nextcloud / server

apps/user_ldap/ajax/wizard.php

Indentation +84 added lines, -84 removed lines

@@ -36,13 +36,13 @@ 
 $l = \OC::$server->getL10N('user_ldap');
 
 if(!isset($_POST['action'])) {
-	\OCP\JSON::error(array('message' => $l->t('No action specified')));
+    \OCP\JSON::error(array('message' => $l->t('No action specified')));
 }
 $action = (string)$_POST['action'];
 
 
 if(!isset($_POST['ldap_serverconfig_chooser'])) {
-	\OCP\JSON::error(array('message' => $l->t('No configuration specified')));
+    \OCP\JSON::error(array('message' => $l->t('No configuration specified')));
 }
 $prefix = (string)$_POST['ldap_serverconfig_chooser'];
 
@@ -55,95 +55,95 @@ 
 $con->setIgnoreValidation(true);
 
 $userManager = new \OCA\User_LDAP\User\Manager(
-	\OC::$server->getConfig(),
-	new \OCA\User_LDAP\FilesystemHelper(),
-	new \OCA\User_LDAP\LogWrapper(),
-	\OC::$server->getAvatarManager(),
-	new \OCP\Image(),
-	\OC::$server->getDatabaseConnection(),
-	\OC::$server->getUserManager(),
-	\OC::$server->getNotificationManager());
+    \OC::$server->getConfig(),
+    new \OCA\User_LDAP\FilesystemHelper(),
+    new \OCA\User_LDAP\LogWrapper(),
+    \OC::$server->getAvatarManager(),
+    new \OCP\Image(),
+    \OC::$server->getDatabaseConnection(),
+    \OC::$server->getUserManager(),
+    \OC::$server->getNotificationManager());
 
 $access = new \OCA\User_LDAP\Access(
-	$con,
-	$ldapWrapper,
-	$userManager,
-	new \OCA\User_LDAP\Helper(\OC::$server->getConfig()),
-	\OC::$server->getConfig()
+    $con,
+    $ldapWrapper,
+    $userManager,
+    new \OCA\User_LDAP\Helper(\OC::$server->getConfig()),
+    \OC::$server->getConfig()
 );
 
 $wizard = new \OCA\User_LDAP\Wizard($configuration, $ldapWrapper, $access);
 
 switch($action) {
-	case 'guessPortAndTLS':
-	case 'guessBaseDN':
-	case 'detectEmailAttribute':
-	case 'detectUserDisplayNameAttribute':
-	case 'determineGroupMemberAssoc':
-	case 'determineUserObjectClasses':
-	case 'determineGroupObjectClasses':
-	case 'determineGroupsForUsers':
-	case 'determineGroupsForGroups':
-	case 'determineAttributes':
-	case 'getUserListFilter':
-	case 'getUserLoginFilter':
-	case 'getGroupFilter':
-	case 'countUsers':
-	case 'countGroups':
-	case 'countInBaseDN':
-		try {
-			$result = $wizard->$action();
-			if($result !== false) {
-				OCP\JSON::success($result->getResultArray());
-				exit;
-			}
-		} catch (\Exception $e) {
-			\OCP\JSON::error(array('message' => $e->getMessage(), 'code' => $e->getCode()));
-			exit;
-		}
-		\OCP\JSON::error();
-		exit;
-		break;
+    case 'guessPortAndTLS':
+    case 'guessBaseDN':
+    case 'detectEmailAttribute':
+    case 'detectUserDisplayNameAttribute':
+    case 'determineGroupMemberAssoc':
+    case 'determineUserObjectClasses':
+    case 'determineGroupObjectClasses':
+    case 'determineGroupsForUsers':
+    case 'determineGroupsForGroups':
+    case 'determineAttributes':
+    case 'getUserListFilter':
+    case 'getUserLoginFilter':
+    case 'getGroupFilter':
+    case 'countUsers':
+    case 'countGroups':
+    case 'countInBaseDN':
+        try {
+            $result = $wizard->$action();
+            if($result !== false) {
+                OCP\JSON::success($result->getResultArray());
+                exit;
+            }
+        } catch (\Exception $e) {
+            \OCP\JSON::error(array('message' => $e->getMessage(), 'code' => $e->getCode()));
+            exit;
+        }
+        \OCP\JSON::error();
+        exit;
+        break;
 
-	case 'testLoginName': {
-		try {
-			$loginName = $_POST['ldap_test_loginname'];
-			$result = $wizard->$action($loginName);
-			if($result !== false) {
-				OCP\JSON::success($result->getResultArray());
-				exit;
-			}
-		} catch (\Exception $e) {
-			\OCP\JSON::error(array('message' => $e->getMessage()));
-			exit;
-		}
-		\OCP\JSON::error();
-		exit;
-		break;
-	}
+    case 'testLoginName': {
+        try {
+            $loginName = $_POST['ldap_test_loginname'];
+            $result = $wizard->$action($loginName);
+            if($result !== false) {
+                OCP\JSON::success($result->getResultArray());
+                exit;
+            }
+        } catch (\Exception $e) {
+            \OCP\JSON::error(array('message' => $e->getMessage()));
+            exit;
+        }
+        \OCP\JSON::error();
+        exit;
+        break;
+    }
 
-	case 'save':
-		$key = isset($_POST['cfgkey']) ? $_POST['cfgkey'] : false;
-		$val = isset($_POST['cfgval']) ? $_POST['cfgval'] : null;
-		if($key === false || is_null($val)) {
-			\OCP\JSON::error(array('message' => $l->t('No data specified')));
-			exit;
-		}
-		$cfg = array($key => $val);
-		$setParameters = array();
-		$configuration->setConfiguration($cfg, $setParameters);
-		if(!in_array($key, $setParameters)) {
-			\OCP\JSON::error(array('message' => $l->t($key.
-				' Could not set configuration %s', $setParameters[0])));
-			exit;
-		}
-		$configuration->saveConfiguration();
-		//clear the cache on save
-		$connection = new \OCA\User_LDAP\Connection($ldapWrapper, $prefix);
-		$connection->clearCache();
-		OCP\JSON::success();
-		break;
-	default:
-		\OCP\JSON::error(array('message' => $l->t('Action does not exist')));
-		break;
+    case 'save':
+        $key = isset($_POST['cfgkey']) ? $_POST['cfgkey'] : false;
+        $val = isset($_POST['cfgval']) ? $_POST['cfgval'] : null;
+        if($key === false || is_null($val)) {
+            \OCP\JSON::error(array('message' => $l->t('No data specified')));
+            exit;
+        }
+        $cfg = array($key => $val);
+        $setParameters = array();
+        $configuration->setConfiguration($cfg, $setParameters);
+        if(!in_array($key, $setParameters)) {
+            \OCP\JSON::error(array('message' => $l->t($key.
+                ' Could not set configuration %s', $setParameters[0])));
+            exit;
+        }
+        $configuration->saveConfiguration();
+        //clear the cache on save
+        $connection = new \OCA\User_LDAP\Connection($ldapWrapper, $prefix);
+        $connection->clearCache();
+        OCP\JSON::success();
+        break;
+    default:
+        \OCP\JSON::error(array('message' => $l->t('Action does not exist')));
+        break;
 }

apps/user_ldap/lib/Connection.php

Indentation +577 added lines, -577 removed lines

@@ -58,582 +58,582 @@
  * @property string ldapExpertUUIDGroupAttr
  */
 class Connection extends LDAPUtility {
-	private $ldapConnectionRes = null;
-	private $configPrefix;
-	private $configID;
-	private $configured = false;
-	private $hasPagedResultSupport = true;
-	//whether connection should be kept on __destruct
-	private $dontDestruct = false;
-
-	/**
-	 * @var bool runtime flag that indicates whether supported primary groups are available
-	 */
-	public $hasPrimaryGroups = true;
-
-	/**
-	 * @var bool runtime flag that indicates whether supported POSIX gidNumber are available
-	 */
-	public $hasGidNumber = true;
-
-	//cache handler
-	protected $cache;
-
-	/** @var Configuration settings handler **/
-	protected $configuration;
-
-	protected $doNotValidate = false;
-
-	protected $ignoreValidation = false;
-
-	/**
-	 * Constructor
-	 * @param ILDAPWrapper $ldap
-	 * @param string $configPrefix a string with the prefix for the configkey column (appconfig table)
-	 * @param string|null $configID a string with the value for the appid column (appconfig table) or null for on-the-fly connections
-	 */
-	public function __construct(ILDAPWrapper $ldap, $configPrefix = '', $configID = 'user_ldap') {
-		parent::__construct($ldap);
-		$this->configPrefix = $configPrefix;
-		$this->configID = $configID;
-		$this->configuration = new Configuration($configPrefix,
-												 !is_null($configID));
-		$memcache = \OC::$server->getMemCacheFactory();
-		if($memcache->isAvailable()) {
-			$this->cache = $memcache->create();
-		}
-		$helper = new Helper(\OC::$server->getConfig());
-		$this->doNotValidate = !in_array($this->configPrefix,
-			$helper->getServerConfigurationPrefixes());
-		$this->hasPagedResultSupport =
-			intval($this->configuration->ldapPagingSize) !== 0
-			|| $this->ldap->hasPagedResultSupport();
-	}
-
-	public function __destruct() {
-		if(!$this->dontDestruct && $this->ldap->isResource($this->ldapConnectionRes)) {
-			@$this->ldap->unbind($this->ldapConnectionRes);
-		};
-	}
-
-	/**
-	 * defines behaviour when the instance is cloned
-	 */
-	public function __clone() {
-		$this->configuration = new Configuration($this->configPrefix,
-												 !is_null($this->configID));
-		$this->ldapConnectionRes = null;
-		$this->dontDestruct = true;
-	}
-
-	/**
-	 * @param string $name
-	 * @return bool|mixed
-	 */
-	public function __get($name) {
-		if(!$this->configured) {
-			$this->readConfiguration();
-		}
-
-		if($name === 'hasPagedResultSupport') {
-			return $this->hasPagedResultSupport;
-		}
-
-		return $this->configuration->$name;
-	}
-
-	/**
-	 * @param string $name
-	 * @param mixed $value
-	 */
-	public function __set($name, $value) {
-		$this->doNotValidate = false;
-		$before = $this->configuration->$name;
-		$this->configuration->$name = $value;
-		$after = $this->configuration->$name;
-		if($before !== $after) {
-			if ($this->configID !== '' && $this->configID !== null) {
-				$this->configuration->saveConfiguration();
-			}
-			$this->validateConfiguration();
-		}
-	}
-
-	/**
-	 * sets whether the result of the configuration validation shall
-	 * be ignored when establishing the connection. Used by the Wizard
-	 * in early configuration state.
-	 * @param bool $state
-	 */
-	public function setIgnoreValidation($state) {
-		$this->ignoreValidation = (bool)$state;
-	}
-
-	/**
-	 * initializes the LDAP backend
-	 * @param bool $force read the config settings no matter what
-	 */
-	public function init($force = false) {
-		$this->readConfiguration($force);
-		$this->establishConnection();
-	}
-
-	/**
-	 * Returns the LDAP handler
-	 */
-	public function getConnectionResource() {
-		if(!$this->ldapConnectionRes) {
-			$this->init();
-		} else if(!$this->ldap->isResource($this->ldapConnectionRes)) {
-			$this->ldapConnectionRes = null;
-			$this->establishConnection();
-		}
-		if(is_null($this->ldapConnectionRes)) {
-			\OCP\Util::writeLog('user_ldap', 'No LDAP Connection to server ' . $this->configuration->ldapHost, \OCP\Util::ERROR);
-			throw new ServerNotAvailableException('Connection to LDAP server could not be established');
-		}
-		return $this->ldapConnectionRes;
-	}
-
-	/**
-	 * resets the connection resource
-	 */
-	public function resetConnectionResource() {
-		if(!is_null($this->ldapConnectionRes)) {
-			@$this->ldap->unbind($this->ldapConnectionRes);
-			$this->ldapConnectionRes = null;
-		}
-	}
-
-	/**
-	 * @param string|null $key
-	 * @return string
-	 */
-	private function getCacheKey($key) {
-		$prefix = 'LDAP-'.$this->configID.'-'.$this->configPrefix.'-';
-		if(is_null($key)) {
-			return $prefix;
-		}
-		return $prefix.md5($key);
-	}
-
-	/**
-	 * @param string $key
-	 * @return mixed|null
-	 */
-	public function getFromCache($key) {
-		if(!$this->configured) {
-			$this->readConfiguration();
-		}
-		if(is_null($this->cache) || !$this->configuration->ldapCacheTTL) {
-			return null;
-		}
-		$key = $this->getCacheKey($key);
-
-		return json_decode(base64_decode($this->cache->get($key)), true);
-	}
-
-	/**
-	 * @param string $key
-	 * @param mixed $value
-	 *
-	 * @return string
-	 */
-	public function writeToCache($key, $value) {
-		if(!$this->configured) {
-			$this->readConfiguration();
-		}
-		if(is_null($this->cache)
-			|| !$this->configuration->ldapCacheTTL
-			|| !$this->configuration->ldapConfigurationActive) {
-			return null;
-		}
-		$key   = $this->getCacheKey($key);
-		$value = base64_encode(json_encode($value));
-		$this->cache->set($key, $value, $this->configuration->ldapCacheTTL);
-	}
-
-	public function clearCache() {
-		if(!is_null($this->cache)) {
-			$this->cache->clear($this->getCacheKey(null));
-		}
-	}
-
-	/**
-	 * Caches the general LDAP configuration.
-	 * @param bool $force optional. true, if the re-read should be forced. defaults
-	 * to false.
-	 * @return null
-	 */
-	private function readConfiguration($force = false) {
-		if((!$this->configured || $force) && !is_null($this->configID)) {
-			$this->configuration->readConfiguration();
-			$this->configured = $this->validateConfiguration();
-		}
-	}
-
-	/**
-	 * set LDAP configuration with values delivered by an array, not read from configuration
-	 * @param array $config array that holds the config parameters in an associated array
-	 * @param array &$setParameters optional; array where the set fields will be given to
-	 * @return boolean true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters
-	 */
-	public function setConfiguration($config, &$setParameters = null) {
-		if(is_null($setParameters)) {
-			$setParameters = array();
-		}
-		$this->doNotValidate = false;
-		$this->configuration->setConfiguration($config, $setParameters);
-		if(count($setParameters) > 0) {
-			$this->configured = $this->validateConfiguration();
-		}
-
-
-		return $this->configured;
-	}
-
-	/**
-	 * saves the current Configuration in the database and empties the
-	 * cache
-	 * @return null
-	 */
-	public function saveConfiguration() {
-		$this->configuration->saveConfiguration();
-		$this->clearCache();
-	}
-
-	/**
-	 * get the current LDAP configuration
-	 * @return array
-	 */
-	public function getConfiguration() {
-		$this->readConfiguration();
-		$config = $this->configuration->getConfiguration();
-		$cta = $this->configuration->getConfigTranslationArray();
-		$result = array();
-		foreach($cta as $dbkey => $configkey) {
-			switch($configkey) {
-				case 'homeFolderNamingRule':
-					if(strpos($config[$configkey], 'attr:') === 0) {
-						$result[$dbkey] = substr($config[$configkey], 5);
-					} else {
-						$result[$dbkey] = '';
-					}
-					break;
-				case 'ldapBase':
-				case 'ldapBaseUsers':
-				case 'ldapBaseGroups':
-				case 'ldapAttributesForUserSearch':
-				case 'ldapAttributesForGroupSearch':
-					if(is_array($config[$configkey])) {
-						$result[$dbkey] = implode("\n", $config[$configkey]);
-						break;
-					} //else follows default
-				default:
-					$result[$dbkey] = $config[$configkey];
-			}
-		}
-		return $result;
-	}
-
-	private function doSoftValidation() {
-		//if User or Group Base are not set, take over Base DN setting
-		foreach(array('ldapBaseUsers', 'ldapBaseGroups') as $keyBase) {
-			$val = $this->configuration->$keyBase;
-			if(empty($val)) {
-				$this->configuration->$keyBase = $this->configuration->ldapBase;
-			}
-		}
-
-		foreach(array('ldapExpertUUIDUserAttr'  => 'ldapUuidUserAttribute',
-					  'ldapExpertUUIDGroupAttr' => 'ldapUuidGroupAttribute')
-				as $expertSetting => $effectiveSetting) {
-			$uuidOverride = $this->configuration->$expertSetting;
-			if(!empty($uuidOverride)) {
-				$this->configuration->$effectiveSetting = $uuidOverride;
-			} else {
-				$uuidAttributes = Access::UUID_ATTRIBUTES;
-				array_unshift($uuidAttributes, 'auto');
-				if(!in_array($this->configuration->$effectiveSetting,
-							$uuidAttributes)
-					&& (!is_null($this->configID))) {
-					$this->configuration->$effectiveSetting = 'auto';
-					$this->configuration->saveConfiguration();
-					\OCP\Util::writeLog('user_ldap',
-										'Illegal value for the '.
-										$effectiveSetting.', '.'reset to '.
-										'autodetect.', \OCP\Util::INFO);
-				}
-
-			}
-		}
-
-		$backupPort = intval($this->configuration->ldapBackupPort);
-		if ($backupPort <= 0) {
-			$this->configuration->backupPort = $this->configuration->ldapPort;
-		}
-
-		//make sure empty search attributes are saved as simple, empty array
-		$saKeys = array('ldapAttributesForUserSearch',
-						'ldapAttributesForGroupSearch');
-		foreach($saKeys as $key) {
-			$val = $this->configuration->$key;
-			if(is_array($val) && count($val) === 1 && empty($val[0])) {
-				$this->configuration->$key = array();
-			}
-		}
-
-		if((stripos($this->configuration->ldapHost, 'ldaps://') === 0)
-			&& $this->configuration->ldapTLS) {
-			$this->configuration->ldapTLS = false;
-			\OCP\Util::writeLog('user_ldap',
-								'LDAPS (already using secure connection) and '.
-								'TLS do not work together. Switched off TLS.',
-								\OCP\Util::INFO);
-		}
-	}
-
-	/**
-	 * @return bool
-	 */
-	private function doCriticalValidation() {
-		$configurationOK = true;
-		$errorStr = 'Configuration Error (prefix '.
-					strval($this->configPrefix).'): ';
-
-		//options that shall not be empty
-		$options = array('ldapHost', 'ldapPort', 'ldapUserDisplayName',
-						 'ldapGroupDisplayName', 'ldapLoginFilter');
-		foreach($options as $key) {
-			$val = $this->configuration->$key;
-			if(empty($val)) {
-				switch($key) {
-					case 'ldapHost':
-						$subj = 'LDAP Host';
-						break;
-					case 'ldapPort':
-						$subj = 'LDAP Port';
-						break;
-					case 'ldapUserDisplayName':
-						$subj = 'LDAP User Display Name';
-						break;
-					case 'ldapGroupDisplayName':
-						$subj = 'LDAP Group Display Name';
-						break;
-					case 'ldapLoginFilter':
-						$subj = 'LDAP Login Filter';
-						break;
-					default:
-						$subj = $key;
-						break;
-				}
-				$configurationOK = false;
-				\OCP\Util::writeLog('user_ldap',
-									$errorStr.'No '.$subj.' given!',
-									\OCP\Util::WARN);
-			}
-		}
-
-		//combinations
-		$agent = $this->configuration->ldapAgentName;
-		$pwd = $this->configuration->ldapAgentPassword;
-		if (
-			($agent === ''  && $pwd !== '')
-			|| ($agent !== '' && $pwd === '')
-		) {
-			\OCP\Util::writeLog('user_ldap',
-								$errorStr.'either no password is given for the '.
-								'user agent or a password is given, but not an '.
-								'LDAP agent.',
-				\OCP\Util::WARN);
-			$configurationOK = false;
-		}
-
-		$base = $this->configuration->ldapBase;
-		$baseUsers = $this->configuration->ldapBaseUsers;
-		$baseGroups = $this->configuration->ldapBaseGroups;
-
-		if(empty($base) && empty($baseUsers) && empty($baseGroups)) {
-			\OCP\Util::writeLog('user_ldap',
-								$errorStr.'Not a single Base DN given.',
-								\OCP\Util::WARN);
-			$configurationOK = false;
-		}
-
-		if(mb_strpos($this->configuration->ldapLoginFilter, '%uid', 0, 'UTF-8')
-		   === false) {
-			\OCP\Util::writeLog('user_ldap',
-								$errorStr.'login filter does not contain %uid '.
-								'place holder.',
-								\OCP\Util::WARN);
-			$configurationOK = false;
-		}
-
-		return $configurationOK;
-	}
-
-	/**
-	 * Validates the user specified configuration
-	 * @return bool true if configuration seems OK, false otherwise
-	 */
-	private function validateConfiguration() {
-
-		if($this->doNotValidate) {
-			//don't do a validation if it is a new configuration with pure
-			//default values. Will be allowed on changes via __set or
-			//setConfiguration
-			return false;
-		}
-
-		// first step: "soft" checks: settings that are not really
-		// necessary, but advisable. If left empty, give an info message
-		$this->doSoftValidation();
-
-		//second step: critical checks. If left empty or filled wrong, mark as
-		//not configured and give a warning.
-		return $this->doCriticalValidation();
-	}
-
-
-	/**
-	 * Connects and Binds to LDAP
-	 */
-	private function establishConnection() {
-		if(!$this->configuration->ldapConfigurationActive) {
-			return null;
-		}
-		static $phpLDAPinstalled = true;
-		if(!$phpLDAPinstalled) {
-			return false;
-		}
-		if(!$this->ignoreValidation && !$this->configured) {
-			\OCP\Util::writeLog('user_ldap',
-								'Configuration is invalid, cannot connect',
-								\OCP\Util::WARN);
-			return false;
-		}
-		if(!$this->ldapConnectionRes) {
-			if(!$this->ldap->areLDAPFunctionsAvailable()) {
-				$phpLDAPinstalled = false;
-				\OCP\Util::writeLog('user_ldap',
-									'function ldap_connect is not available. Make '.
-									'sure that the PHP ldap module is installed.',
-									\OCP\Util::ERROR);
-
-				return false;
-			}
-			if($this->configuration->turnOffCertCheck) {
-				if(putenv('LDAPTLS_REQCERT=never')) {
-					\OCP\Util::writeLog('user_ldap',
-						'Turned off SSL certificate validation successfully.',
-						\OCP\Util::DEBUG);
-				} else {
-					\OCP\Util::writeLog('user_ldap',
-										'Could not turn off SSL certificate validation.',
-										\OCP\Util::WARN);
-				}
-			}
-
-			$isOverrideMainServer = ($this->configuration->ldapOverrideMainServer
-				|| $this->getFromCache('overrideMainServer'));
-			$isBackupHost = (trim($this->configuration->ldapBackupHost) !== "");
-			$bindStatus = false;
-			$error = -1;
-			try {
-				if (!$isOverrideMainServer) {
-					$this->doConnect($this->configuration->ldapHost,
-						$this->configuration->ldapPort);
-					$bindStatus = $this->bind();
-					$error = $this->ldap->isResource($this->ldapConnectionRes) ?
-						$this->ldap->errno($this->ldapConnectionRes) : -1;
-				}
-				if($bindStatus === true) {
-					return $bindStatus;
-				}
-			} catch (ServerNotAvailableException $e) {
-				if(!$isBackupHost) {
-					throw $e;
-				}
-			}
-
-			//if LDAP server is not reachable, try the Backup (Replica!) Server
-			if($isBackupHost && ($error !== 0 || $isOverrideMainServer)) {
-				$this->doConnect($this->configuration->ldapBackupHost,
-								 $this->configuration->ldapBackupPort);
-				$bindStatus = $this->bind();
-				$error = $this->ldap->isResource($this->ldapConnectionRes) ?
-					$this->ldap->errno($this->ldapConnectionRes) : -1;
-				if($bindStatus && $error === 0 && !$this->getFromCache('overrideMainServer')) {
-					//when bind to backup server succeeded and failed to main server,
-					//skip contacting him until next cache refresh
-					$this->writeToCache('overrideMainServer', true);
-				}
-			}
-
-			return $bindStatus;
-		}
-		return null;
-	}
-
-	/**
-	 * @param string $host
-	 * @param string $port
-	 * @return bool
-	 * @throws \OC\ServerNotAvailableException
-	 */
-	private function doConnect($host, $port) {
-		if ($host === '') {
-			return false;
-		}
-
-		$this->ldapConnectionRes = $this->ldap->connect($host, $port);
-
-		if(!$this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
-			throw new ServerNotAvailableException('Could not set required LDAP Protocol version.');
-		}
-
-		if(!$this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
-			throw new ServerNotAvailableException('Could not disable LDAP referrals.');
-		}
-
-		if($this->configuration->ldapTLS) {
-			if(!$this->ldap->startTls($this->ldapConnectionRes)) {
-				throw new ServerNotAvailableException('Start TLS failed, when connecting to LDAP host ' . $host . '.');
-			}
-		}
-
-		return true;
-	}
-
-	/**
-	 * Binds to LDAP
-	 */
-	public function bind() {
-		if(!$this->configuration->ldapConfigurationActive) {
-			return false;
-		}
-		$cr = $this->getConnectionResource();
-		if(!$this->ldap->isResource($cr)) {
-			return false;
-		}
-		$ldapLogin = @$this->ldap->bind($cr,
-										$this->configuration->ldapAgentName,
-										$this->configuration->ldapAgentPassword);
-		if(!$ldapLogin) {
-			$errno = $this->ldap->errno($cr);
-
-			\OCP\Util::writeLog('user_ldap',
-				'Bind failed: ' . $errno . ': ' . $this->ldap->error($cr),
-				\OCP\Util::WARN);
-
-			// Set to failure mode, if LDAP error code is not LDAP_SUCCESS or LDAP_INVALID_CREDENTIALS
-			if($errno !== 0x00 && $errno !== 0x31) {
-				$this->ldapConnectionRes = null;
-			}
-
-			return false;
-		}
-		return true;
-	}
+    private $ldapConnectionRes = null;
+    private $configPrefix;
+    private $configID;
+    private $configured = false;
+    private $hasPagedResultSupport = true;
+    //whether connection should be kept on __destruct
+    private $dontDestruct = false;
+
+    /**
+     * @var bool runtime flag that indicates whether supported primary groups are available
+     */
+    public $hasPrimaryGroups = true;
+
+    /**
+     * @var bool runtime flag that indicates whether supported POSIX gidNumber are available
+     */
+    public $hasGidNumber = true;
+
+    //cache handler
+    protected $cache;
+
+    /** @var Configuration settings handler **/
+    protected $configuration;
+
+    protected $doNotValidate = false;
+
+    protected $ignoreValidation = false;
+
+    /**
+     * Constructor
+     * @param ILDAPWrapper $ldap
+     * @param string $configPrefix a string with the prefix for the configkey column (appconfig table)
+     * @param string|null $configID a string with the value for the appid column (appconfig table) or null for on-the-fly connections
+     */
+    public function __construct(ILDAPWrapper $ldap, $configPrefix = '', $configID = 'user_ldap') {
+        parent::__construct($ldap);
+        $this->configPrefix = $configPrefix;
+        $this->configID = $configID;
+        $this->configuration = new Configuration($configPrefix,
+                                                    !is_null($configID));
+        $memcache = \OC::$server->getMemCacheFactory();
+        if($memcache->isAvailable()) {
+            $this->cache = $memcache->create();
+        }
+        $helper = new Helper(\OC::$server->getConfig());
+        $this->doNotValidate = !in_array($this->configPrefix,
+            $helper->getServerConfigurationPrefixes());
+        $this->hasPagedResultSupport =
+            intval($this->configuration->ldapPagingSize) !== 0
+            || $this->ldap->hasPagedResultSupport();
+    }
+
+    public function __destruct() {
+        if(!$this->dontDestruct && $this->ldap->isResource($this->ldapConnectionRes)) {
+            @$this->ldap->unbind($this->ldapConnectionRes);
+        };
+    }
+
+    /**
+     * defines behaviour when the instance is cloned
+     */
+    public function __clone() {
+        $this->configuration = new Configuration($this->configPrefix,
+                                                    !is_null($this->configID));
+        $this->ldapConnectionRes = null;
+        $this->dontDestruct = true;
+    }
+
+    /**
+     * @param string $name
+     * @return bool|mixed
+     */
+    public function __get($name) {
+        if(!$this->configured) {
+            $this->readConfiguration();
+        }
+
+        if($name === 'hasPagedResultSupport') {
+            return $this->hasPagedResultSupport;
+        }
+
+        return $this->configuration->$name;
+    }
+
+    /**
+     * @param string $name
+     * @param mixed $value
+     */
+    public function __set($name, $value) {
+        $this->doNotValidate = false;
+        $before = $this->configuration->$name;
+        $this->configuration->$name = $value;
+        $after = $this->configuration->$name;
+        if($before !== $after) {
+            if ($this->configID !== '' && $this->configID !== null) {
+                $this->configuration->saveConfiguration();
+            }
+            $this->validateConfiguration();
+        }
+    }
+
+    /**
+     * sets whether the result of the configuration validation shall
+     * be ignored when establishing the connection. Used by the Wizard
+     * in early configuration state.
+     * @param bool $state
+     */
+    public function setIgnoreValidation($state) {
+        $this->ignoreValidation = (bool)$state;
+    }
+
+    /**
+     * initializes the LDAP backend
+     * @param bool $force read the config settings no matter what
+     */
+    public function init($force = false) {
+        $this->readConfiguration($force);
+        $this->establishConnection();
+    }
+
+    /**
+     * Returns the LDAP handler
+     */
+    public function getConnectionResource() {
+        if(!$this->ldapConnectionRes) {
+            $this->init();
+        } else if(!$this->ldap->isResource($this->ldapConnectionRes)) {
+            $this->ldapConnectionRes = null;
+            $this->establishConnection();
+        }
+        if(is_null($this->ldapConnectionRes)) {
+            \OCP\Util::writeLog('user_ldap', 'No LDAP Connection to server ' . $this->configuration->ldapHost, \OCP\Util::ERROR);
+            throw new ServerNotAvailableException('Connection to LDAP server could not be established');
+        }
+        return $this->ldapConnectionRes;
+    }
+
+    /**
+     * resets the connection resource
+     */
+    public function resetConnectionResource() {
+        if(!is_null($this->ldapConnectionRes)) {
+            @$this->ldap->unbind($this->ldapConnectionRes);
+            $this->ldapConnectionRes = null;
+        }
+    }
+
+    /**
+     * @param string|null $key
+     * @return string
+     */
+    private function getCacheKey($key) {
+        $prefix = 'LDAP-'.$this->configID.'-'.$this->configPrefix.'-';
+        if(is_null($key)) {
+            return $prefix;
+        }
+        return $prefix.md5($key);
+    }
+
+    /**
+     * @param string $key
+     * @return mixed|null
+     */
+    public function getFromCache($key) {
+        if(!$this->configured) {
+            $this->readConfiguration();
+        }
+        if(is_null($this->cache) || !$this->configuration->ldapCacheTTL) {
+            return null;
+        }
+        $key = $this->getCacheKey($key);
+
+        return json_decode(base64_decode($this->cache->get($key)), true);
+    }
+
+    /**
+     * @param string $key
+     * @param mixed $value
+     *
+     * @return string
+     */
+    public function writeToCache($key, $value) {
+        if(!$this->configured) {
+            $this->readConfiguration();
+        }
+        if(is_null($this->cache)
+            || !$this->configuration->ldapCacheTTL
+            || !$this->configuration->ldapConfigurationActive) {
+            return null;
+        }
+        $key   = $this->getCacheKey($key);
+        $value = base64_encode(json_encode($value));
+        $this->cache->set($key, $value, $this->configuration->ldapCacheTTL);
+    }
+
+    public function clearCache() {
+        if(!is_null($this->cache)) {
+            $this->cache->clear($this->getCacheKey(null));
+        }
+    }
+
+    /**
+     * Caches the general LDAP configuration.
+     * @param bool $force optional. true, if the re-read should be forced. defaults
+     * to false.
+     * @return null
+     */
+    private function readConfiguration($force = false) {
+        if((!$this->configured || $force) && !is_null($this->configID)) {
+            $this->configuration->readConfiguration();
+            $this->configured = $this->validateConfiguration();
+        }
+    }
+
+    /**
+     * set LDAP configuration with values delivered by an array, not read from configuration
+     * @param array $config array that holds the config parameters in an associated array
+     * @param array &$setParameters optional; array where the set fields will be given to
+     * @return boolean true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters
+     */
+    public function setConfiguration($config, &$setParameters = null) {
+        if(is_null($setParameters)) {
+            $setParameters = array();
+        }
+        $this->doNotValidate = false;
+        $this->configuration->setConfiguration($config, $setParameters);
+        if(count($setParameters) > 0) {
+            $this->configured = $this->validateConfiguration();
+        }
+
+
+        return $this->configured;
+    }
+
+    /**
+     * saves the current Configuration in the database and empties the
+     * cache
+     * @return null
+     */
+    public function saveConfiguration() {
+        $this->configuration->saveConfiguration();
+        $this->clearCache();
+    }
+
+    /**
+     * get the current LDAP configuration
+     * @return array
+     */
+    public function getConfiguration() {
+        $this->readConfiguration();
+        $config = $this->configuration->getConfiguration();
+        $cta = $this->configuration->getConfigTranslationArray();
+        $result = array();
+        foreach($cta as $dbkey => $configkey) {
+            switch($configkey) {
+                case 'homeFolderNamingRule':
+                    if(strpos($config[$configkey], 'attr:') === 0) {
+                        $result[$dbkey] = substr($config[$configkey], 5);
+                    } else {
+                        $result[$dbkey] = '';
+                    }
+                    break;
+                case 'ldapBase':
+                case 'ldapBaseUsers':
+                case 'ldapBaseGroups':
+                case 'ldapAttributesForUserSearch':
+                case 'ldapAttributesForGroupSearch':
+                    if(is_array($config[$configkey])) {
+                        $result[$dbkey] = implode("\n", $config[$configkey]);
+                        break;
+                    } //else follows default
+                default:
+                    $result[$dbkey] = $config[$configkey];
+            }
+        }
+        return $result;
+    }
+
+    private function doSoftValidation() {
+        //if User or Group Base are not set, take over Base DN setting
+        foreach(array('ldapBaseUsers', 'ldapBaseGroups') as $keyBase) {
+            $val = $this->configuration->$keyBase;
+            if(empty($val)) {
+                $this->configuration->$keyBase = $this->configuration->ldapBase;
+            }
+        }
+
+        foreach(array('ldapExpertUUIDUserAttr'  => 'ldapUuidUserAttribute',
+                        'ldapExpertUUIDGroupAttr' => 'ldapUuidGroupAttribute')
+                as $expertSetting => $effectiveSetting) {
+            $uuidOverride = $this->configuration->$expertSetting;
+            if(!empty($uuidOverride)) {
+                $this->configuration->$effectiveSetting = $uuidOverride;
+            } else {
+                $uuidAttributes = Access::UUID_ATTRIBUTES;
+                array_unshift($uuidAttributes, 'auto');
+                if(!in_array($this->configuration->$effectiveSetting,
+                            $uuidAttributes)
+                    && (!is_null($this->configID))) {
+                    $this->configuration->$effectiveSetting = 'auto';
+                    $this->configuration->saveConfiguration();
+                    \OCP\Util::writeLog('user_ldap',
+                                        'Illegal value for the '.
+                                        $effectiveSetting.', '.'reset to '.
+                                        'autodetect.', \OCP\Util::INFO);
+                }
+
+            }
+        }
+
+        $backupPort = intval($this->configuration->ldapBackupPort);
+        if ($backupPort <= 0) {
+            $this->configuration->backupPort = $this->configuration->ldapPort;
+        }
+
+        //make sure empty search attributes are saved as simple, empty array
+        $saKeys = array('ldapAttributesForUserSearch',
+                        'ldapAttributesForGroupSearch');
+        foreach($saKeys as $key) {
+            $val = $this->configuration->$key;
+            if(is_array($val) && count($val) === 1 && empty($val[0])) {
+                $this->configuration->$key = array();
+            }
+        }
+
+        if((stripos($this->configuration->ldapHost, 'ldaps://') === 0)
+            && $this->configuration->ldapTLS) {
+            $this->configuration->ldapTLS = false;
+            \OCP\Util::writeLog('user_ldap',
+                                'LDAPS (already using secure connection) and '.
+                                'TLS do not work together. Switched off TLS.',
+                                \OCP\Util::INFO);
+        }
+    }
+
+    /**
+     * @return bool
+     */
+    private function doCriticalValidation() {
+        $configurationOK = true;
+        $errorStr = 'Configuration Error (prefix '.
+                    strval($this->configPrefix).'): ';
+
+        //options that shall not be empty
+        $options = array('ldapHost', 'ldapPort', 'ldapUserDisplayName',
+                            'ldapGroupDisplayName', 'ldapLoginFilter');
+        foreach($options as $key) {
+            $val = $this->configuration->$key;
+            if(empty($val)) {
+                switch($key) {
+                    case 'ldapHost':
+                        $subj = 'LDAP Host';
+                        break;
+                    case 'ldapPort':
+                        $subj = 'LDAP Port';
+                        break;
+                    case 'ldapUserDisplayName':
+                        $subj = 'LDAP User Display Name';
+                        break;
+                    case 'ldapGroupDisplayName':
+                        $subj = 'LDAP Group Display Name';
+                        break;
+                    case 'ldapLoginFilter':
+                        $subj = 'LDAP Login Filter';
+                        break;
+                    default:
+                        $subj = $key;
+                        break;
+                }
+                $configurationOK = false;
+                \OCP\Util::writeLog('user_ldap',
+                                    $errorStr.'No '.$subj.' given!',
+                                    \OCP\Util::WARN);
+            }
+        }
+
+        //combinations
+        $agent = $this->configuration->ldapAgentName;
+        $pwd = $this->configuration->ldapAgentPassword;
+        if (
+            ($agent === ''  && $pwd !== '')
+            || ($agent !== '' && $pwd === '')
+        ) {
+            \OCP\Util::writeLog('user_ldap',
+                                $errorStr.'either no password is given for the '.
+                                'user agent or a password is given, but not an '.
+                                'LDAP agent.',
+                \OCP\Util::WARN);
+            $configurationOK = false;
+        }
+
+        $base = $this->configuration->ldapBase;
+        $baseUsers = $this->configuration->ldapBaseUsers;
+        $baseGroups = $this->configuration->ldapBaseGroups;
+
+        if(empty($base) && empty($baseUsers) && empty($baseGroups)) {
+            \OCP\Util::writeLog('user_ldap',
+                                $errorStr.'Not a single Base DN given.',
+                                \OCP\Util::WARN);
+            $configurationOK = false;
+        }
+
+        if(mb_strpos($this->configuration->ldapLoginFilter, '%uid', 0, 'UTF-8')
+            === false) {
+            \OCP\Util::writeLog('user_ldap',
+                                $errorStr.'login filter does not contain %uid '.
+                                'place holder.',
+                                \OCP\Util::WARN);
+            $configurationOK = false;
+        }
+
+        return $configurationOK;
+    }
+
+    /**
+     * Validates the user specified configuration
+     * @return bool true if configuration seems OK, false otherwise
+     */
+    private function validateConfiguration() {
+
+        if($this->doNotValidate) {
+            //don't do a validation if it is a new configuration with pure
+            //default values. Will be allowed on changes via __set or
+            //setConfiguration
+            return false;
+        }
+
+        // first step: "soft" checks: settings that are not really
+        // necessary, but advisable. If left empty, give an info message
+        $this->doSoftValidation();
+
+        //second step: critical checks. If left empty or filled wrong, mark as
+        //not configured and give a warning.
+        return $this->doCriticalValidation();
+    }
+
+
+    /**
+     * Connects and Binds to LDAP
+     */
+    private function establishConnection() {
+        if(!$this->configuration->ldapConfigurationActive) {
+            return null;
+        }
+        static $phpLDAPinstalled = true;
+        if(!$phpLDAPinstalled) {
+            return false;
+        }
+        if(!$this->ignoreValidation && !$this->configured) {
+            \OCP\Util::writeLog('user_ldap',
+                                'Configuration is invalid, cannot connect',
+                                \OCP\Util::WARN);
+            return false;
+        }
+        if(!$this->ldapConnectionRes) {
+            if(!$this->ldap->areLDAPFunctionsAvailable()) {
+                $phpLDAPinstalled = false;
+                \OCP\Util::writeLog('user_ldap',
+                                    'function ldap_connect is not available. Make '.
+                                    'sure that the PHP ldap module is installed.',
+                                    \OCP\Util::ERROR);
+
+                return false;
+            }
+            if($this->configuration->turnOffCertCheck) {
+                if(putenv('LDAPTLS_REQCERT=never')) {
+                    \OCP\Util::writeLog('user_ldap',
+                        'Turned off SSL certificate validation successfully.',
+                        \OCP\Util::DEBUG);
+                } else {
+                    \OCP\Util::writeLog('user_ldap',
+                                        'Could not turn off SSL certificate validation.',
+                                        \OCP\Util::WARN);
+                }
+            }
+
+            $isOverrideMainServer = ($this->configuration->ldapOverrideMainServer
+                || $this->getFromCache('overrideMainServer'));
+            $isBackupHost = (trim($this->configuration->ldapBackupHost) !== "");
+            $bindStatus = false;
+            $error = -1;
+            try {
+                if (!$isOverrideMainServer) {
+                    $this->doConnect($this->configuration->ldapHost,
+                        $this->configuration->ldapPort);
+                    $bindStatus = $this->bind();
+                    $error = $this->ldap->isResource($this->ldapConnectionRes) ?
+                        $this->ldap->errno($this->ldapConnectionRes) : -1;
+                }
+                if($bindStatus === true) {
+                    return $bindStatus;
+                }
+            } catch (ServerNotAvailableException $e) {
+                if(!$isBackupHost) {
+                    throw $e;
+                }
+            }
+
+            //if LDAP server is not reachable, try the Backup (Replica!) Server
+            if($isBackupHost && ($error !== 0 || $isOverrideMainServer)) {
+                $this->doConnect($this->configuration->ldapBackupHost,
+                                    $this->configuration->ldapBackupPort);
+                $bindStatus = $this->bind();
+                $error = $this->ldap->isResource($this->ldapConnectionRes) ?
+                    $this->ldap->errno($this->ldapConnectionRes) : -1;
+                if($bindStatus && $error === 0 && !$this->getFromCache('overrideMainServer')) {
+                    //when bind to backup server succeeded and failed to main server,
+                    //skip contacting him until next cache refresh
+                    $this->writeToCache('overrideMainServer', true);
+                }
+            }
+
+            return $bindStatus;
+        }
+        return null;
+    }
+
+    /**
+     * @param string $host
+     * @param string $port
+     * @return bool
+     * @throws \OC\ServerNotAvailableException
+     */
+    private function doConnect($host, $port) {
+        if ($host === '') {
+            return false;
+        }
+
+        $this->ldapConnectionRes = $this->ldap->connect($host, $port);
+
+        if(!$this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
+            throw new ServerNotAvailableException('Could not set required LDAP Protocol version.');
+        }
+
+        if(!$this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
+            throw new ServerNotAvailableException('Could not disable LDAP referrals.');
+        }
+
+        if($this->configuration->ldapTLS) {
+            if(!$this->ldap->startTls($this->ldapConnectionRes)) {
+                throw new ServerNotAvailableException('Start TLS failed, when connecting to LDAP host ' . $host . '.');
+            }
+        }
+
+        return true;
+    }
+
+    /**
+     * Binds to LDAP
+     */
+    public function bind() {
+        if(!$this->configuration->ldapConfigurationActive) {
+            return false;
+        }
+        $cr = $this->getConnectionResource();
+        if(!$this->ldap->isResource($cr)) {
+            return false;
+        }
+        $ldapLogin = @$this->ldap->bind($cr,
+                                        $this->configuration->ldapAgentName,
+                                        $this->configuration->ldapAgentPassword);
+        if(!$ldapLogin) {
+            $errno = $this->ldap->errno($cr);
+
+            \OCP\Util::writeLog('user_ldap',
+                'Bind failed: ' . $errno . ': ' . $this->ldap->error($cr),
+                \OCP\Util::WARN);
+
+            // Set to failure mode, if LDAP error code is not LDAP_SUCCESS or LDAP_INVALID_CREDENTIALS
+            if($errno !== 0x00 && $errno !== 0x31) {
+                $this->ldapConnectionRes = null;
+            }
+
+            return false;
+        }
+        return true;
+    }
 
 }

Spacing +60 added lines, -60 removed lines

@@ -99,7 +99,7 @@ 
 		$this->configuration = new Configuration($configPrefix,
 												 !is_null($configID));
 		$memcache = \OC::$server->getMemCacheFactory();
-		if($memcache->isAvailable()) {
+		if ($memcache->isAvailable()) {
 			$this->cache = $memcache->create();
 		}
 		$helper = new Helper(\OC::$server->getConfig());
@@ -111,7 +111,7 @@ 
 	}
 
 	public function __destruct() {
-		if(!$this->dontDestruct && $this->ldap->isResource($this->ldapConnectionRes)) {
+		if (!$this->dontDestruct && $this->ldap->isResource($this->ldapConnectionRes)) {
 			@$this->ldap->unbind($this->ldapConnectionRes);
 		};
 	}
@@ -131,11 +131,11 @@ 
 	 * @return bool|mixed
 	 */
 	public function __get($name) {
-		if(!$this->configured) {
+		if (!$this->configured) {
 			$this->readConfiguration();
 		}
 
-		if($name === 'hasPagedResultSupport') {
+		if ($name === 'hasPagedResultSupport') {
 			return $this->hasPagedResultSupport;
 		}
 
@@ -151,7 +151,7 @@ 
 		$before = $this->configuration->$name;
 		$this->configuration->$name = $value;
 		$after = $this->configuration->$name;
-		if($before !== $after) {
+		if ($before !== $after) {
 			if ($this->configID !== '' && $this->configID !== null) {
 				$this->configuration->saveConfiguration();
 			}
@@ -166,7 +166,7 @@ 
 	 * @param bool $state
 	 */
 	public function setIgnoreValidation($state) {
-		$this->ignoreValidation = (bool)$state;
+		$this->ignoreValidation = (bool) $state;
 	}
 
 	/**
@@ -182,14 +182,14 @@ 
 	 * Returns the LDAP handler
 	 */
 	public function getConnectionResource() {
-		if(!$this->ldapConnectionRes) {
+		if (!$this->ldapConnectionRes) {
 			$this->init();
-		} else if(!$this->ldap->isResource($this->ldapConnectionRes)) {
+		} else if (!$this->ldap->isResource($this->ldapConnectionRes)) {
 			$this->ldapConnectionRes = null;
 			$this->establishConnection();
 		}
-		if(is_null($this->ldapConnectionRes)) {
-			\OCP\Util::writeLog('user_ldap', 'No LDAP Connection to server ' . $this->configuration->ldapHost, \OCP\Util::ERROR);
+		if (is_null($this->ldapConnectionRes)) {
+			\OCP\Util::writeLog('user_ldap', 'No LDAP Connection to server '.$this->configuration->ldapHost, \OCP\Util::ERROR);
 			throw new ServerNotAvailableException('Connection to LDAP server could not be established');
 		}
 		return $this->ldapConnectionRes;
@@ -199,7 +199,7 @@ 
 	 * resets the connection resource
 	 */
 	public function resetConnectionResource() {
-		if(!is_null($this->ldapConnectionRes)) {
+		if (!is_null($this->ldapConnectionRes)) {
 			@$this->ldap->unbind($this->ldapConnectionRes);
 			$this->ldapConnectionRes = null;
 		}
@@ -211,7 +211,7 @@ 
 	 */
 	private function getCacheKey($key) {
 		$prefix = 'LDAP-'.$this->configID.'-'.$this->configPrefix.'-';
-		if(is_null($key)) {
+		if (is_null($key)) {
 			return $prefix;
 		}
 		return $prefix.md5($key);
@@ -222,10 +222,10 @@ 
 	 * @return mixed|null
 	 */
 	public function getFromCache($key) {
-		if(!$this->configured) {
+		if (!$this->configured) {
 			$this->readConfiguration();
 		}
-		if(is_null($this->cache) || !$this->configuration->ldapCacheTTL) {
+		if (is_null($this->cache) || !$this->configuration->ldapCacheTTL) {
 			return null;
 		}
 		$key = $this->getCacheKey($key);
@@ -240,10 +240,10 @@ 
 	 * @return string
 	 */
 	public function writeToCache($key, $value) {
-		if(!$this->configured) {
+		if (!$this->configured) {
 			$this->readConfiguration();
 		}
-		if(is_null($this->cache)
+		if (is_null($this->cache)
 			|| !$this->configuration->ldapCacheTTL
 			|| !$this->configuration->ldapConfigurationActive) {
 			return null;
@@ -254,7 +254,7 @@ 
 	}
 
 	public function clearCache() {
-		if(!is_null($this->cache)) {
+		if (!is_null($this->cache)) {
 			$this->cache->clear($this->getCacheKey(null));
 		}
 	}
@@ -266,7 +266,7 @@ 
 	 * @return null
 	 */
 	private function readConfiguration($force = false) {
-		if((!$this->configured || $force) && !is_null($this->configID)) {
+		if ((!$this->configured || $force) && !is_null($this->configID)) {
 			$this->configuration->readConfiguration();
 			$this->configured = $this->validateConfiguration();
 		}
@@ -279,12 +279,12 @@ 
 	 * @return boolean true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters
 	 */
 	public function setConfiguration($config, &$setParameters = null) {
-		if(is_null($setParameters)) {
+		if (is_null($setParameters)) {
 			$setParameters = array();
 		}
 		$this->doNotValidate = false;
 		$this->configuration->setConfiguration($config, $setParameters);
-		if(count($setParameters) > 0) {
+		if (count($setParameters) > 0) {
 			$this->configured = $this->validateConfiguration();
 		}
 
@@ -311,10 +311,10 @@ 
 		$config = $this->configuration->getConfiguration();
 		$cta = $this->configuration->getConfigTranslationArray();
 		$result = array();
-		foreach($cta as $dbkey => $configkey) {
-			switch($configkey) {
+		foreach ($cta as $dbkey => $configkey) {
+			switch ($configkey) {
 				case 'homeFolderNamingRule':
-					if(strpos($config[$configkey], 'attr:') === 0) {
+					if (strpos($config[$configkey], 'attr:') === 0) {
 						$result[$dbkey] = substr($config[$configkey], 5);
 					} else {
 						$result[$dbkey] = '';
@@ -325,7 +325,7 @@ 
 				case 'ldapBaseGroups':
 				case 'ldapAttributesForUserSearch':
 				case 'ldapAttributesForGroupSearch':
-					if(is_array($config[$configkey])) {
+					if (is_array($config[$configkey])) {
 						$result[$dbkey] = implode("\n", $config[$configkey]);
 						break;
 					} //else follows default
@@ -338,23 +338,23 @@ 
 
 	private function doSoftValidation() {
 		//if User or Group Base are not set, take over Base DN setting
-		foreach(array('ldapBaseUsers', 'ldapBaseGroups') as $keyBase) {
+		foreach (array('ldapBaseUsers', 'ldapBaseGroups') as $keyBase) {
 			$val = $this->configuration->$keyBase;
-			if(empty($val)) {
+			if (empty($val)) {
 				$this->configuration->$keyBase = $this->configuration->ldapBase;
 			}
 		}
 
-		foreach(array('ldapExpertUUIDUserAttr'  => 'ldapUuidUserAttribute',
+		foreach (array('ldapExpertUUIDUserAttr'  => 'ldapUuidUserAttribute',
 					  'ldapExpertUUIDGroupAttr' => 'ldapUuidGroupAttribute')
 				as $expertSetting => $effectiveSetting) {
 			$uuidOverride = $this->configuration->$expertSetting;
-			if(!empty($uuidOverride)) {
+			if (!empty($uuidOverride)) {
 				$this->configuration->$effectiveSetting = $uuidOverride;
 			} else {
 				$uuidAttributes = Access::UUID_ATTRIBUTES;
 				array_unshift($uuidAttributes, 'auto');
-				if(!in_array($this->configuration->$effectiveSetting,
+				if (!in_array($this->configuration->$effectiveSetting,
 							$uuidAttributes)
 					&& (!is_null($this->configID))) {
 					$this->configuration->$effectiveSetting = 'auto';
@@ -376,14 +376,14 @@ 
 		//make sure empty search attributes are saved as simple, empty array
 		$saKeys = array('ldapAttributesForUserSearch',
 						'ldapAttributesForGroupSearch');
-		foreach($saKeys as $key) {
+		foreach ($saKeys as $key) {
 			$val = $this->configuration->$key;
-			if(is_array($val) && count($val) === 1 && empty($val[0])) {
+			if (is_array($val) && count($val) === 1 && empty($val[0])) {
 				$this->configuration->$key = array();
 			}
 		}
 
-		if((stripos($this->configuration->ldapHost, 'ldaps://') === 0)
+		if ((stripos($this->configuration->ldapHost, 'ldaps://') === 0)
 			&& $this->configuration->ldapTLS) {
 			$this->configuration->ldapTLS = false;
 			\OCP\Util::writeLog('user_ldap',
@@ -404,10 +404,10 @@ 
 		//options that shall not be empty
 		$options = array('ldapHost', 'ldapPort', 'ldapUserDisplayName',
 						 'ldapGroupDisplayName', 'ldapLoginFilter');
-		foreach($options as $key) {
+		foreach ($options as $key) {
 			$val = $this->configuration->$key;
-			if(empty($val)) {
-				switch($key) {
+			if (empty($val)) {
+				switch ($key) {
 					case 'ldapHost':
 						$subj = 'LDAP Host';
 						break;
@@ -438,7 +438,7 @@ 
 		$agent = $this->configuration->ldapAgentName;
 		$pwd = $this->configuration->ldapAgentPassword;
 		if (
-			($agent === ''  && $pwd !== '')
+			($agent === '' && $pwd !== '')
 			|| ($agent !== '' && $pwd === '')
 		) {
 			\OCP\Util::writeLog('user_ldap',
@@ -453,14 +453,14 @@ 
 		$baseUsers = $this->configuration->ldapBaseUsers;
 		$baseGroups = $this->configuration->ldapBaseGroups;
 
-		if(empty($base) && empty($baseUsers) && empty($baseGroups)) {
+		if (empty($base) && empty($baseUsers) && empty($baseGroups)) {
 			\OCP\Util::writeLog('user_ldap',
 								$errorStr.'Not a single Base DN given.',
 								\OCP\Util::WARN);
 			$configurationOK = false;
 		}
 
-		if(mb_strpos($this->configuration->ldapLoginFilter, '%uid', 0, 'UTF-8')
+		if (mb_strpos($this->configuration->ldapLoginFilter, '%uid', 0, 'UTF-8')
 		   === false) {
 			\OCP\Util::writeLog('user_ldap',
 								$errorStr.'login filter does not contain %uid '.
@@ -478,7 +478,7 @@ 
 	 */
 	private function validateConfiguration() {
 
-		if($this->doNotValidate) {
+		if ($this->doNotValidate) {
 			//don't do a validation if it is a new configuration with pure
 			//default values. Will be allowed on changes via __set or
 			//setConfiguration
@@ -499,21 +499,21 @@ 
 	 * Connects and Binds to LDAP
 	 */
 	private function establishConnection() {
-		if(!$this->configuration->ldapConfigurationActive) {
+		if (!$this->configuration->ldapConfigurationActive) {
 			return null;
 		}
 		static $phpLDAPinstalled = true;
-		if(!$phpLDAPinstalled) {
+		if (!$phpLDAPinstalled) {
 			return false;
 		}
-		if(!$this->ignoreValidation && !$this->configured) {
+		if (!$this->ignoreValidation && !$this->configured) {
 			\OCP\Util::writeLog('user_ldap',
 								'Configuration is invalid, cannot connect',
 								\OCP\Util::WARN);
 			return false;
 		}
-		if(!$this->ldapConnectionRes) {
-			if(!$this->ldap->areLDAPFunctionsAvailable()) {
+		if (!$this->ldapConnectionRes) {
+			if (!$this->ldap->areLDAPFunctionsAvailable()) {
 				$phpLDAPinstalled = false;
 				\OCP\Util::writeLog('user_ldap',
 									'function ldap_connect is not available. Make '.
@@ -522,8 +522,8 @@ 
 
 				return false;
 			}
-			if($this->configuration->turnOffCertCheck) {
-				if(putenv('LDAPTLS_REQCERT=never')) {
+			if ($this->configuration->turnOffCertCheck) {
+				if (putenv('LDAPTLS_REQCERT=never')) {
 					\OCP\Util::writeLog('user_ldap',
 						'Turned off SSL certificate validation successfully.',
 						\OCP\Util::DEBUG);
@@ -547,23 +547,23 @@ 
 					$error = $this->ldap->isResource($this->ldapConnectionRes) ?
 						$this->ldap->errno($this->ldapConnectionRes) : -1;
 				}
-				if($bindStatus === true) {
+				if ($bindStatus === true) {
 					return $bindStatus;
 				}
 			} catch (ServerNotAvailableException $e) {
-				if(!$isBackupHost) {
+				if (!$isBackupHost) {
 					throw $e;
 				}
 			}
 
 			//if LDAP server is not reachable, try the Backup (Replica!) Server
-			if($isBackupHost && ($error !== 0 || $isOverrideMainServer)) {
+			if ($isBackupHost && ($error !== 0 || $isOverrideMainServer)) {
 				$this->doConnect($this->configuration->ldapBackupHost,
 								 $this->configuration->ldapBackupPort);
 				$bindStatus = $this->bind();
 				$error = $this->ldap->isResource($this->ldapConnectionRes) ?
 					$this->ldap->errno($this->ldapConnectionRes) : -1;
-				if($bindStatus && $error === 0 && !$this->getFromCache('overrideMainServer')) {
+				if ($bindStatus && $error === 0 && !$this->getFromCache('overrideMainServer')) {
 					//when bind to backup server succeeded and failed to main server,
 					//skip contacting him until next cache refresh
 					$this->writeToCache('overrideMainServer', true);
@@ -588,17 +588,17 @@ 
 
 		$this->ldapConnectionRes = $this->ldap->connect($host, $port);
 
-		if(!$this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
+		if (!$this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
 			throw new ServerNotAvailableException('Could not set required LDAP Protocol version.');
 		}
 
-		if(!$this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
+		if (!$this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
 			throw new ServerNotAvailableException('Could not disable LDAP referrals.');
 		}
 
-		if($this->configuration->ldapTLS) {
-			if(!$this->ldap->startTls($this->ldapConnectionRes)) {
-				throw new ServerNotAvailableException('Start TLS failed, when connecting to LDAP host ' . $host . '.');
+		if ($this->configuration->ldapTLS) {
+			if (!$this->ldap->startTls($this->ldapConnectionRes)) {
+				throw new ServerNotAvailableException('Start TLS failed, when connecting to LDAP host '.$host.'.');
 			}
 		}
 
@@ -609,25 +609,25 @@ 
 	 * Binds to LDAP
 	 */
 	public function bind() {
-		if(!$this->configuration->ldapConfigurationActive) {
+		if (!$this->configuration->ldapConfigurationActive) {
 			return false;
 		}
 		$cr = $this->getConnectionResource();
-		if(!$this->ldap->isResource($cr)) {
+		if (!$this->ldap->isResource($cr)) {
 			return false;
 		}
 		$ldapLogin = @$this->ldap->bind($cr,
 										$this->configuration->ldapAgentName,
 										$this->configuration->ldapAgentPassword);
-		if(!$ldapLogin) {
+		if (!$ldapLogin) {
 			$errno = $this->ldap->errno($cr);
 
 			\OCP\Util::writeLog('user_ldap',
-				'Bind failed: ' . $errno . ': ' . $this->ldap->error($cr),
+				'Bind failed: '.$errno.': '.$this->ldap->error($cr),
 				\OCP\Util::WARN);
 
 			// Set to failure mode, if LDAP error code is not LDAP_SUCCESS or LDAP_INVALID_CREDENTIALS
-			if($errno !== 0x00 && $errno !== 0x31) {
+			if ($errno !== 0x00 && $errno !== 0x31) {
 				$this->ldapConnectionRes = null;
 			}
 

apps/user_ldap/lib/Configuration.php

Indentation +473 added lines, -473 removed lines

@@ -37,502 +37,502 @@
  * @property int ldapPagingSize holds an integer
  */
 class Configuration {
-	protected $configPrefix = null;
-	protected $configRead = false;
-	/**
-	 * @var string[] pre-filled with one reference key so that at least one entry is written on save request and
-	 *               the config ID is registered
-	 */
-	protected $unsavedChanges = ['ldapConfigurationActive' => 'ldapConfigurationActive'];
+    protected $configPrefix = null;
+    protected $configRead = false;
+    /**
+     * @var string[] pre-filled with one reference key so that at least one entry is written on save request and
+     *               the config ID is registered
+     */
+    protected $unsavedChanges = ['ldapConfigurationActive' => 'ldapConfigurationActive'];
 
-	//settings
-	protected $config = array(
-		'ldapHost' => null,
-		'ldapPort' => null,
-		'ldapBackupHost' => null,
-		'ldapBackupPort' => null,
-		'ldapBase' => null,
-		'ldapBaseUsers' => null,
-		'ldapBaseGroups' => null,
-		'ldapAgentName' => null,
-		'ldapAgentPassword' => null,
-		'ldapTLS' => null,
-		'turnOffCertCheck' => null,
-		'ldapIgnoreNamingRules' => null,
-		'ldapUserDisplayName' => null,
-		'ldapUserDisplayName2' => null,
-		'ldapGidNumber' => null,
-		'ldapUserFilterObjectclass' => null,
-		'ldapUserFilterGroups' => null,
-		'ldapUserFilter' => null,
-		'ldapUserFilterMode' => null,
-		'ldapGroupFilter' => null,
-		'ldapGroupFilterMode' => null,
-		'ldapGroupFilterObjectclass' => null,
-		'ldapGroupFilterGroups' => null,
-		'ldapGroupDisplayName' => null,
-		'ldapGroupMemberAssocAttr' => null,
-		'ldapLoginFilter' => null,
-		'ldapLoginFilterMode' => null,
-		'ldapLoginFilterEmail' => null,
-		'ldapLoginFilterUsername' => null,
-		'ldapLoginFilterAttributes' => null,
-		'ldapQuotaAttribute' => null,
-		'ldapQuotaDefault' => null,
-		'ldapEmailAttribute' => null,
-		'ldapCacheTTL' => null,
-		'ldapUuidUserAttribute' => 'auto',
-		'ldapUuidGroupAttribute' => 'auto',
-		'ldapOverrideMainServer' => false,
-		'ldapConfigurationActive' => false,
-		'ldapAttributesForUserSearch' => null,
-		'ldapAttributesForGroupSearch' => null,
-		'ldapExperiencedAdmin' => false,
-		'homeFolderNamingRule' => null,
-		'hasPagedResultSupport' => false,
-		'hasMemberOfFilterSupport' => false,
-		'useMemberOfToDetectMembership' => true,
-		'ldapExpertUsernameAttr' => null,
-		'ldapExpertUUIDUserAttr' => null,
-		'ldapExpertUUIDGroupAttr' => null,
-		'lastJpegPhotoLookup' => null,
-		'ldapNestedGroups' => false,
-		'ldapPagingSize' => null,
-		'turnOnPasswordChange' => false,
-		'ldapDynamicGroupMemberURL' => null,
-		'ldapDefaultPPolicyDN' => null,
-	);
+    //settings
+    protected $config = array(
+        'ldapHost' => null,
+        'ldapPort' => null,
+        'ldapBackupHost' => null,
+        'ldapBackupPort' => null,
+        'ldapBase' => null,
+        'ldapBaseUsers' => null,
+        'ldapBaseGroups' => null,
+        'ldapAgentName' => null,
+        'ldapAgentPassword' => null,
+        'ldapTLS' => null,
+        'turnOffCertCheck' => null,
+        'ldapIgnoreNamingRules' => null,
+        'ldapUserDisplayName' => null,
+        'ldapUserDisplayName2' => null,
+        'ldapGidNumber' => null,
+        'ldapUserFilterObjectclass' => null,
+        'ldapUserFilterGroups' => null,
+        'ldapUserFilter' => null,
+        'ldapUserFilterMode' => null,
+        'ldapGroupFilter' => null,
+        'ldapGroupFilterMode' => null,
+        'ldapGroupFilterObjectclass' => null,
+        'ldapGroupFilterGroups' => null,
+        'ldapGroupDisplayName' => null,
+        'ldapGroupMemberAssocAttr' => null,
+        'ldapLoginFilter' => null,
+        'ldapLoginFilterMode' => null,
+        'ldapLoginFilterEmail' => null,
+        'ldapLoginFilterUsername' => null,
+        'ldapLoginFilterAttributes' => null,
+        'ldapQuotaAttribute' => null,
+        'ldapQuotaDefault' => null,
+        'ldapEmailAttribute' => null,
+        'ldapCacheTTL' => null,
+        'ldapUuidUserAttribute' => 'auto',
+        'ldapUuidGroupAttribute' => 'auto',
+        'ldapOverrideMainServer' => false,
+        'ldapConfigurationActive' => false,
+        'ldapAttributesForUserSearch' => null,
+        'ldapAttributesForGroupSearch' => null,
+        'ldapExperiencedAdmin' => false,
+        'homeFolderNamingRule' => null,
+        'hasPagedResultSupport' => false,
+        'hasMemberOfFilterSupport' => false,
+        'useMemberOfToDetectMembership' => true,
+        'ldapExpertUsernameAttr' => null,
+        'ldapExpertUUIDUserAttr' => null,
+        'ldapExpertUUIDGroupAttr' => null,
+        'lastJpegPhotoLookup' => null,
+        'ldapNestedGroups' => false,
+        'ldapPagingSize' => null,
+        'turnOnPasswordChange' => false,
+        'ldapDynamicGroupMemberURL' => null,
+        'ldapDefaultPPolicyDN' => null,
+    );
 
-	/**
-	 * @param string $configPrefix
-	 * @param bool $autoRead
-	 */
-	public function __construct($configPrefix, $autoRead = true) {
-		$this->configPrefix = $configPrefix;
-		if($autoRead) {
-			$this->readConfiguration();
-		}
-	}
+    /**
+     * @param string $configPrefix
+     * @param bool $autoRead
+     */
+    public function __construct($configPrefix, $autoRead = true) {
+        $this->configPrefix = $configPrefix;
+        if($autoRead) {
+            $this->readConfiguration();
+        }
+    }
 
-	/**
-	 * @param string $name
-	 * @return mixed|null
-	 */
-	public function __get($name) {
-		if(isset($this->config[$name])) {
-			return $this->config[$name];
-		}
-		return null;
-	}
+    /**
+     * @param string $name
+     * @return mixed|null
+     */
+    public function __get($name) {
+        if(isset($this->config[$name])) {
+            return $this->config[$name];
+        }
+        return null;
+    }
 
-	/**
-	 * @param string $name
-	 * @param mixed $value
-	 */
-	public function __set($name, $value) {
-		$this->setConfiguration(array($name => $value));
-	}
+    /**
+     * @param string $name
+     * @param mixed $value
+     */
+    public function __set($name, $value) {
+        $this->setConfiguration(array($name => $value));
+    }
 
-	/**
-	 * @return array
-	 */
-	public function getConfiguration() {
-		return $this->config;
-	}
+    /**
+     * @return array
+     */
+    public function getConfiguration() {
+        return $this->config;
+    }
 
-	/**
-	 * set LDAP configuration with values delivered by an array, not read
-	 * from configuration. It does not save the configuration! To do so, you
-	 * must call saveConfiguration afterwards.
-	 * @param array $config array that holds the config parameters in an associated
-	 * array
-	 * @param array &$applied optional; array where the set fields will be given to
-	 * @return false|null
-	 */
-	public function setConfiguration($config, &$applied = null) {
-		if(!is_array($config)) {
-			return false;
-		}
+    /**
+     * set LDAP configuration with values delivered by an array, not read
+     * from configuration. It does not save the configuration! To do so, you
+     * must call saveConfiguration afterwards.
+     * @param array $config array that holds the config parameters in an associated
+     * array
+     * @param array &$applied optional; array where the set fields will be given to
+     * @return false|null
+     */
+    public function setConfiguration($config, &$applied = null) {
+        if(!is_array($config)) {
+            return false;
+        }
 
-		$cta = $this->getConfigTranslationArray();
-		foreach($config as $inputKey => $val) {
-			if(strpos($inputKey, '_') !== false && array_key_exists($inputKey, $cta)) {
-				$key = $cta[$inputKey];
-			} elseif(array_key_exists($inputKey, $this->config)) {
-				$key = $inputKey;
-			} else {
-				continue;
-			}
+        $cta = $this->getConfigTranslationArray();
+        foreach($config as $inputKey => $val) {
+            if(strpos($inputKey, '_') !== false && array_key_exists($inputKey, $cta)) {
+                $key = $cta[$inputKey];
+            } elseif(array_key_exists($inputKey, $this->config)) {
+                $key = $inputKey;
+            } else {
+                continue;
+            }
 
-			$setMethod = 'setValue';
-			switch($key) {
-				case 'ldapAgentPassword':
-					$setMethod = 'setRawValue';
-					break;
-				case 'homeFolderNamingRule':
-					$trimmedVal = trim($val);
-					if ($trimmedVal !== '' && strpos($val, 'attr:') === false) {
-						$val = 'attr:'.$trimmedVal;
-					}
-					break;
-				case 'ldapBase':
-				case 'ldapBaseUsers':
-				case 'ldapBaseGroups':
-				case 'ldapAttributesForUserSearch':
-				case 'ldapAttributesForGroupSearch':
-				case 'ldapUserFilterObjectclass':
-				case 'ldapUserFilterGroups':
-				case 'ldapGroupFilterObjectclass':
-				case 'ldapGroupFilterGroups':
-				case 'ldapLoginFilterAttributes':
-					$setMethod = 'setMultiLine';
-					break;
-			}
-			$this->$setMethod($key, $val);
-			if(is_array($applied)) {
-				$applied[] = $inputKey;
-				// storing key as index avoids duplication, and as value for simplicity
-			}
-			$this->unsavedChanges[$key] = $key;
-		}
-		return null;
-	}
+            $setMethod = 'setValue';
+            switch($key) {
+                case 'ldapAgentPassword':
+                    $setMethod = 'setRawValue';
+                    break;
+                case 'homeFolderNamingRule':
+                    $trimmedVal = trim($val);
+                    if ($trimmedVal !== '' && strpos($val, 'attr:') === false) {
+                        $val = 'attr:'.$trimmedVal;
+                    }
+                    break;
+                case 'ldapBase':
+                case 'ldapBaseUsers':
+                case 'ldapBaseGroups':
+                case 'ldapAttributesForUserSearch':
+                case 'ldapAttributesForGroupSearch':
+                case 'ldapUserFilterObjectclass':
+                case 'ldapUserFilterGroups':
+                case 'ldapGroupFilterObjectclass':
+                case 'ldapGroupFilterGroups':
+                case 'ldapLoginFilterAttributes':
+                    $setMethod = 'setMultiLine';
+                    break;
+            }
+            $this->$setMethod($key, $val);
+            if(is_array($applied)) {
+                $applied[] = $inputKey;
+                // storing key as index avoids duplication, and as value for simplicity
+            }
+            $this->unsavedChanges[$key] = $key;
+        }
+        return null;
+    }
 
-	public function readConfiguration() {
-		if(!$this->configRead && !is_null($this->configPrefix)) {
-			$cta = array_flip($this->getConfigTranslationArray());
-			foreach($this->config as $key => $val) {
-				if(!isset($cta[$key])) {
-					//some are determined
-					continue;
-				}
-				$dbKey = $cta[$key];
-				switch($key) {
-					case 'ldapBase':
-					case 'ldapBaseUsers':
-					case 'ldapBaseGroups':
-					case 'ldapAttributesForUserSearch':
-					case 'ldapAttributesForGroupSearch':
-					case 'ldapUserFilterObjectclass':
-					case 'ldapUserFilterGroups':
-					case 'ldapGroupFilterObjectclass':
-					case 'ldapGroupFilterGroups':
-					case 'ldapLoginFilterAttributes':
-						$readMethod = 'getMultiLine';
-						break;
-					case 'ldapIgnoreNamingRules':
-						$readMethod = 'getSystemValue';
-						$dbKey = $key;
-						break;
-					case 'ldapAgentPassword':
-						$readMethod = 'getPwd';
-						break;
-					case 'ldapUserDisplayName2':
-					case 'ldapGroupDisplayName':
-						$readMethod = 'getLcValue';
-						break;
-					case 'ldapUserDisplayName':
-					default:
-						// user display name does not lower case because
-						// we rely on an upper case N as indicator whether to
-						// auto-detect it or not. FIXME
-						$readMethod = 'getValue';
-						break;
-				}
-				$this->config[$key] = $this->$readMethod($dbKey);
-			}
-			$this->configRead = true;
-		}
-	}
+    public function readConfiguration() {
+        if(!$this->configRead && !is_null($this->configPrefix)) {
+            $cta = array_flip($this->getConfigTranslationArray());
+            foreach($this->config as $key => $val) {
+                if(!isset($cta[$key])) {
+                    //some are determined
+                    continue;
+                }
+                $dbKey = $cta[$key];
+                switch($key) {
+                    case 'ldapBase':
+                    case 'ldapBaseUsers':
+                    case 'ldapBaseGroups':
+                    case 'ldapAttributesForUserSearch':
+                    case 'ldapAttributesForGroupSearch':
+                    case 'ldapUserFilterObjectclass':
+                    case 'ldapUserFilterGroups':
+                    case 'ldapGroupFilterObjectclass':
+                    case 'ldapGroupFilterGroups':
+                    case 'ldapLoginFilterAttributes':
+                        $readMethod = 'getMultiLine';
+                        break;
+                    case 'ldapIgnoreNamingRules':
+                        $readMethod = 'getSystemValue';
+                        $dbKey = $key;
+                        break;
+                    case 'ldapAgentPassword':
+                        $readMethod = 'getPwd';
+                        break;
+                    case 'ldapUserDisplayName2':
+                    case 'ldapGroupDisplayName':
+                        $readMethod = 'getLcValue';
+                        break;
+                    case 'ldapUserDisplayName':
+                    default:
+                        // user display name does not lower case because
+                        // we rely on an upper case N as indicator whether to
+                        // auto-detect it or not. FIXME
+                        $readMethod = 'getValue';
+                        break;
+                }
+                $this->config[$key] = $this->$readMethod($dbKey);
+            }
+            $this->configRead = true;
+        }
+    }
 
-	/**
-	 * saves the current config changes in the database
-	 */
-	public function saveConfiguration() {
-		$cta = array_flip($this->getConfigTranslationArray());
-		foreach($this->unsavedChanges as $key) {
-			$value = $this->config[$key];
-			switch ($key) {
-				case 'ldapAgentPassword':
-					$value = base64_encode($value);
-					break;
-				case 'ldapBase':
-				case 'ldapBaseUsers':
-				case 'ldapBaseGroups':
-				case 'ldapAttributesForUserSearch':
-				case 'ldapAttributesForGroupSearch':
-				case 'ldapUserFilterObjectclass':
-				case 'ldapUserFilterGroups':
-				case 'ldapGroupFilterObjectclass':
-				case 'ldapGroupFilterGroups':
-				case 'ldapLoginFilterAttributes':
-					if(is_array($value)) {
-						$value = implode("\n", $value);
-					}
-					break;
-				//following options are not stored but detected, skip them
-				case 'ldapIgnoreNamingRules':
-				case 'hasPagedResultSupport':
-				case 'ldapUuidUserAttribute':
-				case 'ldapUuidGroupAttribute':
-					continue 2;
-			}
-			if(is_null($value)) {
-				$value = '';
-			}
-			$this->saveValue($cta[$key], $value);
-		}
-		$this->saveValue('_lastChange', time());
-		$this->unsavedChanges = [];
-	}
+    /**
+     * saves the current config changes in the database
+     */
+    public function saveConfiguration() {
+        $cta = array_flip($this->getConfigTranslationArray());
+        foreach($this->unsavedChanges as $key) {
+            $value = $this->config[$key];
+            switch ($key) {
+                case 'ldapAgentPassword':
+                    $value = base64_encode($value);
+                    break;
+                case 'ldapBase':
+                case 'ldapBaseUsers':
+                case 'ldapBaseGroups':
+                case 'ldapAttributesForUserSearch':
+                case 'ldapAttributesForGroupSearch':
+                case 'ldapUserFilterObjectclass':
+                case 'ldapUserFilterGroups':
+                case 'ldapGroupFilterObjectclass':
+                case 'ldapGroupFilterGroups':
+                case 'ldapLoginFilterAttributes':
+                    if(is_array($value)) {
+                        $value = implode("\n", $value);
+                    }
+                    break;
+                //following options are not stored but detected, skip them
+                case 'ldapIgnoreNamingRules':
+                case 'hasPagedResultSupport':
+                case 'ldapUuidUserAttribute':
+                case 'ldapUuidGroupAttribute':
+                    continue 2;
+            }
+            if(is_null($value)) {
+                $value = '';
+            }
+            $this->saveValue($cta[$key], $value);
+        }
+        $this->saveValue('_lastChange', time());
+        $this->unsavedChanges = [];
+    }
 
-	/**
-	 * @param string $varName
-	 * @return array|string
-	 */
-	protected function getMultiLine($varName) {
-		$value = $this->getValue($varName);
-		if(empty($value)) {
-			$value = '';
-		} else {
-			$value = preg_split('/\r\n|\r|\n/', $value);
-		}
+    /**
+     * @param string $varName
+     * @return array|string
+     */
+    protected function getMultiLine($varName) {
+        $value = $this->getValue($varName);
+        if(empty($value)) {
+            $value = '';
+        } else {
+            $value = preg_split('/\r\n|\r|\n/', $value);
+        }
 
-		return $value;
-	}
+        return $value;
+    }
 
-	/**
-	 * Sets multi-line values as arrays
-	 * 
-	 * @param string $varName name of config-key
-	 * @param array|string $value to set
-	 */
-	protected function setMultiLine($varName, $value) {
-		if(empty($value)) {
-			$value = '';
-		} else if (!is_array($value)) {
-			$value = preg_split('/\r\n|\r|\n|;/', $value);
-			if($value === false) {
-				$value = '';
-			}
-		}
+    /**
+     * Sets multi-line values as arrays
+     * 
+     * @param string $varName name of config-key
+     * @param array|string $value to set
+     */
+    protected function setMultiLine($varName, $value) {
+        if(empty($value)) {
+            $value = '';
+        } else if (!is_array($value)) {
+            $value = preg_split('/\r\n|\r|\n|;/', $value);
+            if($value === false) {
+                $value = '';
+            }
+        }
 
-		if(!is_array($value)) {
-			$finalValue = trim($value);
-		} else {
-			$finalValue = [];
-			foreach($value as $key => $val) {
-				if(is_string($val)) {
-					$val = trim($val);
-					if ($val !== '') {
-						//accidental line breaks are not wanted and can cause
-						// odd behaviour. Thus, away with them.
-						$finalValue[] = $val;
-					}
-				} else {
-					$finalValue[] = $val;
-				}
-			}
-		}
+        if(!is_array($value)) {
+            $finalValue = trim($value);
+        } else {
+            $finalValue = [];
+            foreach($value as $key => $val) {
+                if(is_string($val)) {
+                    $val = trim($val);
+                    if ($val !== '') {
+                        //accidental line breaks are not wanted and can cause
+                        // odd behaviour. Thus, away with them.
+                        $finalValue[] = $val;
+                    }
+                } else {
+                    $finalValue[] = $val;
+                }
+            }
+        }
 
-		$this->setRawValue($varName, $finalValue);
-	}
+        $this->setRawValue($varName, $finalValue);
+    }
 
-	/**
-	 * @param string $varName
-	 * @return string
-	 */
-	protected function getPwd($varName) {
-		return base64_decode($this->getValue($varName));
-	}
+    /**
+     * @param string $varName
+     * @return string
+     */
+    protected function getPwd($varName) {
+        return base64_decode($this->getValue($varName));
+    }
 
-	/**
-	 * @param string $varName
-	 * @return string
-	 */
-	protected function getLcValue($varName) {
-		return mb_strtolower($this->getValue($varName), 'UTF-8');
-	}
+    /**
+     * @param string $varName
+     * @return string
+     */
+    protected function getLcValue($varName) {
+        return mb_strtolower($this->getValue($varName), 'UTF-8');
+    }
 
-	/**
-	 * @param string $varName
-	 * @return string
-	 */
-	protected function getSystemValue($varName) {
-		//FIXME: if another system value is added, softcode the default value
-		return \OC::$server->getConfig()->getSystemValue($varName, false);
-	}
+    /**
+     * @param string $varName
+     * @return string
+     */
+    protected function getSystemValue($varName) {
+        //FIXME: if another system value is added, softcode the default value
+        return \OC::$server->getConfig()->getSystemValue($varName, false);
+    }
 
-	/**
-	 * @param string $varName
-	 * @return string
-	 */
-	protected function getValue($varName) {
-		static $defaults;
-		if(is_null($defaults)) {
-			$defaults = $this->getDefaults();
-		}
-		return \OCP\Config::getAppValue('user_ldap',
-										$this->configPrefix.$varName,
-										$defaults[$varName]);
-	}
+    /**
+     * @param string $varName
+     * @return string
+     */
+    protected function getValue($varName) {
+        static $defaults;
+        if(is_null($defaults)) {
+            $defaults = $this->getDefaults();
+        }
+        return \OCP\Config::getAppValue('user_ldap',
+                                        $this->configPrefix.$varName,
+                                        $defaults[$varName]);
+    }
 
-	/**
-	 * Sets a scalar value.
-	 * 
-	 * @param string $varName name of config key
-	 * @param mixed $value to set
-	 */
-	protected function setValue($varName, $value) {
-		if(is_string($value)) {
-			$value = trim($value);
-		}
-		$this->config[$varName] = $value;
-	}
+    /**
+     * Sets a scalar value.
+     * 
+     * @param string $varName name of config key
+     * @param mixed $value to set
+     */
+    protected function setValue($varName, $value) {
+        if(is_string($value)) {
+            $value = trim($value);
+        }
+        $this->config[$varName] = $value;
+    }
 
-	/**
-	 * Sets a scalar value without trimming.
-	 *
-	 * @param string $varName name of config key
-	 * @param mixed $value to set
-	 */
-	protected function setRawValue($varName, $value) {
-		$this->config[$varName] = $value;
-	}
+    /**
+     * Sets a scalar value without trimming.
+     *
+     * @param string $varName name of config key
+     * @param mixed $value to set
+     */
+    protected function setRawValue($varName, $value) {
+        $this->config[$varName] = $value;
+    }
 
-	/**
-	 * @param string $varName
-	 * @param string $value
-	 * @return bool
-	 */
-	protected function saveValue($varName, $value) {
-		\OC::$server->getConfig()->setAppValue(
-			'user_ldap',
-			$this->configPrefix.$varName,
-			$value
-		);
-		return true;
-	}
+    /**
+     * @param string $varName
+     * @param string $value
+     * @return bool
+     */
+    protected function saveValue($varName, $value) {
+        \OC::$server->getConfig()->setAppValue(
+            'user_ldap',
+            $this->configPrefix.$varName,
+            $value
+        );
+        return true;
+    }
 
