Inspection of "Merge pull request #3957 from nextcloud/downstream..." - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( be9ae4...03a92e )

by Christoph

created 2017-03-20 17:10 UTC

Status

Indentation +79 added lines, -79 removed lines patch added patch discarded remove patch

@@ -33,13 +33,13 @@  discard block
 block discarded – undo
 $l = \OC::$server->getL10N('user_ldap');
 
 if(!isset($_POST['action'])) {
-	\OCP\JSON::error(array('message' => $l->t('No action specified')));
+    \OCP\JSON::error(array('message' => $l->t('No action specified')));
 }
 $action = (string)$_POST['action'];
 
 
 if(!isset($_POST['ldap_serverconfig_chooser'])) {
-	\OCP\JSON::error(array('message' => $l->t('No configuration specified')));
+    \OCP\JSON::error(array('message' => $l->t('No configuration specified')));
 }
 $prefix = (string)$_POST['ldap_serverconfig_chooser'];
 
@@ -52,90 +52,90 @@  discard block
 block discarded – undo
 $con->setIgnoreValidation(true);
 
 $userManager = new \OCA\User_LDAP\User\Manager(
-	\OC::$server->getConfig(),
-	new \OCA\User_LDAP\FilesystemHelper(),
-	new \OCA\User_LDAP\LogWrapper(),
-	\OC::$server->getAvatarManager(),
-	new \OCP\Image(),
-	\OC::$server->getDatabaseConnection(),
-	\OC::$server->getUserManager());
+    \OC::$server->getConfig(),
+    new \OCA\User_LDAP\FilesystemHelper(),
+    new \OCA\User_LDAP\LogWrapper(),
+    \OC::$server->getAvatarManager(),
+    new \OCP\Image(),
+    \OC::$server->getDatabaseConnection(),
+    \OC::$server->getUserManager());
 
 $access = new \OCA\User_LDAP\Access($con, $ldapWrapper, $userManager, new \OCA\User_LDAP\Helper(
-	\OC::$server->getConfig()
+    \OC::$server->getConfig()
 ));
 
 $wizard = new \OCA\User_LDAP\Wizard($configuration, $ldapWrapper, $access);
 
 switch($action) {
-	case 'guessPortAndTLS':
-	case 'guessBaseDN':
-	case 'detectEmailAttribute':
-	case 'detectUserDisplayNameAttribute':
-	case 'determineGroupMemberAssoc':
-	case 'determineUserObjectClasses':
-	case 'determineGroupObjectClasses':
-	case 'determineGroupsForUsers':
-	case 'determineGroupsForGroups':
-	case 'determineAttributes':
-	case 'getUserListFilter':
-	case 'getUserLoginFilter':
-	case 'getGroupFilter':
-	case 'countUsers':
-	case 'countGroups':
-	case 'countInBaseDN':
-		try {
-			$result = $wizard->$action();
-			if($result !== false) {
-				OCP\JSON::success($result->getResultArray());
-				exit;
-			}
-		} catch (\Exception $e) {
-			\OCP\JSON::error(array('message' => $e->getMessage(), 'code' => $e->getCode()));
-			exit;
-		}
-		\OCP\JSON::error();
-		exit;
-		break;
+    case 'guessPortAndTLS':
+    case 'guessBaseDN':
+    case 'detectEmailAttribute':
+    case 'detectUserDisplayNameAttribute':
+    case 'determineGroupMemberAssoc':
+    case 'determineUserObjectClasses':
+    case 'determineGroupObjectClasses':
+    case 'determineGroupsForUsers':
+    case 'determineGroupsForGroups':
+    case 'determineAttributes':
+    case 'getUserListFilter':
+    case 'getUserLoginFilter':
+    case 'getGroupFilter':
+    case 'countUsers':
+    case 'countGroups':
+    case 'countInBaseDN':
+        try {
+            $result = $wizard->$action();
+            if($result !== false) {
+                OCP\JSON::success($result->getResultArray());
+                exit;
+            }
+        } catch (\Exception $e) {
+            \OCP\JSON::error(array('message' => $e->getMessage(), 'code' => $e->getCode()));
+            exit;
+        }
+        \OCP\JSON::error();
+        exit;
+        break;
 
-	case 'testLoginName': {
-		try {
-			$loginName = $_POST['ldap_test_loginname'];
-			$result = $wizard->$action($loginName);
-			if($result !== false) {
-				OCP\JSON::success($result->getResultArray());
-				exit;
-			}
-		} catch (\Exception $e) {
-			\OCP\JSON::error(array('message' => $e->getMessage()));
-			exit;
-		}
-		\OCP\JSON::error();
-		exit;
-		break;
-	}
+    case 'testLoginName': {
+        try {
+            $loginName = $_POST['ldap_test_loginname'];
+            $result = $wizard->$action($loginName);
+            if($result !== false) {
+                OCP\JSON::success($result->getResultArray());
+                exit;
+            }
+        } catch (\Exception $e) {
+            \OCP\JSON::error(array('message' => $e->getMessage()));
+            exit;
+        }
+        \OCP\JSON::error();
+        exit;
+        break;
+    }
 
-	case 'save':
-		$key = isset($_POST['cfgkey']) ? $_POST['cfgkey'] : false;
-		$val = isset($_POST['cfgval']) ? $_POST['cfgval'] : null;
-		if($key === false || is_null($val)) {
-			\OCP\JSON::error(array('message' => $l->t('No data specified')));
-			exit;
-		}
-		$cfg = array($key => $val);
-		$setParameters = array();
-		$configuration->setConfiguration($cfg, $setParameters);
-		if(!in_array($key, $setParameters)) {
-			\OCP\JSON::error(array('message' => $l->t($key.
-				' Could not set configuration %s', $setParameters[0])));
-			exit;
-		}
-		$configuration->saveConfiguration();
-		//clear the cache on save
-		$connection = new \OCA\User_LDAP\Connection($ldapWrapper, $prefix);
-		$connection->clearCache();
-		OCP\JSON::success();
-		break;
-	default:
-		\OCP\JSON::error(array('message' => $l->t('Action does not exist')));
-		break;
+    case 'save':
+        $key = isset($_POST['cfgkey']) ? $_POST['cfgkey'] : false;
+        $val = isset($_POST['cfgval']) ? $_POST['cfgval'] : null;
+        if($key === false || is_null($val)) {
+            \OCP\JSON::error(array('message' => $l->t('No data specified')));
+            exit;
+        }
+        $cfg = array($key => $val);
+        $setParameters = array();
+        $configuration->setConfiguration($cfg, $setParameters);
+        if(!in_array($key, $setParameters)) {
+            \OCP\JSON::error(array('message' => $l->t($key.
+                ' Could not set configuration %s', $setParameters[0])));
+            exit;
+        }
+        $configuration->saveConfiguration();
+        //clear the cache on save
+        $connection = new \OCA\User_LDAP\Connection($ldapWrapper, $prefix);
+        $connection->clearCache();
+        OCP\JSON::success();
+        break;
+    default:
+        \OCP\JSON::error(array('message' => $l->t('Action does not exist')));
+        break;
 }

Please login to merge, or discard this patch.

apps/user_ldap/ajax/getNewServerConfigPrefix.php 1 patch

Indentation +5 added lines, -5 removed lines patch added patch discarded remove patch

@@ -38,12 +38,12 @@
 block discarded – undo
 
 $newConfig = new \OCA\User_LDAP\Configuration($nk, false);
 if(isset($_POST['copyConfig'])) {
-	$originalConfig = new \OCA\User_LDAP\Configuration($_POST['copyConfig']);
-	$newConfig->setConfiguration($originalConfig->getConfiguration());
+    $originalConfig = new \OCA\User_LDAP\Configuration($_POST['copyConfig']);
+    $newConfig->setConfiguration($originalConfig->getConfiguration());
 } else {
-	$configuration = new \OCA\User_LDAP\Configuration($nk, false);
-	$newConfig->setConfiguration($configuration->getDefaults());
-	$resultData['defaults'] = $configuration->getDefaults();
+    $configuration = new \OCA\User_LDAP\Configuration($nk, false);
+    $newConfig->setConfiguration($configuration->getDefaults());
+    $resultData['defaults'] = $configuration->getDefaults();
 }
 $newConfig->saveConfiguration();
 

Please login to merge, or discard this patch.

apps/user_ldap/lib/Mapping/GroupMapping.php 1 patch

Indentation +7 added lines, -7 removed lines patch added patch discarded remove patch

@@ -29,12 +29,12 @@
 block discarded – undo
 */
 class GroupMapping extends AbstractMapping {
 
-	/**
-	* returns the DB table name which holds the mappings
-	* @return string
-	*/
-	protected function getTableName() {
-		return '*PREFIX*ldap_group_mapping';
-	}
+    /**
+     * returns the DB table name which holds the mappings
+     * @return string
+     */
+    protected function getTableName() {
+        return '*PREFIX*ldap_group_mapping';
+    }
 
 }

Please login to merge, or discard this patch.

apps/user_ldap/lib/Mapping/UserMapping.php 1 patch

Indentation +7 added lines, -7 removed lines patch added patch discarded remove patch

@@ -29,12 +29,12 @@
 block discarded – undo
 */
 class UserMapping extends AbstractMapping {
 
-	/**
-	 * returns the DB table name which holds the mappings
-	 * @return string
-	 */
-	protected function getTableName() {
-		return '*PREFIX*ldap_user_mapping';
-	}
+    /**
+     * returns the DB table name which holds the mappings
+     * @return string
+     */
+    protected function getTableName() {
+        return '*PREFIX*ldap_user_mapping';
+    }
 
 }

Please login to merge, or discard this patch.

apps/user_ldap/lib/Mapping/AbstractMapping.php 1 patch

Indentation +200 added lines, -200 removed lines patch added patch discarded remove patch

@@ -29,252 +29,252 @@
 block discarded – undo
 * @package OCA\User_LDAP\Mapping
 */
 abstract class AbstractMapping {
-	/**
-	 * @var \OCP\IDBConnection $dbc
-	 */
-	protected $dbc;
+    /**
+     * @var \OCP\IDBConnection $dbc
+     */
+    protected $dbc;
 
-	/**
-	 * returns the DB table name which holds the mappings
-	 * @return string
-	 */
-	abstract protected function getTableName();
+    /**
+     * returns the DB table name which holds the mappings
+     * @return string
+     */
+    abstract protected function getTableName();
 
-	/**
-	 * @param \OCP\IDBConnection $dbc
-	 */
-	public function __construct(\OCP\IDBConnection $dbc) {
-		$this->dbc = $dbc;
-	}
+    /**
+     * @param \OCP\IDBConnection $dbc
+     */
+    public function __construct(\OCP\IDBConnection $dbc) {
+        $this->dbc = $dbc;
+    }
 
-	/**
-	 * checks whether a provided string represents an existing table col
-	 * @param string $col
-	 * @return bool
-	 */
-	public function isColNameValid($col) {
-		switch($col) {
-			case 'ldap_dn':
-			case 'owncloud_name':
-			case 'directory_uuid':
-				return true;
-			default:
-				return false;
-		}
-	}
+    /**
+     * checks whether a provided string represents an existing table col
+     * @param string $col
+     * @return bool
+     */
+    public function isColNameValid($col) {
+        switch($col) {
+            case 'ldap_dn':
+            case 'owncloud_name':
+            case 'directory_uuid':
+                return true;
+            default:
+                return false;
+        }
+    }
 
-	/**
-	 * Gets the value of one column based on a provided value of another column
-	 * @param string $fetchCol
-	 * @param string $compareCol
-	 * @param string $search
-	 * @throws \Exception
-	 * @return string|false
-	 */
-	protected function getXbyY($fetchCol, $compareCol, $search) {
-		if(!$this->isColNameValid($fetchCol)) {
-			//this is used internally only, but we don't want to risk
-			//having SQL injection at all.
-			throw new \Exception('Invalid Column Name');
-		}
-		$query = $this->dbc->prepare('
+    /**
+     * Gets the value of one column based on a provided value of another column
+     * @param string $fetchCol
+     * @param string $compareCol
+     * @param string $search
+     * @throws \Exception
+     * @return string|false
+     */
+    protected function getXbyY($fetchCol, $compareCol, $search) {
+        if(!$this->isColNameValid($fetchCol)) {
+            //this is used internally only, but we don't want to risk
+            //having SQL injection at all.
+            throw new \Exception('Invalid Column Name');
+        }
+        $query = $this->dbc->prepare('
 			SELECT `' . $fetchCol . '`
 			FROM `'. $this->getTableName() .'`
 			WHERE `' . $compareCol . '` = ?
 		');
 
-		$res = $query->execute(array($search));
-		if($res !== false) {
-			return $query->fetchColumn();
-		}
+        $res = $query->execute(array($search));
+        if($res !== false) {
+            return $query->fetchColumn();
+        }
 
-		return false;
-	}
+        return false;
+    }
 
-	/**
-	 * Performs a DELETE or UPDATE query to the database.
-	 * @param \Doctrine\DBAL\Driver\Statement $query
-	 * @param array $parameters
-	 * @return bool true if at least one row was modified, false otherwise
-	 */
-	protected function modify($query, $parameters) {
-		$result = $query->execute($parameters);
-		return ($result === true && $query->rowCount() > 0);
-	}
+    /**
+     * Performs a DELETE or UPDATE query to the database.
+     * @param \Doctrine\DBAL\Driver\Statement $query
+     * @param array $parameters
+     * @return bool true if at least one row was modified, false otherwise
+     */
+    protected function modify($query, $parameters) {
+        $result = $query->execute($parameters);
+        return ($result === true && $query->rowCount() > 0);
+    }
 
-	/**
-	 * Gets the LDAP DN based on the provided name.
-	 * Replaces Access::ocname2dn
-	 * @param string $name
-	 * @return string|false
-	 */
-	public function getDNByName($name) {
-		return $this->getXbyY('ldap_dn', 'owncloud_name', $name);
-	}
+    /**
+     * Gets the LDAP DN based on the provided name.
+     * Replaces Access::ocname2dn
+     * @param string $name
+     * @return string|false
+     */
+    public function getDNByName($name) {
+        return $this->getXbyY('ldap_dn', 'owncloud_name', $name);
+    }
 
-	/**
-	 * Updates the DN based on the given UUID
-	 * @param string $fdn
-	 * @param string $uuid
-	 * @return bool
-	 */
-	public function setDNbyUUID($fdn, $uuid) {
-		$query = $this->dbc->prepare('
+    /**
+     * Updates the DN based on the given UUID
+     * @param string $fdn
+     * @param string $uuid
+     * @return bool
+     */
+    public function setDNbyUUID($fdn, $uuid) {
+        $query = $this->dbc->prepare('
 			UPDATE `' . $this->getTableName() . '`
 			SET `ldap_dn` = ?
 			WHERE `directory_uuid` = ?
 		');
 
-		return $this->modify($query, array($fdn, $uuid));
-	}
+        return $this->modify($query, array($fdn, $uuid));
+    }
 
-	/**
-	 * Updates the UUID based on the given DN
-	 *
-	 * required by Migration/UUIDFix
-	 *
-	 * @param $uuid
-	 * @param $fdn
-	 * @return bool
-	 */
-	public function setUUIDbyDN($uuid, $fdn) {
-		$query = $this->dbc->prepare('
+    /**
+     * Updates the UUID based on the given DN
+     *
+     * required by Migration/UUIDFix
+     *
+     * @param $uuid
+     * @param $fdn
+     * @return bool
+     */
+    public function setUUIDbyDN($uuid, $fdn) {
+        $query = $this->dbc->prepare('
 			UPDATE `' . $this->getTableName() . '`
 			SET `directory_uuid` = ?
 			WHERE `ldap_dn` = ?
 		');
 
-		return $this->modify($query, [$uuid, $fdn]);
-	}
+        return $this->modify($query, [$uuid, $fdn]);
+    }
 
-	/**
-	 * Gets the name based on the provided LDAP DN.
-	 * @param string $fdn
-	 * @return string|false
-	 */
-	public function getNameByDN($fdn) {
-		return $this->getXbyY('owncloud_name', 'ldap_dn', $fdn);
-	}
+    /**
+     * Gets the name based on the provided LDAP DN.
+     * @param string $fdn
+     * @return string|false
+     */
+    public function getNameByDN($fdn) {
+        return $this->getXbyY('owncloud_name', 'ldap_dn', $fdn);
+    }
 
-	/**
-	 * Searches mapped names by the giving string in the name column
-	 * @param string $search
-	 * @param string $prefixMatch
-	 * @param string $postfixMatch
-	 * @return string[]
-	 */
-	public function getNamesBySearch($search, $prefixMatch = "", $postfixMatch = "") {
-		$query = $this->dbc->prepare('
+    /**
+     * Searches mapped names by the giving string in the name column
+     * @param string $search
+     * @param string $prefixMatch
+     * @param string $postfixMatch
+     * @return string[]
+     */
+    public function getNamesBySearch($search, $prefixMatch = "", $postfixMatch = "") {
+        $query = $this->dbc->prepare('
 			SELECT `owncloud_name`
 			FROM `'. $this->getTableName() .'`
 			WHERE `owncloud_name` LIKE ?
 		');
 
-		$res = $query->execute(array($prefixMatch.$this->dbc->escapeLikeParameter($search).$postfixMatch));
-		$names = array();
-		if($res !== false) {
-			while($row = $query->fetch()) {
-				$names[] = $row['owncloud_name'];
-			}
-		}
-		return $names;
-	}
+        $res = $query->execute(array($prefixMatch.$this->dbc->escapeLikeParameter($search).$postfixMatch));
+        $names = array();
+        if($res !== false) {
+            while($row = $query->fetch()) {
+                $names[] = $row['owncloud_name'];
+            }
+        }
+        return $names;
+    }
 
-	/**
-	 * Gets the name based on the provided LDAP UUID.
-	 * @param string $uuid
-	 * @return string|false
-	 */
-	public function getNameByUUID($uuid) {
-		return $this->getXbyY('owncloud_name', 'directory_uuid', $uuid);
-	}
+    /**
+     * Gets the name based on the provided LDAP UUID.
+     * @param string $uuid
+     * @return string|false
+     */
+    public function getNameByUUID($uuid) {
+        return $this->getXbyY('owncloud_name', 'directory_uuid', $uuid);
+    }
 
-	/**
-	 * Gets the UUID based on the provided LDAP DN
-	 * @param string $dn
-	 * @return false|string
-	 * @throws \Exception
-	 */
-	public function getUUIDByDN($dn) {
-		return $this->getXbyY('directory_uuid', 'ldap_dn', $dn);
-	}
+    /**
+     * Gets the UUID based on the provided LDAP DN
+     * @param string $dn
+     * @return false|string
+     * @throws \Exception
+     */
+    public function getUUIDByDN($dn) {
+        return $this->getXbyY('directory_uuid', 'ldap_dn', $dn);
+    }
 
-	/**
-	 * gets a piece of the mapping list
-	 * @param int $offset
-	 * @param int $limit
-	 * @return array
-	 */
-	public function getList($offset = null, $limit = null) {
-		$query = $this->dbc->prepare('
+    /**
+     * gets a piece of the mapping list
+     * @param int $offset
+     * @param int $limit
+     * @return array
+     */
+    public function getList($offset = null, $limit = null) {
+        $query = $this->dbc->prepare('
 			SELECT
 				`ldap_dn` AS `dn`,
 				`owncloud_name` AS `name`,
 				`directory_uuid` AS `uuid`
 			FROM `' . $this->getTableName() . '`',
-			$limit,
-			$offset
-		);
+            $limit,
+            $offset
+        );
 
-		$query->execute();
-		return $query->fetchAll();
-	}
+        $query->execute();
+        return $query->fetchAll();
+    }
 
-	/**
-	 * attempts to map the given entry
-	 * @param string $fdn fully distinguished name (from LDAP)
-	 * @param string $name
-	 * @param string $uuid a unique identifier as used in LDAP
-	 * @return bool
-	 */
-	public function map($fdn, $name, $uuid) {
-		if(mb_strlen($fdn) > 255) {
-			\OC::$server->getLogger()->error(
-				'Cannot map, because the DN exceeds 255 characters: {dn}',
-				[
-					'app' => 'user_ldap',
-					'dn' => $fdn,
-				]
-			);
-			return false;
-		}
+    /**
+     * attempts to map the given entry
+     * @param string $fdn fully distinguished name (from LDAP)
+     * @param string $name
+     * @param string $uuid a unique identifier as used in LDAP
+     * @return bool
+     */
+    public function map($fdn, $name, $uuid) {
+        if(mb_strlen($fdn) > 255) {
+            \OC::$server->getLogger()->error(
+                'Cannot map, because the DN exceeds 255 characters: {dn}',
+                [
+                    'app' => 'user_ldap',
+                    'dn' => $fdn,
+                ]
+            );
+            return false;
+        }
 
-		$row = array(
-			'ldap_dn'        => $fdn,
-			'owncloud_name'  => $name,
-			'directory_uuid' => $uuid
-		);
+        $row = array(
+            'ldap_dn'        => $fdn,
+            'owncloud_name'  => $name,
+            'directory_uuid' => $uuid
+        );
 
-		try {
-			$result = $this->dbc->insertIfNotExist($this->getTableName(), $row);
-			// insertIfNotExist returns values as int
-			return (bool)$result;
-		} catch (\Exception $e) {
-			return false;
-		}
-	}
+        try {
+            $result = $this->dbc->insertIfNotExist($this->getTableName(), $row);
+            // insertIfNotExist returns values as int
+            return (bool)$result;
+        } catch (\Exception $e) {
+            return false;
+        }
+    }
 
-	/**
-	 * removes a mapping based on the owncloud_name of the entry
-	 * @param string $name
-	 * @return bool
-	 */
-	public function unmap($name) {
-		$query = $this->dbc->prepare('
+    /**
+     * removes a mapping based on the owncloud_name of the entry
+     * @param string $name
+     * @return bool
+     */
+    public function unmap($name) {
+        $query = $this->dbc->prepare('
 			DELETE FROM `'. $this->getTableName() .'`
 			WHERE `owncloud_name` = ?');
 
-		return $this->modify($query, array($name));
-	}
+        return $this->modify($query, array($name));
+    }
 
-	/**
-	 * Truncate's the mapping table
-	 * @return bool
-	 */
-	public function clear() {
-		$sql = $this->dbc
-			->getDatabasePlatform()
-			->getTruncateTableSQL('`' . $this->getTableName() . '`');
-		return $this->dbc->prepare($sql)->execute();
-	}
+    /**
+     * Truncate's the mapping table
+     * @return bool
+     */
+    public function clear() {
+        $sql = $this->dbc
+            ->getDatabasePlatform()
+            ->getTruncateTableSQL('`' . $this->getTableName() . '`');
+        return $this->dbc->prepare($sql)->execute();
+    }
 }

Please login to merge, or discard this patch.

apps/user_ldap/lib/Group_Proxy.php 1 patch

Indentation +178 added lines, -178 removed lines patch added patch discarded remove patch

@@ -27,182 +27,182 @@
 block discarded – undo
 namespace OCA\User_LDAP;
 
 class Group_Proxy extends Proxy implements \OCP\GroupInterface {
-	private $backends = array();
-	private $refBackend = null;
-
-	/**
-	 * Constructor
-	 * @param string[] $serverConfigPrefixes array containing the config Prefixes
-	 */
-	public function __construct($serverConfigPrefixes, ILDAPWrapper $ldap) {
-		parent::__construct($ldap);
-		foreach($serverConfigPrefixes as $configPrefix) {
-			$this->backends[$configPrefix] =
-				new \OCA\User_LDAP\Group_LDAP($this->getAccess($configPrefix));
-			if(is_null($this->refBackend)) {
-				$this->refBackend = &$this->backends[$configPrefix];
-			}
-		}
-	}
-
-	/**
-	 * Tries the backends one after the other until a positive result is returned from the specified method
-	 * @param string $gid the gid connected to the request
-	 * @param string $method the method of the group backend that shall be called
-	 * @param array $parameters an array of parameters to be passed
-	 * @return mixed, the result of the method or false
-	 */
-	protected function walkBackends($gid, $method, $parameters) {
-		$cacheKey = $this->getGroupCacheKey($gid);
-		foreach($this->backends as $configPrefix => $backend) {
-			if($result = call_user_func_array(array($backend, $method), $parameters)) {
-				$this->writeToCache($cacheKey, $configPrefix);
-				return $result;
-			}
-		}
-		return false;
-	}
-
-	/**
-	 * Asks the backend connected to the server that supposely takes care of the gid from the request.
-	 * @param string $gid the gid connected to the request
-	 * @param string $method the method of the group backend that shall be called
-	 * @param array $parameters an array of parameters to be passed
-	 * @param mixed $passOnWhen the result matches this variable
-	 * @return mixed, the result of the method or false
-	 */
-	protected function callOnLastSeenOn($gid, $method, $parameters, $passOnWhen) {
-		$cacheKey = $this->getGroupCacheKey($gid);;
-		$prefix = $this->getFromCache($cacheKey);
-		//in case the uid has been found in the past, try this stored connection first
-		if(!is_null($prefix)) {
-			if(isset($this->backends[$prefix])) {
-				$result = call_user_func_array(array($this->backends[$prefix], $method), $parameters);
-				if($result === $passOnWhen) {
-					//not found here, reset cache to null if group vanished
-					//because sometimes methods return false with a reason
-					$groupExists = call_user_func_array(
-						array($this->backends[$prefix], 'groupExists'),
-						array($gid)
-					);
-					if(!$groupExists) {
-						$this->writeToCache($cacheKey, null);
-					}
-				}
-				return $result;
-			}
-		}
-		return false;
-	}
-
-	/**
-	 * is user in group?
-	 * @param string $uid uid of the user
-	 * @param string $gid gid of the group
-	 * @return bool
-	 *
-	 * Checks whether the user is member of a group or not.
-	 */
-	public function inGroup($uid, $gid) {
-		return $this->handleRequest($gid, 'inGroup', array($uid, $gid));
-	}
-
-	/**
-	 * Get all groups a user belongs to
-	 * @param string $uid Name of the user
-	 * @return string[] with group names
-	 *
-	 * This function fetches all groups a user belongs to. It does not check
-	 * if the user exists at all.
-	 */
-	public function getUserGroups($uid) {
-		$groups = array();
-
-		foreach($this->backends as $backend) {
-			$backendGroups = $backend->getUserGroups($uid);
-			if (is_array($backendGroups)) {
-				$groups = array_merge($groups, $backendGroups);
-			}
-		}
-
-		return $groups;
-	}
-
-	/**
-	 * get a list of all users in a group
-	 * @return string[] with user ids
-	 */
-	public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
-		$users = array();
-
-		foreach($this->backends as $backend) {
-			$backendUsers = $backend->usersInGroup($gid, $search, $limit, $offset);
-			if (is_array($backendUsers)) {
-				$users = array_merge($users, $backendUsers);
-			}
-		}
-
-		return $users;
-	}
-
-	/**
-	 * returns the number of users in a group, who match the search term
-	 * @param string $gid the internal group name
-	 * @param string $search optional, a search string
-	 * @return int|bool
-	 */
-	public function countUsersInGroup($gid, $search = '') {
-		return $this->handleRequest(
-			$gid, 'countUsersInGroup', array($gid, $search));
-	}
-
-	/**
-	 * get a list of all groups
-	 * @return string[] with group names
-	 *
-	 * Returns a list with all groups
-	 */
-	public function getGroups($search = '', $limit = -1, $offset = 0) {
-		$groups = array();
-
-		foreach($this->backends as $backend) {
-			$backendGroups = $backend->getGroups($search, $limit, $offset);
-			if (is_array($backendGroups)) {
-				$groups = array_merge($groups, $backendGroups);
-			}
-		}
-
-		return $groups;
-	}
-
-	/**
-	 * check if a group exists
-	 * @param string $gid
-	 * @return bool
-	 */
-	public function groupExists($gid) {
-		return $this->handleRequest($gid, 'groupExists', array($gid));
-	}
-
-	/**
-	 * Check if backend implements actions
-	 * @param int $actions bitwise-or'ed actions
-	 * @return boolean
-	 *
-	 * Returns the supported actions as int to be
-	 * compared with OC_USER_BACKEND_CREATE_USER etc.
-	 */
-	public function implementsActions($actions) {
-		//it's the same across all our user backends obviously
-		return $this->refBackend->implementsActions($actions);
-	}
-
-	/**
-	 * Return access for LDAP interaction.
-	 * @param string $gid
-	 * @return Access instance of Access for LDAP interaction
-	 */
-	public function getLDAPAccess($gid) {
-		return $this->handleRequest($gid, 'getLDAPAccess', []);
-	}
+    private $backends = array();
+    private $refBackend = null;
+
+    /**
+     * Constructor
+     * @param string[] $serverConfigPrefixes array containing the config Prefixes
+     */
+    public function __construct($serverConfigPrefixes, ILDAPWrapper $ldap) {
+        parent::__construct($ldap);
+        foreach($serverConfigPrefixes as $configPrefix) {
+            $this->backends[$configPrefix] =
+                new \OCA\User_LDAP\Group_LDAP($this->getAccess($configPrefix));
+            if(is_null($this->refBackend)) {
+                $this->refBackend = &$this->backends[$configPrefix];
+            }
+        }
+    }
+
+    /**
+     * Tries the backends one after the other until a positive result is returned from the specified method
+     * @param string $gid the gid connected to the request
+     * @param string $method the method of the group backend that shall be called
+     * @param array $parameters an array of parameters to be passed
+     * @return mixed, the result of the method or false
+     */
+    protected function walkBackends($gid, $method, $parameters) {
+        $cacheKey = $this->getGroupCacheKey($gid);
+        foreach($this->backends as $configPrefix => $backend) {
+            if($result = call_user_func_array(array($backend, $method), $parameters)) {
+                $this->writeToCache($cacheKey, $configPrefix);
+                return $result;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * Asks the backend connected to the server that supposely takes care of the gid from the request.
+     * @param string $gid the gid connected to the request
+     * @param string $method the method of the group backend that shall be called
+     * @param array $parameters an array of parameters to be passed
+     * @param mixed $passOnWhen the result matches this variable
+     * @return mixed, the result of the method or false
+     */
+    protected function callOnLastSeenOn($gid, $method, $parameters, $passOnWhen) {
+        $cacheKey = $this->getGroupCacheKey($gid);;
+        $prefix = $this->getFromCache($cacheKey);
+        //in case the uid has been found in the past, try this stored connection first
+        if(!is_null($prefix)) {
+            if(isset($this->backends[$prefix])) {
+                $result = call_user_func_array(array($this->backends[$prefix], $method), $parameters);
+                if($result === $passOnWhen) {
+                    //not found here, reset cache to null if group vanished
+                    //because sometimes methods return false with a reason
+                    $groupExists = call_user_func_array(
+                        array($this->backends[$prefix], 'groupExists'),
+                        array($gid)
+                    );
+                    if(!$groupExists) {
+                        $this->writeToCache($cacheKey, null);
+                    }
+                }
+                return $result;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * is user in group?
+     * @param string $uid uid of the user
+     * @param string $gid gid of the group
+     * @return bool
+     *
+     * Checks whether the user is member of a group or not.
+     */
+    public function inGroup($uid, $gid) {
+        return $this->handleRequest($gid, 'inGroup', array($uid, $gid));
+    }
+
+    /**
+     * Get all groups a user belongs to
+     * @param string $uid Name of the user
+     * @return string[] with group names
+     *
+     * This function fetches all groups a user belongs to. It does not check
+     * if the user exists at all.
+     */
+    public function getUserGroups($uid) {
+        $groups = array();
+
+        foreach($this->backends as $backend) {
+            $backendGroups = $backend->getUserGroups($uid);
+            if (is_array($backendGroups)) {
+                $groups = array_merge($groups, $backendGroups);
+            }
+        }
+
+        return $groups;
+    }
+
+    /**
+     * get a list of all users in a group
+     * @return string[] with user ids
+     */
+    public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
+        $users = array();
+
+        foreach($this->backends as $backend) {
+            $backendUsers = $backend->usersInGroup($gid, $search, $limit, $offset);
+            if (is_array($backendUsers)) {
+                $users = array_merge($users, $backendUsers);
+            }
+        }
+
+        return $users;
+    }
+
+    /**
+     * returns the number of users in a group, who match the search term
+     * @param string $gid the internal group name
+     * @param string $search optional, a search string
+     * @return int|bool
+     */
+    public function countUsersInGroup($gid, $search = '') {
+        return $this->handleRequest(
+            $gid, 'countUsersInGroup', array($gid, $search));
+    }
+
+    /**
+     * get a list of all groups
+     * @return string[] with group names
+     *
+     * Returns a list with all groups
+     */
+    public function getGroups($search = '', $limit = -1, $offset = 0) {
+        $groups = array();
+
+        foreach($this->backends as $backend) {
+            $backendGroups = $backend->getGroups($search, $limit, $offset);
+            if (is_array($backendGroups)) {
+                $groups = array_merge($groups, $backendGroups);
+            }
+        }
+
+        return $groups;
+    }
+
+    /**
+     * check if a group exists
+     * @param string $gid
+     * @return bool
+     */
+    public function groupExists($gid) {
+        return $this->handleRequest($gid, 'groupExists', array($gid));
+    }
+
+    /**
+     * Check if backend implements actions
+     * @param int $actions bitwise-or'ed actions
+     * @return boolean
+     *
+     * Returns the supported actions as int to be
+     * compared with OC_USER_BACKEND_CREATE_USER etc.
+     */
+    public function implementsActions($actions) {
+        //it's the same across all our user backends obviously
+        return $this->refBackend->implementsActions($actions);
+    }
+
+    /**
+     * Return access for LDAP interaction.
+     * @param string $gid
+     * @return Access instance of Access for LDAP interaction
+     */
+    public function getLDAPAccess($gid) {
+        return $this->handleRequest($gid, 'getLDAPAccess', []);
+    }
 }

