAccess($gid)->getConnection()->getConfiguration()['ldap_group_member_assoc_attribute']; return $this->groupBackend->getLDAPAccess($gid)->getConnection()->getConfiguration()['ldap_group_member_assoc_attribute'];
} }
/**
* Get an LDAP attribute for a nextcloud user
* @param string $uid the nextcloud user id to get the attribute for
* @param string $attribute the name of the attribute to read
* @return string|null
* @throws \Exception if user id was not found in LDAP
*/
public function getUserAttribute(string $uid, string $attribute): ?string {
if (!$this->userBackend->userExists($uid)) {
throw new \Exception('User id not found in LDAP');
}
$access = $this->userBackend->getLDAPAccess($uid);
$connection = $access->getConnection();
$key = $uid . "::" . $attribute;
$cached = $connection->getFromCache($key);
if ($cached !== null) {
return $cached;
}
$value = $access->readAttribute($access->username2dn($uid), $attribute);
if (is_array($value) && count($value) > 0) {
$value = current($value);
} else {
return null;
}
$connection->writeToCache($key, $value);
return $value;
}
} }
lib/public/LDAP/ILDAPProvider.php
+ 17
7
View file @ fdc8635a
...@@ -58,7 +58,7 @@ interface ILDAPProvider { ...@@ -58,7 +58,7 @@ interface ILDAPProvider {
* @since 11.0.0 * @since 11.0.0
*/ */
public function getUserName($dn); public function getUserName($dn);
/** /**
* Convert a stored DN so it can be used as base parameter for LDAP queries. * Convert a stored DN so it can be used as base parameter for LDAP queries.
* @param string $dn the DN * @param string $dn the DN
...@@ -66,7 +66,7 @@ interface ILDAPProvider { ...@@ -66,7 +66,7 @@ interface ILDAPProvider {
* @since 11.0.0 * @since 11.0.0
*/ */
public function DNasBaseParameter($dn); public function DNasBaseParameter($dn);
/** /**
* Sanitize a DN received from the LDAP server. * Sanitize a DN received from the LDAP server.
* @param array $dn the DN in question * @param array $dn the DN in question
...@@ -74,7 +74,7 @@ interface ILDAPProvider { ...@@ -74,7 +74,7 @@ interface ILDAPProvider {
* @since 11.0.0 * @since 11.0.0
*/ */
public function sanitizeDN($dn); public function sanitizeDN($dn);
/** /**
* Return a new LDAP connection resource for the specified user. * Return a new LDAP connection resource for the specified user.
* @param string $uid user id * @param string $uid user id
...@@ -90,7 +90,7 @@ interface ILDAPProvider { ...@@ -90,7 +90,7 @@ interface ILDAPProvider {
* @since 13.0.0 * @since 13.0.0
*/ */
public function getGroupLDAPConnection($gid); public function getGroupLDAPConnection($gid);
/** /**
* Get the LDAP base for users. * Get the LDAP base for users.
* @param string $uid user id * @param string $uid user id
...@@ -99,7 +99,7 @@ interface ILDAPProvider { ...@@ -99,7 +99,7 @@ interface ILDAPProvider {
* @since 11.0.0 * @since 11.0.0
*/ */
public function getLDAPBaseUsers($uid); public function getLDAPBaseUsers($uid);
/** /**
* Get the LDAP base for groups. * Get the LDAP base for groups.
* @param string $uid user id * @param string $uid user id
...@@ -108,7 +108,7 @@ interface ILDAPProvider { ...@@ -108,7 +108,7 @@ interface ILDAPProvider {
* @since 11.0.0 * @since 11.0.0
*/ */
public function getLDAPBaseGroups($uid); public function getLDAPBaseGroups($uid);
/** /**
* Check whether a LDAP DN exists * Check whether a LDAP DN exists
* @param string $dn LDAP DN * @param string $dn LDAP DN
...@@ -116,7 +116,7 @@ interface ILDAPProvider { ...@@ -116,7 +116,7 @@ interface ILDAPProvider {
* @since 11.0.0 * @since 11.0.0
*/ */
public function dnExists($dn); public function dnExists($dn);
/** /**
* Clear the cache if a cache is used, otherwise do nothing. * Clear the cache if a cache is used, otherwise do nothing.
* @param string $uid user id * @param string $uid user id
...@@ -157,4 +157,14 @@ interface ILDAPProvider { ...@@ -157,4 +157,14 @@ interface ILDAPProvider {
* @since 13.0.0 * @since 13.0.0
*/ */
public function getLDAPGroupMemberAssoc($gid); public function getLDAPGroupMemberAssoc($gid);
/**
* Get an LDAP attribute for a nextcloud user
* @param string $uid the nextcloud user id to get the attribute for
* @param string $attribute the name of the attribute to read
* @return string|null
* @throws \Exception if user id was not found in LDAP
* @since 22.0.0
*/
public function getUserAttribute(string $uid, string $attribute): ?string;
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment