Passed
Push — master ( ae54ae...41fe4d )
by Blizzz
17:31 queued 11s
created
apps/user_ldap/lib/Jobs/CleanUp.php 2 patches
Indentation   +183 added lines, -183 removed lines patch added patch discarded remove patch
@@ -43,187 +43,187 @@
 block discarded – undo
43 43
  * @package OCA\User_LDAP\Jobs;
44 44
  */
45 45
 class CleanUp extends TimedJob {
46
-	/** @var int $limit amount of users that should be checked per run */
47
-	protected $limit;
48
-
49
-	/** @var int $defaultIntervalMin default interval in minutes */
50
-	protected $defaultIntervalMin = 51;
51
-
52
-	/** @var User_LDAP|User_Proxy $userBackend */
53
-	protected $userBackend;
54
-
55
-	/** @var \OCP\IConfig $ocConfig */
56
-	protected $ocConfig;
57
-
58
-	/** @var \OCP\IDBConnection $db */
59
-	protected $db;
60
-
61
-	/** @var Helper $ldapHelper */
62
-	protected $ldapHelper;
63
-
64
-	/** @var UserMapping */
65
-	protected $mapping;
66
-
67
-	/** @var DeletedUsersIndex */
68
-	protected $dui;
69
-
70
-	public function __construct(User_Proxy $userBackend, DeletedUsersIndex $dui) {
71
-		$minutes = \OC::$server->getConfig()->getSystemValue(
72
-			'ldapUserCleanupInterval', (string)$this->defaultIntervalMin);
73
-		$this->setInterval((int)$minutes * 60);
74
-		$this->userBackend = $userBackend;
75
-		$this->dui = $dui;
76
-	}
77
-
78
-	/**
79
-	 * assigns the instances passed to run() to the class properties
80
-	 * @param array $arguments
81
-	 */
82
-	public function setArguments($arguments) {
83
-		//Dependency Injection is not possible, because the constructor will
84
-		//only get values that are serialized to JSON. I.e. whatever we would
85
-		//pass in app.php we do add here, except something else is passed e.g.
86
-		//in tests.
87
-
88
-		if (isset($arguments['helper'])) {
89
-			$this->ldapHelper = $arguments['helper'];
90
-		} else {
91
-			$this->ldapHelper = new Helper(\OC::$server->getConfig());
92
-		}
93
-
94
-		if (isset($arguments['ocConfig'])) {
95
-			$this->ocConfig = $arguments['ocConfig'];
96
-		} else {
97
-			$this->ocConfig = \OC::$server->getConfig();
98
-		}
99
-
100
-		if (isset($arguments['userBackend'])) {
101
-			$this->userBackend = $arguments['userBackend'];
102
-		}
103
-
104
-		if (isset($arguments['db'])) {
105
-			$this->db = $arguments['db'];
106
-		} else {
107
-			$this->db = \OC::$server->getDatabaseConnection();
108
-		}
109
-
110
-		if (isset($arguments['mapping'])) {
111
-			$this->mapping = $arguments['mapping'];
112
-		} else {
113
-			$this->mapping = new UserMapping($this->db);
114
-		}
115
-
116
-		if (isset($arguments['deletedUsersIndex'])) {
117
-			$this->dui = $arguments['deletedUsersIndex'];
118
-		}
119
-	}
120
-
121
-	/**
122
-	 * makes the background job do its work
123
-	 * @param array $argument
124
-	 */
125
-	public function run($argument) {
126
-		$this->setArguments($argument);
127
-
128
-		if (!$this->isCleanUpAllowed()) {
129
-			return;
130
-		}
131
-		$users = $this->mapping->getList($this->getOffset(), $this->getChunkSize());
132
-		if (!is_array($users)) {
133
-			//something wrong? Let's start from the beginning next time and
134
-			//abort
135
-			$this->setOffset(true);
136
-			return;
137
-		}
138
-		$resetOffset = $this->isOffsetResetNecessary(count($users));
139
-		$this->checkUsers($users);
140
-		$this->setOffset($resetOffset);
141
-	}
142
-
143
-	/**
144
-	 * checks whether next run should start at 0 again
145
-	 * @param int $resultCount
146
-	 * @return bool
147
-	 */
148
-	public function isOffsetResetNecessary($resultCount) {
149
-		return $resultCount < $this->getChunkSize();
150
-	}
151
-
152
-	/**
153
-	 * checks whether cleaning up LDAP users is allowed
154
-	 * @return bool
155
-	 */
156
-	public function isCleanUpAllowed() {
157
-		try {
158
-			if ($this->ldapHelper->haveDisabledConfigurations()) {
159
-				return false;
160
-			}
161
-		} catch (\Exception $e) {
162
-			return false;
163
-		}
164
-
165
-		return $this->isCleanUpEnabled();
166
-	}
167
-
168
-	/**
169
-	 * checks whether clean up is enabled by configuration
170
-	 * @return bool
171
-	 */
172
-	private function isCleanUpEnabled() {
173
-		return (bool)$this->ocConfig->getSystemValue(
174
-			'ldapUserCleanupInterval', (string)$this->defaultIntervalMin);
175
-	}
176
-
177
-	/**
178
-	 * checks users whether they are still existing
179
-	 * @param array $users result from getMappedUsers()
180
-	 */
181
-	private function checkUsers(array $users) {
182
-		foreach ($users as $user) {
183
-			$this->checkUser($user);
184
-		}
185
-	}
186
-
187
-	/**
188
-	 * checks whether a user is still existing in LDAP
189
-	 * @param string[] $user
190
-	 */
191
-	private function checkUser(array $user) {
192
-		if ($this->userBackend->userExistsOnLDAP($user['name'])) {
193
-			//still available, all good
194
-
195
-			return;
196
-		}
197
-
198
-		$this->dui->markUser($user['name']);
199
-	}
200
-
201
-	/**
202
-	 * gets the offset to fetch users from the mappings table
203
-	 * @return int
204
-	 */
205
-	private function getOffset() {
206
-		return (int)$this->ocConfig->getAppValue('user_ldap', 'cleanUpJobOffset', 0);
207
-	}
208
-
209
-	/**
210
-	 * sets the new offset for the next run
211
-	 * @param bool $reset whether the offset should be set to 0
212
-	 */
213
-	public function setOffset($reset = false) {
214
-		$newOffset = $reset ? 0 :
215
-			$this->getOffset() + $this->getChunkSize();
216
-		$this->ocConfig->setAppValue('user_ldap', 'cleanUpJobOffset', $newOffset);
217
-	}
218
-
219
-	/**
220
-	 * returns the chunk size (limit in DB speak)
221
-	 * @return int
222
-	 */
223
-	public function getChunkSize() {
224
-		if ($this->limit === null) {
225
-			$this->limit = (int)$this->ocConfig->getAppValue('user_ldap', 'cleanUpJobChunkSize', 50);
226
-		}
227
-		return $this->limit;
228
-	}
46
+    /** @var int $limit amount of users that should be checked per run */
47
+    protected $limit;
48
+
49
+    /** @var int $defaultIntervalMin default interval in minutes */
50
+    protected $defaultIntervalMin = 51;
51
+
52
+    /** @var User_LDAP|User_Proxy $userBackend */
53
+    protected $userBackend;
54
+
55
+    /** @var \OCP\IConfig $ocConfig */
56
+    protected $ocConfig;
57
+
58
+    /** @var \OCP\IDBConnection $db */
59
+    protected $db;
60
+
61
+    /** @var Helper $ldapHelper */
62
+    protected $ldapHelper;
63
+
64
+    /** @var UserMapping */
65
+    protected $mapping;
66
+
67
+    /** @var DeletedUsersIndex */
68
+    protected $dui;
69
+
70
+    public function __construct(User_Proxy $userBackend, DeletedUsersIndex $dui) {
71
+        $minutes = \OC::$server->getConfig()->getSystemValue(
72
+            'ldapUserCleanupInterval', (string)$this->defaultIntervalMin);
73
+        $this->setInterval((int)$minutes * 60);
74
+        $this->userBackend = $userBackend;
75
+        $this->dui = $dui;
76
+    }
77
+
78
+    /**
79
+     * assigns the instances passed to run() to the class properties
80
+     * @param array $arguments
81
+     */
82
+    public function setArguments($arguments) {
83
+        //Dependency Injection is not possible, because the constructor will
84
+        //only get values that are serialized to JSON. I.e. whatever we would
85
+        //pass in app.php we do add here, except something else is passed e.g.
86
+        //in tests.
87
+
88
+        if (isset($arguments['helper'])) {
89
+            $this->ldapHelper = $arguments['helper'];
90
+        } else {
91
+            $this->ldapHelper = new Helper(\OC::$server->getConfig());
92
+        }
93
+
94
+        if (isset($arguments['ocConfig'])) {
95
+            $this->ocConfig = $arguments['ocConfig'];
96
+        } else {
97
+            $this->ocConfig = \OC::$server->getConfig();
98
+        }
99
+
100
+        if (isset($arguments['userBackend'])) {
101
+            $this->userBackend = $arguments['userBackend'];
102
+        }
103
+
104
+        if (isset($arguments['db'])) {
105
+            $this->db = $arguments['db'];
106
+        } else {
107
+            $this->db = \OC::$server->getDatabaseConnection();
108
+        }
109
+
110
+        if (isset($arguments['mapping'])) {
111
+            $this->mapping = $arguments['mapping'];
112
+        } else {
113
+            $this->mapping = new UserMapping($this->db);
114
+        }
115
+
116
+        if (isset($arguments['deletedUsersIndex'])) {
117
+            $this->dui = $arguments['deletedUsersIndex'];
118
+        }
119
+    }
120
+
121
+    /**
122
+     * makes the background job do its work
123
+     * @param array $argument
124
+     */
125
+    public function run($argument) {
126
+        $this->setArguments($argument);
127
+
128
+        if (!$this->isCleanUpAllowed()) {
129
+            return;
130
+        }
131
+        $users = $this->mapping->getList($this->getOffset(), $this->getChunkSize());
132
+        if (!is_array($users)) {
133
+            //something wrong? Let's start from the beginning next time and
134
+            //abort
135
+            $this->setOffset(true);
136
+            return;
137
+        }
138
+        $resetOffset = $this->isOffsetResetNecessary(count($users));
139
+        $this->checkUsers($users);
140
+        $this->setOffset($resetOffset);
141
+    }
142
+
143
+    /**
144
+     * checks whether next run should start at 0 again
145
+     * @param int $resultCount
146
+     * @return bool
147
+     */
148
+    public function isOffsetResetNecessary($resultCount) {
149
+        return $resultCount < $this->getChunkSize();
150
+    }
151
+
152
+    /**
153
+     * checks whether cleaning up LDAP users is allowed
154
+     * @return bool
155
+     */
156
+    public function isCleanUpAllowed() {
157
+        try {
158
+            if ($this->ldapHelper->haveDisabledConfigurations()) {
159
+                return false;
160
+            }
161
+        } catch (\Exception $e) {
162
+            return false;
163
+        }
164
+
165
+        return $this->isCleanUpEnabled();
166
+    }
167
+
168
+    /**
169
+     * checks whether clean up is enabled by configuration
170
+     * @return bool
171
+     */
172
+    private function isCleanUpEnabled() {
173
+        return (bool)$this->ocConfig->getSystemValue(
174
+            'ldapUserCleanupInterval', (string)$this->defaultIntervalMin);
175
+    }
176
+
177
+    /**
178
+     * checks users whether they are still existing
179
+     * @param array $users result from getMappedUsers()
180
+     */
181
+    private function checkUsers(array $users) {
182
+        foreach ($users as $user) {
183
+            $this->checkUser($user);
184
+        }
185
+    }
186
+
187
+    /**
188
+     * checks whether a user is still existing in LDAP
189
+     * @param string[] $user
190
+     */
191
+    private function checkUser(array $user) {
192
+        if ($this->userBackend->userExistsOnLDAP($user['name'])) {
193
+            //still available, all good
194
+
195
+            return;
196
+        }
197
+
198
+        $this->dui->markUser($user['name']);
199
+    }
200
+
201
+    /**
202
+     * gets the offset to fetch users from the mappings table
203
+     * @return int
204
+     */
205
+    private function getOffset() {
206
+        return (int)$this->ocConfig->getAppValue('user_ldap', 'cleanUpJobOffset', 0);
207
+    }
208
+
209
+    /**
210
+     * sets the new offset for the next run
211
+     * @param bool $reset whether the offset should be set to 0
212
+     */
213
+    public function setOffset($reset = false) {
214
+        $newOffset = $reset ? 0 :
215
+            $this->getOffset() + $this->getChunkSize();
216
+        $this->ocConfig->setAppValue('user_ldap', 'cleanUpJobOffset', $newOffset);
217
+    }
218
+
219
+    /**
220
+     * returns the chunk size (limit in DB speak)
221
+     * @return int
222
+     */
223
+    public function getChunkSize() {
224
+        if ($this->limit === null) {
225
+            $this->limit = (int)$this->ocConfig->getAppValue('user_ldap', 'cleanUpJobChunkSize', 50);
226
+        }
227
+        return $this->limit;
228
+    }
229 229
 }
Please login to merge, or discard this patch.
Spacing   +7 added lines, -8 removed lines patch added patch discarded remove patch
@@ -69,8 +69,8 @@  discard block
 block discarded – undo
69 69
 
70 70
 	public function __construct(User_Proxy $userBackend, DeletedUsersIndex $dui) {
71 71
 		$minutes = \OC::$server->getConfig()->getSystemValue(
72
-			'ldapUserCleanupInterval', (string)$this->defaultIntervalMin);
73
-		$this->setInterval((int)$minutes * 60);
72
+			'ldapUserCleanupInterval', (string) $this->defaultIntervalMin);
73
+		$this->setInterval((int) $minutes * 60);
74 74
 		$this->userBackend = $userBackend;
75 75
 		$this->dui = $dui;
76 76
 	}
@@ -170,8 +170,8 @@  discard block
 block discarded – undo
170 170
 	 * @return bool
171 171
 	 */
172 172
 	private function isCleanUpEnabled() {
173
-		return (bool)$this->ocConfig->getSystemValue(
174
-			'ldapUserCleanupInterval', (string)$this->defaultIntervalMin);
173
+		return (bool) $this->ocConfig->getSystemValue(
174
+			'ldapUserCleanupInterval', (string) $this->defaultIntervalMin);
175 175
 	}
176 176
 
177 177
 	/**
@@ -203,7 +203,7 @@  discard block
 block discarded – undo
203 203
 	 * @return int
204 204
 	 */
205 205
 	private function getOffset() {
206
-		return (int)$this->ocConfig->getAppValue('user_ldap', 'cleanUpJobOffset', 0);
206
+		return (int) $this->ocConfig->getAppValue('user_ldap', 'cleanUpJobOffset', 0);
207 207
 	}
208 208
 
209 209
 	/**
@@ -211,8 +211,7 @@  discard block
 block discarded – undo
211 211
 	 * @param bool $reset whether the offset should be set to 0
212 212
 	 */
213 213
 	public function setOffset($reset = false) {
214
-		$newOffset = $reset ? 0 :
215
-			$this->getOffset() + $this->getChunkSize();
214
+		$newOffset = $reset ? 0 : $this->getOffset() + $this->getChunkSize();
216 215
 		$this->ocConfig->setAppValue('user_ldap', 'cleanUpJobOffset', $newOffset);
217 216
 	}
218 217
 
@@ -222,7 +221,7 @@  discard block
 block discarded – undo
222 221
 	 */
223 222
 	public function getChunkSize() {
224 223
 		if ($this->limit === null) {
225
-			$this->limit = (int)$this->ocConfig->getAppValue('user_ldap', 'cleanUpJobChunkSize', 50);
224
+			$this->limit = (int) $this->ocConfig->getAppValue('user_ldap', 'cleanUpJobChunkSize', 50);
226 225
 		}
227 226
 		return $this->limit;
228 227
 	}
Please login to merge, or discard this patch.
apps/user_ldap/lib/Jobs/Sync.php 1 patch
Indentation   +329 added lines, -329 removed lines patch added patch discarded remove patch
@@ -40,333 +40,333 @@
 block discarded – undo
40 40
 use OCP\Notification\IManager;
41 41
 
42 42
 class Sync extends TimedJob {
43
-	public const MAX_INTERVAL = 12 * 60 * 60; // 12h
44
-	public const MIN_INTERVAL = 30 * 60; // 30min
45
-	/** @var  Helper */
46
-	protected $ldapHelper;
47
-	/** @var  LDAP */
48
-	protected $ldap;
49
-	/** @var  Manager */
50
-	protected $userManager;
51
-	/** @var UserMapping */
52
-	protected $mapper;
53
-	/** @var  IConfig */
54
-	protected $config;
55
-	/** @var  IAvatarManager */
56
-	protected $avatarManager;
57
-	/** @var  IDBConnection */
58
-	protected $dbc;
59
-	/** @var  IUserManager */
60
-	protected $ncUserManager;
61
-	/** @var  IManager */
62
-	protected $notificationManager;
63
-	/** @var ConnectionFactory */
64
-	protected $connectionFactory;
65
-	/** @var AccessFactory */
66
-	protected $accessFactory;
67
-
68
-	public function __construct(Manager  $userManager) {
69
-		$this->userManager = $userManager;
70
-		$this->setInterval(
71
-			\OC::$server->getConfig()->getAppValue(
72
-				'user_ldap',
73
-				'background_sync_interval',
74
-				self::MIN_INTERVAL
75
-			)
76
-		);
77
-	}
78
-
79
-	/**
80
-	 * updates the interval
81
-	 *
82
-	 * the idea is to adjust the interval depending on the amount of known users
83
-	 * and the attempt to update each user one day. At most it would run every
84
-	 * 30 minutes, and at least every 12 hours.
85
-	 */
86
-	public function updateInterval() {
87
-		$minPagingSize = $this->getMinPagingSize();
88
-		$mappedUsers = $this->mapper->count();
89
-
90
-		$runsPerDay = ($minPagingSize === 0 || $mappedUsers === 0) ? self::MAX_INTERVAL
91
-			: $mappedUsers / $minPagingSize;
92
-		$interval = floor(24 * 60 * 60 / $runsPerDay);
93
-		$interval = min(max($interval, self::MIN_INTERVAL), self::MAX_INTERVAL);
94
-
95
-		$this->config->setAppValue('user_ldap', 'background_sync_interval', $interval);
96
-	}
97
-
98
-	/**
99
-	 * returns the smallest configured paging size
100
-	 * @return int
101
-	 */
102
-	protected function getMinPagingSize() {
103
-		$configKeys = $this->config->getAppKeys('user_ldap');
104
-		$configKeys = array_filter($configKeys, function ($key) {
105
-			return strpos($key, 'ldap_paging_size') !== false;
106
-		});
107
-		$minPagingSize = null;
108
-		foreach ($configKeys as $configKey) {
109
-			$pagingSize = $this->config->getAppValue('user_ldap', $configKey, $minPagingSize);
110
-			$minPagingSize = $minPagingSize === null ? $pagingSize : min($minPagingSize, $pagingSize);
111
-		}
112
-		return (int)$minPagingSize;
113
-	}
114
-
115
-	/**
116
-	 * @param array $argument
117
-	 */
118
-	public function run($argument) {
119
-		$this->setArgument($argument);
120
-
121
-		$isBackgroundJobModeAjax = $this->config
122
-				->getAppValue('core', 'backgroundjobs_mode', 'ajax') === 'ajax';
123
-		if ($isBackgroundJobModeAjax) {
124
-			return;
125
-		}
126
-
127
-		$cycleData = $this->getCycle();
128
-		if ($cycleData === null) {
129
-			$cycleData = $this->determineNextCycle();
130
-			if ($cycleData === null) {
131
-				$this->updateInterval();
132
-				return;
133
-			}
134
-		}
135
-
136
-		if (!$this->qualifiesToRun($cycleData)) {
137
-			$this->updateInterval();
138
-			return;
139
-		}
140
-
141
-		try {
142
-			$expectMoreResults = $this->runCycle($cycleData);
143
-			if ($expectMoreResults) {
144
-				$this->increaseOffset($cycleData);
145
-			} else {
146
-				$this->determineNextCycle($cycleData);
147
-			}
148
-			$this->updateInterval();
149
-		} catch (ServerNotAvailableException $e) {
150
-			$this->determineNextCycle($cycleData);
151
-		}
152
-	}
153
-
154
-	/**
155
-	 * @param array $cycleData
156
-	 * @return bool whether more results are expected from the same configuration
157
-	 */
158
-	public function runCycle($cycleData) {
159
-		$connection = $this->connectionFactory->get($cycleData['prefix']);
160
-		$access = $this->accessFactory->get($connection);
161
-		$access->setUserMapper($this->mapper);
162
-
163
-		$filter = $access->combineFilterWithAnd([
164
-			$access->connection->ldapUserFilter,
165
-			$access->connection->ldapUserDisplayName . '=*',
166
-			$access->getFilterPartForUserSearch('')
167
-		]);
168
-		$results = $access->fetchListOfUsers(
169
-			$filter,
170
-			$access->userManager->getAttributes(),
171
-			$connection->ldapPagingSize,
172
-			$cycleData['offset'],
173
-			true
174
-		);
175
-
176
-		if ((int)$connection->ldapPagingSize === 0) {
177
-			return false;
178
-		}
179
-		return count($results) >= (int)$connection->ldapPagingSize;
180
-	}
181
-
182
-	/**
183
-	 * returns the info about the current cycle that should be run, if any,
184
-	 * otherwise null
185
-	 *
186
-	 * @return array|null
187
-	 */
188
-	public function getCycle() {
189
-		$prefixes = $this->ldapHelper->getServerConfigurationPrefixes(true);
190
-		if (count($prefixes) === 0) {
191
-			return null;
192
-		}
193
-
194
-		$cycleData = [
195
-			'prefix' => $this->config->getAppValue('user_ldap', 'background_sync_prefix', null),
196
-			'offset' => (int)$this->config->getAppValue('user_ldap', 'background_sync_offset', 0),
197
-		];
198
-
199
-		if (
200
-			$cycleData['prefix'] !== null
201
-			&& in_array($cycleData['prefix'], $prefixes)
202
-		) {
203
-			return $cycleData;
204
-		}
205
-
206
-		return null;
207
-	}
208
-
209
-	/**
210
-	 * Save the provided cycle information in the DB
211
-	 *
212
-	 * @param array $cycleData
213
-	 */
214
-	public function setCycle(array $cycleData) {
215
-		$this->config->setAppValue('user_ldap', 'background_sync_prefix', $cycleData['prefix']);
216
-		$this->config->setAppValue('user_ldap', 'background_sync_offset', $cycleData['offset']);
217
-	}
218
-
219
-	/**
220
-	 * returns data about the next cycle that should run, if any, otherwise
221
-	 * null. It also always goes for the next LDAP configuration!
222
-	 *
223
-	 * @param array|null $cycleData the old cycle
224
-	 * @return array|null
225
-	 */
226
-	public function determineNextCycle(array $cycleData = null) {
227
-		$prefixes = $this->ldapHelper->getServerConfigurationPrefixes(true);
228
-		if (count($prefixes) === 0) {
229
-			return null;
230
-		}
231
-
232
-		// get the next prefix in line and remember it
233
-		$oldPrefix = $cycleData === null ? null : $cycleData['prefix'];
234
-		$prefix = $this->getNextPrefix($oldPrefix);
235
-		if ($prefix === null) {
236
-			return null;
237
-		}
238
-		$cycleData['prefix'] = $prefix;
239
-		$cycleData['offset'] = 0;
240
-		$this->setCycle(['prefix' => $prefix, 'offset' => 0]);
241
-
242
-		return $cycleData;
243
-	}
244
-
245
-	/**
246
-	 * Checks whether the provided cycle should be run. Currently only the
247
-	 * last configuration change goes into account (at least one hour).
248
-	 *
249
-	 * @param $cycleData
250
-	 * @return bool
251
-	 */
252
-	public function qualifiesToRun($cycleData) {
253
-		$lastChange = $this->config->getAppValue('user_ldap', $cycleData['prefix'] . '_lastChange', 0);
254
-		if ((time() - $lastChange) > 60 * 30) {
255
-			return true;
256
-		}
257
-		return false;
258
-	}
259
-
260
-	/**
261
-	 * increases the offset of the current cycle for the next run
262
-	 *
263
-	 * @param $cycleData
264
-	 */
265
-	protected function increaseOffset($cycleData) {
266
-		$ldapConfig = new Configuration($cycleData['prefix']);
267
-		$cycleData['offset'] += (int)$ldapConfig->ldapPagingSize;
268
-		$this->setCycle($cycleData);
269
-	}
270
-
271
-	/**
272
-	 * determines the next configuration prefix based on the last one (if any)
273
-	 *
274
-	 * @param string|null $lastPrefix
275
-	 * @return string|null
276
-	 */
277
-	protected function getNextPrefix($lastPrefix) {
278
-		$prefixes = $this->ldapHelper->getServerConfigurationPrefixes(true);
279
-		$noOfPrefixes = count($prefixes);
280
-		if ($noOfPrefixes === 0) {
281
-			return null;
282
-		}
283