-	/**
-	 * @return array an associative array with the default values. Keys are correspond
-	 * to config-value entries in the database table
-	 */
-	public function getDefaults() {
-		return array(
-			'ldap_host'                         => '',
-			'ldap_port'                         => '',
-			'ldap_backup_host'                  => '',
-			'ldap_backup_port'                  => '',
-			'ldap_override_main_server'         => '',
-			'ldap_dn'                           => '',
-			'ldap_agent_password'               => '',
-			'ldap_base'                         => '',
-			'ldap_base_users'                   => '',
-			'ldap_base_groups'                  => '',
-			'ldap_userlist_filter'              => '',
-			'ldap_user_filter_mode'             => 0,
-			'ldap_userfilter_objectclass'       => '',
-			'ldap_userfilter_groups'            => '',
-			'ldap_login_filter'                 => '',
-			'ldap_login_filter_mode'            => 0,
-			'ldap_loginfilter_email'            => 0,
-			'ldap_loginfilter_username'         => 1,
-			'ldap_loginfilter_attributes'       => '',
-			'ldap_group_filter'                 => '',
-			'ldap_group_filter_mode'            => 0,
-			'ldap_groupfilter_objectclass'      => '',
-			'ldap_groupfilter_groups'           => '',
-			'ldap_gid_number'                   => 'gidNumber',
-			'ldap_display_name'                 => 'displayName',
-			'ldap_user_display_name_2'			=> '',
-			'ldap_group_display_name'           => 'cn',
-			'ldap_tls'                          => 0,
-			'ldap_quota_def'                    => '',
-			'ldap_quota_attr'                   => '',
-			'ldap_email_attr'                   => '',
-			'ldap_group_member_assoc_attribute' => 'uniqueMember',
-			'ldap_cache_ttl'                    => 600,
-			'ldap_uuid_user_attribute'          => 'auto',
-			'ldap_uuid_group_attribute'         => 'auto',
-			'home_folder_naming_rule'           => '',
-			'ldap_turn_off_cert_check'          => 0,
-			'ldap_configuration_active'         => 0,
-			'ldap_attributes_for_user_search'   => '',
-			'ldap_attributes_for_group_search'  => '',
-			'ldap_expert_username_attr'         => '',
-			'ldap_expert_uuid_user_attr'        => '',
-			'ldap_expert_uuid_group_attr'       => '',
-			'has_memberof_filter_support'       => 0,
-			'use_memberof_to_detect_membership' => 1,
-			'last_jpegPhoto_lookup'             => 0,
-			'ldap_nested_groups'                => 0,
-			'ldap_paging_size'                  => 500,
-			'ldap_turn_on_pwd_change'           => 0,
-			'ldap_experienced_admin'            => 0,
-			'ldap_dynamic_group_member_url'     => '',
-			'ldap_default_ppolicy_dn'           => '',
-		);
-	}
+    /**
+     * @return array an associative array with the default values. Keys are correspond
+     * to config-value entries in the database table
+     */
+    public function getDefaults() {
+        return array(
+            'ldap_host'                         => '',
+            'ldap_port'                         => '',
+            'ldap_backup_host'                  => '',
+            'ldap_backup_port'                  => '',
+            'ldap_override_main_server'         => '',
+            'ldap_dn'                           => '',
+            'ldap_agent_password'               => '',
+            'ldap_base'                         => '',
+            'ldap_base_users'                   => '',
+            'ldap_base_groups'                  => '',
+            'ldap_userlist_filter'              => '',
+            'ldap_user_filter_mode'             => 0,
+            'ldap_userfilter_objectclass'       => '',
+            'ldap_userfilter_groups'            => '',
+            'ldap_login_filter'                 => '',
+            'ldap_login_filter_mode'            => 0,
+            'ldap_loginfilter_email'            => 0,
+            'ldap_loginfilter_username'         => 1,
+            'ldap_loginfilter_attributes'       => '',
+            'ldap_group_filter'                 => '',
+            'ldap_group_filter_mode'            => 0,
+            'ldap_groupfilter_objectclass'      => '',
+            'ldap_groupfilter_groups'           => '',
+            'ldap_gid_number'                   => 'gidNumber',
+            'ldap_display_name'                 => 'displayName',
+            'ldap_user_display_name_2'			=> '',
+            'ldap_group_display_name'           => 'cn',
+            'ldap_tls'                          => 0,
+            'ldap_quota_def'                    => '',
+            'ldap_quota_attr'                   => '',
+            'ldap_email_attr'                   => '',
+            'ldap_group_member_assoc_attribute' => 'uniqueMember',
+            'ldap_cache_ttl'                    => 600,
+            'ldap_uuid_user_attribute'          => 'auto',
+            'ldap_uuid_group_attribute'         => 'auto',
+            'home_folder_naming_rule'           => '',
+            'ldap_turn_off_cert_check'          => 0,
+            'ldap_configuration_active'         => 0,
+            'ldap_attributes_for_user_search'   => '',
+            'ldap_attributes_for_group_search'  => '',
+            'ldap_expert_username_attr'         => '',
+            'ldap_expert_uuid_user_attr'        => '',
+            'ldap_expert_uuid_group_attr'       => '',
+            'has_memberof_filter_support'       => 0,
+            'use_memberof_to_detect_membership' => 1,
+            'last_jpegPhoto_lookup'             => 0,
+            'ldap_nested_groups'                => 0,
+            'ldap_paging_size'                  => 500,
+            'ldap_turn_on_pwd_change'           => 0,
+            'ldap_experienced_admin'            => 0,
+            'ldap_dynamic_group_member_url'     => '',
+            'ldap_default_ppolicy_dn'           => '',
+        );
+    }
 
-	/**
-	 * @return array that maps internal variable names to database fields
-	 */
-	public function getConfigTranslationArray() {
-		//TODO: merge them into one representation
-		static $array = array(
-			'ldap_host'                         => 'ldapHost',
-			'ldap_port'                         => 'ldapPort',
-			'ldap_backup_host'                  => 'ldapBackupHost',
-			'ldap_backup_port'                  => 'ldapBackupPort',
-			'ldap_override_main_server'         => 'ldapOverrideMainServer',
-			'ldap_dn'                           => 'ldapAgentName',
-			'ldap_agent_password'               => 'ldapAgentPassword',
-			'ldap_base'                         => 'ldapBase',
-			'ldap_base_users'                   => 'ldapBaseUsers',
-			'ldap_base_groups'                  => 'ldapBaseGroups',
-			'ldap_userfilter_objectclass'       => 'ldapUserFilterObjectclass',
-			'ldap_userfilter_groups'            => 'ldapUserFilterGroups',
-			'ldap_userlist_filter'              => 'ldapUserFilter',
-			'ldap_user_filter_mode'             => 'ldapUserFilterMode',
-			'ldap_login_filter'                 => 'ldapLoginFilter',
-			'ldap_login_filter_mode'            => 'ldapLoginFilterMode',
-			'ldap_loginfilter_email'            => 'ldapLoginFilterEmail',
-			'ldap_loginfilter_username'         => 'ldapLoginFilterUsername',
-			'ldap_loginfilter_attributes'       => 'ldapLoginFilterAttributes',
-			'ldap_group_filter'                 => 'ldapGroupFilter',
-			'ldap_group_filter_mode'            => 'ldapGroupFilterMode',
-			'ldap_groupfilter_objectclass'      => 'ldapGroupFilterObjectclass',
-			'ldap_groupfilter_groups'           => 'ldapGroupFilterGroups',
-			'ldap_gid_number'                   => 'ldapGidNumber',
-			'ldap_display_name'                 => 'ldapUserDisplayName',
-			'ldap_user_display_name_2'			=> 'ldapUserDisplayName2',
-			'ldap_group_display_name'           => 'ldapGroupDisplayName',
-			'ldap_tls'                          => 'ldapTLS',
-			'ldap_quota_def'                    => 'ldapQuotaDefault',
-			'ldap_quota_attr'                   => 'ldapQuotaAttribute',
-			'ldap_email_attr'                   => 'ldapEmailAttribute',
-			'ldap_group_member_assoc_attribute' => 'ldapGroupMemberAssocAttr',
-			'ldap_cache_ttl'                    => 'ldapCacheTTL',
-			'home_folder_naming_rule'           => 'homeFolderNamingRule',
-			'ldap_turn_off_cert_check'          => 'turnOffCertCheck',
-			'ldap_configuration_active'         => 'ldapConfigurationActive',
-			'ldap_attributes_for_user_search'   => 'ldapAttributesForUserSearch',
-			'ldap_attributes_for_group_search'  => 'ldapAttributesForGroupSearch',
-			'ldap_expert_username_attr'         => 'ldapExpertUsernameAttr',
-			'ldap_expert_uuid_user_attr'        => 'ldapExpertUUIDUserAttr',
-			'ldap_expert_uuid_group_attr'       => 'ldapExpertUUIDGroupAttr',
-			'has_memberof_filter_support'       => 'hasMemberOfFilterSupport',
-			'use_memberof_to_detect_membership' => 'useMemberOfToDetectMembership',
-			'last_jpegPhoto_lookup'             => 'lastJpegPhotoLookup',
-			'ldap_nested_groups'                => 'ldapNestedGroups',
-			'ldap_paging_size'                  => 'ldapPagingSize',
-			'ldap_turn_on_pwd_change'           => 'turnOnPasswordChange',
-			'ldap_experienced_admin'            => 'ldapExperiencedAdmin',
-			'ldap_dynamic_group_member_url'     => 'ldapDynamicGroupMemberURL',
-			'ldap_default_ppolicy_dn'           => 'ldapDefaultPPolicyDN',
-		);
-		return $array;
-	}
+    /**
+     * @return array that maps internal variable names to database fields
+     */
+    public function getConfigTranslationArray() {
+        //TODO: merge them into one representation
+        static $array = array(
+            'ldap_host'                         => 'ldapHost',
+            'ldap_port'                         => 'ldapPort',
+            'ldap_backup_host'                  => 'ldapBackupHost',
+            'ldap_backup_port'                  => 'ldapBackupPort',
+            'ldap_override_main_server'         => 'ldapOverrideMainServer',
+            'ldap_dn'                           => 'ldapAgentName',
+            'ldap_agent_password'               => 'ldapAgentPassword',
+            'ldap_base'                         => 'ldapBase',
+            'ldap_base_users'                   => 'ldapBaseUsers',
+            'ldap_base_groups'                  => 'ldapBaseGroups',
+            'ldap_userfilter_objectclass'       => 'ldapUserFilterObjectclass',
+            'ldap_userfilter_groups'            => 'ldapUserFilterGroups',
+            'ldap_userlist_filter'              => 'ldapUserFilter',
+            'ldap_user_filter_mode'             => 'ldapUserFilterMode',
+            'ldap_login_filter'                 => 'ldapLoginFilter',
+            'ldap_login_filter_mode'            => 'ldapLoginFilterMode',
+            'ldap_loginfilter_email'            => 'ldapLoginFilterEmail',
+            'ldap_loginfilter_username'         => 'ldapLoginFilterUsername',
+            'ldap_loginfilter_attributes'       => 'ldapLoginFilterAttributes',
+            'ldap_group_filter'                 => 'ldapGroupFilter',
+            'ldap_group_filter_mode'            => 'ldapGroupFilterMode',
+            'ldap_groupfilter_objectclass'      => 'ldapGroupFilterObjectclass',
+            'ldap_groupfilter_groups'           => 'ldapGroupFilterGroups',
+            'ldap_gid_number'                   => 'ldapGidNumber',
+            'ldap_display_name'                 => 'ldapUserDisplayName',
+            'ldap_user_display_name_2'			=> 'ldapUserDisplayName2',
+            'ldap_group_display_name'           => 'ldapGroupDisplayName',
+            'ldap_tls'                          => 'ldapTLS',
+            'ldap_quota_def'                    => 'ldapQuotaDefault',
+            'ldap_quota_attr'                   => 'ldapQuotaAttribute',
+            'ldap_email_attr'                   => 'ldapEmailAttribute',
+            'ldap_group_member_assoc_attribute' => 'ldapGroupMemberAssocAttr',
+            'ldap_cache_ttl'                    => 'ldapCacheTTL',
+            'home_folder_naming_rule'           => 'homeFolderNamingRule',
+            'ldap_turn_off_cert_check'          => 'turnOffCertCheck',
+            'ldap_configuration_active'         => 'ldapConfigurationActive',
+            'ldap_attributes_for_user_search'   => 'ldapAttributesForUserSearch',
+            'ldap_attributes_for_group_search'  => 'ldapAttributesForGroupSearch',
+            'ldap_expert_username_attr'         => 'ldapExpertUsernameAttr',
+            'ldap_expert_uuid_user_attr'        => 'ldapExpertUUIDUserAttr',
+            'ldap_expert_uuid_group_attr'       => 'ldapExpertUUIDGroupAttr',
+            'has_memberof_filter_support'       => 'hasMemberOfFilterSupport',
+            'use_memberof_to_detect_membership' => 'useMemberOfToDetectMembership',
+            'last_jpegPhoto_lookup'             => 'lastJpegPhotoLookup',
+            'ldap_nested_groups'                => 'ldapNestedGroups',
+            'ldap_paging_size'                  => 'ldapPagingSize',
+            'ldap_turn_on_pwd_change'           => 'turnOnPasswordChange',
+            'ldap_experienced_admin'            => 'ldapExperiencedAdmin',
+            'ldap_dynamic_group_member_url'     => 'ldapDynamicGroupMemberURL',
+            'ldap_default_ppolicy_dn'           => 'ldapDefaultPPolicyDN',
+        );
+        return $array;
+    }
 
 }