Please login to merge, or discard this patch.

apps/user_ldap/lib/Wizard.php 1 patch

Indentation +1318 added lines, -1318 removed lines patch added patch discarded remove patch

@@ -37,1324 +37,1324 @@
 block discarded – undo
 use OC\ServerNotAvailableException;
 
 class Wizard extends LDAPUtility {
-	/** @var \OCP\IL10N */
-	static protected $l;
-	protected $access;
-	protected $cr;
-	protected $configuration;
-	protected $result;
-	protected $resultCache = array();
-
-	const LRESULT_PROCESSED_OK = 2;
-	const LRESULT_PROCESSED_INVALID = 3;
-	const LRESULT_PROCESSED_SKIP = 4;
-
-	const LFILTER_LOGIN      = 2;
-	const LFILTER_USER_LIST  = 3;
-	const LFILTER_GROUP_LIST = 4;
-
-	const LFILTER_MODE_ASSISTED = 2;
-	const LFILTER_MODE_RAW = 1;
-
-	const LDAP_NW_TIMEOUT = 4;
-
-	/**
-	 * Constructor
-	 * @param Configuration $configuration an instance of Configuration
-	 * @param ILDAPWrapper $ldap an instance of ILDAPWrapper
-	 * @param Access $access
-	 */
-	public function __construct(Configuration $configuration, ILDAPWrapper $ldap, Access $access) {
-		parent::__construct($ldap);
-		$this->configuration = $configuration;
-		if(is_null(Wizard::$l)) {
-			Wizard::$l = \OC::$server->getL10N('user_ldap');
-		}
-		$this->access = $access;
-		$this->result = new WizardResult();
-	}
-
-	public function  __destruct() {
-		if($this->result->hasChanges()) {
-			$this->configuration->saveConfiguration();
-		}
-	}
-
-	/**
-	 * counts entries in the LDAP directory
-	 *
-	 * @param string $filter the LDAP search filter
-	 * @param string $type a string being either 'users' or 'groups';
-	 * @return bool|int
-	 * @throws \Exception
-	 */
-	public function countEntries($filter, $type) {
-		$reqs = array('ldapHost', 'ldapPort', 'ldapBase');
-		if($type === 'users') {
-			$reqs[] = 'ldapUserFilter';
-		}
-		if(!$this->checkRequirements($reqs)) {
-			throw new \Exception('Requirements not met', 400);
-		}
-
-		$attr = array('dn'); // default
-		$limit = 1001;
-		if($type === 'groups') {
-			$result =  $this->access->countGroups($filter, $attr, $limit);
-		} else if($type === 'users') {
-			$result = $this->access->countUsers($filter, $attr, $limit);
-		} else if ($type === 'objects') {
-			$result = $this->access->countObjects($limit);
-		} else {
-			throw new \Exception('internal error: invalid object type', 500);
-		}
-
-		return $result;
-	}
-
-	/**
-	 * formats the return value of a count operation to the string to be
-	 * inserted.
-	 *
-	 * @param bool|int $count
-	 * @return int|string
-	 */
-	private function formatCountResult($count) {
-		$formatted = ($count !== false) ? $count : 0;
-		if($formatted > 1000) {
-			$formatted = '> 1000';
-		}
-		return $formatted;
-	}
-
-	public function countGroups() {
-		$filter = $this->configuration->ldapGroupFilter;
-
-		if(empty($filter)) {
-			$output = self::$l->n('%s group found', '%s groups found', 0, array(0));
-			$this->result->addChange('ldap_group_count', $output);
-			return $this->result;
-		}
-
-		try {
-			$groupsTotal = $this->formatCountResult($this->countEntries($filter, 'groups'));
-		} catch (\Exception $e) {
-			//400 can be ignored, 500 is forwarded
-			if($e->getCode() === 500) {
-				throw $e;
-			}
-			return false;
-		}
-		$output = self::$l->n('%s group found', '%s groups found', $groupsTotal, array($groupsTotal));
-		$this->result->addChange('ldap_group_count', $output);
-		return $this->result;
-	}
-
-	/**
-	 * @return WizardResult
-	 * @throws \Exception
-	 */
-	public function countUsers() {
-		$filter = $this->access->getFilterForUserCount();
-
-		$usersTotal = $this->formatCountResult($this->countEntries($filter, 'users'));
-		$output = self::$l->n('%s user found', '%s users found', $usersTotal, array($usersTotal));
-		$this->result->addChange('ldap_user_count', $output);
-		return $this->result;
-	}
-
-	/**
-	 * counts any objects in the currently set base dn
-	 *
-	 * @return WizardResult
-	 * @throws \Exception
-	 */
-	public function countInBaseDN() {
-		// we don't need to provide a filter in this case
-		$total = $this->countEntries(null, 'objects');
-		if($total === false) {
-			throw new \Exception('invalid results received');
-		}
-		$this->result->addChange('ldap_test_base', $total);
-		return $this->result;
-	}
-
-	/**
-	 * counts users with a specified attribute
-	 * @param string $attr
-	 * @param bool $existsCheck
-	 * @return int|bool
-	 */
-	public function countUsersWithAttribute($attr, $existsCheck = false) {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   'ldapUserFilter',
-										   ))) {
-			return  false;
-		}
-
-		$filter = $this->access->combineFilterWithAnd(array(
-			$this->configuration->ldapUserFilter,
-			$attr . '=*'
-		));
-
-		$limit = ($existsCheck === false) ? null : 1;
-
-		return $this->access->countUsers($filter, array('dn'), $limit);
-	}
-
-	/**
-	 * detects the display name attribute. If a setting is already present that
-	 * returns at least one hit, the detection will be canceled.
-	 * @return WizardResult|bool
-	 * @throws \Exception
-	 */
-	public function detectUserDisplayNameAttribute() {
-		if(!$this->checkRequirements(array('ldapHost',
-										'ldapPort',
-										'ldapBase',
-										'ldapUserFilter',
-										))) {
-			return  false;
-		}
-
-		$attr = $this->configuration->ldapUserDisplayName;
-		if ($attr !== '' && $attr !== 'displayName') {
-			// most likely not the default value with upper case N,
-			// verify it still produces a result
-			$count = intval($this->countUsersWithAttribute($attr, true));
-			if($count > 0) {
-				//no change, but we sent it back to make sure the user interface
-				//is still correct, even if the ajax call was cancelled meanwhile
-				$this->result->addChange('ldap_display_name', $attr);
-				return $this->result;
-			}
-		}
-
-		// first attribute that has at least one result wins
-		$displayNameAttrs = array('displayname', 'cn');
-		foreach ($displayNameAttrs as $attr) {
-			$count = intval($this->countUsersWithAttribute($attr, true));
-
-			if($count > 0) {
-				$this->applyFind('ldap_display_name', $attr);
-				return $this->result;
-			}
-		};
-
-		throw new \Exception(self::$l->t('Could not detect user display name attribute. Please specify it yourself in advanced ldap settings.'));
-	}
-
-	/**
-	 * detects the most often used email attribute for users applying to the
-	 * user list filter. If a setting is already present that returns at least
-	 * one hit, the detection will be canceled.
-	 * @return WizardResult|bool
-	 */
-	public function detectEmailAttribute() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   'ldapUserFilter',
-										   ))) {
-			return  false;
-		}
-
-		$attr = $this->configuration->ldapEmailAttribute;
-		if ($attr !== '') {
-			$count = intval($this->countUsersWithAttribute($attr, true));
-			if($count > 0) {
-				return false;
-			}
-			$writeLog = true;
-		} else {
-			$writeLog = false;
-		}
-
-		$emailAttributes = array('mail', 'mailPrimaryAddress');
-		$winner = '';
-		$maxUsers = 0;
-		foreach($emailAttributes as $attr) {
-			$count = $this->countUsersWithAttribute($attr);
-			if($count > $maxUsers) {
-				$maxUsers = $count;
-				$winner = $attr;
-			}
-		}
-
-		if($winner !== '') {
-			$this->applyFind('ldap_email_attr', $winner);
-			if($writeLog) {
-				\OCP\Util::writeLog('user_ldap', 'The mail attribute has ' .
-					'automatically been reset, because the original value ' .
-					'did not return any results.', \OCP\Util::INFO);
-			}
-		}
-
-		return $this->result;
-	}
-
-	/**
-	 * @return WizardResult
-	 * @throws \Exception
-	 */
-	public function determineAttributes() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   'ldapUserFilter',
-										   ))) {
-			return  false;
-		}
-
-		$attributes = $this->getUserAttributes();
-
-		natcasesort($attributes);
-		$attributes = array_values($attributes);
-
-		$this->result->addOptions('ldap_loginfilter_attributes', $attributes);
-
-		$selected = $this->configuration->ldapLoginFilterAttributes;
-		if(is_array($selected) && !empty($selected)) {
-			$this->result->addChange('ldap_loginfilter_attributes', $selected);
-		}
-
-		return $this->result;
-	}
-
-	/**
-	 * detects the available LDAP attributes
-	 * @return array|false The instance's WizardResult instance
-	 * @throws \Exception
-	 */
-	private function getUserAttributes() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   'ldapUserFilter',
-										   ))) {
-			return  false;
-		}
-		$cr = $this->getConnection();
-		if(!$cr) {
-			throw new \Exception('Could not connect to LDAP');
-		}
-
-		$base = $this->configuration->ldapBase[0];
-		$filter = $this->configuration->ldapUserFilter;
-		$rr = $this->ldap->search($cr, $base, $filter, array(), 1, 1);
-		if(!$this->ldap->isResource($rr)) {
-			return false;
-		}
-		$er = $this->ldap->firstEntry($cr, $rr);
-		$attributes = $this->ldap->getAttributes($cr, $er);
-		$pureAttributes = array();
-		for($i = 0; $i < $attributes['count']; $i++) {
-			$pureAttributes[] = $attributes[$i];
-		}
-
-		return $pureAttributes;
-	}
-
-	/**
-	 * detects the available LDAP groups
-	 * @return WizardResult|false the instance's WizardResult instance
-	 */
-	public function determineGroupsForGroups() {
-		return $this->determineGroups('ldap_groupfilter_groups',
-									  'ldapGroupFilterGroups',
-									  false);
-	}
-
-	/**
-	 * detects the available LDAP groups
-	 * @return WizardResult|false the instance's WizardResult instance
-	 */
-	public function determineGroupsForUsers() {
-		return $this->determineGroups('ldap_userfilter_groups',
-									  'ldapUserFilterGroups');
-	}
-
-	/**
-	 * detects the available LDAP groups
-	 * @param string $dbKey
-	 * @param string $confKey
-	 * @param bool $testMemberOf
-	 * @return WizardResult|false the instance's WizardResult instance
-	 * @throws \Exception
-	 */
-	private function determineGroups($dbKey, $confKey, $testMemberOf = true) {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   ))) {
-			return  false;
-		}
-		$cr = $this->getConnection();
-		if(!$cr) {
-			throw new \Exception('Could not connect to LDAP');
-		}
-
-		$this->fetchGroups($dbKey, $confKey);
-
-		if($testMemberOf) {
-			$this->configuration->hasMemberOfFilterSupport = $this->testMemberOf();
-			$this->result->markChange();
-			if(!$this->configuration->hasMemberOfFilterSupport) {
-				throw new \Exception('memberOf is not supported by the server');
-			}
-		}
-
-		return $this->result;
-	}
-
-	/**
-	 * fetches all groups from LDAP and adds them to the result object
-	 *
-	 * @param string $dbKey
-	 * @param string $confKey
-	 * @return array $groupEntries
-	 * @throws \Exception
-	 */
-	public function fetchGroups($dbKey, $confKey) {
-		$obclasses = array('posixGroup', 'group', 'zimbraDistributionList', 'groupOfNames');
-
-		$filterParts = array();
-		foreach($obclasses as $obclass) {
-			$filterParts[] = 'objectclass='.$obclass;
-		}
-		//we filter for everything
-		//- that looks like a group and
-		//- has the group display name set
-		$filter = $this->access->combineFilterWithOr($filterParts);
-		$filter = $this->access->combineFilterWithAnd(array($filter, 'cn=*'));
-
-		$groupNames = array();
-		$groupEntries = array();
-		$limit = 400;
-		$offset = 0;
-		do {
-			// we need to request dn additionally here, otherwise memberOf
-			// detection will fail later
-			$result = $this->access->searchGroups($filter, array('cn', 'dn'), $limit, $offset);
-			foreach($result as $item) {
-				if(!isset($item['cn']) && !is_array($item['cn']) && !isset($item['cn'][0])) {
-					// just in case - no issue known
-					continue;
-				}
-				$groupNames[] = $item['cn'][0];
-				$groupEntries[] = $item;
-			}
-			$offset += $limit;
-		} while ($this->access->hasMoreResults());
-
-		if(count($groupNames) > 0) {
-			natsort($groupNames);
-			$this->result->addOptions($dbKey, array_values($groupNames));
-		} else {
-			throw new \Exception(self::$l->t('Could not find the desired feature'));
-		}
-
-		$setFeatures = $this->configuration->$confKey;
-		if(is_array($setFeatures) && !empty($setFeatures)) {
-			//something is already configured? pre-select it.
-			$this->result->addChange($dbKey, $setFeatures);
-		}
-		return $groupEntries;
-	}
-
-	public function determineGroupMemberAssoc() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapGroupFilter',
-										   ))) {
-			return  false;
-		}
-		$attribute = $this->detectGroupMemberAssoc();
-		if($attribute === false) {
-			return false;
-		}
-		$this->configuration->setConfiguration(array('ldapGroupMemberAssocAttr' => $attribute));
-		$this->result->addChange('ldap_group_member_assoc_attribute', $attribute);
-
-		return $this->result;
-	}
-
-	/**
-	 * Detects the available object classes
-	 * @return WizardResult|false the instance's WizardResult instance
-	 * @throws \Exception
-	 */
-	public function determineGroupObjectClasses() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   ))) {
-			return  false;
-		}
-		$cr = $this->getConnection();
-		if(!$cr) {
-			throw new \Exception('Could not connect to LDAP');
-		}
-
-		$obclasses = array('groupOfNames', 'groupOfUniqueNames', 'group', 'posixGroup', '*');
-		$this->determineFeature($obclasses,
-								'objectclass',
-								'ldap_groupfilter_objectclass',
-								'ldapGroupFilterObjectclass',
-								false);
-
-		return $this->result;
-	}
-
-	/**
-	 * detects the available object classes
-	 * @return WizardResult
-	 * @throws \Exception
-	 */
-	public function determineUserObjectClasses() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   ))) {
-			return  false;
-		}
-		$cr = $this->getConnection();
-		if(!$cr) {
-			throw new \Exception('Could not connect to LDAP');
-		}
-
-		$obclasses = array('inetOrgPerson', 'person', 'organizationalPerson',
-						   'user', 'posixAccount', '*');
-		$filter = $this->configuration->ldapUserFilter;
-		//if filter is empty, it is probably the first time the wizard is called
-		//then, apply suggestions.
-		$this->determineFeature($obclasses,
-								'objectclass',
-								'ldap_userfilter_objectclass',
-								'ldapUserFilterObjectclass',
-								empty($filter));
-
-		return $this->result;
-	}
-
-	/**
-	 * @return WizardResult|false
-	 * @throws \Exception
-	 */
-	public function getGroupFilter() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   ))) {
-			return false;
-		}
-		//make sure the use display name is set
-		$displayName = $this->configuration->ldapGroupDisplayName;
-		if ($displayName === '') {
-			$d = $this->configuration->getDefaults();
-			$this->applyFind('ldap_group_display_name',
-							 $d['ldap_group_display_name']);
-		}
-		$filter = $this->composeLdapFilter(self::LFILTER_GROUP_LIST);
-
-		$this->applyFind('ldap_group_filter', $filter);
-		return $this->result;
-	}
-
-	/**
-	 * @return WizardResult|false
-	 * @throws \Exception
-	 */
-	public function getUserListFilter() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   ))) {
-			return false;
-		}
-		//make sure the use display name is set
-		$displayName = $this->configuration->ldapUserDisplayName;
-		if ($displayName === '') {
-			$d = $this->configuration->getDefaults();
-			$this->applyFind('ldap_display_name', $d['ldap_display_name']);
-		}
-		$filter = $this->composeLdapFilter(self::LFILTER_USER_LIST);
-		if(!$filter) {
-			throw new \Exception('Cannot create filter');
-		}
-
-		$this->applyFind('ldap_userlist_filter', $filter);
-		return $this->result;
-	}
-
-	/**
-	 * @return bool|WizardResult
-	 * @throws \Exception
-	 */
-	public function getUserLoginFilter() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   'ldapUserFilter',
-										   ))) {
-			return false;
-		}
-
-		$filter = $this->composeLdapFilter(self::LFILTER_LOGIN);
-		if(!$filter) {
-			throw new \Exception('Cannot create filter');
-		}
-
-		$this->applyFind('ldap_login_filter', $filter);
-		return $this->result;
-	}
-
-	/**
-	 * @return bool|WizardResult
-	 * @param string $loginName
-	 * @throws \Exception
-	 */
-	public function testLoginName($loginName) {
-		if(!$this->checkRequirements(array('ldapHost',
-			'ldapPort',
-			'ldapBase',
-			'ldapLoginFilter',
-		))) {
-			return false;
-		}
-
-		$cr = $this->access->connection->getConnectionResource();
-		if(!$this->ldap->isResource($cr)) {
-			throw new \Exception('connection error');
-		}
-
-		if(mb_strpos($this->access->connection->ldapLoginFilter, '%uid', 0, 'UTF-8')
-			=== false) {
-			throw new \Exception('missing placeholder');
-		}
-
-		$users = $this->access->countUsersByLoginName($loginName);
-		if($this->ldap->errno($cr) !== 0) {
-			throw new \Exception($this->ldap->error($cr));
-		}
-		$filter = str_replace('%uid', $loginName, $this->access->connection->ldapLoginFilter);
-		$this->result->addChange('ldap_test_loginname', $users);
-		$this->result->addChange('ldap_test_effective_filter', $filter);
-		return $this->result;
-	}
-
-	/**
-	 * Tries to determine the port, requires given Host, User DN and Password
-	 * @return WizardResult|false WizardResult on success, false otherwise
-	 * @throws \Exception
-	 */
-	public function guessPortAndTLS() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   ))) {
-			return false;
-		}
-		$this->checkHost();
-		$portSettings = $this->getPortSettingsToTry();
-
-		if(!is_array($portSettings)) {
-			throw new \Exception(print_r($portSettings, true));
-		}
-
-		//proceed from the best configuration and return on first success
-		foreach($portSettings as $setting) {
-			$p = $setting['port'];
-			$t = $setting['tls'];
-			\OCP\Util::writeLog('user_ldap', 'Wiz: trying port '. $p . ', TLS '. $t, \OCP\Util::DEBUG);
-			//connectAndBind may throw Exception, it needs to be catched by the
-			//callee of this method
-
-			try {
-				$settingsFound = $this->connectAndBind($p, $t);
-			} catch (\Exception $e) {
-				// any reply other than -1 (= cannot connect) is already okay,
-				// because then we found the server
-				// unavailable startTLS returns -11
-				if($e->getCode() > 0) {
-					$settingsFound = true;
-				} else {
-					throw $e;
-				}
-			}
-
-			if ($settingsFound === true) {
-				$config = array(
-					'ldapPort' => $p,
-					'ldapTLS' => intval($t)
-				);
-				$this->configuration->setConfiguration($config);
-				\OCP\Util::writeLog('user_ldap', 'Wiz: detected Port ' . $p, \OCP\Util::DEBUG);
-				$this->result->addChange('ldap_port', $p);
-				return $this->result;
-			}
-		}
-
-		//custom port, undetected (we do not brute force)
-		return false;
-	}
-
-	/**
-	 * tries to determine a base dn from User DN or LDAP Host
-	 * @return WizardResult|false WizardResult on success, false otherwise
-	 */
-	public function guessBaseDN() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   ))) {
-			return false;
-		}
-
-		//check whether a DN is given in the agent name (99.9% of all cases)
-		$base = null;
-		$i = stripos($this->configuration->ldapAgentName, 'dc=');
-		if($i !== false) {
-			$base = substr($this->configuration->ldapAgentName, $i);
-			if($this->testBaseDN($base)) {
-				$this->applyFind('ldap_base', $base);
-				return $this->result;
-			}
-		}
-
-		//this did not help :(
-		//Let's see whether we can parse the Host URL and convert the domain to
-		//a base DN
-		$helper = new Helper(\OC::$server->getConfig());
-		$domain = $helper->getDomainFromURL($this->configuration->ldapHost);
-		if(!$domain) {
-			return false;
-		}
-
-		$dparts = explode('.', $domain);
-		while(count($dparts) > 0) {
-			$base2 = 'dc=' . implode(',dc=', $dparts);
-			if ($base !== $base2 && $this->testBaseDN($base2)) {
-				$this->applyFind('ldap_base', $base2);
-				return $this->result;
-			}
-			array_shift($dparts);
-		}
-
-		return false;
-	}
-
-	/**
-	 * sets the found value for the configuration key in the WizardResult
-	 * as well as in the Configuration instance
-	 * @param string $key the configuration key
-	 * @param string $value the (detected) value
-	 *
-	 */
-	private function applyFind($key, $value) {
-		$this->result->addChange($key, $value);
-		$this->configuration->setConfiguration(array($key => $value));
-	}
-
-	/**
-	 * Checks, whether a port was entered in the Host configuration
-	 * field. In this case the port will be stripped off, but also stored as
-	 * setting.
-	 */
-	private function checkHost() {
-		$host = $this->configuration->ldapHost;
-		$hostInfo = parse_url($host);
-
-		//removes Port from Host
-		if(is_array($hostInfo) && isset($hostInfo['port'])) {
-			$port = $hostInfo['port'];
-			$host = str_replace(':'.$port, '', $host);
-			$this->applyFind('ldap_host', $host);
-			$this->applyFind('ldap_port', $port);
-		}
-	}
-
-	/**
-	 * tries to detect the group member association attribute which is
-	 * one of 'uniqueMember', 'memberUid', 'member'
-	 * @return string|false, string with the attribute name, false on error
-	 * @throws \Exception
-	 */
-	private function detectGroupMemberAssoc() {
-		$possibleAttrs = array('uniqueMember', 'memberUid', 'member');
-		$filter = $this->configuration->ldapGroupFilter;
-		if(empty($filter)) {
-			return false;
-		}
-		$cr = $this->getConnection();
-		if(!$cr) {
-			throw new \Exception('Could not connect to LDAP');
-		}
-		$base = $this->configuration->ldapBase[0];
-		$rr = $this->ldap->search($cr, $base, $filter, $possibleAttrs, 0, 1000);
-		if(!$this->ldap->isResource($rr)) {
-			return false;
-		}
-		$er = $this->ldap->firstEntry($cr, $rr);
-		while(is_resource($er)) {
-			$this->ldap->getDN($cr, $er);
-			$attrs = $this->ldap->getAttributes($cr, $er);
-			$result = array();
-			$possibleAttrsCount = count($possibleAttrs);
-			for($i = 0; $i < $possibleAttrsCount; $i++) {
-				if(isset($attrs[$possibleAttrs[$i]])) {
-					$result[$possibleAttrs[$i]] = $attrs[$possibleAttrs[$i]]['count'];
-				}
-			}
-			if(!empty($result)) {
-				natsort($result);
-				return key($result);
-			}
-
-			$er = $this->ldap->nextEntry($cr, $er);
-		}
-
-		return false;
-	}
-
-	/**
-	 * Checks whether for a given BaseDN results will be returned
-	 * @param string $base the BaseDN to test
-	 * @return bool true on success, false otherwise
-	 * @throws \Exception
-	 */
-	private function testBaseDN($base) {
-		$cr = $this->getConnection();
-		if(!$cr) {
-			throw new \Exception('Could not connect to LDAP');
-		}
-
-		//base is there, let's validate it. If we search for anything, we should
-		//get a result set > 0 on a proper base
-		$rr = $this->ldap->search($cr, $base, 'objectClass=*', array('dn'), 0, 1);
-		if(!$this->ldap->isResource($rr)) {
-			$errorNo  = $this->ldap->errno($cr);
-			$errorMsg = $this->ldap->error($cr);
-			\OCP\Util::writeLog('user_ldap', 'Wiz: Could not search base '.$base.
-							' Error '.$errorNo.': '.$errorMsg, \OCP\Util::INFO);
-			return false;
-		}
-		$entries = $this->ldap->countEntries($cr, $rr);
-		return ($entries !== false) && ($entries > 0);
-	}
-
-	/**
-	 * Checks whether the server supports memberOf in LDAP Filter.
-	 * Note: at least in OpenLDAP, availability of memberOf is dependent on
-	 * a configured objectClass. I.e. not necessarily for all available groups
-	 * memberOf does work.
-	 *
-	 * @return bool true if it does, false otherwise
-	 * @throws \Exception
-	 */
-	private function testMemberOf() {
-		$cr = $this->getConnection();
-		if(!$cr) {
-			throw new \Exception('Could not connect to LDAP');
-		}
-		$result = $this->access->countUsers('memberOf=*', array('memberOf'), 1);
-		if(is_int($result) &&  $result > 0) {
-			return true;
-		}
-		return false;
-	}
-
-	/**
-	 * creates an LDAP Filter from given configuration
-	 * @param integer $filterType int, for which use case the filter shall be created
-	 * can be any of self::LFILTER_USER_LIST, self::LFILTER_LOGIN or
-	 * self::LFILTER_GROUP_LIST
-	 * @return string|false string with the filter on success, false otherwise
-	 * @throws \Exception
-	 */
-	private function composeLdapFilter($filterType) {
-		$filter = '';
-		$parts = 0;
-		switch ($filterType) {
-			case self::LFILTER_USER_LIST:
-				$objcs = $this->configuration->ldapUserFilterObjectclass;
-				//glue objectclasses
-				if(is_array($objcs) && count($objcs) > 0) {
-					$filter .= '(|';
-					foreach($objcs as $objc) {
-						$filter .= '(objectclass=' . $objc . ')';
-					}
-					$filter .= ')';
-					$parts++;
-				}
-				//glue group memberships
-				if($this->configuration->hasMemberOfFilterSupport) {
-					$cns = $this->configuration->ldapUserFilterGroups;
-					if(is_array($cns) && count($cns) > 0) {
-						$filter .= '(|';
-						$cr = $this->getConnection();
-						if(!$cr) {
-							throw new \Exception('Could not connect to LDAP');
-						}
-						$base = $this->configuration->ldapBase[0];
-						foreach($cns as $cn) {
-							$rr = $this->ldap->search($cr, $base, 'cn=' . $cn, array('dn', 'primaryGroupToken'));
-							if(!$this->ldap->isResource($rr)) {
-								continue;
-							}
-							$er = $this->ldap->firstEntry($cr, $rr);
-							$attrs = $this->ldap->getAttributes($cr, $er);
-							$dn = $this->ldap->getDN($cr, $er);
-							if ($dn == false || $dn === '') {
-								continue;
-							}
-							$filterPart = '(memberof=' . $dn . ')';
-							if(isset($attrs['primaryGroupToken'])) {
-								$pgt = $attrs['primaryGroupToken'][0];
-								$primaryFilterPart = '(primaryGroupID=' . $pgt .')';
-								$filterPart = '(|' . $filterPart . $primaryFilterPart . ')';
-							}
-							$filter .= $filterPart;
-						}
-						$filter .= ')';
-					}
-					$parts++;
-				}
-				//wrap parts in AND condition
-				if($parts > 1) {
-					$filter = '(&' . $filter . ')';
-				}
-				if ($filter === '') {
-					$filter = '(objectclass=*)';
-				}
-				break;
-
-			case self::LFILTER_GROUP_LIST:
-				$objcs = $this->configuration->ldapGroupFilterObjectclass;
-				//glue objectclasses
-				if(is_array($objcs) && count($objcs) > 0) {
-					$filter .= '(|';
-					foreach($objcs as $objc) {
-						$filter .= '(objectclass=' . $objc . ')';
-					}
-					$filter .= ')';
-					$parts++;
-				}
-				//glue group memberships
-				$cns = $this->configuration->ldapGroupFilterGroups;
-				if(is_array($cns) && count($cns) > 0) {
-					$filter .= '(|';
-					foreach($cns as $cn) {
-						$filter .= '(cn=' . $cn . ')';
-					}
-					$filter .= ')';
-				}
-				$parts++;
-				//wrap parts in AND condition
-				if($parts > 1) {
-					$filter = '(&' . $filter . ')';
-				}
-				break;
-
-			case self::LFILTER_LOGIN:
-				$ulf = $this->configuration->ldapUserFilter;
-				$loginpart = '=%uid';
-				$filterUsername = '';
-				$userAttributes = $this->getUserAttributes();
-				$userAttributes = array_change_key_case(array_flip($userAttributes));
-				$parts = 0;
-
-				if($this->configuration->ldapLoginFilterUsername === '1') {
-					$attr = '';
-					if(isset($userAttributes['uid'])) {
-						$attr = 'uid';
-					} else if(isset($userAttributes['samaccountname'])) {
-						$attr = 'samaccountname';
-					} else if(isset($userAttributes['cn'])) {
-						//fallback
-						$attr = 'cn';
-					}
-					if ($attr !== '') {
-						$filterUsername = '(' . $attr . $loginpart . ')';
-						$parts++;
-					}
-				}
-
-				$filterEmail = '';
-				if($this->configuration->ldapLoginFilterEmail === '1') {
-					$filterEmail = '(|(mailPrimaryAddress=%uid)(mail=%uid))';
-					$parts++;
-				}
-
-				$filterAttributes = '';
-				$attrsToFilter = $this->configuration->ldapLoginFilterAttributes;
-				if(is_array($attrsToFilter) && count($attrsToFilter) > 0) {
-					$filterAttributes = '(|';
-					foreach($attrsToFilter as $attribute) {
-						$filterAttributes .= '(' . $attribute . $loginpart . ')';
-					}
-					$filterAttributes .= ')';
-					$parts++;
-				}
-
-				$filterLogin = '';
-				if($parts > 1) {
-					$filterLogin = '(|';
-				}
-				$filterLogin .= $filterUsername;
-				$filterLogin .= $filterEmail;
-				$filterLogin .= $filterAttributes;
-				if($parts > 1) {
-					$filterLogin .= ')';
-				}
-
-				$filter = '(&'.$ulf.$filterLogin.')';
-				break;
-		}
-
-		\OCP\Util::writeLog('user_ldap', 'Wiz: Final filter '.$filter, \OCP\Util::DEBUG);
-
-		return $filter;
-	}
-
-	/**
-	 * Connects and Binds to an LDAP Server
-	 * @param int $port the port to connect with
-	 * @param bool $tls whether startTLS is to be used
-	 * @param bool $ncc
-	 * @return bool
-	 * @throws \Exception
-	 */
-	private function connectAndBind($port = 389, $tls = false, $ncc = false) {
-		if($ncc) {
-			//No certificate check
-			//FIXME: undo afterwards
-			putenv('LDAPTLS_REQCERT=never');
-		}
-
-		//connect, does not really trigger any server communication
-		\OCP\Util::writeLog('user_ldap', 'Wiz: Checking Host Info ', \OCP\Util::DEBUG);
-		$host = $this->configuration->ldapHost;
-		$hostInfo = parse_url($host);
-		if(!$hostInfo) {
-			throw new \Exception(self::$l->t('Invalid Host'));
-		}
-		\OCP\Util::writeLog('user_ldap', 'Wiz: Attempting to connect ', \OCP\Util::DEBUG);
-		$cr = $this->ldap->connect($host, $port);
-		if(!is_resource($cr)) {
-			throw new \Exception(self::$l->t('Invalid Host'));
-		}
-
-		\OCP\Util::writeLog('user_ldap', 'Wiz: Setting LDAP Options ', \OCP\Util::DEBUG);
-		//set LDAP options
-		$this->ldap->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
-		$this->ldap->setOption($cr, LDAP_OPT_REFERRALS, 0);
-		$this->ldap->setOption($cr, LDAP_OPT_NETWORK_TIMEOUT, self::LDAP_NW_TIMEOUT);
-
-		try {
-			if($tls) {
-				$isTlsWorking = @$this->ldap->startTls($cr);
-				if(!$isTlsWorking) {
-					return false;
-				}
-			}
-
-			\OCP\Util::writeLog('user_ldap', 'Wiz: Attemping to Bind ', \OCP\Util::DEBUG);
-			//interesting part: do the bind!
-			$login = $this->ldap->bind($cr,
-				$this->configuration->ldapAgentName,
-				$this->configuration->ldapAgentPassword
-			);
-			$errNo = $this->ldap->errno($cr);
-			$error = ldap_error($cr);
-			$this->ldap->unbind($cr);
-		} catch(ServerNotAvailableException $e) {
-			return false;
-		}
-
-		if($login === true) {
-			$this->ldap->unbind($cr);
-			if($ncc) {
-				throw new \Exception('Certificate cannot be validated.');
-			}
-			\OCP\Util::writeLog('user_ldap', 'Wiz: Bind successful to Port '. $port . ' TLS ' . intval($tls), \OCP\Util::DEBUG);
-			return true;
-		}
-
-		if($errNo === -1 || ($errNo === 2 && $ncc)) {
-			//host, port or TLS wrong
-			return false;
-		} else if ($errNo === 2) {
-			return $this->connectAndBind($port, $tls, true);
-		}
-		throw new \Exception($error, $errNo);
-	}
-
-	/**
-	 * checks whether a valid combination of agent and password has been
-	 * provided (either two values or nothing for anonymous connect)
-	 * @return bool, true if everything is fine, false otherwise
-	 */
-	private function checkAgentRequirements() {
-		$agent = $this->configuration->ldapAgentName;
-		$pwd = $this->configuration->ldapAgentPassword;
-
-		return
-			($agent !== '' && $pwd !== '')
-			||  ($agent === '' && $pwd === '')
-		;
-	}
-
-	/**
-	 * @param array $reqs
-	 * @return bool
-	 */
-	private function checkRequirements($reqs) {
-		$this->checkAgentRequirements();
-		foreach($reqs as $option) {
-			$value = $this->configuration->$option;
-			if(empty($value)) {
-				return false;
-			}
-		}
-		return true;
-	}
-
-	/**
-	 * does a cumulativeSearch on LDAP to get different values of a
-	 * specified attribute
-	 * @param string[] $filters array, the filters that shall be used in the search
-	 * @param string $attr the attribute of which a list of values shall be returned
-	 * @param int $dnReadLimit the amount of how many DNs should be analyzed.
-	 * The lower, the faster
-	 * @param string $maxF string. if not null, this variable will have the filter that
-	 * yields most result entries
-	 * @return array|false an array with the values on success, false otherwise
-	 */
-	public function cumulativeSearchOnAttribute($filters, $attr, $dnReadLimit = 3, &$maxF = null) {
-		$dnRead = array();
-		$foundItems = array();
-		$maxEntries = 0;
-		if(!is_array($this->configuration->ldapBase)
-		   || !isset($this->configuration->ldapBase[0])) {
-			return false;
-		}
-		$base = $this->configuration->ldapBase[0];
-		$cr = $this->getConnection();
-		if(!$this->ldap->isResource($cr)) {
-			return false;
-		}
-		$lastFilter = null;
-		if(isset($filters[count($filters)-1])) {
-			$lastFilter = $filters[count($filters)-1];
-		}
-		foreach($filters as $filter) {
-			if($lastFilter === $filter && count($foundItems) > 0) {
-				//skip when the filter is a wildcard and results were found
-				continue;
-			}
-			// 20k limit for performance and reason
-			$rr = $this->ldap->search($cr, $base, $filter, array($attr), 0, 20000);
-			if(!$this->ldap->isResource($rr)) {
-				continue;
-			}
-			$entries = $this->ldap->countEntries($cr, $rr);
-			$getEntryFunc = 'firstEntry';
-			if(($entries !== false) && ($entries > 0)) {
-				if(!is_null($maxF) && $entries > $maxEntries) {
-					$maxEntries = $entries;
-					$maxF = $filter;
-				}
-				$dnReadCount = 0;
-				do {
-					$entry = $this->ldap->$getEntryFunc($cr, $rr);
-					$getEntryFunc = 'nextEntry';
-					if(!$this->ldap->isResource($entry)) {
-						continue 2;
-					}
-					$rr = $entry; //will be expected by nextEntry next round
-					$attributes = $this->ldap->getAttributes($cr, $entry);
-					$dn = $this->ldap->getDN($cr, $entry);
-					if($dn === false || in_array($dn, $dnRead)) {
-						continue;
-					}
-					$newItems = array();
-					$state = $this->getAttributeValuesFromEntry($attributes,
-																$attr,
-																$newItems);
-					$dnReadCount++;
-					$foundItems = array_merge($foundItems, $newItems);
-					$this->resultCache[$dn][$attr] = $newItems;
-					$dnRead[] = $dn;
-				} while(($state === self::LRESULT_PROCESSED_SKIP
-						|| $this->ldap->isResource($entry))
-						&& ($dnReadLimit === 0 || $dnReadCount < $dnReadLimit));
-			}
-		}
-
-		return array_unique($foundItems);
-	}
-
-	/**
-	 * determines if and which $attr are available on the LDAP server
-	 * @param string[] $objectclasses the objectclasses to use as search filter
-	 * @param string $attr the attribute to look for
-	 * @param string $dbkey the dbkey of the setting the feature is connected to
-	 * @param string $confkey the confkey counterpart for the $dbkey as used in the
-	 * Configuration class
-	 * @param bool $po whether the objectClass with most result entries
-	 * shall be pre-selected via the result
-	 * @return array|false list of found items.
-	 * @throws \Exception
-	 */
-	private function determineFeature($objectclasses, $attr, $dbkey, $confkey, $po = false) {
-		$cr = $this->getConnection();
-		if(!$cr) {
-			throw new \Exception('Could not connect to LDAP');
-		}
-		$p = 'objectclass=';
-		foreach($objectclasses as $key => $value) {
-			$objectclasses[$key] = $p.$value;
-		}
-		$maxEntryObjC = '';
-
-		//how deep to dig?
-		//When looking for objectclasses, testing few entries is sufficient,
-		$dig = 3;
-
-		$availableFeatures =
-			$this->cumulativeSearchOnAttribute($objectclasses, $attr,
-											   $dig, $maxEntryObjC);
-		if(is_array($availableFeatures)
-		   && count($availableFeatures) > 0) {
-			natcasesort($availableFeatures);
-			//natcasesort keeps indices, but we must get rid of them for proper
-			//sorting in the web UI. Therefore: array_values
-			$this->result->addOptions($dbkey, array_values($availableFeatures));
-		} else {
-			throw new \Exception(self::$l->t('Could not find the desired feature'));
-		}
-
-		$setFeatures = $this->configuration->$confkey;
-		if(is_array($setFeatures) && !empty($setFeatures)) {
-			//something is already configured? pre-select it.
-			$this->result->addChange($dbkey, $setFeatures);
-		} else if ($po && $maxEntryObjC !== '') {
-			//pre-select objectclass with most result entries
-			$maxEntryObjC = str_replace($p, '', $maxEntryObjC);
-			$this->applyFind($dbkey, $maxEntryObjC);
-			$this->result->addChange($dbkey, $maxEntryObjC);
-		}
-
-		return $availableFeatures;
-	}
-
-	/**
-	 * appends a list of values fr
-	 * @param resource $result the return value from ldap_get_attributes
-	 * @param string $attribute the attribute values to look for
-	 * @param array &$known new values will be appended here
-	 * @return int, state on of the class constants LRESULT_PROCESSED_OK,
-	 * LRESULT_PROCESSED_INVALID or LRESULT_PROCESSED_SKIP
-	 */
-	private function getAttributeValuesFromEntry($result, $attribute, &$known) {
-		if(!is_array($result)
-		   || !isset($result['count'])
-		   || !$result['count'] > 0) {
-			return self::LRESULT_PROCESSED_INVALID;
-		}
-
-		// strtolower on all keys for proper comparison
-		$result = \OCP\Util::mb_array_change_key_case($result);
-		$attribute = strtolower($attribute);
-		if(isset($result[$attribute])) {
-			foreach($result[$attribute] as $key => $val) {
-				if($key === 'count') {
-					continue;
-				}
-				if(!in_array($val, $known)) {
-					$known[] = $val;
-				}
-			}
-			return self::LRESULT_PROCESSED_OK;
-		} else {
-			return self::LRESULT_PROCESSED_SKIP;
-		}
-	}
-
-	/**
-	 * @return bool|mixed
-	 */
-	private function getConnection() {
-		if(!is_null($this->cr)) {
-			return $this->cr;
-		}
-
-		$cr = $this->ldap->connect(
-			$this->configuration->ldapHost,
-			$this->configuration->ldapPort
-		);
-
-		$this->ldap->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
-		$this->ldap->setOption($cr, LDAP_OPT_REFERRALS, 0);
-		$this->ldap->setOption($cr, LDAP_OPT_NETWORK_TIMEOUT, self::LDAP_NW_TIMEOUT);
-		if($this->configuration->ldapTLS === 1) {
-			$this->ldap->startTls($cr);
-		}
-
-		$lo = @$this->ldap->bind($cr,
-								 $this->configuration->ldapAgentName,
-								 $this->configuration->ldapAgentPassword);
-		if($lo === true) {
-			$this->$cr = $cr;
-			return $cr;
-		}
-
-		return false;
-	}
-
-	/**
-	 * @return array
-	 */
-	private function getDefaultLdapPortSettings() {
-		static $settings = array(
-								array('port' => 7636, 'tls' => false),
-								array('port' =>  636, 'tls' => false),
-								array('port' => 7389, 'tls' => true),
-								array('port' =>  389, 'tls' => true),
-								array('port' => 7389, 'tls' => false),
-								array('port' =>  389, 'tls' => false),
-						  );
-		return $settings;
-	}
-
-	/**
-	 * @return array
-	 */
-	private function getPortSettingsToTry() {
-		//389 ← LDAP / Unencrypted or StartTLS
-		//636 ← LDAPS / SSL
-		//7xxx ← UCS. need to be checked first, because both ports may be open
-		$host = $this->configuration->ldapHost;
-		$port = intval($this->configuration->ldapPort);
-		$portSettings = array();
-
-		//In case the port is already provided, we will check this first
-		if($port > 0) {
-			$hostInfo = parse_url($host);
-			if(!(is_array($hostInfo)
-				&& isset($hostInfo['scheme'])
-				&& stripos($hostInfo['scheme'], 'ldaps') !== false)) {
-				$portSettings[] = array('port' => $port, 'tls' => true);
-			}
-			$portSettings[] =array('port' => $port, 'tls' => false);
-		}
-
-		//default ports
-		$portSettings = array_merge($portSettings,
-		                            $this->getDefaultLdapPortSettings());
-
-		return $portSettings;
-	}
+    /** @var \OCP\IL10N */
+    static protected $l;
+    protected $access;
+    protected $cr;
+    protected $configuration;
+    protected $result;
+    protected $resultCache = array();
+
+    const LRESULT_PROCESSED_OK = 2;
+    const LRESULT_PROCESSED_INVALID = 3;
+    const LRESULT_PROCESSED_SKIP = 4;
+
+    const LFILTER_LOGIN      = 2;
+    const LFILTER_USER_LIST  = 3;
+    const LFILTER_GROUP_LIST = 4;
+
+    const LFILTER_MODE_ASSISTED = 2;
+    const LFILTER_MODE_RAW = 1;
+
+    const LDAP_NW_TIMEOUT = 4;
+
+    /**
+     * Constructor
+     * @param Configuration $configuration an instance of Configuration
+     * @param ILDAPWrapper $ldap an instance of ILDAPWrapper
+     * @param Access $access
+     */
+    public function __construct(Configuration $configuration, ILDAPWrapper $ldap, Access $access) {
+        parent::__construct($ldap);
+        $this->configuration = $configuration;
+        if(is_null(Wizard::$l)) {
+            Wizard::$l = \OC::$server->getL10N('user_ldap');
+        }
+        $this->access = $access;
+        $this->result = new WizardResult();
+    }
+
+    public function  __destruct() {
+        if($this->result->hasChanges()) {
+            $this->configuration->saveConfiguration();
+        }
+    }
+
+    /**
+     * counts entries in the LDAP directory
+     *
+     * @param string $filter the LDAP search filter
+     * @param string $type a string being either 'users' or 'groups';
+     * @return bool|int
+     * @throws \Exception
+     */
+    public function countEntries($filter, $type) {
+        $reqs = array('ldapHost', 'ldapPort', 'ldapBase');
+        if($type === 'users') {
+            $reqs[] = 'ldapUserFilter';
+        }
+        if(!$this->checkRequirements($reqs)) {
+            throw new \Exception('Requirements not met', 400);
+        }
+
+        $attr = array('dn'); // default
+        $limit = 1001;
+        if($type === 'groups') {
+            $result =  $this->access->countGroups($filter, $attr, $limit);
+        } else if($type === 'users') {
+            $result = $this->access->countUsers($filter, $attr, $limit);
+        } else if ($type === 'objects') {
+            $result = $this->access->countObjects($limit);
+        } else {
+            throw new \Exception('internal error: invalid object type', 500);
+        }
+
+        return $result;
+    }
+
+    /**
+     * formats the return value of a count operation to the string to be
+     * inserted.
+     *
+     * @param bool|int $count
+     * @return int|string
+     */
+    private function formatCountResult($count) {
+        $formatted = ($count !== false) ? $count : 0;
+        if($formatted > 1000) {
+            $formatted = '> 1000';
+        }
+        return $formatted;
+    }
+
+    public function countGroups() {
+        $filter = $this->configuration->ldapGroupFilter;
+
+        if(empty($filter)) {
+            $output = self::$l->n('%s group found', '%s groups found', 0, array(0));
+            $this->result->addChange('ldap_group_count', $output);
+            return $this->result;
+        }
+
+        try {
+            $groupsTotal = $this->formatCountResult($this->countEntries($filter, 'groups'));
+        } catch (\Exception $e) {
+            //400 can be ignored, 500 is forwarded
+            if($e->getCode() === 500) {
+                throw $e;
+            }
+            return false;
+        }
+        $output = self::$l->n('%s group found', '%s groups found', $groupsTotal, array($groupsTotal));
+        $this->result->addChange('ldap_group_count', $output);
+        return $this->result;
+    }
+
+    /**
+     * @return WizardResult
+     * @throws \Exception
+     */
+    public function countUsers() {
+        $filter = $this->access->getFilterForUserCount();
+
+        $usersTotal = $this->formatCountResult($this->countEntries($filter, 'users'));
+        $output = self::$l->n('%s user found', '%s users found', $usersTotal, array($usersTotal));
+        $this->result->addChange('ldap_user_count', $output);
+        return $this->result;
+    }
+
+    /**
+     * counts any objects in the currently set base dn
+     *
+     * @return WizardResult
+     * @throws \Exception
+     */
+    public function countInBaseDN() {
+        // we don't need to provide a filter in this case
+        $total = $this->countEntries(null, 'objects');
+        if($total === false) {
+            throw new \Exception('invalid results received');
+        }
+        $this->result->addChange('ldap_test_base', $total);
+        return $this->result;
+    }
+
+    /**
+     * counts users with a specified attribute
+     * @param string $attr
+     * @param bool $existsCheck
+     * @return int|bool
+     */
+    public function countUsersWithAttribute($attr, $existsCheck = false) {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            'ldapUserFilter',
+                                            ))) {
+            return  false;
+        }
+
+        $filter = $this->access->combineFilterWithAnd(array(
+            $this->configuration->ldapUserFilter,
+            $attr . '=*'
+        ));
+
+        $limit = ($existsCheck === false) ? null : 1;
+
+        return $this->access->countUsers($filter, array('dn'), $limit);
+    }
+
+    /**
+     * detects the display name attribute. If a setting is already present that
+     * returns at least one hit, the detection will be canceled.
+     * @return WizardResult|bool
+     * @throws \Exception
+     */
+    public function detectUserDisplayNameAttribute() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                        'ldapPort',
+                                        'ldapBase',
+                                        'ldapUserFilter',
+                                        ))) {
+            return  false;
+        }
+
+        $attr = $this->configuration->ldapUserDisplayName;
+        if ($attr !== '' && $attr !== 'displayName') {
+            // most likely not the default value with upper case N,
+            // verify it still produces a result
+            $count = intval($this->countUsersWithAttribute($attr, true));
+            if($count > 0) {
+                //no change, but we sent it back to make sure the user interface
+                //is still correct, even if the ajax call was cancelled meanwhile
+                $this->result->addChange('ldap_display_name', $attr);
+                return $this->result;
+            }
+        }
+
+        // first attribute that has at least one result wins
+        $displayNameAttrs = array('displayname', 'cn');
+        foreach ($displayNameAttrs as $attr) {
+            $count = intval($this->countUsersWithAttribute($attr, true));
+
+            if($count > 0) {
+                $this->applyFind('ldap_display_name', $attr);
+                return $this->result;
+            }
+        };
+
+        throw new \Exception(self::$l->t('Could not detect user display name attribute. Please specify it yourself in advanced ldap settings.'));
+    }
+
+    /**
+     * detects the most often used email attribute for users applying to the
+     * user list filter. If a setting is already present that returns at least
+     * one hit, the detection will be canceled.
+     * @return WizardResult|bool
+     */
+    public function detectEmailAttribute() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            'ldapUserFilter',
+                                            ))) {
+            return  false;
+        }
+
+        $attr = $this->configuration->ldapEmailAttribute;
+        if ($attr !== '') {
+            $count = intval($this->countUsersWithAttribute($attr, true));
+            if($count > 0) {
+                return false;
+            }
+            $writeLog = true;
+        } else {
+            $writeLog = false;
+        }
+
+        $emailAttributes = array('mail', 'mailPrimaryAddress');
+        $winner = '';
+        $maxUsers = 0;
+        foreach($emailAttributes as $attr) {
+            $count = $this->countUsersWithAttribute($attr);
+            if($count > $maxUsers) {
+                $maxUsers = $count;
+                $winner = $attr;
+            }
+        }
+
+        if($winner !== '') {
+            $this->applyFind('ldap_email_attr', $winner);
+            if($writeLog) {
+                \OCP\Util::writeLog('user_ldap', 'The mail attribute has ' .
+                    'automatically been reset, because the original value ' .
+                    'did not return any results.', \OCP\Util::INFO);
+            }
+        }
+
+        return $this->result;
+    }
+
+    /**
+     * @return WizardResult
+     * @throws \Exception
+     */
+    public function determineAttributes() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            'ldapUserFilter',
+                                            ))) {
+            return  false;
+        }
+
+        $attributes = $this->getUserAttributes();
+
+        natcasesort($attributes);
+        $attributes = array_values($attributes);
+
+        $this->result->addOptions('ldap_loginfilter_attributes', $attributes);
+
+        $selected = $this->configuration->ldapLoginFilterAttributes;
+        if(is_array($selected) && !empty($selected)) {
+            $this->result->addChange('ldap_loginfilter_attributes', $selected);
+        }
+
+        return $this->result;
+    }
+
+    /**
+     * detects the available LDAP attributes
+     * @return array|false The instance's WizardResult instance
+     * @throws \Exception
+     */
+    private function getUserAttributes() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            'ldapUserFilter',
+                                            ))) {
+            return  false;
+        }
+        $cr = $this->getConnection();
+        if(!$cr) {
+            throw new \Exception('Could not connect to LDAP');
+        }
+
+        $base = $this->configuration->ldapBase[0];
+        $filter = $this->configuration->ldapUserFilter;
+        $rr = $this->ldap->search($cr, $base, $filter, array(), 1, 1);
+        if(!$this->ldap->isResource($rr)) {
+            return false;
+        }
+        $er = $this->ldap->firstEntry($cr, $rr);
+        $attributes = $this->ldap->getAttributes($cr, $er);
+        $pureAttributes = array();
+        for($i = 0; $i < $attributes['count']; $i++) {
+            $pureAttributes[] = $attributes[$i];
+        }
+
+        return $pureAttributes;
+    }
+
+    /**
+     * detects the available LDAP groups
+     * @return WizardResult|false the instance's WizardResult instance
+     */
+    public function determineGroupsForGroups() {
+        return $this->determineGroups('ldap_groupfilter_groups',
+                                        'ldapGroupFilterGroups',
+                                        false);
+    }
+
+    /**
+     * detects the available LDAP groups
+     * @return WizardResult|false the instance's WizardResult instance
+     */
+    public function determineGroupsForUsers() {
+        return $this->determineGroups('ldap_userfilter_groups',
+                                        'ldapUserFilterGroups');
+    }
+
+    /**
+     * detects the available LDAP groups
+     * @param string $dbKey
+     * @param string $confKey
+     * @param bool $testMemberOf
+     * @return WizardResult|false the instance's WizardResult instance
+     * @throws \Exception
+     */
+    private function determineGroups($dbKey, $confKey, $testMemberOf = true) {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            ))) {
+            return  false;
+        }
+        $cr = $this->getConnection();
+        if(!$cr) {
+            throw new \Exception('Could not connect to LDAP');
+        }
+
+        $this->fetchGroups($dbKey, $confKey);
+
+        if($testMemberOf) {
+            $this->configuration->hasMemberOfFilterSupport = $this->testMemberOf();
+            $this->result->markChange();
+            if(!$this->configuration->hasMemberOfFilterSupport) {
+                throw new \Exception('memberOf is not supported by the server');
+            }
+        }
+
+        return $this->result;
+    }
+
+    /**
+     * fetches all groups from LDAP and adds them to the result object
+     *
+     * @param string $dbKey
+     * @param string $confKey
+     * @return array $groupEntries
+     * @throws \Exception
+     */
+    public function fetchGroups($dbKey, $confKey) {
+        $obclasses = array('posixGroup', 'group', 'zimbraDistributionList', 'groupOfNames');
+
+        $filterParts = array();
+        foreach($obclasses as $obclass) {
+            $filterParts[] = 'objectclass='.$obclass;
+        }
+        //we filter for everything
+        //- that looks like a group and
+        //- has the group display name set
+        $filter = $this->access->combineFilterWithOr($filterParts);
+        $filter = $this->access->combineFilterWithAnd(array($filter, 'cn=*'));
+
+        $groupNames = array();
+        $groupEntries = array();
+        $limit = 400;
+        $offset = 0;
+        do {
+            // we need to request dn additionally here, otherwise memberOf
+            // detection will fail later
+            $result = $this->access->searchGroups($filter, array('cn', 'dn'), $limit, $offset);
+            foreach($result as $item) {
+                if(!isset($item['cn']) && !is_array($item['cn']) && !isset($item['cn'][0])) {
+                    // just in case - no issue known
+                    continue;
+                }
+                $groupNames[] = $item['cn'][0];
+                $groupEntries[] = $item;
+            }
+            $offset += $limit;
+        } while ($this->access->hasMoreResults());
+
+        if(count($groupNames) > 0) {
+            natsort($groupNames);
+            $this->result->addOptions($dbKey, array_values($groupNames));
+        } else {
+            throw new \Exception(self::$l->t('Could not find the desired feature'));
+        }
+
+        $setFeatures = $this->configuration->$confKey;
+        if(is_array($setFeatures) && !empty($setFeatures)) {
+            //something is already configured? pre-select it.
+            $this->result->addChange($dbKey, $setFeatures);
+        }
+        return $groupEntries;
+    }
+
+    public function determineGroupMemberAssoc() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapGroupFilter',
+                                            ))) {
+            return  false;
+        }
+        $attribute = $this->detectGroupMemberAssoc();
+        if($attribute === false) {
+            return false;
+        }
+        $this->configuration->setConfiguration(array('ldapGroupMemberAssocAttr' => $attribute));
+        $this->result->addChange('ldap_group_member_assoc_attribute', $attribute);
+
+        return $this->result;
+    }
+
+    /**
+     * Detects the available object classes
+     * @return WizardResult|false the instance's WizardResult instance
+     * @throws \Exception
+     */
+    public function determineGroupObjectClasses() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            ))) {
+            return  false;
+        }
+        $cr = $this->getConnection();
+        if(!$cr) {
+            throw new \Exception('Could not connect to LDAP');
+        }
+
+        $obclasses = array('groupOfNames', 'groupOfUniqueNames', 'group', 'posixGroup', '*');
+        $this->determineFeature($obclasses,
+                                'objectclass',
+                                'ldap_groupfilter_objectclass',
+                                'ldapGroupFilterObjectclass',
+                                false);
+
+        return $this->result;
+    }
+
+    /**
+     * detects the available object classes
+     * @return WizardResult
+     * @throws \Exception
+     */
+    public function determineUserObjectClasses() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            ))) {
+            return  false;
+        }
+        $cr = $this->getConnection();
+        if(!$cr) {
+            throw new \Exception('Could not connect to LDAP');
+        }
+
+        $obclasses = array('inetOrgPerson', 'person', 'organizationalPerson',
+                            'user', 'posixAccount', '*');
+        $filter = $this->configuration->ldapUserFilter;
+        //if filter is empty, it is probably the first time the wizard is called
+        //then, apply suggestions.
+        $this->determineFeature($obclasses,
+                                'objectclass',
+                                'ldap_userfilter_objectclass',
+                                'ldapUserFilterObjectclass',
+                                empty($filter));
+
+        return $this->result;
+    }
+
+    /**
+     * @return WizardResult|false
+     * @throws \Exception
+     */
+    public function getGroupFilter() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            ))) {
+            return false;
+        }
+        //make sure the use display name is set
+        $displayName = $this->configuration->ldapGroupDisplayName;
+        if ($displayName === '') {
+            $d = $this->configuration->getDefaults();
+            $this->applyFind('ldap_group_display_name',
+                                $d['ldap_group_display_name']);
+        }
+        $filter = $this->composeLdapFilter(self::LFILTER_GROUP_LIST);
+
+        $this->applyFind('ldap_group_filter', $filter);
+        return $this->result;
+    }
+
+    /**
+     * @return WizardResult|false
+     * @throws \Exception
+     */
+    public function getUserListFilter() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            ))) {
+            return false;
+        }
+        //make sure the use display name is set
+        $displayName = $this->configuration->ldapUserDisplayName;
+        if ($displayName === '') {
+            $d = $this->configuration->getDefaults();
+            $this->applyFind('ldap_display_name', $d['ldap_display_name']);
+        }
+        $filter = $this->composeLdapFilter(self::LFILTER_USER_LIST);
+        if(!$filter) {
+            throw new \Exception('Cannot create filter');
+        }
+
+        $this->applyFind('ldap_userlist_filter', $filter);
+        return $this->result;
+    }
+
+    /**
+     * @return bool|WizardResult
+     * @throws \Exception
+     */
+    public function getUserLoginFilter() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            'ldapUserFilter',
+                                            ))) {
+            return false;
+        }
+
+        $filter = $this->composeLdapFilter(self::LFILTER_LOGIN);
+        if(!$filter) {
+            throw new \Exception('Cannot create filter');
+        }
+
+        $this->applyFind('ldap_login_filter', $filter);
+        return $this->result;
+    }
+
+    /**
+     * @return bool|WizardResult
+     * @param string $loginName
+     * @throws \Exception
+     */
+    public function testLoginName($loginName) {
+        if(!$this->checkRequirements(array('ldapHost',
+            'ldapPort',
+            'ldapBase',
+            'ldapLoginFilter',
+        ))) {
+            return false;
+        }
+
+        $cr = $this->access->connection->getConnectionResource();
+        if(!$this->ldap->isResource($cr)) {
+            throw new \Exception('connection error');
+        }
+
+        if(mb_strpos($this->access->connection->ldapLoginFilter, '%uid', 0, 'UTF-8')
+            === false) {
+            throw new \Exception('missing placeholder');
+        }
+
+        $users = $this->access->countUsersByLoginName($loginName);
+        if($this->ldap->errno($cr) !== 0) {
+            throw new \Exception($this->ldap->error($cr));
+        }
+        $filter = str_replace('%uid', $loginName, $this->access->connection->ldapLoginFilter);
+        $this->result->addChange('ldap_test_loginname', $users);
+        $this->result->addChange('ldap_test_effective_filter', $filter);
+        return $this->result;
+    }
+
+    /**
+     * Tries to determine the port, requires given Host, User DN and Password
+     * @return WizardResult|false WizardResult on success, false otherwise
+     * @throws \Exception
+     */
+    public function guessPortAndTLS() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            ))) {
+            return false;
+        }
+        $this->checkHost();
+        $portSettings = $this->getPortSettingsToTry();
+
+        if(!is_array($portSettings)) {
+            throw new \Exception(print_r($portSettings, true));
+        }
+
+        //proceed from the best configuration and return on first success
+        foreach($portSettings as $setting) {
+            $p = $setting['port'];
+            $t = $setting['tls'];
+            \OCP\Util::writeLog('user_ldap', 'Wiz: trying port '. $p . ', TLS '. $t, \OCP\Util::DEBUG);
+            //connectAndBind may throw Exception, it needs to be catched by the
+            //callee of this method
+
+            try {
+                $settingsFound = $this->connectAndBind($p, $t);
+            } catch (\Exception $e) {
+                // any reply other than -1 (= cannot connect) is already okay,
+                // because then we found the server
+                // unavailable startTLS returns -11
+                if($e->getCode() > 0) {
+                    $settingsFound = true;
+                } else {
+                    throw $e;
+                }
+            }
+
+            if ($settingsFound === true) {
+                $config = array(
+                    'ldapPort' => $p,
+                    'ldapTLS' => intval($t)
+                );
+                $this->configuration->setConfiguration($config);
+                \OCP\Util::writeLog('user_ldap', 'Wiz: detected Port ' . $p, \OCP\Util::DEBUG);
+                $this->result->addChange('ldap_port', $p);
+                return $this->result;
+            }
+        }
+
+        //custom port, undetected (we do not brute force)
+        return false;
+    }
+
+    /**
+     * tries to determine a base dn from User DN or LDAP Host
+     * @return WizardResult|false WizardResult on success, false otherwise
+     */
+    public function guessBaseDN() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            ))) {
+            return false;
+        }
+
+        //check whether a DN is given in the agent name (99.9% of all cases)
+        $base = null;
+        $i = stripos($this->configuration->ldapAgentName, 'dc=');
+        if($i !== false) {
+            $base = substr($this->configuration->ldapAgentName, $i);
+            if($this->testBaseDN($base)) {
+                $this->applyFind('ldap_base', $base);
+                return $this->result;
+            }
+        }
+
+        //this did not help :(
+        //Let's see whether we can parse the Host URL and convert the domain to
+        //a base DN
+        $helper = new Helper(\OC::$server->getConfig());
+        $domain = $helper->getDomainFromURL($this->configuration->ldapHost);
+        if(!$domain) {
+            return false;
+        }
+
+        $dparts = explode('.', $domain);
+        while(count($dparts) > 0) {
+            $base2 = 'dc=' . implode(',dc=', $dparts);
+            if ($base !== $base2 && $this->testBaseDN($base2)) {
+                $this->applyFind('ldap_base', $base2);
+                return $this->result;
+            }
+            array_shift($dparts);
+        }
+
+        return false;
+    }
+
+    /**
+     * sets the found value for the configuration key in the WizardResult
+     * as well as in the Configuration instance
+     * @param string $key the configuration key
+     * @param string $value the (detected) value
+     *
+     */
+    private function applyFind($key, $value) {
+        $this->result->addChange($key, $value);
+        $this->configuration->setConfiguration(array($key => $value));
+    }
+
+    /**
+     * Checks, whether a port was entered in the Host configuration
+     * field. In this case the port will be stripped off, but also stored as
+     * setting.
+     */
+    private function checkHost() {
+        $host = $this->configuration->ldapHost;
+        $hostInfo = parse_url($host);
+
+        //removes Port from Host
+        if(is_array($hostInfo) && isset($hostInfo['port'])) {
+            $port = $hostInfo['port'];
+            $host = str_replace(':'.$port, '', $host);
+            $this->applyFind('ldap_host', $host);
+            $this->applyFind('ldap_port', $port);
+        }
+    }
+
+    /**
+     * tries to detect the group member association attribute which is
+     * one of 'uniqueMember', 'memberUid', 'member'
+     * @return string|false, string with the attribute name, false on error
+     * @throws \Exception
+     */
+    private function detectGroupMemberAssoc() {
+        $possibleAttrs = array('uniqueMember', 'memberUid', 'member');
+        $filter = $this->configuration->ldapGroupFilter;
+        if(empty($filter)) {
+            return false;
+        }
+        $cr = $this->getConnection();
+        if(!$cr) {
+            throw new \Exception('Could not connect to LDAP');
+        }
+        $base = $this->configuration->ldapBase[0];
+        $rr = $this->ldap->search($cr, $base, $filter, $possibleAttrs, 0, 1000);
+        if(!$this->ldap->isResource($rr)) {
+            return false;
+        }
+        $er = $this->ldap->firstEntry($cr, $rr);
+        while(is_resource($er)) {
+            $this->ldap->getDN($cr, $er);
+            $attrs = $this->ldap->getAttributes($cr, $er);
+            $result = array();
+            $possibleAttrsCount = count($possibleAttrs);
+            for($i = 0; $i < $possibleAttrsCount; $i++) {
+                if(isset($attrs[$possibleAttrs[$i]])) {
+                    $result[$possibleAttrs[$i]] = $attrs[$possibleAttrs[$i]]['count'];
+                }
+            }
+            if(!empty($result)) {
+                natsort($result);
+                return key($result);
+            }
+
+            $er = $this->ldap->nextEntry($cr, $er);
+        }
+
+        return false;
+    }
+
+    /**
+     * Checks whether for a given BaseDN results will be returned
+     * @param string $base the BaseDN to test
+     * @return bool true on success, false otherwise
+     * @throws \Exception
+     */
+    private function testBaseDN($base) {
+        $cr = $this->getConnection();
+        if(!$cr) {
+            throw new \Exception('Could not connect to LDAP');
+        }
+
+        //base is there, let's validate it. If we search for anything, we should
+        //get a result set > 0 on a proper base
+        $rr = $this->ldap->search($cr, $base, 'objectClass=*', array('dn'), 0, 1);
+        if(!$this->ldap->isResource($rr)) {
+            $errorNo  = $this->ldap->errno($cr);
+            $errorMsg = $this->ldap->error($cr);
+            \OCP\Util::writeLog('user_ldap', 'Wiz: Could not search base '.$base.
+                            ' Error '.$errorNo.': '.$errorMsg, \OCP\Util::INFO);
+            return false;
+        }
+        $entries = $this->ldap->countEntries($cr, $rr);
+        return ($entries !== false) && ($entries > 0);
+    }
+
+    /**
+     * Checks whether the server supports memberOf in LDAP Filter.
+     * Note: at least in OpenLDAP, availability of memberOf is dependent on
+     * a configured objectClass. I.e. not necessarily for all available groups
+     * memberOf does work.
+     *
+     * @return bool true if it does, false otherwise
+     * @throws \Exception
+     */
+    private function testMemberOf() {
+        $cr = $this->getConnection();
+        if(!$cr) {
+            throw new \Exception('Could not connect to LDAP');
+        }
+        $result = $this->access->countUsers('memberOf=*', array('memberOf'), 1);
+        if(is_int($result) &&  $result > 0) {
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * creates an LDAP Filter from given configuration
+     * @param integer $filterType int, for which use case the filter shall be created
+     * can be any of self::LFILTER_USER_LIST, self::LFILTER_LOGIN or
+     * self::LFILTER_GROUP_LIST
+     * @return string|false string with the filter on success, false otherwise
+     * @throws \Exception
+     */
+    private function composeLdapFilter($filterType) {
+        $filter = '';
+        $parts = 0;
+        switch ($filterType) {
+            case self::LFILTER_USER_LIST:
+                $objcs = $this->configuration->ldapUserFilterObjectclass;
+                //glue objectclasses
+                if(is_array($objcs) && count($objcs) > 0) {
+                    $filter .= '(|';
+                    foreach($objcs as $objc) {
+                        $filter .= '(objectclass=' . $objc . ')';
+                    }
+                    $filter .= ')';
+                    $parts++;
+                }
+                //glue group memberships
+                if($this->configuration->hasMemberOfFilterSupport) {
+                    $cns = $this->configuration->ldapUserFilterGroups;
+                    if(is_array($cns) && count($cns) > 0) {
+                        $filter .= '(|';
+                        $cr = $this->getConnection();
+                        if(!$cr) {
+                            throw new \Exception('Could not connect to LDAP');
+                        }
+                        $base = $this->configuration->ldapBase[0];
+                        foreach($cns as $cn) {
+                            $rr = $this->ldap->search($cr, $base, 'cn=' . $cn, array('dn', 'primaryGroupToken'));
+                            if(!$this->ldap->isResource($rr)) {
+                                continue;
+                            }
+                            $er = $this->ldap->firstEntry($cr, $rr);
+                            $attrs = $this->ldap->getAttributes($cr, $er);
+                            $dn = $this->ldap->getDN($cr, $er);
+                            if ($dn == false || $dn === '') {
+                                continue;
+                            }
+                            $filterPart = '(memberof=' . $dn . ')';
+                            if(isset($attrs['primaryGroupToken'])) {
+                                $pgt = $attrs['primaryGroupToken'][0];
+                                $primaryFilterPart = '(primaryGroupID=' . $pgt .')';
+                                $filterPart = '(|' . $filterPart . $primaryFilterPart . ')';
+                            }
+                            $filter .= $filterPart;
+                        }
+                        $filter .= ')';
+                    }
+                    $parts++;
+                }
+                //wrap parts in AND condition
+                if($parts > 1) {
+                    $filter = '(&' . $filter . ')';
+                }
+                if ($filter === '') {
+                    $filter = '(objectclass=*)';
+                }
+                break;
+
+            case self::LFILTER_GROUP_LIST:
+                $objcs = $this->configuration->ldapGroupFilterObjectclass;
+                //glue objectclasses
+                if(is_array($objcs) && count($objcs) > 0) {
+                    $filter .= '(|';
+                    foreach($objcs as $objc) {
+                        $filter .= '(objectclass=' . $objc . ')';
+                    }
+                    $filter .= ')';
+                    $parts++;
+                }
+                //glue group memberships
+                $cns = $this->configuration->ldapGroupFilterGroups;
+                if(is_array($cns) && count($cns) > 0) {
+                    $filter .= '(|';
+                    foreach($cns as $cn) {
+                        $filter .= '(cn=' . $cn . ')';
+                    }
+                    $filter .= ')';
+                }
+                $parts++;
+                //wrap parts in AND condition
+                if($parts > 1) {
+                    $filter = '(&' . $filter . ')';
+                }
+                break;
+
+            case self::LFILTER_LOGIN:
+                $ulf = $this->configuration->ldapUserFilter;
+                $loginpart = '=%uid';
+                $filterUsername = '';
+                $userAttributes = $this->getUserAttributes();
+                $userAttributes = array_change_key_case(array_flip($userAttributes));
+                $parts = 0;
+
+                if($this->configuration->ldapLoginFilterUsername === '1') {
+                    $attr = '';
+                    if(isset($userAttributes['uid'])) {
+                        $attr = 'uid';
+                    } else if(isset($userAttributes['samaccountname'])) {
+                        $attr = 'samaccountname';
+                    } else if(isset($userAttributes['cn'])) {
+                        //fallback
+                        $attr = 'cn';
+                    }
+                    if ($attr !== '') {
+                        $filterUsername = '(' . $attr . $loginpart . ')';
+                        $parts++;
+                    }
+                }
+
+                $filterEmail = '';
+                if($this->configuration->ldapLoginFilterEmail === '1') {
+                    $filterEmail = '(|(mailPrimaryAddress=%uid)(mail=%uid))';
+                    $parts++;
+                }
+
+                $filterAttributes = '';
+                $attrsToFilter = $this->configuration->ldapLoginFilterAttributes;
+                if(is_array($attrsToFilter) && count($attrsToFilter) > 0) {
+                    $filterAttributes = '(|';
+                    foreach($attrsToFilter as $attribute) {
+                        $filterAttributes .= '(' . $attribute . $loginpart . ')';
+                    }
+                    $filterAttributes .= ')';
+                    $parts++;
+                }
+
+                $filterLogin = '';
+                if($parts > 1) {
+                    $filterLogin = '(|';
+                }
+                $filterLogin .= $filterUsername;
+                $filterLogin .= $filterEmail;
+                $filterLogin .= $filterAttributes;
+                if($parts > 1) {
+                    $filterLogin .= ')';
+                }
+
+                $filter = '(&'.$ulf.$filterLogin.')';
+                break;
+        }
+
+        \OCP\Util::writeLog('user_ldap', 'Wiz: Final filter '.$filter, \OCP\Util::DEBUG);
+
+        return $filter;
+    }
+
+    /**
+     * Connects and Binds to an LDAP Server
+     * @param int $port the port to connect with
+     * @param bool $tls whether startTLS is to be used
+     * @param bool $ncc
+     * @return bool
+     * @throws \Exception
+     */
+    private function connectAndBind($port = 389, $tls = false, $ncc = false) {
+        if($ncc) {
+            //No certificate check
+            //FIXME: undo afterwards
+            putenv('LDAPTLS_REQCERT=never');
+        }
+
+        //connect, does not really trigger any server communication
+        \OCP\Util::writeLog('user_ldap', 'Wiz: Checking Host Info ', \OCP\Util::DEBUG);
+        $host = $this->configuration->ldapHost;
+        $hostInfo = parse_url($host);
+        if(!$hostInfo) {
+            throw new \Exception(self::$l->t('Invalid Host'));
+        }
+        \OCP\Util::writeLog('user_ldap', 'Wiz: Attempting to connect ', \OCP\Util::DEBUG);
+        $cr = $this->ldap->connect($host, $port);
+        if(!is_resource($cr)) {
+            throw new \Exception(self::$l->t('Invalid Host'));
+        }
+
+        \OCP\Util::writeLog('user_ldap', 'Wiz: Setting LDAP Options ', \OCP\Util::DEBUG);
+        //set LDAP options
+        $this->ldap->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
+        $this->ldap->setOption($cr, LDAP_OPT_REFERRALS, 0);
+        $this->ldap->setOption($cr, LDAP_OPT_NETWORK_TIMEOUT, self::LDAP_NW_TIMEOUT);
+
+        try {
+            if($tls) {
+                $isTlsWorking = @$this->ldap->startTls($cr);
+                if(!$isTlsWorking) {
+                    return false;
+                }
+            }
+
+            \OCP\Util::writeLog('user_ldap', 'Wiz: Attemping to Bind ', \OCP\Util::DEBUG);
+            //interesting part: do the bind!
+            $login = $this->ldap->bind($cr,
+                $this->configuration->ldapAgentName,
+                $this->configuration->ldapAgentPassword
+            );
+            $errNo = $this->ldap->errno($cr);
+            $error = ldap_error($cr);
+            $this->ldap->unbind($cr);
+        } catch(ServerNotAvailableException $e) {
+            return false;
+        }
+
+        if($login === true) {
+            $this->ldap->unbind($cr);
+            if($ncc) {
+                throw new \Exception('Certificate cannot be validated.');
+            }
+            \OCP\Util::writeLog('user_ldap', 'Wiz: Bind successful to Port '. $port . ' TLS ' . intval($tls), \OCP\Util::DEBUG);
+            return true;
+        }
+
+        if($errNo === -1 || ($errNo === 2 && $ncc)) {
+            //host, port or TLS wrong
+            return false;
+        } else if ($errNo === 2) {
+            return $this->connectAndBind($port, $tls, true);
+        }
+        throw new \Exception($error, $errNo);
+    }
+
+    /**
+     * checks whether a valid combination of agent and password has been
+     * provided (either two values or nothing for anonymous connect)
+     * @return bool, true if everything is fine, false otherwise
+     */
+    private function checkAgentRequirements() {
+        $agent = $this->configuration->ldapAgentName;
+        $pwd = $this->configuration->ldapAgentPassword;
+
+        return
+            ($agent !== '' && $pwd !== '')
+            ||  ($agent === '' && $pwd === '')
+        ;
+    }
+
+    /**
+     * @param array $reqs
+     * @return bool
+     */
+    private function checkRequirements($reqs) {
+        $this->checkAgentRequirements();
+        foreach($reqs as $option) {
+            $value = $this->configuration->$option;
+            if(empty($value)) {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    /**
+     * does a cumulativeSearch on LDAP to get different values of a
+     * specified attribute
+     * @param string[] $filters array, the filters that shall be used in the search
+     * @param string $attr the attribute of which a list of values shall be returned
+     * @param int $dnReadLimit the amount of how many DNs should be analyzed.
+     * The lower, the faster
+     * @param string $maxF string. if not null, this variable will have the filter that
+     * yields most result entries
+     * @return array|false an array with the values on success, false otherwise
+     */
+    public function cumulativeSearchOnAttribute($filters, $attr, $dnReadLimit = 3, &$maxF = null) {
+        $dnRead = array();
+        $foundItems = array();
+        $maxEntries = 0;
+        if(!is_array($this->configuration->ldapBase)
+           || !isset($this->configuration->ldapBase[0])) {
+            return false;
+        }
+        $base = $this->configuration->ldapBase[0];
+        $cr = $this->getConnection();
+        if(!$this->ldap->isResource($cr)) {
+            return false;
+        }
+        $lastFilter = null;
+        if(isset($filters[count($filters)-1])) {
+            $lastFilter = $filters[count($filters)-1];
+        }
+        foreach($filters as $filter) {
+            if($lastFilter === $filter && count($foundItems) > 0) {
+                //skip when the filter is a wildcard and results were found
+                continue;
+            }
+            // 20k limit for performance and reason
+            $rr = $this->ldap->search($cr, $base, $filter, array($attr), 0, 20000);
+            if(!$this->ldap->isResource($rr)) {
+                continue;
+            }
+            $entries = $this->ldap->countEntries($cr, $rr);
+            $getEntryFunc = 'firstEntry';
+            if(($entries !== false) && ($entries > 0)) {
+                if(!is_null($maxF) && $entries > $maxEntries) {
+                    $maxEntries = $entries;
+                    $maxF = $filter;
+                }
+                $dnReadCount = 0;
+                do {
+                    $entry = $this->ldap->$getEntryFunc($cr, $rr);
+                    $getEntryFunc = 'nextEntry';
+                    if(!$this->ldap->isResource($entry)) {
+                        continue 2;
+                    }
+                    $rr = $entry; //will be expected by nextEntry next round
+                    $attributes = $this->ldap->getAttributes($cr, $entry);
+                    $dn = $this->ldap->getDN($cr, $entry);
+                    if($dn === false || in_array($dn, $dnRead)) {
+                        continue;
+                    }
+                    $newItems = array();
+                    $state = $this->getAttributeValuesFromEntry($attributes,
+                                                                $attr,
+                                                                $newItems);
+                    $dnReadCount++;
+                    $foundItems = array_merge($foundItems, $newItems);
+                    $this->resultCache[$dn][$attr] = $newItems;
+                    $dnRead[] = $dn;
+                } while(($state === self::LRESULT_PROCESSED_SKIP
+                        || $this->ldap->isResource($entry))
+                        && ($dnReadLimit === 0 || $dnReadCount < $dnReadLimit));
+            }
+        }
+
+        return array_unique($foundItems);
+    }
+
+    /**
+     * determines if and which $attr are available on the LDAP server
+     * @param string[] $objectclasses the objectclasses to use as search filter
+     * @param string $attr the attribute to look for
+     * @param string $dbkey the dbkey of the setting the feature is connected to
+     * @param string $confkey the confkey counterpart for the $dbkey as used in the
+     * Configuration class
+     * @param bool $po whether the objectClass with most result entries
+     * shall be pre-selected via the result
+     * @return array|false list of found items.
+     * @throws \Exception
+     */
+    private function determineFeature($objectclasses, $attr, $dbkey, $confkey, $po = false) {
+        $cr = $this->getConnection();
+        if(!$cr) {
+            throw new \Exception('Could not connect to LDAP');
+        }
+        $p = 'objectclass=';
+        foreach($objectclasses as $key => $value) {
+            $objectclasses[$key] = $p.$value;
+        }
+        $maxEntryObjC = '';
+
+        //how deep to dig?
+        //When looking for objectclasses, testing few entries is sufficient,
+        $dig = 3;
+
+        $availableFeatures =
+            $this->cumulativeSearchOnAttribute($objectclasses, $attr,
+                                                $dig, $maxEntryObjC);
+        if(is_array($availableFeatures)
+           && count($availableFeatures) > 0) {
+            natcasesort($availableFeatures);
+            //natcasesort keeps indices, but we must get rid of them for proper
+            //sorting in the web UI. Therefore: array_values
+            $this->result->addOptions($dbkey, array_values($availableFeatures));
+        } else {
+            throw new \Exception(self::$l->t('Could not find the desired feature'));
+        }
+
+        $setFeatures = $this->configuration->$confkey;
+        if(is_array($setFeatures) && !empty($setFeatures)) {
+            //something is already configured? pre-select it.
+            $this->result->addChange($dbkey, $setFeatures);
+        } else if ($po && $maxEntryObjC !== '') {
+            //pre-select objectclass with most result entries
+            $maxEntryObjC = str_replace($p, '', $maxEntryObjC);
+            $this->applyFind($dbkey, $maxEntryObjC);
+            $this->result->addChange($dbkey, $maxEntryObjC);
+        }
+
+        return $availableFeatures;
+    }
+
+    /**
+     * appends a list of values fr
+     * @param resource $result the return value from ldap_get_attributes
+     * @param string $attribute the attribute values to look for
+     * @param array &$known new values will be appended here
+     * @return int, state on of the class constants LRESULT_PROCESSED_OK,
+     * LRESULT_PROCESSED_INVALID or LRESULT_PROCESSED_SKIP
+     */
+    private function getAttributeValuesFromEntry($result, $attribute, &$known) {
+        if(!is_array($result)
+           || !isset($result['count'])
+           || !$result['count'] > 0) {
+            return self::LRESULT_PROCESSED_INVALID;
+        }
+
+        // strtolower on all keys for proper comparison
+        $result = \OCP\Util::mb_array_change_key_case($result);
+        $attribute = strtolower($attribute);
+        if(isset($result[$attribute])) {
+            foreach($result[$attribute] as $key => $val) {
+                if($key === 'count') {
+                    continue;
+                }
+                if(!in_array($val, $known)) {
+                    $known[] = $val;
+                }
+            }
+            return self::LRESULT_PROCESSED_OK;
+        } else {
+            return self::LRESULT_PROCESSED_SKIP;
+        }
+    }
+
+    /**
+     * @return bool|mixed
+     */
+    private function getConnection() {
+        if(!is_null($this->cr)) {
+            return $this->cr;
+        }
+
+        $cr = $this->ldap->connect(
+            $this->configuration->ldapHost,
+            $this->configuration->ldapPort
+        );
+
+        $this->ldap->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
+        $this->ldap->setOption($cr, LDAP_OPT_REFERRALS, 0);
+        $this->ldap->setOption($cr, LDAP_OPT_NETWORK_TIMEOUT, self::LDAP_NW_TIMEOUT);
+        if($this->configuration->ldapTLS === 1) {
+            $this->ldap->startTls($cr);
+        }
+
+        $lo = @$this->ldap->bind($cr,
+                                    $this->configuration->ldapAgentName,
+                                    $this->configuration->ldapAgentPassword);
+        if($lo === true) {
+            $this->$cr = $cr;
+            return $cr;
+        }
+
+        return false;
+    }
+
+    /**
+     * @return array
+     */
+    private function getDefaultLdapPortSettings() {
+        static $settings = array(
+                                array('port' => 7636, 'tls' => false),
+                                array('port' =>  636, 'tls' => false),
+                                array('port' => 7389, 'tls' => true),
+                                array('port' =>  389, 'tls' => true),
+                                array('port' => 7389, 'tls' => false),
+                                array('port' =>  389, 'tls' => false),
+                            );
+        return $settings;
+    }
+
+    /**
+     * @return array
+     */
+    private function getPortSettingsToTry() {
+        //389 ← LDAP / Unencrypted or StartTLS
+        //636 ← LDAPS / SSL
+        //7xxx ← UCS. need to be checked first, because both ports may be open
+        $host = $this->configuration->ldapHost;
+        $port = intval($this->configuration->ldapPort);
+        $portSettings = array();
+
+        //In case the port is already provided, we will check this first
+        if($port > 0) {
+            $hostInfo = parse_url($host);
+            if(!(is_array($hostInfo)
+                && isset($hostInfo['scheme'])
+                && stripos($hostInfo['scheme'], 'ldaps') !== false)) {
+                $portSettings[] = array('port' => $port, 'tls' => true);
+            }
+            $portSettings[] =array('port' => $port, 'tls' => false);
+        }
+
+        //default ports
+        $portSettings = array_merge($portSettings,
+                                    $this->getDefaultLdapPortSettings());
+
+        return $portSettings;
+    }
 
 
 }

Please login to merge, or discard this patch.

apps/user_ldap/lib/LDAP.php 1 patch

Indentation +337 added lines, -337 removed lines patch added patch discarded remove patch

@@ -33,341 +33,341 @@
 block discarded – undo
 use OCA\User_LDAP\Exceptions\ConstraintViolationException;
 
 class LDAP implements ILDAPWrapper {
-	protected $curFunc = '';
-	protected $curArgs = array();
-
-	/**
-	 * @param resource $link
-	 * @param string $dn
-	 * @param string $password
-	 * @return bool|mixed
-	 */
-	public function bind($link, $dn, $password) {
-		return $this->invokeLDAPMethod('bind', $link, $dn, $password);
-	}
-
-	/**
-	 * @param string $host
-	 * @param string $port
-	 * @return mixed
-	 */
-	public function connect($host, $port) {
-		if(strpos($host, '://') === false) {
-			$host = 'ldap://' . $host;
-		}
-		if(strpos($host, ':', strpos($host, '://') + 1) === false) {
-			//ldap_connect ignores port parameter when URLs are passed
-			$host .= ':' . $port;
-		}
-		return $this->invokeLDAPMethod('connect', $host);
-	}
-
-	/**
-	 * @param LDAP $link
-	 * @param LDAP $result
-	 * @param string $cookie
-	 * @return bool|LDAP
-	 */
-	public function controlPagedResultResponse($link, $result, &$cookie) {
-		$this->preFunctionCall('ldap_control_paged_result_response',
-			array($link, $result, $cookie));
-		$result = ldap_control_paged_result_response($link, $result, $cookie);
-		$this->postFunctionCall();
-
-		return $result;
-	}
-
-	/**
-	 * @param LDAP $link
-	 * @param int $pageSize
-	 * @param bool $isCritical
-	 * @param string $cookie
-	 * @return mixed|true
-	 */
-	public function controlPagedResult($link, $pageSize, $isCritical, $cookie) {
-		return $this->invokeLDAPMethod('control_paged_result', $link, $pageSize,
-										$isCritical, $cookie);
-	}
-
-	/**
-	 * @param LDAP $link
-	 * @param LDAP $result
-	 * @return mixed
-	 */
-	public function countEntries($link, $result) {
-		return $this->invokeLDAPMethod('count_entries', $link, $result);
-	}
-
-	/**
-	 * @param LDAP $link
-	 * @return mixed|string
-	 */
-	public function errno($link) {
-		return $this->invokeLDAPMethod('errno', $link);
-	}
-
-	/**
-	 * @param LDAP $link
-	 * @return int|mixed
-	 */
-	public function error($link) {
-		return $this->invokeLDAPMethod('error', $link);
-	}
-
-	/**
-	 * Splits DN into its component parts
-	 * @param string $dn
-	 * @param int @withAttrib
-	 * @return array|false
-	 * @link http://www.php.net/manual/en/function.ldap-explode-dn.php
-	 */
-	public function explodeDN($dn, $withAttrib) {
-		return $this->invokeLDAPMethod('explode_dn', $dn, $withAttrib);
-	}
-
-	/**
-	 * @param LDAP $link
-	 * @param LDAP $result
-	 * @return mixed
-	 */
-	public function firstEntry($link, $result) {
-		return $this->invokeLDAPMethod('first_entry', $link, $result);
-	}
-
-	/**
-	 * @param LDAP $link
-	 * @param LDAP $result
-	 * @return array|mixed
-	 */
-	public function getAttributes($link, $result) {
-		return $this->invokeLDAPMethod('get_attributes', $link, $result);
-	}
-
-	/**
-	 * @param LDAP $link
-	 * @param LDAP $result
-	 * @return mixed|string
-	 */
-	public function getDN($link, $result) {
-		return $this->invokeLDAPMethod('get_dn', $link, $result);
-	}
-
-	/**
-	 * @param LDAP $link
-	 * @param LDAP $result
-	 * @return array|mixed
-	 */
-	public function getEntries($link, $result) {
-		return $this->invokeLDAPMethod('get_entries', $link, $result);
-	}
-
-	/**
-	 * @param LDAP $link
-	 * @param resource $result
-	 * @return mixed
-	 */
-	public function nextEntry($link, $result) {
-		return $this->invokeLDAPMethod('next_entry', $link, $result);
-	}
-
-	/**
-	 * @param LDAP $link
-	 * @param string $baseDN
-	 * @param string $filter
-	 * @param array $attr
-	 * @return mixed
-	 */
-	public function read($link, $baseDN, $filter, $attr) {
-		return $this->invokeLDAPMethod('read', $link, $baseDN, $filter, $attr);
-	}
-
-	/**
-	 * @param LDAP $link
-	 * @param string $baseDN
-	 * @param string $filter
-	 * @param array $attr
-	 * @param int $attrsOnly
-	 * @param int $limit
-	 * @return mixed
-	 */
-	public function search($link, $baseDN, $filter, $attr, $attrsOnly = 0, $limit = 0) {
-		return $this->invokeLDAPMethod('search', $link, $baseDN, $filter, $attr, $attrsOnly, $limit);
-	}
-
-	/**
-	 * @param LDAP $link
-	 * @param string $userDN
-	 * @param string $password
-	 * @return bool
-	 */
-	public function modReplace($link, $userDN, $password) {
-		return $this->invokeLDAPMethod('mod_replace', $link, $userDN, array('userPassword' => $password));
-	}
-
-	/**
-	 * @param LDAP $link
-	 * @param string $option
-	 * @param int $value
-	 * @return bool|mixed
-	 */
-	public function setOption($link, $option, $value) {
-		return $this->invokeLDAPMethod('set_option', $link, $option, $value);
-	}
-
-	/**
-	 * @param LDAP $link
-	 * @return mixed|true
-	 */
-	public function startTls($link) {
-		return $this->invokeLDAPMethod('start_tls', $link);
-	}
-
-	/**
-	 * @param resource $link
-	 * @return bool|mixed
-	 */
-	public function unbind($link) {
-		return $this->invokeLDAPMethod('unbind', $link);
-	}
-
-	/**
-	 * Checks whether the server supports LDAP
-	 * @return boolean if it the case, false otherwise
-	 * */
-	public function areLDAPFunctionsAvailable() {
-		return function_exists('ldap_connect');
-	}
-
-	/**
-	 * Checks whether PHP supports LDAP Paged Results
-	 * @return boolean if it the case, false otherwise
-	 * */
-	public function hasPagedResultSupport() {
-		$hasSupport = function_exists('ldap_control_paged_result')
-			&& function_exists('ldap_control_paged_result_response');
-		return $hasSupport;
-	}
-
-	/**
-	 * Checks whether the submitted parameter is a resource
-	 * @param Resource $resource the resource variable to check
-	 * @return bool true if it is a resource, false otherwise
-	 */
-	public function isResource($resource) {
-		return is_resource($resource);
-	}
-
-	/**
-	 * Checks whether the return value from LDAP is wrong or not.
-	 *
-	 * When using ldap_search we provide an array, in case multiple bases are
-	 * configured. Thus, we need to check the array elements.
-	 *
-	 * @param $result
-	 * @return bool
-	 */
-	protected function isResultFalse($result) {
-		if($result === false) {
-			return true;
-		}
-
-		if($this->curFunc === 'ldap_search' && is_array($result)) {
-			foreach ($result as $singleResult) {
-				if($singleResult === false) {
-					return true;
-				}
-			}
-		}
-
-		return false;
-	}
-
-	/**
-	 * @return mixed
-	 */
-	protected function invokeLDAPMethod() {
-		$arguments = func_get_args();
-		$func = 'ldap_' . array_shift($arguments);
-		if(function_exists($func)) {
-			$this->preFunctionCall($func, $arguments);
-			$result = call_user_func_array($func, $arguments);
-			if ($this->isResultFalse($result)) {
-				$this->postFunctionCall();
-			}
-			return $result;
-		}
-		return null;
-	}
-
-	/**
-	 * @param string $functionName
-	 * @param array $args
-	 */
-	private function preFunctionCall($functionName, $args) {
-		$this->curFunc = $functionName;
-		$this->curArgs = $args;
-	}
-
-	/**
-	 * Analyzes the returned LDAP error and acts accordingly if not 0
-	 *
-	 * @param resource $resource the LDAP Connection resource
-	 * @throws ConstraintViolationException
-	 * @throws ServerNotAvailableException
-	 * @throws \Exception
-	 */
-	private function processLDAPError($resource) {
-		$errorCode = ldap_errno($resource);
-		if($errorCode === 0) {
-			return;
-		}
-		$errorMsg  = ldap_error($resource);
-
-		if($this->curFunc === 'ldap_get_entries'
-			&& $errorCode === -4) {
-		} else if ($errorCode === 32) {
-			//for now
-		} else if ($errorCode === 10) {
-			//referrals, we switch them off, but then there is AD :)
-		} else if ($errorCode === -1) {
-			throw new ServerNotAvailableException('Lost connection to LDAP server.');
-		} else if ($errorCode === 48) {
-			throw new \Exception('LDAP authentication method rejected', $errorCode);
-		} else if ($errorCode === 1) {
-			throw new \Exception('LDAP Operations error', $errorCode);
-		} else if ($errorCode === 19) {
-			ldap_get_option($this->curArgs[0], LDAP_OPT_ERROR_STRING, $extended_error);
-			throw new ConstraintViolationException(!empty($extended_error)?$extended_error:$errorMsg, $errorCode);
-		} else {
-			\OCP\Util::writeLog('user_ldap',
-				'LDAP error '.$errorMsg.' (' .
-				$errorCode.') after calling '.
-				$this->curFunc,
-				\OCP\Util::DEBUG);
-		}
-	}
-
-	/**
-	 * Called after an ldap method is run to act on LDAP error if necessary
-	 */
-	private function postFunctionCall() {
-		if($this->isResource($this->curArgs[0])) {
-			$resource = $this->curArgs[0];
-		} else if(
-			   $this->curFunc === 'ldap_search'
-			&& is_array($this->curArgs[0])
-			&& $this->isResource($this->curArgs[0][0])
-		) {
-			// we use always the same LDAP connection resource, is enough to
-			// take the first one.
-			$resource = $this->curArgs[0][0];
-		} else {
-			return;
-		}
-
-		$this->processLDAPError($resource);
-
-		$this->curFunc = '';
-		$this->curArgs = [];
-	}
+    protected $curFunc = '';
+    protected $curArgs = array();
+
+    /**
+     * @param resource $link
+     * @param string $dn
+     * @param string $password
+     * @return bool|mixed
+     */
+    public function bind($link, $dn, $password) {
+        return $this->invokeLDAPMethod('bind', $link, $dn, $password);
+    }
+
+    /**
+     * @param string $host
+     * @param string $port
+     * @return mixed
+     */
+    public function connect($host, $port) {
+        if(strpos($host, '://') === false) {
+            $host = 'ldap://' . $host;
+        }
+        if(strpos($host, ':', strpos($host, '://') + 1) === false) {
+            //ldap_connect ignores port parameter when URLs are passed
+            $host .= ':' . $port;
+        }
+        return $this->invokeLDAPMethod('connect', $host);
+    }
+
+    /**
+     * @param LDAP $link
+     * @param LDAP $result
+     * @param string $cookie
+     * @return bool|LDAP
+     */
+    public function controlPagedResultResponse($link, $result, &$cookie) {
+        $this->preFunctionCall('ldap_control_paged_result_response',
+            array($link, $result, $cookie));
+        $result = ldap_control_paged_result_response($link, $result, $cookie);
+        $this->postFunctionCall();
+
+        return $result;
+    }
+
+    /**
+     * @param LDAP $link
+     * @param int $pageSize
+     * @param bool $isCritical
+     * @param string $cookie
+     * @return mixed|true
+     */
+    public function controlPagedResult($link, $pageSize, $isCritical, $cookie) {
+        return $this->invokeLDAPMethod('control_paged_result', $link, $pageSize,
+                                        $isCritical, $cookie);
+    }
+
+    /**
+     * @param LDAP $link
+     * @param LDAP $result
+     * @return mixed
+     */
+    public function countEntries($link, $result) {
+        return $this->invokeLDAPMethod('count_entries', $link, $result);
+    }
+
+    /**
+     * @param LDAP $link
+     * @return mixed|string
+     */
+    public function errno($link) {
+        return $this->invokeLDAPMethod('errno', $link);
+    }
+
+    /**
+     * @param LDAP $link
+     * @return int|mixed
+     */
+    public function error($link) {
+        return $this->invokeLDAPMethod('error', $link);
+    }
+
+    /**
+     * Splits DN into its component parts
+     * @param string $dn
+     * @param int @withAttrib
+     * @return array|false
+     * @link http://www.php.net/manual/en/function.ldap-explode-dn.php
+     */
+    public function explodeDN($dn, $withAttrib) {
+        return $this->invokeLDAPMethod('explode_dn', $dn, $withAttrib);
+    }
+
+    /**
+     * @param LDAP $link
+     * @param LDAP $result
+     * @return mixed
+     */
+    public function firstEntry($link, $result) {
+        return $this->invokeLDAPMethod('first_entry', $link, $result);
+    }
+
+    /**
+     * @param LDAP $link
+     * @param LDAP $result
+     * @return array|mixed
+     */
+    public function getAttributes($link, $result) {
+        return $this->invokeLDAPMethod('get_attributes', $link, $result);
+    }
+
+    /**
+     * @param LDAP $link
+     * @param LDAP $result
+     * @return mixed|string
+     */
+    public function getDN($link, $result) {
+        return $this->invokeLDAPMethod('get_dn', $link, $result);
+    }
+
+    /**
+     * @param LDAP $link
+     * @param LDAP $result
+     * @return array|mixed
+     */
+    public function getEntries($link, $result) {
+        return $this->invokeLDAPMethod('get_entries', $link, $result);
+    }
+
+    /**
+     * @param LDAP $link
+     * @param resource $result
+     * @return mixed
+     */
+    public function nextEntry($link, $result) {
+        return $this->invokeLDAPMethod('next_entry', $link, $result);
+    }
+
+    /**
+     * @param LDAP $link
+     * @param string $baseDN
+     * @param string $filter
+     * @param array $attr
+     * @return mixed
+     */
+    public function read($link, $baseDN, $filter, $attr) {
+        return $this->invokeLDAPMethod('read', $link, $baseDN, $filter, $attr);
+    }
+
+    /**
+     * @param LDAP $link
+     * @param string $baseDN
+     * @param string $filter
+     * @param array $attr
+     * @param int $attrsOnly
+     * @param int $limit
+     * @return mixed
+     */
+    public function search($link, $baseDN, $filter, $attr, $attrsOnly = 0, $limit = 0) {
+        return $this->invokeLDAPMethod('search', $link, $baseDN, $filter, $attr, $attrsOnly, $limit);
+    }
+
+    /**
+     * @param LDAP $link
+     * @param string $userDN
+     * @param string $password
+     * @return bool
+     */
+    public function modReplace($link, $userDN, $password) {
+        return $this->invokeLDAPMethod('mod_replace', $link, $userDN, array('userPassword' => $password));
+    }
+
+    /**
+     * @param LDAP $link
+     * @param string $option
+     * @param int $value
+     * @return bool|mixed
+     */
+    public function setOption($link, $option, $value) {
+        return $this->invokeLDAPMethod('set_option', $link, $option, $value);
+    }
+
+    /**
+     * @param LDAP $link
+     * @return mixed|true
+     */
+    public function startTls($link) {
+        return $this->invokeLDAPMethod('start_tls', $link);
+    }
+
+    /**
+     * @param resource $link
+     * @return bool|mixed
+     */
+    public function unbind($link) {
+        return $this->invokeLDAPMethod('unbind', $link);
+    }
+
+    /**
+     * Checks whether the server supports LDAP
+     * @return boolean if it the case, false otherwise
+     * */
+    public function areLDAPFunctionsAvailable() {
+        return function_exists('ldap_connect');
+    }
+
+    /**
+     * Checks whether PHP supports LDAP Paged Results
+     * @return boolean if it the case, false otherwise
+     * */
+    public function hasPagedResultSupport() {
+        $hasSupport = function_exists('ldap_control_paged_result')
+            && function_exists('ldap_control_paged_result_response');
+        return $hasSupport;
+    }
+
+    /**
+     * Checks whether the submitted parameter is a resource
+     * @param Resource $resource the resource variable to check
+     * @return bool true if it is a resource, false otherwise
+     */
+    public function isResource($resource) {
+        return is_resource($resource);
+    }
+
+    /**
+     * Checks whether the return value from LDAP is wrong or not.
+     *
+     * When using ldap_search we provide an array, in case multiple bases are
+     * configured. Thus, we need to check the array elements.
+     *
+     * @param $result
+     * @return bool
+     */
+    protected function isResultFalse($result) {
+        if($result === false) {
+            return true;
+        }
+
+        if($this->curFunc === 'ldap_search' && is_array($result)) {
+            foreach ($result as $singleResult) {
+                if($singleResult === false) {
+                    return true;
+                }
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * @return mixed
+     */
+    protected function invokeLDAPMethod() {
+        $arguments = func_get_args();
+        $func = 'ldap_' . array_shift($arguments);
+        if(function_exists($func)) {
+            $this->preFunctionCall($func, $arguments);
+            $result = call_user_func_array($func, $arguments);
+            if ($this->isResultFalse($result)) {
+                $this->postFunctionCall();
+            }
+            return $result;
+        }
+        return null;
+    }
+
+    /**
+     * @param string $functionName
+     * @param array $args
+     */
+    private function preFunctionCall($functionName, $args) {
+        $this->curFunc = $functionName;
+        $this->curArgs = $args;
+    }
+
+    /**
+     * Analyzes the returned LDAP error and acts accordingly if not 0
+     *
+     * @param resource $resource the LDAP Connection resource
+     * @throws ConstraintViolationException
+     * @throws ServerNotAvailableException
+     * @throws \Exception
+     */
+    private function processLDAPError($resource) {
+        $errorCode = ldap_errno($resource);
+        if($errorCode === 0) {
+            return;
+        }
+        $errorMsg  = ldap_error($resource);
+
+        if($this->curFunc === 'ldap_get_entries'
+            && $errorCode === -4) {
+        } else if ($errorCode === 32) {
+            //for now
+        } else if ($errorCode === 10) {
+            //referrals, we switch them off, but then there is AD :)
+        } else if ($errorCode === -1) {
+            throw new ServerNotAvailableException('Lost connection to LDAP server.');
+        } else if ($errorCode === 48) {
+            throw new \Exception('LDAP authentication method rejected', $errorCode);
+        } else if ($errorCode === 1) {
+            throw new \Exception('LDAP Operations error', $errorCode);
+        } else if ($errorCode === 19) {
+            ldap_get_option($this->curArgs[0], LDAP_OPT_ERROR_STRING, $extended_error);
+            throw new ConstraintViolationException(!empty($extended_error)?$extended_error:$errorMsg, $errorCode);
+        } else {
+            \OCP\Util::writeLog('user_ldap',
+                'LDAP error '.$errorMsg.' (' .
+                $errorCode.') after calling '.
+                $this->curFunc,
+                \OCP\Util::DEBUG);
+        }
+    }
+
+    /**
+     * Called after an ldap method is run to act on LDAP error if necessary
+     */
+    private function postFunctionCall() {
+        if($this->isResource($this->curArgs[0])) {
+            $resource = $this->curArgs[0];
+        } else if(
+                $this->curFunc === 'ldap_search'
+            && is_array($this->curArgs[0])
+            && $this->isResource($this->curArgs[0][0])
+        ) {
+            // we use always the same LDAP connection resource, is enough to
+            // take the first one.
+            $resource = $this->curArgs[0][0];
+        } else {
+            return;
+        }
+
+        $this->processLDAPError($resource);
+
+        $this->curFunc = '';
+        $this->curArgs = [];
+    }
 }

Please login to merge, or discard this patch.

apps/user_ldap/lib/User/User.php 1 patch

Indentation +499 added lines, -499 removed lines patch added patch discarded remove patch

@@ -41,504 +41,504 @@
 block discarded – undo
  * represents an LDAP user, gets and holds user-specific information from LDAP
  */
 class User {
-	/**
-	 * @var IUserTools
-	 */
-	protected $access;
-	/**
-	 * @var Connection
-	 */
-	protected $connection;
-	/**
-	 * @var IConfig
-	 */
-	protected $config;
-	/**
-	 * @var FilesystemHelper
-	 */
-	protected $fs;
-	/**
-	 * @var Image
-	 */
-	protected $image;
-	/**
-	 * @var LogWrapper
-	 */
-	protected $log;
-	/**
-	 * @var IAvatarManager
-	 */
-	protected $avatarManager;
-	/**
-	 * @var IUserManager
-	 */
-	protected $userManager;
-	/**
-	 * @var string
-	 */
-	protected $dn;
-	/**
-	 * @var string
-	 */
-	protected $uid;
-	/**
-	 * @var string[]
-	 */
-	protected $refreshedFeatures = array();
-	/**
-	 * @var string
-	 */
-	protected $avatarImage;
-
-	/**
-	 * DB config keys for user preferences
-	 */
-	const USER_PREFKEY_FIRSTLOGIN  = 'firstLoginAccomplished';
-	const USER_PREFKEY_LASTREFRESH = 'lastFeatureRefresh';
-
-	/**
-	 * @brief constructor, make sure the subclasses call this one!
-	 * @param string $username the internal username
-	 * @param string $dn the LDAP DN
-	 * @param IUserTools $access an instance that implements IUserTools for
-	 * LDAP interaction
-	 * @param IConfig $config
-	 * @param FilesystemHelper $fs
-	 * @param Image $image any empty instance
-	 * @param LogWrapper $log
-	 * @param IAvatarManager $avatarManager
-	 * @param IUserManager $userManager
-	 */
-	public function __construct($username, $dn, IUserTools $access,
-		IConfig $config, FilesystemHelper $fs, Image $image,
-		LogWrapper $log, IAvatarManager $avatarManager, IUserManager $userManager) {
-
-		if ($username === null) {
-			$log->log("uid for '$dn' must not be null!", Util::ERROR);
-			throw new \InvalidArgumentException('uid must not be null!');
-		} else if ($username === '') {
-			$log->log("uid for '$dn' must not be an empty string", Util::ERROR);
-			throw new \InvalidArgumentException('uid must not be an empty string!');
-		}
-
-		$this->access        = $access;
-		$this->connection    = $access->getConnection();
-		$this->config        = $config;
-		$this->fs            = $fs;
-		$this->dn            = $dn;
-		$this->uid           = $username;
-		$this->image         = $image;
-		$this->log           = $log;
-		$this->avatarManager = $avatarManager;
-		$this->userManager   = $userManager;
-	}
-
-	/**
-	 * @brief updates properties like email, quota or avatar provided by LDAP
-	 * @return null
-	 */
-	public function update() {
-		if(is_null($this->dn)) {
-			return null;
-		}
-
-		$hasLoggedIn = $this->config->getUserValue($this->uid, 'user_ldap',
-				self::USER_PREFKEY_FIRSTLOGIN, 0);
-
-		if($this->needsRefresh()) {
-			$this->updateEmail();
-			$this->updateQuota();
-			if($hasLoggedIn !== 0) {
-				//we do not need to try it, when the user has not been logged in
-				//before, because the file system will not be ready.
-				$this->updateAvatar();
-				//in order to get an avatar as soon as possible, mark the user
-				//as refreshed only when updating the avatar did happen
-				$this->markRefreshTime();
-			}
-		}
-	}
-
-	/**
-	 * processes results from LDAP for attributes as returned by getAttributesToRead()
-	 * @param array $ldapEntry the user entry as retrieved from LDAP
-	 */
-	public function processAttributes($ldapEntry) {
-		$this->markRefreshTime();
-		//Quota
-		$attr = strtolower($this->connection->ldapQuotaAttribute);
-		if(isset($ldapEntry[$attr])) {
-			$this->updateQuota($ldapEntry[$attr][0]);
-		}
-		unset($attr);
-
-		//Email
-		$attr = strtolower($this->connection->ldapEmailAttribute);
-		if(isset($ldapEntry[$attr])) {
-			$this->updateEmail($ldapEntry[$attr][0]);
-		}
-		unset($attr);
-
-		//displayName
-		$displayName = $displayName2 = '';
-		$attr = strtolower($this->connection->ldapUserDisplayName);
-		if(isset($ldapEntry[$attr])) {
-			$displayName = strval($ldapEntry[$attr][0]);
-		}
-		$attr = strtolower($this->connection->ldapUserDisplayName2);
-		if(isset($ldapEntry[$attr])) {
-			$displayName2 = strval($ldapEntry[$attr][0]);
-		}
-		if ($displayName !== '') {
-			$this->composeAndStoreDisplayName($displayName);
-			$this->access->cacheUserDisplayName(
-				$this->getUsername(),
-				$displayName,
-				$displayName2
-			);
-		}
-		unset($attr);
-
-		// LDAP Username, needed for s2s sharing
-		if(isset($ldapEntry['uid'])) {
-			$this->storeLDAPUserName($ldapEntry['uid'][0]);
-		} else if(isset($ldapEntry['samaccountname'])) {
-			$this->storeLDAPUserName($ldapEntry['samaccountname'][0]);
-		}
-
-		//homePath
-		if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) {
-			$attr = strtolower(substr($this->connection->homeFolderNamingRule, strlen('attr:')));
-			if(isset($ldapEntry[$attr])) {
-				$this->access->cacheUserHome(
-					$this->getUsername(), $this->getHomePath($ldapEntry[$attr][0]));
-			}
-		}
-
-		//memberOf groups
-		$cacheKey = 'getMemberOf'.$this->getUsername();
-		$groups = false;
-		if(isset($ldapEntry['memberof'])) {
-			$groups = $ldapEntry['memberof'];
-		}
-		$this->connection->writeToCache($cacheKey, $groups);
-
-		//Avatar
-		$attrs = array('jpegphoto', 'thumbnailphoto');
-		foreach ($attrs as $attr)  {
-			if(isset($ldapEntry[$attr])) {
-				$this->avatarImage = $ldapEntry[$attr][0];
-				// the call to the method that saves the avatar in the file
-				// system must be postponed after the login. It is to ensure
-				// external mounts are mounted properly (e.g. with login
-				// credentials from the session).
-				\OCP\Util::connectHook('OC_User', 'post_login', $this, 'updateAvatarPostLogin');
-				break;
-			}
-		}
-	}
-
-	/**
-	 * @brief returns the LDAP DN of the user
-	 * @return string
-	 */
-	public function getDN() {
-		return $this->dn;
-	}
-
-	/**
-	 * @brief returns the ownCloud internal username of the user
-	 * @return string
-	 */
-	public function getUsername() {
-		return $this->uid;
-	}
-
-	/**
-	 * returns the home directory of the user if specified by LDAP settings
-	 * @param string $valueFromLDAP
-	 * @return bool|string
-	 * @throws \Exception
-	 */
-	public function getHomePath($valueFromLDAP = null) {
-		$path = strval($valueFromLDAP);
-		$attr = null;
-
-		if (is_null($valueFromLDAP)
-		   && strpos($this->access->connection->homeFolderNamingRule, 'attr:') === 0
-		   && $this->access->connection->homeFolderNamingRule !== 'attr:')
-		{
-			$attr = substr($this->access->connection->homeFolderNamingRule, strlen('attr:'));
-			$homedir = $this->access->readAttribute(
-				$this->access->username2dn($this->getUsername()), $attr);
-			if ($homedir && isset($homedir[0])) {
-				$path = $homedir[0];
-			}
-		}
-
-		if ($path !== '') {
-			//if attribute's value is an absolute path take this, otherwise append it to data dir
-			//check for / at the beginning or pattern c:\ resp. c:/
-			if(   '/' !== $path[0]
-			   && !(3 < strlen($path) && ctype_alpha($path[0])
-			       && $path[1] === ':' && ('\\' === $path[2] || '/' === $path[2]))
-			) {
-				$path = $this->config->getSystemValue('datadirectory',
-						\OC::$SERVERROOT.'/data' ) . '/' . $path;
-			}
-			//we need it to store it in the DB as well in case a user gets
-			//deleted so we can clean up afterwards
-			$this->config->setUserValue(
-				$this->getUsername(), 'user_ldap', 'homePath', $path
-			);
-			return $path;
-		}
-
-		if(    !is_null($attr)
-			&& $this->config->getAppValue('user_ldap', 'enforce_home_folder_naming_rule', true)
-		) {
-			// a naming rule attribute is defined, but it doesn't exist for that LDAP user
-			throw new \Exception('Home dir attribute can\'t be read from LDAP for uid: ' . $this->getUsername());
-		}
-
-		//false will apply default behaviour as defined and done by OC_User
-		$this->config->setUserValue($this->getUsername(), 'user_ldap', 'homePath', '');
-		return false;
-	}
-
-	public function getMemberOfGroups() {
-		$cacheKey = 'getMemberOf'.$this->getUsername();
-		$memberOfGroups = $this->connection->getFromCache($cacheKey);
-		if(!is_null($memberOfGroups)) {
-			return $memberOfGroups;
-		}
-		$groupDNs = $this->access->readAttribute($this->getDN(), 'memberOf');
-		$this->connection->writeToCache($cacheKey, $groupDNs);
-		return $groupDNs;
-	}
-
-	/**
-	 * @brief reads the image from LDAP that shall be used as Avatar
-	 * @return string data (provided by LDAP) | false
-	 */
-	public function getAvatarImage() {
-		if(!is_null($this->avatarImage)) {
-			return $this->avatarImage;
-		}
-
-		$this->avatarImage = false;
-		$attributes = array('jpegPhoto', 'thumbnailPhoto');
-		foreach($attributes as $attribute) {
-			$result = $this->access->readAttribute($this->dn, $attribute);
-			if($result !== false && is_array($result) && isset($result[0])) {
-				$this->avatarImage = $result[0];
-				break;
-			}
-		}
-
-		return $this->avatarImage;
-	}
-
-	/**
-	 * @brief marks the user as having logged in at least once
-	 * @return null
-	 */
-	public function markLogin() {
-		$this->config->setUserValue(
-			$this->uid, 'user_ldap', self::USER_PREFKEY_FIRSTLOGIN, 1);
-	}
-
-	/**
-	 * @brief marks the time when user features like email have been updated
-	 * @return null
-	 */
-	public function markRefreshTime() {
-		$this->config->setUserValue(
-			$this->uid, 'user_ldap', self::USER_PREFKEY_LASTREFRESH, time());
-	}
-
-	/**
-	 * @brief checks whether user features needs to be updated again by
-	 * comparing the difference of time of the last refresh to now with the
-	 * desired interval
-	 * @return bool
-	 */
-	private function needsRefresh() {
-		$lastChecked = $this->config->getUserValue($this->uid, 'user_ldap',
-			self::USER_PREFKEY_LASTREFRESH, 0);
-
-		//TODO make interval configurable
-		if((time() - intval($lastChecked)) < 86400 ) {
-			return false;
-		}
-		return  true;
-	}
-
-	/**
-	 * Stores a key-value pair in relation to this user
-	 *
-	 * @param string $key
-	 * @param string $value
-	 */
-	private function store($key, $value) {
-		$this->config->setUserValue($this->uid, 'user_ldap', $key, $value);
-	}
-
-	/**
-	 * Composes the display name and stores it in the database. The final
-	 * display name is returned.
-	 *
-	 * @param string $displayName
-	 * @param string $displayName2
-	 * @returns string the effective display name
-	 */
-	public function composeAndStoreDisplayName($displayName, $displayName2 = '') {
-		$displayName2 = strval($displayName2);
-		if($displayName2 !== '') {
-			$displayName .= ' (' . $displayName2 . ')';
-		}
-		$this->store('displayName', $displayName);
-		return $displayName;
-	}
-
-	/**
-	 * Stores the LDAP Username in the Database
-	 * @param string $userName
-	 */
-	public function storeLDAPUserName($userName) {
-		$this->store('uid', $userName);
-	}
-
-	/**
-	 * @brief checks whether an update method specified by feature was run
-	 * already. If not, it will marked like this, because it is expected that
-	 * the method will be run, when false is returned.
-	 * @param string $feature email | quota | avatar (can be extended)
-	 * @return bool
-	 */
-	private function wasRefreshed($feature) {
-		if(isset($this->refreshedFeatures[$feature])) {
-			return true;
-		}
-		$this->refreshedFeatures[$feature] = 1;
-		return false;
-	}
-
-	/**
-	 * fetches the email from LDAP and stores it as ownCloud user value
-	 * @param string $valueFromLDAP if known, to save an LDAP read request
-	 * @return null
-	 */
-	public function updateEmail($valueFromLDAP = null) {
-		if($this->wasRefreshed('email')) {
-			return;
-		}
-		$email = strval($valueFromLDAP);
-		if(is_null($valueFromLDAP)) {
-			$emailAttribute = $this->connection->ldapEmailAttribute;
-			if ($emailAttribute !== '') {
-				$aEmail = $this->access->readAttribute($this->dn, $emailAttribute);
-				if(is_array($aEmail) && (count($aEmail) > 0)) {
-					$email = strval($aEmail[0]);
-				}
-			}
-		}
-		if ($email !== '') {
-			$user = $this->userManager->get($this->uid);
-			if (!is_null($user)) {
-				$currentEmail = strval($user->getEMailAddress());
-				if ($currentEmail !== $email) {
-					$user->setEMailAddress($email);
-				}
-			}
-		}
-	}
-
-	/**
-	 * fetches the quota from LDAP and stores it as ownCloud user value
-	 * @param string $valueFromLDAP the quota attribute's value can be passed,
-	 * to save the readAttribute request
-	 * @return null
-	 */
-	public function updateQuota($valueFromLDAP = null) {
-		if($this->wasRefreshed('quota')) {
-			return;
-		}
-		//can be null
-		$quotaDefault = $this->connection->ldapQuotaDefault;
-		$quota = $quotaDefault !== '' ? $quotaDefault : null;
-		$quota = !is_null($valueFromLDAP) ? $valueFromLDAP : $quota;
-
-		if(is_null($valueFromLDAP)) {
-			$quotaAttribute = $this->connection->ldapQuotaAttribute;
-			if ($quotaAttribute !== '') {
-				$aQuota = $this->access->readAttribute($this->dn, $quotaAttribute);
-				if($aQuota && (count($aQuota) > 0)) {
-					$quota = $aQuota[0];
-				}
-			}
-		}
-		if(!is_null($quota)) {
-			$this->userManager->get($this->uid)->setQuota($quota);
-		}
-	}
-
-	/**
-	 * called by a post_login hook to save the avatar picture
-	 *
-	 * @param array $params
-	 */
-	public function updateAvatarPostLogin($params) {
-		if(isset($params['uid']) && $params['uid'] === $this->getUsername()) {
-			$this->updateAvatar();
-		}
-	}
-
-	/**
-	 * @brief attempts to get an image from LDAP and sets it as ownCloud avatar
-	 * @return null
-	 */
-	public function updateAvatar() {
-		if($this->wasRefreshed('avatar')) {
-			return;
-		}
-		$avatarImage = $this->getAvatarImage();
-		if($avatarImage === false) {
-			//not set, nothing left to do;
-			return;
-		}
-		$this->image->loadFromBase64(base64_encode($avatarImage));
-		$this->setOwnCloudAvatar();
-	}
-
-	/**
-	 * @brief sets an image as ownCloud avatar
-	 * @return null
-	 */
-	private function setOwnCloudAvatar() {
-		if(!$this->image->valid()) {
-			$this->log->log('jpegPhoto data invalid for '.$this->dn, \OCP\Util::ERROR);
-			return;
-		}
-		//make sure it is a square and not bigger than 128x128
-		$size = min(array($this->image->width(), $this->image->height(), 128));
-		if(!$this->image->centerCrop($size)) {
-			$this->log->log('croping image for avatar failed for '.$this->dn, \OCP\Util::ERROR);
-			return;
-		}
-
-		if(!$this->fs->isLoaded()) {
-			$this->fs->setup($this->uid);
-		}
-
-		try {
-			$avatar = $this->avatarManager->getAvatar($this->uid);
-			$avatar->set($this->image);
-		} catch (\Exception $e) {
-			\OC::$server->getLogger()->notice(
-				'Could not set avatar for ' . $this->dn	. ', because: ' . $e->getMessage(),
-				['app' => 'user_ldap']);
-		}
-	}
+    /**
+     * @var IUserTools
+     */
+    protected $access;
+    /**
+     * @var Connection
+     */
+    protected $connection;
+    /**
+     * @var IConfig
+     */
+    protected $config;
+    /**
+     * @var FilesystemHelper
+     */
+    protected $fs;
+    /**
+     * @var Image
+     */
+    protected $image;
+    /**
+     * @var LogWrapper
+     */
+    protected $log;
+    /**
+     * @var IAvatarManager
+     */
+    protected $avatarManager;
+    /**
+     * @var IUserManager
+     */
+    protected $userManager;
+    /**
+     * @var string
+     */
+    protected $dn;
+    /**
+     * @var string
+     */
+    protected $uid;
+    /**
+     * @var string[]
+     */
+    protected $refreshedFeatures = array();
+    /**
+     * @var string
+     */
+    protected $avatarImage;
+
+    /**
+     * DB config keys for user preferences
+     */
+    const USER_PREFKEY_FIRSTLOGIN  = 'firstLoginAccomplished';
+    const USER_PREFKEY_LASTREFRESH = 'lastFeatureRefresh';
+
+    /**
+     * @brief constructor, make sure the subclasses call this one!
+     * @param string $username the internal username
+     * @param string $dn the LDAP DN
+     * @param IUserTools $access an instance that implements IUserTools for
+     * LDAP interaction
+     * @param IConfig $config
+     * @param FilesystemHelper $fs
+     * @param Image $image any empty instance
+     * @param LogWrapper $log
+     * @param IAvatarManager $avatarManager
+     * @param IUserManager $userManager
+     */
+    public function __construct($username, $dn, IUserTools $access,
+        IConfig $config, FilesystemHelper $fs, Image $image,
+        LogWrapper $log, IAvatarManager $avatarManager, IUserManager $userManager) {
+
+        if ($username === null) {
+            $log->log("uid for '$dn' must not be null!", Util::ERROR);
+            throw new \InvalidArgumentException('uid must not be null!');
+        } else if ($username === '') {
+            $log->log("uid for '$dn' must not be an empty string", Util::ERROR);
+            throw new \InvalidArgumentException('uid must not be an empty string!');
+        }
+
+        $this->access        = $access;
+        $this->connection    = $access->getConnection();
+        $this->config        = $config;
+        $this->fs            = $fs;
+        $this->dn            = $dn;
+        $this->uid           = $username;
+        $this->image         = $image;
+        $this->log           = $log;
+        $this->avatarManager = $avatarManager;
+        $this->userManager   = $userManager;
+    }
+
+    /**
+     * @brief updates properties like email, quota or avatar provided by LDAP
+     * @return null
+     */
+    public function update() {
+        if(is_null($this->dn)) {
+            return null;
+        }
+
+        $hasLoggedIn = $this->config->getUserValue($this->uid, 'user_ldap',
+                self::USER_PREFKEY_FIRSTLOGIN, 0);
+
+        if($this->needsRefresh()) {
+            $this->updateEmail();
+            $this->updateQuota();
+            if($hasLoggedIn !== 0) {
+                //we do not need to try it, when the user has not been logged in
+                //before, because the file system will not be ready.
+                $this->updateAvatar();
+                //in order to get an avatar as soon as possible, mark the user
+                //as refreshed only when updating the avatar did happen
+                $this->markRefreshTime();
+            }
+        }
+    }
+
+    /**
+     * processes results from LDAP for attributes as returned by getAttributesToRead()
+     * @param array $ldapEntry the user entry as retrieved from LDAP
+     */
+    public function processAttributes($ldapEntry) {
+        $this->markRefreshTime();
+        //Quota
+        $attr = strtolower($this->connection->ldapQuotaAttribute);
+        if(isset($ldapEntry[$attr])) {
+            $this->updateQuota($ldapEntry[$attr][0]);
+        }
+        unset($attr);
+
+        //Email
+        $attr = strtolower($this->connection->ldapEmailAttribute);
+        if(isset($ldapEntry[$attr])) {
+            $this->updateEmail($ldapEntry[$attr][0]);
+        }
+        unset($attr);
+
+        //displayName
+        $displayName = $displayName2 = '';
+        $attr = strtolower($this->connection->ldapUserDisplayName);
+        if(isset($ldapEntry[$attr])) {
+            $displayName = strval($ldapEntry[$attr][0]);
+        }
+        $attr = strtolower($this->connection->ldapUserDisplayName2);
+        if(isset($ldapEntry[$attr])) {
+            $displayName2 = strval($ldapEntry[$attr][0]);
+        }
+        if ($displayName !== '') {
+            $this->composeAndStoreDisplayName($displayName);
+            $this->access->cacheUserDisplayName(
+                $this->getUsername(),
+                $displayName,
+                $displayName2
+            );
+        }
+        unset($attr);
+
+        // LDAP Username, needed for s2s sharing
+        if(isset($ldapEntry['uid'])) {
+            $this->storeLDAPUserName($ldapEntry['uid'][0]);
+        } else if(isset($ldapEntry['samaccountname'])) {
+            $this->storeLDAPUserName($ldapEntry['samaccountname'][0]);
+        }
+
+        //homePath
+        if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) {
+            $attr = strtolower(substr($this->connection->homeFolderNamingRule, strlen('attr:')));
+            if(isset($ldapEntry[$attr])) {
+                $this->access->cacheUserHome(
+                    $this->getUsername(), $this->getHomePath($ldapEntry[$attr][0]));
+            }
+        }
+
+        //memberOf groups
+        $cacheKey = 'getMemberOf'.$this->getUsername();
+        $groups = false;
+        if(isset($ldapEntry['memberof'])) {
+            $groups = $ldapEntry['memberof'];
+        }
+        $this->connection->writeToCache($cacheKey, $groups);
+
+        //Avatar
+        $attrs = array('jpegphoto', 'thumbnailphoto');
+        foreach ($attrs as $attr)  {
+            if(isset($ldapEntry[$attr])) {
+                $this->avatarImage = $ldapEntry[$attr][0];
+                // the call to the method that saves the avatar in the file
+                // system must be postponed after the login. It is to ensure
+                // external mounts are mounted properly (e.g. with login
+                // credentials from the session).
+                \OCP\Util::connectHook('OC_User', 'post_login', $this, 'updateAvatarPostLogin');
+                break;
+            }
+        }
+    }
+
+    /**
+     * @brief returns the LDAP DN of the user
+     * @return string
+     */
+    public function getDN() {
+        return $this->dn;
+    }
+
+    /**
+     * @brief returns the ownCloud internal username of the user
+     * @return string
+     */
+    public function getUsername() {
+        return $this->uid;
+    }
+
+    /**
+     * returns the home directory of the user if specified by LDAP settings
+     * @param string $valueFromLDAP
+     * @return bool|string
+     * @throws \Exception
+     */
+    public function getHomePath($valueFromLDAP = null) {
+        $path = strval($valueFromLDAP);
+        $attr = null;
+
+        if (is_null($valueFromLDAP)
+           && strpos($this->access->connection->homeFolderNamingRule, 'attr:') === 0
+           && $this->access->connection->homeFolderNamingRule !== 'attr:')
+        {
+            $attr = substr($this->access->connection->homeFolderNamingRule, strlen('attr:'));
+            $homedir = $this->access->readAttribute(
+                $this->access->username2dn($this->getUsername()), $attr);
+            if ($homedir && isset($homedir[0])) {
+                $path = $homedir[0];
+            }
+        }
+
+        if ($path !== '') {
+            //if attribute's value is an absolute path take this, otherwise append it to data dir
+            //check for / at the beginning or pattern c:\ resp. c:/
+            if(   '/' !== $path[0]
+               && !(3 < strlen($path) && ctype_alpha($path[0])
+                   && $path[1] === ':' && ('\\' === $path[2] || '/' === $path[2]))
+            ) {
+                $path = $this->config->getSystemValue('datadirectory',
+                        \OC::$SERVERROOT.'/data' ) . '/' . $path;
+            }
+            //we need it to store it in the DB as well in case a user gets
+            //deleted so we can clean up afterwards
+            $this->config->setUserValue(
+                $this->getUsername(), 'user_ldap', 'homePath', $path
+            );
+            return $path;
+        }
+
+        if(    !is_null($attr)
+            && $this->config->getAppValue('user_ldap', 'enforce_home_folder_naming_rule', true)
+        ) {
+            // a naming rule attribute is defined, but it doesn't exist for that LDAP user
+            throw new \Exception('Home dir attribute can\'t be read from LDAP for uid: ' . $this->getUsername());
+        }
+
+        //false will apply default behaviour as defined and done by OC_User
+        $this->config->setUserValue($this->getUsername(), 'user_ldap', 'homePath', '');
+        return false;
+    }
+
+    public function getMemberOfGroups() {
+        $cacheKey = 'getMemberOf'.$this->getUsername();
+        $memberOfGroups = $this->connection->getFromCache($cacheKey);
+        if(!is_null($memberOfGroups)) {
+            return $memberOfGroups;
+        }
+        $groupDNs = $this->access->readAttribute($this->getDN(), 'memberOf');
+        $this->connection->writeToCache($cacheKey, $groupDNs);
+        return $groupDNs;
+    }
+
+    /**
+     * @brief reads the image from LDAP that shall be used as Avatar
+     * @return string data (provided by LDAP) | false
+     */
+    public function getAvatarImage() {
+        if(!is_null($this->avatarImage)) {
+            return $this->avatarImage;
+        }
+
+        $this->avatarImage = false;
+        $attributes = array('jpegPhoto', 'thumbnailPhoto');
+        foreach($attributes as $attribute) {
+            $result = $this->access->readAttribute($this->dn, $attribute);
+            if($result !== false && is_array($result) && isset($result[0])) {
+                $this->avatarImage = $result[0];
+                break;
+            }
+        }
+
+        return $this->avatarImage;
+    }
+
+    /**
+     * @brief marks the user as having logged in at least once
+     * @return null
+     */
+    public function markLogin() {
+        $this->config->setUserValue(
+            $this->uid, 'user_ldap', self::USER_PREFKEY_FIRSTLOGIN, 1);
+    }
+
+    /**
+     * @brief marks the time when user features like email have been updated
+     * @return null
+     */
+    public function markRefreshTime() {
+        $this->config->setUserValue(
+            $this->uid, 'user_ldap', self::USER_PREFKEY_LASTREFRESH, time());
+    }
+
+    /**
+     * @brief checks whether user features needs to be updated again by
+     * comparing the difference of time of the last refresh to now with the
+     * desired interval
+     * @return bool
+     */
+    private function needsRefresh() {
+        $lastChecked = $this->config->getUserValue($this->uid, 'user_ldap',
+            self::USER_PREFKEY_LASTREFRESH, 0);
+
+        //TODO make interval configurable
+        if((time() - intval($lastChecked)) < 86400 ) {
+            return false;
+        }
+        return  true;
+    }
+
+    /**
+     * Stores a key-value pair in relation to this user
+     *
+     * @param string $key
+     * @param string $value
+     */
+    private function store($key, $value) {
+        $this->config->setUserValue($this->uid, 'user_ldap', $key, $value);
+    }
+
+    /**
+     * Composes the display name and stores it in the database. The final
+     * display name is returned.
+     *
+     * @param string $displayName
+     * @param string $displayName2
+     * @returns string the effective display name
+     */
+    public function composeAndStoreDisplayName($displayName, $displayName2 = '') {
+        $displayName2 = strval($displayName2);
+        if($displayName2 !== '') {
+            $displayName .= ' (' . $displayName2 . ')';
+        }
+        $this->store('displayName', $displayName);
+        return $displayName;
+    }
+
+    /**
+     * Stores the LDAP Username in the Database
+     * @param string $userName
+     */
+    public function storeLDAPUserName($userName) {
+        $this->store('uid', $userName);
+    }
+
+    /**
+     * @brief checks whether an update method specified by feature was run
+     * already. If not, it will marked like this, because it is expected that
+     * the method will be run, when false is returned.
+     * @param string $feature email | quota | avatar (can be extended)
+     * @return bool
+     */
+    private function wasRefreshed($feature) {
+        if(isset($this->refreshedFeatures[$feature])) {
+            return true;
+        }
+        $this->refreshedFeatures[$feature] = 1;
+        return false;
+    }
+
+    /**
+     * fetches the email from LDAP and stores it as ownCloud user value
+     * @param string $valueFromLDAP if known, to save an LDAP read request
+     * @return null
+     */
+    public function updateEmail($valueFromLDAP = null) {
+        if($this->wasRefreshed('email')) {
+            return;
+        }
+        $email = strval($valueFromLDAP);
+        if(is_null($valueFromLDAP)) {
+            $emailAttribute = $this->connection->ldapEmailAttribute;
+            if ($emailAttribute !== '') {
+                $aEmail = $this->access->readAttribute($this->dn, $emailAttribute);
+                if(is_array($aEmail) && (count($aEmail) > 0)) {
+                    $email = strval($aEmail[0]);
+                }
+            }
+        }
+        if ($email !== '') {
+            $user = $this->userManager->get($this->uid);
+            if (!is_null($user)) {
+                $currentEmail = strval($user->getEMailAddress());
+                if ($currentEmail !== $email) {
+                    $user->setEMailAddress($email);
+                }
+            }
+        }
+    }
+
+    /**
+     * fetches the quota from LDAP and stores it as ownCloud user value
+     * @param string $valueFromLDAP the quota attribute's value can be passed,
+     * to save the readAttribute request
+     * @return null
+     */
+    public function updateQuota($valueFromLDAP = null) {
+        if($this->wasRefreshed('quota')) {
+            return;
+        }
+        //can be null
+        $quotaDefault = $this->connection->ldapQuotaDefault;
+        $quota = $quotaDefault !== '' ? $quotaDefault : null;
+        $quota = !is_null($valueFromLDAP) ? $valueFromLDAP : $quota;
+
+        if(is_null($valueFromLDAP)) {
+            $quotaAttribute = $this->connection->ldapQuotaAttribute;
+            if ($quotaAttribute !== '') {
+                $aQuota = $this->access->readAttribute($this->dn, $quotaAttribute);
+                if($aQuota && (count($aQuota) > 0)) {
+                    $quota = $aQuota[0];
+                }
+            }
+        }
+        if(!is_null($quota)) {
+            $this->userManager->get($this->uid)->setQuota($quota);
+        }
+    }
+
+    /**
+     * called by a post_login hook to save the avatar picture
+     *
+     * @param array $params
+     */
+    public function updateAvatarPostLogin($params) {
+        if(isset($params['uid']) && $params['uid'] === $this->getUsername()) {
+            $this->updateAvatar();
+        }
+    }
+
+    /**
+     * @brief attempts to get an image from LDAP and sets it as ownCloud avatar
+     * @return null
+     */
+    public function updateAvatar() {
+        if($this->wasRefreshed('avatar')) {
+            return;
+        }
+        $avatarImage = $this->getAvatarImage();
+        if($avatarImage === false) {
+            //not set, nothing left to do;
+            return;
+        }
+        $this->image->loadFromBase64(base64_encode($avatarImage));
+        $this->setOwnCloudAvatar();
+    }
+
+    /**
+     * @brief sets an image as ownCloud avatar
+     * @return null
+     */
+    private function setOwnCloudAvatar() {
+        if(!$this->image->valid()) {
+            $this->log->log('jpegPhoto data invalid for '.$this->dn, \OCP\Util::ERROR);
+            return;
+        }
+        //make sure it is a square and not bigger than 128x128
+        $size = min(array($this->image->width(), $this->image->height(), 128));
+        if(!$this->image->centerCrop($size)) {
+            $this->log->log('croping image for avatar failed for '.$this->dn, \OCP\Util::ERROR);
+            return;
+        }
+
+        if(!$this->fs->isLoaded()) {
+            $this->fs->setup($this->uid);
+        }
+
+        try {
+            $avatar = $this->avatarManager->getAvatar($this->uid);
+            $avatar->set($this->image);
+        } catch (\Exception $e) {
+            \OC::$server->getLogger()->notice(
+                'Could not set avatar for ' . $this->dn	. ', because: ' . $e->getMessage(),
+                ['app' => 'user_ldap']);
+        }
+    }
 
 }

Please login to merge, or discard this patch.