-		$i = $lastPrefix === null ? false : array_search($lastPrefix, $prefixes, true);
284
-		if ($i === false) {
285
-			$i = -1;
286
-		} else {
287
-			$i++;
288
-		}
289
-
290
-		if (!isset($prefixes[$i])) {
291
-			$i = 0;
292
-		}
293
-		return $prefixes[$i];
294
-	}
295
-
296
-	/**
297
-	 * "fixes" DI
298
-	 *
299
-	 * @param array $argument
300
-	 */
301
-	public function setArgument($argument) {
302
-		if (isset($argument['config'])) {
303
-			$this->config = $argument['config'];
304
-		} else {
305
-			$this->config = \OC::$server->getConfig();
306
-		}
307
-
308
-		if (isset($argument['helper'])) {
309
-			$this->ldapHelper = $argument['helper'];
310
-		} else {
311
-			$this->ldapHelper = new Helper($this->config);
312
-		}
313
-
314
-		if (isset($argument['ldapWrapper'])) {
315
-			$this->ldap = $argument['ldapWrapper'];
316
-		} else {
317
-			$this->ldap = new LDAP();
318
-		}
319
-
320
-		if (isset($argument['avatarManager'])) {
321
-			$this->avatarManager = $argument['avatarManager'];
322
-		} else {
323
-			$this->avatarManager = \OC::$server->getAvatarManager();
324
-		}
325
-
326
-		if (isset($argument['dbc'])) {
327
-			$this->dbc = $argument['dbc'];
328
-		} else {
329
-			$this->dbc = \OC::$server->getDatabaseConnection();
330
-		}
331
-
332
-		if (isset($argument['ncUserManager'])) {
333
-			$this->ncUserManager = $argument['ncUserManager'];
334
-		} else {
335
-			$this->ncUserManager = \OC::$server->getUserManager();
336
-		}
337
-
338
-		if (isset($argument['notificationManager'])) {
339
-			$this->notificationManager = $argument['notificationManager'];
340
-		} else {
341
-			$this->notificationManager = \OC::$server->getNotificationManager();
342
-		}
343
-
344
-		if (isset($argument['userManager'])) {
345
-			$this->userManager = $argument['userManager'];
346
-		}
347
-
348
-		if (isset($argument['mapper'])) {
349
-			$this->mapper = $argument['mapper'];
350
-		} else {
351
-			$this->mapper = new UserMapping($this->dbc);
352
-		}
353
-
354
-		if (isset($argument['connectionFactory'])) {
355
-			$this->connectionFactory = $argument['connectionFactory'];
356
-		} else {
357
-			$this->connectionFactory = new ConnectionFactory($this->ldap);
358
-		}
359
-
360
-		if (isset($argument['accessFactory'])) {
361
-			$this->accessFactory = $argument['accessFactory'];
362
-		} else {
363
-			$this->accessFactory = new AccessFactory(
364
-				$this->ldap,
365
-				$this->userManager,
366
-				$this->ldapHelper,
367
-				$this->config,
368
-				$this->ncUserManager
369
-			);
370
-		}
371
-	}
43
+    public const MAX_INTERVAL = 12 * 60 * 60; // 12h
44
+    public const MIN_INTERVAL = 30 * 60; // 30min
45
+    /** @var  Helper */
46
+    protected $ldapHelper;
47
+    /** @var  LDAP */
48
+    protected $ldap;
49
+    /** @var  Manager */
50
+    protected $userManager;
51
+    /** @var UserMapping */
52
+    protected $mapper;
53
+    /** @var  IConfig */
54
+    protected $config;
55
+    /** @var  IAvatarManager */
56
+    protected $avatarManager;
57
+    /** @var  IDBConnection */
58
+    protected $dbc;
59
+    /** @var  IUserManager */
60
+    protected $ncUserManager;
61
+    /** @var  IManager */
62
+    protected $notificationManager;
63
+    /** @var ConnectionFactory */
64
+    protected $connectionFactory;
65
+    /** @var AccessFactory */
66
+    protected $accessFactory;
67
+
68
+    public function __construct(Manager  $userManager) {
69
+        $this->userManager = $userManager;
70
+        $this->setInterval(
71
+            \OC::$server->getConfig()->getAppValue(
72
+                'user_ldap',
73
+                'background_sync_interval',
74
+                self::MIN_INTERVAL
75
+            )
76
+        );
77
+    }
78
+
79
+    /**
80
+     * updates the interval
81
+     *
82
+     * the idea is to adjust the interval depending on the amount of known users
83
+     * and the attempt to update each user one day. At most it would run every
84
+     * 30 minutes, and at least every 12 hours.