		@@ -33,13 +33,13 @@ discard block
		block discarded – undo
33	33	$l = \OC::$server->getL10N('user_ldap');
34	34
35	35	if(!isset($_POST['action'])) {
36		- \OCP\JSON::error(array('message' => $l->t('No action specified')));
	36	+ \OCP\JSON::error(array('message' => $l->t('No action specified')));
37	37	}
38	38	$action = (string)$_POST['action'];
39	39
40	40
41	41	if(!isset($_POST['ldap_serverconfig_chooser'])) {
42		- \OCP\JSON::error(array('message' => $l->t('No configuration specified')));
	42	+ \OCP\JSON::error(array('message' => $l->t('No configuration specified')));
43	43	}
44	44	$prefix = (string)$_POST['ldap_serverconfig_chooser'];
45	45
		@@ -52,90 +52,90 @@ discard block
		block discarded – undo
52	52	$con->setIgnoreValidation(true);
53	53
54	54	$userManager = new \OCA\User_LDAP\User\Manager(
55		- \OC::$server->getConfig(),
56		- new \OCA\User_LDAP\FilesystemHelper(),
57		- new \OCA\User_LDAP\LogWrapper(),
58		- \OC::$server->getAvatarManager(),
59		- new \OCP\Image(),
60		- \OC::$server->getDatabaseConnection(),
61		- \OC::$server->getUserManager());
	55	+ \OC::$server->getConfig(),
	56	+ new \OCA\User_LDAP\FilesystemHelper(),
	57	+ new \OCA\User_LDAP\LogWrapper(),
	58	+ \OC::$server->getAvatarManager(),
	59	+ new \OCP\Image(),
	60	+ \OC::$server->getDatabaseConnection(),
	61	+ \OC::$server->getUserManager());
62	62
63	63	$access = new \OCA\User_LDAP\Access($con, $ldapWrapper, $userManager, new \OCA\User_LDAP\Helper(
64		- \OC::$server->getConfig()
	64	+ \OC::$server->getConfig()
65	65	));
66	66
67	67	$wizard = new \OCA\User_LDAP\Wizard($configuration, $ldapWrapper, $access);
68	68
69	69	switch($action) {
70		- case 'guessPortAndTLS':
71		- case 'guessBaseDN':
72		- case 'detectEmailAttribute':
73		- case 'detectUserDisplayNameAttribute':
74		- case 'determineGroupMemberAssoc':
75		- case 'determineUserObjectClasses':
76		- case 'determineGroupObjectClasses':
77		- case 'determineGroupsForUsers':
78		- case 'determineGroupsForGroups':
79		- case 'determineAttributes':
80		- case 'getUserListFilter':
81		- case 'getUserLoginFilter':
82		- case 'getGroupFilter':
83		- case 'countUsers':
84		- case 'countGroups':
85		- case 'countInBaseDN':
86		- try {
87		- $result = $wizard->$action();
88		- if($result !== false) {
89		- OCP\JSON::success($result->getResultArray());
90		- exit;
91		- }
92		- } catch (\Exception $e) {
93		- \OCP\JSON::error(array('message' => $e->getMessage(), 'code' => $e->getCode()));
94		- exit;
95		- }
96		- \OCP\JSON::error();
97		- exit;
98		- break;
	70	+ case 'guessPortAndTLS':
	71	+ case 'guessBaseDN':
	72	+ case 'detectEmailAttribute':
	73	+ case 'detectUserDisplayNameAttribute':
	74	+ case 'determineGroupMemberAssoc':
	75	+ case 'determineUserObjectClasses':
	76	+ case 'determineGroupObjectClasses':
	77	+ case 'determineGroupsForUsers':
	78	+ case 'determineGroupsForGroups':
	79	+ case 'determineAttributes':
	80	+ case 'getUserListFilter':
	81	+ case 'getUserLoginFilter':
	82	+ case 'getGroupFilter':
	83	+ case 'countUsers':
	84	+ case 'countGroups':
	85	+ case 'countInBaseDN':
	86	+ try {
	87	+ $result = $wizard->$action();
	88	+ if($result !== false) {
	89	+ OCP\JSON::success($result->getResultArray());
	90	+ exit;
	91	+ }
	92	+ } catch (\Exception $e) {
	93	+ \OCP\JSON::error(array('message' => $e->getMessage(), 'code' => $e->getCode()));
	94	+ exit;
	95	+ }
	96	+ \OCP\JSON::error();
	97	+ exit;
	98	+ break;
99	99
100		- case 'testLoginName': {
101		- try {
102		- $loginName = $_POST['ldap_test_loginname'];
103		- $result = $wizard->$action($loginName);
104		- if($result !== false) {
105		- OCP\JSON::success($result->getResultArray());
106		- exit;
107		- }
108		- } catch (\Exception $e) {
109		- \OCP\JSON::error(array('message' => $e->getMessage()));
110		- exit;
111		- }
112		- \OCP\JSON::error();
113		- exit;
114		- break;
115		- }
	100	+ case 'testLoginName': {
	101	+ try {
	102	+ $loginName = $_POST['ldap_test_loginname'];
	103	+ $result = $wizard->$action($loginName);
	104	+ if($result !== false) {
	105	+ OCP\JSON::success($result->getResultArray());
	106	+ exit;
	107	+ }
	108	+ } catch (\Exception $e) {
	109	+ \OCP\JSON::error(array('message' => $e->getMessage()));
	110	+ exit;
	111	+ }
	112	+ \OCP\JSON::error();
	113	+ exit;
	114	+ break;
	115	+ }
116	116
117		- case 'save':
118		- $key = isset($_POST['cfgkey']) ? $_POST['cfgkey'] : false;
119		- $val = isset($_POST['cfgval']) ? $_POST['cfgval'] : null;
120		- if($key === false \|\| is_null($val)) {
121		- \OCP\JSON::error(array('message' => $l->t('No data specified')));
122		- exit;
123		- }
124		- $cfg = array($key => $val);
125		- $setParameters = array();
126		- $configuration->setConfiguration($cfg, $setParameters);
127		- if(!in_array($key, $setParameters)) {
128		- \OCP\JSON::error(array('message' => $l->t($key.
129		- ' Could not set configuration %s', $setParameters[0])));
130		- exit;
131		- }
132		- $configuration->saveConfiguration();
133		- //clear the cache on save
134		- $connection = new \OCA\User_LDAP\Connection($ldapWrapper, $prefix);
135		- $connection->clearCache();
136		- OCP\JSON::success();
137		- break;
138		- default:
139		- \OCP\JSON::error(array('message' => $l->t('Action does not exist')));
140		- break;
	117	+ case 'save':
	118	+ $key = isset($_POST['cfgkey']) ? $_POST['cfgkey'] : false;
	119	+ $val = isset($_POST['cfgval']) ? $_POST['cfgval'] : null;
	120	+ if($key === false \|\| is_null($val)) {
	121	+ \OCP\JSON::error(array('message' => $l->t('No data specified')));
	122	+ exit;
	123	+ }
	124	+ $cfg = array($key => $val);
	125	+ $setParameters = array();
	126	+ $configuration->setConfiguration($cfg, $setParameters);
	127	+ if(!in_array($key, $setParameters)) {
	128	+ \OCP\JSON::error(array('message' => $l->t($key.
	129	+ ' Could not set configuration %s', $setParameters[0])));
	130	+ exit;
	131	+ }
	132	+ $configuration->saveConfiguration();
	133	+ //clear the cache on save
	134	+ $connection = new \OCA\User_LDAP\Connection($ldapWrapper, $prefix);
	135	+ $connection->clearCache();
	136	+ OCP\JSON::success();
	137	+ break;
	138	+ default:
	139	+ \OCP\JSON::error(array('message' => $l->t('Action does not exist')));
	140	+ break;
141	141	}

		@@ -38,12 +38,12 @@
		block discarded – undo
38	38
39	39	$newConfig = new \OCA\User_LDAP\Configuration($nk, false);
40	40	if(isset($_POST['copyConfig'])) {
41		- $originalConfig = new \OCA\User_LDAP\Configuration($_POST['copyConfig']);
42		- $newConfig->setConfiguration($originalConfig->getConfiguration());
	41	+ $originalConfig = new \OCA\User_LDAP\Configuration($_POST['copyConfig']);
	42	+ $newConfig->setConfiguration($originalConfig->getConfiguration());
43	43	} else {
44		- $configuration = new \OCA\User_LDAP\Configuration($nk, false);
45		- $newConfig->setConfiguration($configuration->getDefaults());
46		- $resultData['defaults'] = $configuration->getDefaults();
	44	+ $configuration = new \OCA\User_LDAP\Configuration($nk, false);
	45	+ $newConfig->setConfiguration($configuration->getDefaults());
	46	+ $resultData['defaults'] = $configuration->getDefaults();
47	47	}
48	48	$newConfig->saveConfiguration();
49	49

		@@ -29,12 +29,12 @@
		block discarded – undo
29	29	*/
30	30	class GroupMapping extends AbstractMapping {
31	31
32		- /**
33		- * returns the DB table name which holds the mappings
34		- * @return string
35		- */
36		- protected function getTableName() {
37		- return 'PREFIXldap_group_mapping';
38		- }
	32	+ /**
	33	+ * returns the DB table name which holds the mappings
	34	+ * @return string
	35	+ */
	36	+ protected function getTableName() {
	37	+ return 'PREFIXldap_group_mapping';
	38	+ }
39	39
40	40	}

		@@ -29,12 +29,12 @@
		block discarded – undo
29	29	*/
30	30	class UserMapping extends AbstractMapping {
31	31
32		- /**
33		- * returns the DB table name which holds the mappings
34		- * @return string
35		- */
36		- protected function getTableName() {
37		- return 'PREFIXldap_user_mapping';
38		- }
	32	+ /**
	33	+ * returns the DB table name which holds the mappings
	34	+ * @return string
	35	+ */
	36	+ protected function getTableName() {
	37	+ return 'PREFIXldap_user_mapping';
	38	+ }
39	39
40	40	}

		@@ -29,252 +29,252 @@
		block discarded – undo
29	29	* @package OCA\User_LDAP\Mapping
30	30	*/
31	31	abstract class AbstractMapping {
32		- /**
33		- * @var \OCP\IDBConnection $dbc
34		- */
35		- protected $dbc;
	32	+ /**
	33	+ * @var \OCP\IDBConnection $dbc
	34	+ */
	35	+ protected $dbc;
36	36
37		- /**
38		- * returns the DB table name which holds the mappings
39		- * @return string
40		- */
41		- abstract protected function getTableName();
	37	+ /**
	38	+ * returns the DB table name which holds the mappings
	39	+ * @return string
	40	+ */
	41	+ abstract protected function getTableName();
42	42
43		- /**
44		- * @param \OCP\IDBConnection $dbc
45		- */
46		- public function __construct(\OCP\IDBConnection $dbc) {
47		- $this->dbc = $dbc;
48		- }
	43	+ /**
	44	+ * @param \OCP\IDBConnection $dbc
	45	+ */
	46	+ public function __construct(\OCP\IDBConnection $dbc) {
	47	+ $this->dbc = $dbc;
	48	+ }
49	49
50		- /**
51		- * checks whether a provided string represents an existing table col
52		- * @param string $col
53		- * @return bool
54		- */
55		- public function isColNameValid($col) {
56		- switch($col) {
57		- case 'ldap_dn':
58		- case 'owncloud_name':
59		- case 'directory_uuid':
60		- return true;
61		- default:
62		- return false;
63		- }
64		- }
	50	+ /**
	51	+ * checks whether a provided string represents an existing table col
	52	+ * @param string $col
	53	+ * @return bool
	54	+ */
	55	+ public function isColNameValid($col) {
	56	+ switch($col) {
	57	+ case 'ldap_dn':
	58	+ case 'owncloud_name':
	59	+ case 'directory_uuid':
	60	+ return true;
	61	+ default:
	62	+ return false;
	63	+ }
	64	+ }
65	65
66		- /**
67		- * Gets the value of one column based on a provided value of another column
68		- * @param string $fetchCol
69		- * @param string $compareCol
70		- * @param string $search
71		- * @throws \Exception
72		- * @return string\|false
73		- */
74		- protected function getXbyY($fetchCol, $compareCol, $search) {
75		- if(!$this->isColNameValid($fetchCol)) {
76		- //this is used internally only, but we don't want to risk
77		- //having SQL injection at all.
78		- throw new \Exception('Invalid Column Name');
79		- }
80		- $query = $this->dbc->prepare('
	66	+ /**
	67	+ * Gets the value of one column based on a provided value of another column
	68	+ * @param string $fetchCol
	69	+ * @param string $compareCol
	70	+ * @param string $search
	71	+ * @throws \Exception
	72	+ * @return string\|false
	73	+ */
	74	+ protected function getXbyY($fetchCol, $compareCol, $search) {
	75	+ if(!$this->isColNameValid($fetchCol)) {
	76	+ //this is used internally only, but we don't want to risk
	77	+ //having SQL injection at all.
	78	+ throw new \Exception('Invalid Column Name');
	79	+ }
	80	+ $query = $this->dbc->prepare('
81	81	SELECT `' . $fetchCol . '`
82	82	FROM `'. $this->getTableName() .'`
83	83	WHERE `' . $compareCol . '` = ?
84	84	');
85	85
86		- $res = $query->execute(array($search));
87		- if($res !== false) {
88		- return $query->fetchColumn();
89		- }
	86	+ $res = $query->execute(array($search));
	87	+ if($res !== false) {
	88	+ return $query->fetchColumn();
	89	+ }
90	90
91		- return false;
92		- }
	91	+ return false;
	92	+ }
93	93
94		- /**
95		- * Performs a DELETE or UPDATE query to the database.
96		- * @param \Doctrine\DBAL\Driver\Statement $query
97		- * @param array $parameters
98		- * @return bool true if at least one row was modified, false otherwise
99		- */
100		- protected function modify($query, $parameters) {
101		- $result = $query->execute($parameters);
102		- return ($result === true && $query->rowCount() > 0);
103		- }
	94	+ /**
	95	+ * Performs a DELETE or UPDATE query to the database.
	96	+ * @param \Doctrine\DBAL\Driver\Statement $query
	97	+ * @param array $parameters
	98	+ * @return bool true if at least one row was modified, false otherwise
	99	+ */
	100	+ protected function modify($query, $parameters) {
	101	+ $result = $query->execute($parameters);
	102	+ return ($result === true && $query->rowCount() > 0);
	103	+ }
104	104
105		- /**
106		- * Gets the LDAP DN based on the provided name.
107		- * Replaces Access::ocname2dn
108		- * @param string $name
109		- * @return string\|false
110		- */
111		- public function getDNByName($name) {
112		- return $this->getXbyY('ldap_dn', 'owncloud_name', $name);
113		- }
	105	+ /**
	106	+ * Gets the LDAP DN based on the provided name.
	107	+ * Replaces Access::ocname2dn
	108	+ * @param string $name
	109	+ * @return string\|false
	110	+ */
	111	+ public function getDNByName($name) {
	112	+ return $this->getXbyY('ldap_dn', 'owncloud_name', $name);
	113	+ }
114	114
115		- /**
116		- * Updates the DN based on the given UUID
117		- * @param string $fdn
118		- * @param string $uuid
119		- * @return bool
120		- */
121		- public function setDNbyUUID($fdn, $uuid) {
122		- $query = $this->dbc->prepare('
	115	+ /**
	116	+ * Updates the DN based on the given UUID
	117	+ * @param string $fdn
	118	+ * @param string $uuid
	119	+ * @return bool
	120	+ */
	121	+ public function setDNbyUUID($fdn, $uuid) {
	122	+ $query = $this->dbc->prepare('
123	123	UPDATE `' . $this->getTableName() . '`
124	124	SET `ldap_dn` = ?
125	125	WHERE `directory_uuid` = ?
126	126	');
127	127
128		- return $this->modify($query, array($fdn, $uuid));
129		- }
	128	+ return $this->modify($query, array($fdn, $uuid));
	129	+ }
130	130
131		- /**
132		- * Updates the UUID based on the given DN
133		- *
134		- * required by Migration/UUIDFix
135		- *
136		- * @param $uuid
137		- * @param $fdn
138		- * @return bool
139		- */
140		- public function setUUIDbyDN($uuid, $fdn) {
141		- $query = $this->dbc->prepare('
	131	+ /**
	132	+ * Updates the UUID based on the given DN
	133	+ *
	134	+ * required by Migration/UUIDFix
	135	+ *
	136	+ * @param $uuid
	137	+ * @param $fdn
	138	+ * @return bool
	139	+ */
	140	+ public function setUUIDbyDN($uuid, $fdn) {
	141	+ $query = $this->dbc->prepare('
142	142	UPDATE `' . $this->getTableName() . '`
143	143	SET `directory_uuid` = ?
144	144	WHERE `ldap_dn` = ?
145	145	');
146	146
147		- return $this->modify($query, [$uuid, $fdn]);
148		- }
	147	+ return $this->modify($query, [$uuid, $fdn]);
	148	+ }
149	149
150		- /**
151		- * Gets the name based on the provided LDAP DN.
152		- * @param string $fdn
153		- * @return string\|false
154		- */
155		- public function getNameByDN($fdn) {
156		- return $this->getXbyY('owncloud_name', 'ldap_dn', $fdn);
157		- }
	150	+ /**
	151	+ * Gets the name based on the provided LDAP DN.
	152	+ * @param string $fdn
	153	+ * @return string\|false
	154	+ */
	155	+ public function getNameByDN($fdn) {
	156	+ return $this->getXbyY('owncloud_name', 'ldap_dn', $fdn);
	157	+ }
158	158
159		- /**
160		- * Searches mapped names by the giving string in the name column
161		- * @param string $search
162		- * @param string $prefixMatch
163		- * @param string $postfixMatch
164		- * @return string[]
165		- */
166		- public function getNamesBySearch($search, $prefixMatch = "", $postfixMatch = "") {
167		- $query = $this->dbc->prepare('
	159	+ /**
	160	+ * Searches mapped names by the giving string in the name column
	161	+ * @param string $search
	162	+ * @param string $prefixMatch
	163	+ * @param string $postfixMatch
	164	+ * @return string[]
	165	+ */
	166	+ public function getNamesBySearch($search, $prefixMatch = "", $postfixMatch = "") {
	167	+ $query = $this->dbc->prepare('
168	168	SELECT `owncloud_name`
169	169	FROM `'. $this->getTableName() .'`
170	170	WHERE `owncloud_name` LIKE ?
171	171	');
172	172
173		- $res = $query->execute(array($prefixMatch.$this->dbc->escapeLikeParameter($search).$postfixMatch));
174		- $names = array();
175		- if($res !== false) {
176		- while($row = $query->fetch()) {
177		- $names[] = $row['owncloud_name'];
178		- }
179		- }
180		- return $names;
181		- }
	173	+ $res = $query->execute(array($prefixMatch.$this->dbc->escapeLikeParameter($search).$postfixMatch));
	174	+ $names = array();
	175	+ if($res !== false) {
	176	+ while($row = $query->fetch()) {
	177	+ $names[] = $row['owncloud_name'];
	178	+ }
	179	+ }
	180	+ return $names;
	181	+ }
182	182
183		- /**
184		- * Gets the name based on the provided LDAP UUID.
185		- * @param string $uuid
186		- * @return string\|false
187		- */
188		- public function getNameByUUID($uuid) {
189		- return $this->getXbyY('owncloud_name', 'directory_uuid', $uuid);
190		- }
	183	+ /**
	184	+ * Gets the name based on the provided LDAP UUID.
	185	+ * @param string $uuid
	186	+ * @return string\|false
	187	+ */
	188	+ public function getNameByUUID($uuid) {
	189	+ return $this->getXbyY('owncloud_name', 'directory_uuid', $uuid);
	190	+ }
191	191
192		- /**
193		- * Gets the UUID based on the provided LDAP DN
194		- * @param string $dn
195		- * @return false\|string
196		- * @throws \Exception
197		- */
198		- public function getUUIDByDN($dn) {
199		- return $this->getXbyY('directory_uuid', 'ldap_dn', $dn);
200		- }
	192	+ /**
	193	+ * Gets the UUID based on the provided LDAP DN
	194	+ * @param string $dn
	195	+ * @return false\|string
	196	+ * @throws \Exception
	197	+ */
	198	+ public function getUUIDByDN($dn) {
	199	+ return $this->getXbyY('directory_uuid', 'ldap_dn', $dn);
	200	+ }
201	201
202		- /**
203		- * gets a piece of the mapping list
204		- * @param int $offset
205		- * @param int $limit
206		- * @return array
207		- */
208		- public function getList($offset = null, $limit = null) {
209		- $query = $this->dbc->prepare('
	202	+ /**
	203	+ * gets a piece of the mapping list
	204	+ * @param int $offset
	205	+ * @param int $limit
	206	+ * @return array
	207	+ */
	208	+ public function getList($offset = null, $limit = null) {
	209	+ $query = $this->dbc->prepare('
210	210	SELECT
211	211	`ldap_dn` AS `dn`,
212	212	`owncloud_name` AS `name`,
213	213	`directory_uuid` AS `uuid`
214	214	FROM `' . $this->getTableName() . '`',
215		- $limit,
216		- $offset
217		- );
	215	+ $limit,
	216	+ $offset
	217	+ );
218	218
219		- $query->execute();
220		- return $query->fetchAll();
221		- }
	219	+ $query->execute();
	220	+ return $query->fetchAll();
	221	+ }
222	222
223		- /**
224		- * attempts to map the given entry
225		- * @param string $fdn fully distinguished name (from LDAP)
226		- * @param string $name
227		- * @param string $uuid a unique identifier as used in LDAP
228		- * @return bool
229		- */
230		- public function map($fdn, $name, $uuid) {
231		- if(mb_strlen($fdn) > 255) {
232		- \OC::$server->getLogger()->error(
233		- 'Cannot map, because the DN exceeds 255 characters: {dn}',
234		- [
235		- 'app' => 'user_ldap',
236		- 'dn' => $fdn,
237		- ]
238		- );
239		- return false;
240		- }
	223	+ /**
	224	+ * attempts to map the given entry
	225	+ * @param string $fdn fully distinguished name (from LDAP)
	226	+ * @param string $name
	227	+ * @param string $uuid a unique identifier as used in LDAP
	228	+ * @return bool
	229	+ */
	230	+ public function map($fdn, $name, $uuid) {
	231	+ if(mb_strlen($fdn) > 255) {
	232	+ \OC::$server->getLogger()->error(
	233	+ 'Cannot map, because the DN exceeds 255 characters: {dn}',
	234	+ [
	235	+ 'app' => 'user_ldap',
	236	+ 'dn' => $fdn,
	237	+ ]
	238	+ );
	239	+ return false;
	240	+ }
241	241
242		- $row = array(
243		- 'ldap_dn' => $fdn,
244		- 'owncloud_name' => $name,
245		- 'directory_uuid' => $uuid
246		- );
	242	+ $row = array(
	243	+ 'ldap_dn' => $fdn,
	244	+ 'owncloud_name' => $name,
	245	+ 'directory_uuid' => $uuid
	246	+ );
247	247
248		- try {
249		- $result = $this->dbc->insertIfNotExist($this->getTableName(), $row);
250		- // insertIfNotExist returns values as int
251		- return (bool)$result;
252		- } catch (\Exception $e) {
253		- return false;
254		- }
255		- }
	248	+ try {
	249	+ $result = $this->dbc->insertIfNotExist($this->getTableName(), $row);
	250	+ // insertIfNotExist returns values as int
	251	+ return (bool)$result;
	252	+ } catch (\Exception $e) {
	253	+ return false;
	254	+ }
	255	+ }
256	256
257		- /**
258		- * removes a mapping based on the owncloud_name of the entry
259		- * @param string $name
260		- * @return bool
261		- */
262		- public function unmap($name) {
263		- $query = $this->dbc->prepare('
	257	+ /**
	258	+ * removes a mapping based on the owncloud_name of the entry
	259	+ * @param string $name
	260	+ * @return bool
	261	+ */
	262	+ public function unmap($name) {
	263	+ $query = $this->dbc->prepare('
264	264	DELETE FROM `'. $this->getTableName() .'`
265	265	WHERE `owncloud_name` = ?');
266	266
267		- return $this->modify($query, array($name));
268		- }
	267	+ return $this->modify($query, array($name));
	268	+ }
269	269
270		- /**
271		- * Truncate's the mapping table
272		- * @return bool
273		- */
274		- public function clear() {
275		- $sql = $this->dbc
276		- ->getDatabasePlatform()
277		- ->getTruncateTableSQL('`' . $this->getTableName() . '`');
278		- return $this->dbc->prepare($sql)->execute();
279		- }
	270	+ /**
	271	+ * Truncate's the mapping table
	272	+ * @return bool
	273	+ */
	274	+ public function clear() {
	275	+ $sql = $this->dbc
	276	+ ->getDatabasePlatform()
	277	+ ->getTruncateTableSQL('`' . $this->getTableName() . '`');
	278	+ return $this->dbc->prepare($sql)->execute();
	279	+ }
280	280	}

		@@ -27,182 +27,182 @@
		block discarded – undo
27	27	namespace OCA\User_LDAP;
28	28
29	29	class Group_Proxy extends Proxy implements \OCP\GroupInterface {
30		- private $backends = array();
31		- private $refBackend = null;
32		-
33		- /**
34		- * Constructor
35		- * @param string[] $serverConfigPrefixes array containing the config Prefixes
36		- */
37		- public function __construct($serverConfigPrefixes, ILDAPWrapper $ldap) {
38		- parent::__construct($ldap);
39		- foreach($serverConfigPrefixes as $configPrefix) {
40		- $this->backends[$configPrefix] =
41		- new \OCA\User_LDAP\Group_LDAP($this->getAccess($configPrefix));
42		- if(is_null($this->refBackend)) {
43		- $this->refBackend = &$this->backends[$configPrefix];
44		- }
45		- }
46		- }
47		-
48		- /**
49		- * Tries the backends one after the other until a positive result is returned from the specified method
50		- * @param string $gid the gid connected to the request
51		- * @param string $method the method of the group backend that shall be called
52		- * @param array $parameters an array of parameters to be passed
53		- * @return mixed, the result of the method or false
54		- */
55		- protected function walkBackends($gid, $method, $parameters) {
56		- $cacheKey = $this->getGroupCacheKey($gid);
57		- foreach($this->backends as $configPrefix => $backend) {
58		- if($result = call_user_func_array(array($backend, $method), $parameters)) {
59		- $this->writeToCache($cacheKey, $configPrefix);
60		- return $result;
61		- }
62		- }
63		- return false;
64		- }
65		-
66		- /**
67		- * Asks the backend connected to the server that supposely takes care of the gid from the request.
68		- * @param string $gid the gid connected to the request
69		- * @param string $method the method of the group backend that shall be called
70		- * @param array $parameters an array of parameters to be passed
71		- * @param mixed $passOnWhen the result matches this variable
72		- * @return mixed, the result of the method or false
73		- */
74		- protected function callOnLastSeenOn($gid, $method, $parameters, $passOnWhen) {
75		- $cacheKey = $this->getGroupCacheKey($gid);;
76		- $prefix = $this->getFromCache($cacheKey);
77		- //in case the uid has been found in the past, try this stored connection first
78		- if(!is_null($prefix)) {
79		- if(isset($this->backends[$prefix])) {
80		- $result = call_user_func_array(array($this->backends[$prefix], $method), $parameters);
81		- if($result === $passOnWhen) {
82		- //not found here, reset cache to null if group vanished
83		- //because sometimes methods return false with a reason
84		- $groupExists = call_user_func_array(
85		- array($this->backends[$prefix], 'groupExists'),
86		- array($gid)
87		- );
88		- if(!$groupExists) {
89		- $this->writeToCache($cacheKey, null);
90		- }
91		- }
92		- return $result;
93		- }
94		- }
95		- return false;
96		- }
97		-
98		- /**
99		- * is user in group?
100		- * @param string $uid uid of the user
101		- * @param string $gid gid of the group
102		- * @return bool
103		- *
104		- * Checks whether the user is member of a group or not.
105		- */
106		- public function inGroup($uid, $gid) {
107		- return $this->handleRequest($gid, 'inGroup', array($uid, $gid));
108		- }
109		-
110		- /**
111		- * Get all groups a user belongs to
112		- * @param string $uid Name of the user
113		- * @return string[] with group names
114		- *
115		- * This function fetches all groups a user belongs to. It does not check
116		- * if the user exists at all.
117		- */
118		- public function getUserGroups($uid) {
119		- $groups = array();
120		-
121		- foreach($this->backends as $backend) {
122		- $backendGroups = $backend->getUserGroups($uid);
123		- if (is_array($backendGroups)) {
124		- $groups = array_merge($groups, $backendGroups);
125		- }
126		- }
127		-
128		- return $groups;
129		- }
130		-
131		- /**
132		- * get a list of all users in a group
133		- * @return string[] with user ids
134		- */
135		- public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
136		- $users = array();
137		-
138		- foreach($this->backends as $backend) {
139		- $backendUsers = $backend->usersInGroup($gid, $search, $limit, $offset);
140		- if (is_array($backendUsers)) {
141		- $users = array_merge($users, $backendUsers);
142		- }
143		- }
144		-
145		- return $users;
146		- }
147		-
148		- /**
149		- * returns the number of users in a group, who match the search term
150		- * @param string $gid the internal group name
151		- * @param string $search optional, a search string
152		- * @return int\|bool
153		- */
154		- public function countUsersInGroup($gid, $search = '') {
155		- return $this->handleRequest(
156		- $gid, 'countUsersInGroup', array($gid, $search));
157		- }
158		-
159		- /**
160		- * get a list of all groups
161		- * @return string[] with group names
162		- *
163		- * Returns a list with all groups
164		- */
165		- public function getGroups($search = '', $limit = -1, $offset = 0) {
166		- $groups = array();
167		-
168		- foreach($this->backends as $backend) {
169		- $backendGroups = $backend->getGroups($search, $limit, $offset);
170		- if (is_array($backendGroups)) {
171		- $groups = array_merge($groups, $backendGroups);
172		- }
173		- }
174		-
175		- return $groups;
176		- }
177		-
178		- /**
179		- * check if a group exists
180		- * @param string $gid
181		- * @return bool
182		- */
183		- public function groupExists($gid) {
184		- return $this->handleRequest($gid, 'groupExists', array($gid));
185		- }
186		-
187		- /**
188		- * Check if backend implements actions
189		- * @param int $actions bitwise-or'ed actions
190		- * @return boolean
191		- *
192		- * Returns the supported actions as int to be
193		- * compared with OC_USER_BACKEND_CREATE_USER etc.
194		- */
195		- public function implementsActions($actions) {
196		- //it's the same across all our user backends obviously
197		- return $this->refBackend->implementsActions($actions);
198		- }
199		-
200		- /**
201		- * Return access for LDAP interaction.
202		- * @param string $gid
203		- * @return Access instance of Access for LDAP interaction
204		- */
205		- public function getLDAPAccess($gid) {
206		- return $this->handleRequest($gid, 'getLDAPAccess', []);
207		- }
	30	+ private $backends = array();
	31	+ private $refBackend = null;
	32	+
	33	+ /**
	34	+ * Constructor
	35	+ * @param string[] $serverConfigPrefixes array containing the config Prefixes
	36	+ */
	37	+ public function __construct($serverConfigPrefixes, ILDAPWrapper $ldap) {
	38	+ parent::__construct($ldap);
	39	+ foreach($serverConfigPrefixes as $configPrefix) {
	40	+ $this->backends[$configPrefix] =
	41	+ new \OCA\User_LDAP\Group_LDAP($this->getAccess($configPrefix));
	42	+ if(is_null($this->refBackend)) {
	43	+ $this->refBackend = &$this->backends[$configPrefix];
	44	+ }
	45	+ }
	46	+ }
	47	+
	48	+ /**
	49	+ * Tries the backends one after the other until a positive result is returned from the specified method
	50	+ * @param string $gid the gid connected to the request
	51	+ * @param string $method the method of the group backend that shall be called
	52	+ * @param array $parameters an array of parameters to be passed
	53	+ * @return mixed, the result of the method or false
	54	+ */
	55	+ protected function walkBackends($gid, $method, $parameters) {
	56	+ $cacheKey = $this->getGroupCacheKey($gid);
	57	+ foreach($this->backends as $configPrefix => $backend) {
	58	+ if($result = call_user_func_array(array($backend, $method), $parameters)) {
	59	+ $this->writeToCache($cacheKey, $configPrefix);
	60	+ return $result;
	61	+ }
	62	+ }
	63	+ return false;
	64	+ }
	65	+
	66	+ /**
	67	+ * Asks the backend connected to the server that supposely takes care of the gid from the request.
	68	+ * @param string $gid the gid connected to the request
	69	+ * @param string $method the method of the group backend that shall be called
	70	+ * @param array $parameters an array of parameters to be passed
	71	+ * @param mixed $passOnWhen the result matches this variable
	72	+ * @return mixed, the result of the method or false
	73	+ */
	74	+ protected function callOnLastSeenOn($gid, $method, $parameters, $passOnWhen) {
	75	+ $cacheKey = $this->getGroupCacheKey($gid);;
	76	+ $prefix = $this->getFromCache($cacheKey);
	77	+ //in case the uid has been found in the past, try this stored connection first
	78	+ if(!is_null($prefix)) {
	79	+ if(isset($this->backends[$prefix])) {
	80	+ $result = call_user_func_array(array($this->backends[$prefix], $method), $parameters);
	81	+ if($result === $passOnWhen) {
	82	+ //not found here, reset cache to null if group vanished
	83	+ //because sometimes methods return false with a reason
	84	+ $groupExists = call_user_func_array(
	85	+ array($this->backends[$prefix], 'groupExists'),
	86	+ array($gid)
	87	+ );
	88	+ if(!$groupExists) {
	89	+ $this->writeToCache($cacheKey, null);
	90	+ }
	91	+ }
	92	+ return $result;
	93	+ }
	94	+ }
	95	+ return false;
	96	+ }
	97	+
	98	+ /**
	99	+ * is user in group?
	100	+ * @param string $uid uid of the user
	101	+ * @param string $gid gid of the group
	102	+ * @return bool
	103	+ *
	104	+ * Checks whether the user is member of a group or not.
	105	+ */
	106	+ public function inGroup($uid, $gid) {
	107	+ return $this->handleRequest($gid, 'inGroup', array($uid, $gid));
	108	+ }
	109	+
	110	+ /**
	111	+ * Get all groups a user belongs to
	112	+ * @param string $uid Name of the user
	113	+ * @return string[] with group names
	114	+ *
	115	+ * This function fetches all groups a user belongs to. It does not check
	116	+ * if the user exists at all.
	117	+ */
	118	+ public function getUserGroups($uid) {
	119	+ $groups = array();
	120	+
	121	+ foreach($this->backends as $backend) {
	122	+ $backendGroups = $backend->getUserGroups($uid);
	123	+ if (is_array($backendGroups)) {
	124	+ $groups = array_merge($groups, $backendGroups);
	125	+ }
	126	+ }
	127	+
	128	+ return $groups;
	129	+ }
	130	+
	131	+ /**
	132	+ * get a list of all users in a group
	133	+ * @return string[] with user ids
	134	+ */
	135	+ public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
	136	+ $users = array();
	137	+
	138	+ foreach($this->backends as $backend) {
	139	+ $backendUsers = $backend->usersInGroup($gid, $search, $limit, $offset);
	140	+ if (is_array($backendUsers)) {
	141	+ $users = array_merge($users, $backendUsers);
	142	+ }
	143	+ }
	144	+
	145	+ return $users;
	146	+ }
	147	+
	148	+ /**
	149	+ * returns the number of users in a group, who match the search term
	150	+ * @param string $gid the internal group name
	151	+ * @param string $search optional, a search string
	152	+ * @return int\|bool
	153	+ */
	154	+ public function countUsersInGroup($gid, $search = '') {
	155	+ return $this->handleRequest(
	156	+ $gid, 'countUsersInGroup', array($gid, $search));
	157	+ }
	158	+
	159	+ /**
	160	+ * get a list of all groups
	161	+ * @return string[] with group names
	162	+ *
	163	+ * Returns a list with all groups
	164	+ */
	165	+ public function getGroups($search = '', $limit = -1, $offset = 0) {
	166	+ $groups = array();
	167	+
	168	+ foreach($this->backends as $backend) {
	169	+ $backendGroups = $backend->getGroups($search, $limit, $offset);
	170	+ if (is_array($backendGroups)) {
	171	+ $groups = array_merge($groups, $backendGroups);
	172	+ }
	173	+ }
	174	+
	175	+ return $groups;
	176	+ }
	177	+
	178	+ /**
	179	+ * check if a group exists
	180	+ * @param string $gid
	181	+ * @return bool
	182	+ */
	183	+ public function groupExists($gid) {
	184	+ return $this->handleRequest($gid, 'groupExists', array($gid));
	185	+ }
	186	+
	187	+ /**
	188	+ * Check if backend implements actions
	189	+ * @param int $actions bitwise-or'ed actions
	190	+ * @return boolean
	191	+ *
	192	+ * Returns the supported actions as int to be
	193	+ * compared with OC_USER_BACKEND_CREATE_USER etc.
	194	+ */
	195	+ public function implementsActions($actions) {
	196	+ //it's the same across all our user backends obviously
	197	+ return $this->refBackend->implementsActions($actions);
	198	+ }
	199	+
	200	+ /**
	201	+ * Return access for LDAP interaction.
	202	+ * @param string $gid
	203	+ * @return Access instance of Access for LDAP interaction
	204	+ */
	205	+ public function getLDAPAccess($gid) {
	206	+ return $this->handleRequest($gid, 'getLDAPAccess', []);
	207	+ }
208	208	}