85
+     */
86
+    public function updateInterval() {
87
+        $minPagingSize = $this->getMinPagingSize();
88
+        $mappedUsers = $this->mapper->count();
89
+
90
+        $runsPerDay = ($minPagingSize === 0 || $mappedUsers === 0) ? self::MAX_INTERVAL
91
+            : $mappedUsers / $minPagingSize;
92
+        $interval = floor(24 * 60 * 60 / $runsPerDay);
93
+        $interval = min(max($interval, self::MIN_INTERVAL), self::MAX_INTERVAL);
94
+
95
+        $this->config->setAppValue('user_ldap', 'background_sync_interval', $interval);
96
+    }
97
+
98
+    /**
99
+     * returns the smallest configured paging size
100
+     * @return int
101
+     */
102
+    protected function getMinPagingSize() {
103
+        $configKeys = $this->config->getAppKeys('user_ldap');
104
+        $configKeys = array_filter($configKeys, function ($key) {
105
+            return strpos($key, 'ldap_paging_size') !== false;
106
+        });
107
+        $minPagingSize = null;
108
+        foreach ($configKeys as $configKey) {
109
+            $pagingSize = $this->config->getAppValue('user_ldap', $configKey, $minPagingSize);
110
+            $minPagingSize = $minPagingSize === null ? $pagingSize : min($minPagingSize, $pagingSize);
111
+        }
112
+        return (int)$minPagingSize;
113
+    }
114
+
115
+    /**
116
+     * @param array $argument
117
+     */
118
+    public function run($argument) {
119
+        $this->setArgument($argument);
120
+
121
+        $isBackgroundJobModeAjax = $this->config
122
+                ->getAppValue('core', 'backgroundjobs_mode', 'ajax') === 'ajax';
123
+        if ($isBackgroundJobModeAjax) {
124
+            return;
125
+        }
126
+
127
+        $cycleData = $this->getCycle();
128
+        if ($cycleData === null) {
129
+            $cycleData = $this->determineNextCycle();
130
+            if ($cycleData === null) {
131
+                $this->updateInterval();
132
+                return;
133
+            }
134
+        }
135
+
136
+        if (!$this->qualifiesToRun($cycleData)) {
137
+            $this->updateInterval();
138
+            return;
139
+        }
140
+
141
+        try {
142
+            $expectMoreResults = $this->runCycle($cycleData);
143
+            if ($expectMoreResults) {
144
+                $this->increaseOffset($cycleData);
145
+            } else {
146
+                $this->determineNextCycle($cycleData);
147
+            }
148
+            $this->updateInterval();
149
+        } catch (ServerNotAvailableException $e) {
150
+            $this->determineNextCycle($cycleData);
151
+        }
152
+    }
153
+
154
+    /**
155
+     * @param array $cycleData
156
+     * @return bool whether more results are expected from the same configuration
157
+     */
158
+    public function runCycle($cycleData) {
159
+        $connection = $this->connectionFactory->get($cycleData['prefix']);
160
+        $access = $this->accessFactory->get($connection);
161
+        $access->setUserMapper($this->mapper);
162
+
163
+        $filter = $access->combineFilterWithAnd([
164
+            $access->connection->ldapUserFilter,
165
+            $access->connection->ldapUserDisplayName . '=*',
166
+            $access->getFilterPartForUserSearch('')
167
+        ]);
168
+        $results = $access->fetchListOfUsers(
169
+            $filter,
170
+            $access->userManager->getAttributes(),
171
+            $connection->ldapPagingSize,
172
+            $cycleData['offset'],
173
+            true
174
+        );
175
+
176
+        if ((int)$connection->ldapPagingSize === 0) {
177
+            return false;
178
+        }
179
+        return count($results) >= (int)$connection->ldapPagingSize;
180
+    }
181
+
182
+    /**
183
+     * returns the info about the current cycle that should be run, if any,
184
+     * otherwise null
185
+     *
186
+     * @return array|null
187
+     */
188
+    public function getCycle() {
189
+        $prefixes = $this->ldapHelper->getServerConfigurationPrefixes(true);
190
+        if (count($prefixes) === 0) {
191
+            return null;
192
+        }
193
+
194
+        $cycleData = [
195
+            'prefix' => $this->config->getAppValue('user_ldap', 'background_sync_prefix', null),
196
+            'offset' => (int)$this->config->getAppValue('user_ldap', 'background_sync_offset', 0),
197
+        ];
198
+
199
+        if (
200
+            $cycleData['prefix'] !== null
201
+            && in_array($cycleData['prefix'], $prefixes)
202
+        ) {
203
+            return $cycleData;
204
+        }
205
+
206
+        return null;
207
+    }
208
+
209
+    /**
210
+     * Save the provided cycle information in the DB
211
+     *
212
+     * @param array $cycleData
213
+     */
214
+    public function setCycle(array $cycleData) {
215
+        $this->config->setAppValue('user_ldap', 'background_sync_prefix', $cycleData['prefix']);
216
+        $this->config->setAppValue('user_ldap', 'background_sync_offset', $cycleData['offset']);
217
+    }
218
+
219
+    /**
220
+     * returns data about the next cycle that should run, if any, otherwise
221
+     * null. It also always goes for the next LDAP configuration!
222
+     *
223
+     * @param array|null $cycleData the old cycle
224
+     * @return array|null
225
+     */
226
+    public function determineNextCycle(array $cycleData = null) {
227
+        $prefixes = $this->ldapHelper->getServerConfigurationPrefixes(true);
228
+        if (count($prefixes) === 0) {
229
+            return null;
230
+        }
231
+
232
+        // get the next prefix in line and remember it
233
+        $oldPrefix = $cycleData === null ? null : $cycleData['prefix'];
234
+        $prefix = $this->getNextPrefix($oldPrefix);
235
+        if ($prefix === null) {
236
+            return null;
237
+        }
238
+        $cycleData['prefix'] = $prefix;
239
+        $cycleData['offset'] = 0;
240
+        $this->setCycle(['prefix' => $prefix, 'offset' => 0]);
241
+
242
+        return $cycleData;
243
+    }
244
+
245
+    /**
246
+     * Checks whether the provided cycle should be run. Currently only the
247
+     * last configuration change goes into account (at least one hour).