		@@ -33,341 +33,341 @@
		block discarded – undo
33	33	use OCA\User_LDAP\Exceptions\ConstraintViolationException;
34	34
35	35	class LDAP implements ILDAPWrapper {
36		- protected $curFunc = '';
37		- protected $curArgs = array();
38		-
39		- /**
40		- * @param resource $link
41		- * @param string $dn
42		- * @param string $password
43		- * @return bool\|mixed
44		- */
45		- public function bind($link, $dn, $password) {
46		- return $this->invokeLDAPMethod('bind', $link, $dn, $password);
47		- }
48		-
49		- /**
50		- * @param string $host
51		- * @param string $port
52		- * @return mixed
53		- */
54		- public function connect($host, $port) {
55		- if(strpos($host, '://') === false) {
56		- $host = 'ldap://' . $host;
57		- }
58		- if(strpos($host, ':', strpos($host, '://') + 1) === false) {
59		- //ldap_connect ignores port parameter when URLs are passed
60		- $host .= ':' . $port;
61		- }
62		- return $this->invokeLDAPMethod('connect', $host);
63		- }
64		-
65		- /**
66		- * @param LDAP $link
67		- * @param LDAP $result
68		- * @param string $cookie
69		- * @return bool\|LDAP
70		- */
71		- public function controlPagedResultResponse($link, $result, &$cookie) {
72		- $this->preFunctionCall('ldap_control_paged_result_response',
73		- array($link, $result, $cookie));
74		- $result = ldap_control_paged_result_response($link, $result, $cookie);
75		- $this->postFunctionCall();
76		-
77		- return $result;
78		- }
79		-
80		- /**
81		- * @param LDAP $link
82		- * @param int $pageSize
83		- * @param bool $isCritical
84		- * @param string $cookie
85		- * @return mixed\|true
86		- */
87		- public function controlPagedResult($link, $pageSize, $isCritical, $cookie) {
88		- return $this->invokeLDAPMethod('control_paged_result', $link, $pageSize,
89		- $isCritical, $cookie);
90		- }
91		-
92		- /**
93		- * @param LDAP $link
94		- * @param LDAP $result
95		- * @return mixed
96		- */
97		- public function countEntries($link, $result) {
98		- return $this->invokeLDAPMethod('count_entries', $link, $result);
99		- }
100		-
101		- /**
102		- * @param LDAP $link
103		- * @return mixed\|string
104		- */
105		- public function errno($link) {
106		- return $this->invokeLDAPMethod('errno', $link);
107		- }
108		-
109		- /**
110		- * @param LDAP $link
111		- * @return int\|mixed
112		- */
113		- public function error($link) {
114		- return $this->invokeLDAPMethod('error', $link);
115		- }
116		-
117		- /**
118		- * Splits DN into its component parts
119		- * @param string $dn
120		- * @param int @withAttrib
121		- * @return array\|false
122		- * @link http://www.php.net/manual/en/function.ldap-explode-dn.php
123		- */
124		- public function explodeDN($dn, $withAttrib) {
125		- return $this->invokeLDAPMethod('explode_dn', $dn, $withAttrib);
126		- }
127		-
128		- /**
129		- * @param LDAP $link
130		- * @param LDAP $result
131		- * @return mixed
132		- */
133		- public function firstEntry($link, $result) {
134		- return $this->invokeLDAPMethod('first_entry', $link, $result);
135		- }
136		-
137		- /**
138		- * @param LDAP $link
139		- * @param LDAP $result
140		- * @return array\|mixed
141		- */
142		- public function getAttributes($link, $result) {
143		- return $this->invokeLDAPMethod('get_attributes', $link, $result);
144		- }
145		-
146		- /**
147		- * @param LDAP $link
148		- * @param LDAP $result
149		- * @return mixed\|string
150		- */
151		- public function getDN($link, $result) {
152		- return $this->invokeLDAPMethod('get_dn', $link, $result);
153		- }
154		-
155		- /**
156		- * @param LDAP $link
157		- * @param LDAP $result
158		- * @return array\|mixed
159		- */
160		- public function getEntries($link, $result) {
161		- return $this->invokeLDAPMethod('get_entries', $link, $result);
162		- }
163		-
164		- /**
165		- * @param LDAP $link
166		- * @param resource $result
167		- * @return mixed
168		- */
169		- public function nextEntry($link, $result) {
170		- return $this->invokeLDAPMethod('next_entry', $link, $result);
171		- }
172		-
173		- /**
174		- * @param LDAP $link
175		- * @param string $baseDN
176		- * @param string $filter
177		- * @param array $attr
178		- * @return mixed
179		- */
180		- public function read($link, $baseDN, $filter, $attr) {
181		- return $this->invokeLDAPMethod('read', $link, $baseDN, $filter, $attr);
182		- }
183		-
184		- /**
185		- * @param LDAP $link
186		- * @param string $baseDN
187		- * @param string $filter
188		- * @param array $attr
189		- * @param int $attrsOnly
190		- * @param int $limit
191		- * @return mixed
192		- */
193		- public function search($link, $baseDN, $filter, $attr, $attrsOnly = 0, $limit = 0) {
194		- return $this->invokeLDAPMethod('search', $link, $baseDN, $filter, $attr, $attrsOnly, $limit);
195		- }
196		-
197		- /**
198		- * @param LDAP $link
199		- * @param string $userDN
200		- * @param string $password
201		- * @return bool
202		- */
203		- public function modReplace($link, $userDN, $password) {
204		- return $this->invokeLDAPMethod('mod_replace', $link, $userDN, array('userPassword' => $password));
205		- }
206		-
207		- /**
208		- * @param LDAP $link
209		- * @param string $option
210		- * @param int $value
211		- * @return bool\|mixed
212		- */
213		- public function setOption($link, $option, $value) {
214		- return $this->invokeLDAPMethod('set_option', $link, $option, $value);
215		- }
216		-
217		- /**
218		- * @param LDAP $link
219		- * @return mixed\|true
220		- */
221		- public function startTls($link) {
222		- return $this->invokeLDAPMethod('start_tls', $link);
223		- }
224		-
225		- /**
226		- * @param resource $link
227		- * @return bool\|mixed
228		- */
229		- public function unbind($link) {
230		- return $this->invokeLDAPMethod('unbind', $link);
231		- }
232		-
233		- /**
234		- * Checks whether the server supports LDAP
235		- * @return boolean if it the case, false otherwise
236		- * */
237		- public function areLDAPFunctionsAvailable() {
238		- return function_exists('ldap_connect');
239		- }
240		-
241		- /**
242		- * Checks whether PHP supports LDAP Paged Results
243		- * @return boolean if it the case, false otherwise
244		- * */
245		- public function hasPagedResultSupport() {
246		- $hasSupport = function_exists('ldap_control_paged_result')
247		- && function_exists('ldap_control_paged_result_response');
248		- return $hasSupport;
249		- }
250		-
251		- /**
252		- * Checks whether the submitted parameter is a resource
253		- * @param Resource $resource the resource variable to check
254		- * @return bool true if it is a resource, false otherwise
255		- */
256		- public function isResource($resource) {
257		- return is_resource($resource);
258		- }
259		-
260		- /**
261		- * Checks whether the return value from LDAP is wrong or not.
262		- *
263		- * When using ldap_search we provide an array, in case multiple bases are
264		- * configured. Thus, we need to check the array elements.
265		- *
266		- * @param $result
267		- * @return bool
268		- */
269		- protected function isResultFalse($result) {
270		- if($result === false) {
271		- return true;
272		- }
273		-
274		- if($this->curFunc === 'ldap_search' && is_array($result)) {
275		- foreach ($result as $singleResult) {
276		- if($singleResult === false) {
277		- return true;
278		- }
279		- }
280		- }
281		-
282		- return false;
283		- }
284		-
285		- /**
286		- * @return mixed
287		- */
288		- protected function invokeLDAPMethod() {
289		- $arguments = func_get_args();
290		- $func = 'ldap_' . array_shift($arguments);
291		- if(function_exists($func)) {
292		- $this->preFunctionCall($func, $arguments);
293		- $result = call_user_func_array($func, $arguments);
294		- if ($this->isResultFalse($result)) {
295		- $this->postFunctionCall();
296		- }
297		- return $result;
298		- }
299		- return null;
300		- }
301		-
302		- /**
303		- * @param string $functionName
304		- * @param array $args
305		- */
306		- private function preFunctionCall($functionName, $args) {
307		- $this->curFunc = $functionName;
308		- $this->curArgs = $args;
309		- }
310		-
311		- /**
312		- * Analyzes the returned LDAP error and acts accordingly if not 0
313		- *
314		- * @param resource $resource the LDAP Connection resource
315		- * @throws ConstraintViolationException
316		- * @throws ServerNotAvailableException
317		- * @throws \Exception
318		- */
319		- private function processLDAPError($resource) {
320		- $errorCode = ldap_errno($resource);
321		- if($errorCode === 0) {
322		- return;
323		- }
324		- $errorMsg = ldap_error($resource);
325		-
326		- if($this->curFunc === 'ldap_get_entries'
327		- && $errorCode === -4) {
328		- } else if ($errorCode === 32) {
329		- //for now
330		- } else if ($errorCode === 10) {
331		- //referrals, we switch them off, but then there is AD :)
332		- } else if ($errorCode === -1) {
333		- throw new ServerNotAvailableException('Lost connection to LDAP server.');
334		- } else if ($errorCode === 48) {
335		- throw new \Exception('LDAP authentication method rejected', $errorCode);
336		- } else if ($errorCode === 1) {
337		- throw new \Exception('LDAP Operations error', $errorCode);
338		- } else if ($errorCode === 19) {
339		- ldap_get_option($this->curArgs[0], LDAP_OPT_ERROR_STRING, $extended_error);
340		- throw new ConstraintViolationException(!empty($extended_error)?$extended_error:$errorMsg, $errorCode);
341		- } else {
342		- \OCP\Util::writeLog('user_ldap',
343		- 'LDAP error '.$errorMsg.' (' .
344		- $errorCode.') after calling '.
345		- $this->curFunc,
346		- \OCP\Util::DEBUG);
347		- }
348		- }
349		-
350		- /**
351		- * Called after an ldap method is run to act on LDAP error if necessary
352		- */
353		- private function postFunctionCall() {
354		- if($this->isResource($this->curArgs[0])) {
355		- $resource = $this->curArgs[0];
356		- } else if(
357		- $this->curFunc === 'ldap_search'
358		- && is_array($this->curArgs[0])
359		- && $this->isResource($this->curArgs[0][0])
360		- ) {
361		- // we use always the same LDAP connection resource, is enough to
362		- // take the first one.
363		- $resource = $this->curArgs[0][0];
364		- } else {
365		- return;
366		- }
367		-
368		- $this->processLDAPError($resource);
369		-
370		- $this->curFunc = '';
371		- $this->curArgs = [];
372		- }
	36	+ protected $curFunc = '';
	37	+ protected $curArgs = array();
	38	+
	39	+ /**
	40	+ * @param resource $link
	41	+ * @param string $dn
	42	+ * @param string $password
	43	+ * @return bool\|mixed
	44	+ */
	45	+ public function bind($link, $dn, $password) {
	46	+ return $this->invokeLDAPMethod('bind', $link, $dn, $password);
	47	+ }
	48	+
	49	+ /**
	50	+ * @param string $host
	51	+ * @param string $port
	52	+ * @return mixed
	53	+ */
	54	+ public function connect($host, $port) {
	55	+ if(strpos($host, '://') === false) {
	56	+ $host = 'ldap://' . $host;
	57	+ }
	58	+ if(strpos($host, ':', strpos($host, '://') + 1) === false) {
	59	+ //ldap_connect ignores port parameter when URLs are passed
	60	+ $host .= ':' . $port;
	61	+ }
	62	+ return $this->invokeLDAPMethod('connect', $host);
	63	+ }
	64	+
	65	+ /**
	66	+ * @param LDAP $link
	67	+ * @param LDAP $result
	68	+ * @param string $cookie
	69	+ * @return bool\|LDAP
	70	+ */
	71	+ public function controlPagedResultResponse($link, $result, &$cookie) {
	72	+ $this->preFunctionCall('ldap_control_paged_result_response',
	73	+ array($link, $result, $cookie));
	74	+ $result = ldap_control_paged_result_response($link, $result, $cookie);
	75	+ $this->postFunctionCall();
	76	+
	77	+ return $result;
	78	+ }
	79	+
	80	+ /**
	81	+ * @param LDAP $link
	82	+ * @param int $pageSize
	83	+ * @param bool $isCritical
	84	+ * @param string $cookie
	85	+ * @return mixed\|true
	86	+ */
	87	+ public function controlPagedResult($link, $pageSize, $isCritical, $cookie) {
	88	+ return $this->invokeLDAPMethod('control_paged_result', $link, $pageSize,
	89	+ $isCritical, $cookie);
	90	+ }
	91	+
	92	+ /**
	93	+ * @param LDAP $link
	94	+ * @param LDAP $result
	95	+ * @return mixed
	96	+ */
	97	+ public function countEntries($link, $result) {
	98	+ return $this->invokeLDAPMethod('count_entries', $link, $result);
	99	+ }
	100	+
	101	+ /**
	102	+ * @param LDAP $link
	103	+ * @return mixed\|string
	104	+ */
	105	+ public function errno($link) {
	106	+ return $this->invokeLDAPMethod('errno', $link);
	107	+ }
	108	+
	109	+ /**
	110	+ * @param LDAP $link
	111	+ * @return int\|mixed
	112	+ */
	113	+ public function error($link) {
	114	+ return $this->invokeLDAPMethod('error', $link);
	115	+ }
	116	+
	117	+ /**
	118	+ * Splits DN into its component parts
	119	+ * @param string $dn
	120	+ * @param int @withAttrib
	121	+ * @return array\|false
	122	+ * @link http://www.php.net/manual/en/function.ldap-explode-dn.php
	123	+ */
	124	+ public function explodeDN($dn, $withAttrib) {
	125	+ return $this->invokeLDAPMethod('explode_dn', $dn, $withAttrib);
	126	+ }
	127	+
	128	+ /**
	129	+ * @param LDAP $link
	130	+ * @param LDAP $result
	131	+ * @return mixed
	132	+ */
	133	+ public function firstEntry($link, $result) {
	134	+ return $this->invokeLDAPMethod('first_entry', $link, $result);
	135	+ }
	136	+
	137	+ /**
	138	+ * @param LDAP $link
	139	+ * @param LDAP $result
	140	+ * @return array\|mixed
	141	+ */
	142	+ public function getAttributes($link, $result) {
	143	+ return $this->invokeLDAPMethod('get_attributes', $link, $result);
	144	+ }
	145	+
	146	+ /**
	147	+ * @param LDAP $link
	148	+ * @param LDAP $result
	149	+ * @return mixed\|string
	150	+ */
	151	+ public function getDN($link, $result) {
	152	+ return $this->invokeLDAPMethod('get_dn', $link, $result);
	153	+ }
	154	+
	155	+ /**
	156	+ * @param LDAP $link
	157	+ * @param LDAP $result
	158	+ * @return array\|mixed
	159	+ */
	160	+ public function getEntries($link, $result) {
	161	+ return $this->invokeLDAPMethod('get_entries', $link, $result);
	162	+ }
	163	+
	164	+ /**
	165	+ * @param LDAP $link
	166	+ * @param resource $result
	167	+ * @return mixed
	168	+ */
	169	+ public function nextEntry($link, $result) {
	170	+ return $this->invokeLDAPMethod('next_entry', $link, $result);
	171	+ }
	172	+
	173	+ /**
	174	+ * @param LDAP $link
	175	+ * @param string $baseDN
	176	+ * @param string $filter
	177	+ * @param array $attr
	178	+ * @return mixed
	179	+ */
	180	+ public function read($link, $baseDN, $filter, $attr) {
	181	+ return $this->invokeLDAPMethod('read', $link, $baseDN, $filter, $attr);
	182	+ }
	183	+
	184	+ /**
	185	+ * @param LDAP $link
	186	+ * @param string $baseDN
	187	+ * @param string $filter
	188	+ * @param array $attr
	189	+ * @param int $attrsOnly
	190	+ * @param int $limit
	191	+ * @return mixed
	192	+ */
	193	+ public function search($link, $baseDN, $filter, $attr, $attrsOnly = 0, $limit = 0) {
	194	+ return $this->invokeLDAPMethod('search', $link, $baseDN, $filter, $attr, $attrsOnly, $limit);
	195	+ }
	196	+
	197	+ /**
	198	+ * @param LDAP $link
	199	+ * @param string $userDN
	200	+ * @param string $password
	201	+ * @return bool
	202	+ */
	203	+ public function modReplace($link, $userDN, $password) {
	204	+ return $this->invokeLDAPMethod('mod_replace', $link, $userDN, array('userPassword' => $password));
	205	+ }
	206	+
	207	+ /**
	208	+ * @param LDAP $link
	209	+ * @param string $option
	210	+ * @param int $value
	211	+ * @return bool\|mixed
	212	+ */
	213	+ public function setOption($link, $option, $value) {
	214	+ return $this->invokeLDAPMethod('set_option', $link, $option, $value);
	215	+ }
	216	+
	217	+ /**
	218	+ * @param LDAP $link
	219	+ * @return mixed\|true
	220	+ */
	221	+ public function startTls($link) {
	222	+ return $this->invokeLDAPMethod('start_tls', $link);
	223	+ }
	224	+
	225	+ /**
	226	+ * @param resource $link
	227	+ * @return bool\|mixed
	228	+ */
	229	+ public function unbind($link) {
	230	+ return $this->invokeLDAPMethod('unbind', $link);
	231	+ }
	232	+
	233	+ /**
	234	+ * Checks whether the server supports LDAP
	235	+ * @return boolean if it the case, false otherwise
	236	+ * */
	237	+ public function areLDAPFunctionsAvailable() {
	238	+ return function_exists('ldap_connect');
	239	+ }
	240	+
	241	+ /**
	242	+ * Checks whether PHP supports LDAP Paged Results
	243	+ * @return boolean if it the case, false otherwise
	244	+ * */
	245	+ public function hasPagedResultSupport() {
	246	+ $hasSupport = function_exists('ldap_control_paged_result')
	247	+ && function_exists('ldap_control_paged_result_response');
	248	+ return $hasSupport;
	249	+ }
	250	+
	251	+ /**
	252	+ * Checks whether the submitted parameter is a resource
	253	+ * @param Resource $resource the resource variable to check
	254	+ * @return bool true if it is a resource, false otherwise
	255	+ */
	256	+ public function isResource($resource) {
	257	+ return is_resource($resource);
	258	+ }
	259	+
	260	+ /**
	261	+ * Checks whether the return value from LDAP is wrong or not.
	262	+ *
	263	+ * When using ldap_search we provide an array, in case multiple bases are
	264	+ * configured. Thus, we need to check the array elements.
	265	+ *
	266	+ * @param $result
	267	+ * @return bool
	268	+ */
	269	+ protected function isResultFalse($result) {
	270	+ if($result === false) {
	271	+ return true;
	272	+ }
	273	+
	274	+ if($this->curFunc === 'ldap_search' && is_array($result)) {
	275	+ foreach ($result as $singleResult) {
	276	+ if($singleResult === false) {
	277	+ return true;
	278	+ }
	279	+ }
	280	+ }
	281	+
	282	+ return false;
	283	+ }
	284	+
	285	+ /**
	286	+ * @return mixed
	287	+ */
	288	+ protected function invokeLDAPMethod() {
	289	+ $arguments = func_get_args();
	290	+ $func = 'ldap_' . array_shift($arguments);
	291	+ if(function_exists($func)) {
	292	+ $this->preFunctionCall($func, $arguments);
	293	+ $result = call_user_func_array($func, $arguments);
	294	+ if ($this->isResultFalse($result)) {
	295	+ $this->postFunctionCall();
	296	+ }
	297	+ return $result;
	298	+ }
	299	+ return null;
	300	+ }
	301	+
	302	+ /**
	303	+ * @param string $functionName
	304	+ * @param array $args
	305	+ */
	306	+ private function preFunctionCall($functionName, $args) {
	307	+ $this->curFunc = $functionName;
	308	+ $this->curArgs = $args;
	309	+ }
	310	+
	311	+ /**
	312	+ * Analyzes the returned LDAP error and acts accordingly if not 0
	313	+ *
	314	+ * @param resource $resource the LDAP Connection resource
	315	+ * @throws ConstraintViolationException
	316	+ * @throws ServerNotAvailableException
	317	+ * @throws \Exception
	318	+ */
	319	+ private function processLDAPError($resource) {
	320	+ $errorCode = ldap_errno($resource);
	321	+ if($errorCode === 0) {
	322	+ return;
	323	+ }
	324	+ $errorMsg = ldap_error($resource);
	325	+
	326	+ if($this->curFunc === 'ldap_get_entries'
	327	+ && $errorCode === -4) {
	328	+ } else if ($errorCode === 32) {
	329	+ //for now
	330	+ } else if ($errorCode === 10) {
	331	+ //referrals, we switch them off, but then there is AD :)
	332	+ } else if ($errorCode === -1) {
	333	+ throw new ServerNotAvailableException('Lost connection to LDAP server.');
	334	+ } else if ($errorCode === 48) {
	335	+ throw new \Exception('LDAP authentication method rejected', $errorCode);
	336	+ } else if ($errorCode === 1) {
	337	+ throw new \Exception('LDAP Operations error', $errorCode);
	338	+ } else if ($errorCode === 19) {
	339	+ ldap_get_option($this->curArgs[0], LDAP_OPT_ERROR_STRING, $extended_error);
	340	+ throw new ConstraintViolationException(!empty($extended_error)?$extended_error:$errorMsg, $errorCode);
	341	+ } else {
	342	+ \OCP\Util::writeLog('user_ldap',
	343	+ 'LDAP error '.$errorMsg.' (' .
	344	+ $errorCode.') after calling '.
	345	+ $this->curFunc,
	346	+ \OCP\Util::DEBUG);
	347	+ }
	348	+ }
	349	+
	350	+ /**
	351	+ * Called after an ldap method is run to act on LDAP error if necessary
	352	+ */
	353	+ private function postFunctionCall() {
	354	+ if($this->isResource($this->curArgs[0])) {
	355	+ $resource = $this->curArgs[0];
	356	+ } else if(
	357	+ $this->curFunc === 'ldap_search'
	358	+ && is_array($this->curArgs[0])
	359	+ && $this->isResource($this->curArgs[0][0])
	360	+ ) {
	361	+ // we use always the same LDAP connection resource, is enough to
	362	+ // take the first one.
	363	+ $resource = $this->curArgs[0][0];
	364	+ } else {
	365	+ return;
	366	+ }
	367	+
	368	+ $this->processLDAPError($resource);
	369	+
	370	+ $this->curFunc = '';
	371	+ $this->curArgs = [];
	372	+ }
373	373	}

nextcloud / server

Push — master ( be9ae4...03a92e )

Status

Category

Indentation +79 added lines, -79 removed lines patch added patch discarded remove patch

Indentation +5 added lines, -5 removed lines patch added patch discarded remove patch

Indentation +7 added lines, -7 removed lines patch added patch discarded remove patch

Indentation +7 added lines, -7 removed lines patch added patch discarded remove patch

Indentation +200 added lines, -200 removed lines patch added patch discarded remove patch

Indentation +178 added lines, -178 removed lines patch added patch discarded remove patch

Indentation +1318 added lines, -1318 removed lines patch added patch discarded remove patch

Indentation +337 added lines, -337 removed lines patch added patch discarded remove patch

Indentation +499 added lines, -499 removed lines patch added patch discarded remove patch