248
+     *
249
+     * @param $cycleData
250
+     * @return bool
251
+     */
252
+    public function qualifiesToRun($cycleData) {
253
+        $lastChange = $this->config->getAppValue('user_ldap', $cycleData['prefix'] . '_lastChange', 0);
254
+        if ((time() - $lastChange) > 60 * 30) {
255
+            return true;
256
+        }
257
+        return false;
258
+    }
259
+
260
+    /**
261
+     * increases the offset of the current cycle for the next run
262
+     *
263
+     * @param $cycleData
264
+     */
265
+    protected function increaseOffset($cycleData) {
266
+        $ldapConfig = new Configuration($cycleData['prefix']);
267
+        $cycleData['offset'] += (int)$ldapConfig->ldapPagingSize;
268
+        $this->setCycle($cycleData);
269
+    }
270
+
271
+    /**
272
+     * determines the next configuration prefix based on the last one (if any)
273
+     *
274
+     * @param string|null $lastPrefix
275
+     * @return string|null
276
+     */
277
+    protected function getNextPrefix($lastPrefix) {
278
+        $prefixes = $this->ldapHelper->getServerConfigurationPrefixes(true);
279
+        $noOfPrefixes = count($prefixes);
280
+        if ($noOfPrefixes === 0) {
281
+            return null;
282
+        }
283
+        $i = $lastPrefix === null ? false : array_search($lastPrefix, $prefixes, true);
284
+        if ($i === false) {
285
+            $i = -1;
286
+        } else {
287
+            $i++;
288
+        }
289
+
290
+        if (!isset($prefixes[$i])) {
291
+            $i = 0;
292
+        }
293
+        return $prefixes[$i];
294
+    }
295
+
296
+    /**
297
+     * "fixes" DI
298
+     *
299
+     * @param array $argument
300
+     */
301
+    public function setArgument($argument) {
302
+        if (isset($argument['config'])) {
303
+            $this->config = $argument['config'];
304
+        } else {
305
+            $this->config = \OC::$server->getConfig();
306
+        }
307
+
308
+        if (isset($argument['helper'])) {
309
+            $this->ldapHelper = $argument['helper'];
310
+        } else {
311
+            $this->ldapHelper = new Helper($this->config);
312
+        }
313
+
314
+        if (isset($argument['ldapWrapper'])) {
315
+            $this->ldap = $argument['ldapWrapper'];
316
+        } else {
317
+            $this->ldap = new LDAP();
318
+        }
319
+
320
+        if (isset($argument['avatarManager'])) {
321
+            $this->avatarManager = $argument['avatarManager'];
322
+        } else {
323
+            $this->avatarManager = \OC::$server->getAvatarManager();
324
+        }
325
+
326
+        if (isset($argument['dbc'])) {
327
+            $this->dbc = $argument['dbc'];
328
+        } else {
329
+            $this->dbc = \OC::$server->getDatabaseConnection();
330
+        }
331
+
332
+        if (isset($argument['ncUserManager'])) {
333
+            $this->ncUserManager = $argument['ncUserManager'];
334
+        } else {
335
+            $this->ncUserManager = \OC::$server->getUserManager();
336
+        }
337
+
338
+        if (isset($argument['notificationManager'])) {
339
+            $this->notificationManager = $argument['notificationManager'];
340
+        } else {
341
+            $this->notificationManager = \OC::$server->getNotificationManager();
342
+        }
343
+
344
+        if (isset($argument['userManager'])) {
345
+            $this->userManager = $argument['userManager'];
346
+        }
347
+
348
+        if (isset($argument['mapper'])) {
349
+            $this->mapper = $argument['mapper'];
350
+        } else {
351
+            $this->mapper = new UserMapping($this->dbc);
352
+        }
353
+
354
+        if (isset($argument['connectionFactory'])) {
355
+            $this->connectionFactory = $argument['connectionFactory'];
356
+        } else {
357
+            $this->connectionFactory = new ConnectionFactory($this->ldap);
358
+        }
359
+
360
+        if (isset($argument['accessFactory'])) {
361
+            $this->accessFactory = $argument['accessFactory'];
362
+        } else {
363
+            $this->accessFactory = new AccessFactory(
364
+                $this->ldap,
365
+                $this->userManager,
366
+                $this->ldapHelper,
367
+                $this->config,
368
+                $this->ncUserManager
369
+            );
370
+        }
371
+    }
372 372
 }
Please login to merge, or discard this patch.
apps/user_ldap/lib/Access.php 1 patch
Indentation   +1975 added lines, -1975 removed lines patch added patch discarded remove patch
@@ -65,1762 +65,1762 @@  discard block
 block discarded – undo
65 65
  * @package OCA\User_LDAP
66 66
  */
67 67
 class Access extends LDAPUtility {
68
-	public const UUID_ATTRIBUTES = ['entryuuid', 'nsuniqueid', 'objectguid', 'guid', 'ipauniqueid'];
69
-
70
-	/** @var \OCA\User_LDAP\Connection */
71
-	public $connection;
72
-	/** @var Manager */
73
-	public $userManager;
74
-	//never ever check this var directly, always use getPagedSearchResultState
75
-	protected $pagedSearchedSuccessful;
76
-
77
-	/**
78
-	 * @var UserMapping $userMapper
79
-	 */
80
-	protected $userMapper;
81
-
82
-	/**
83
-	 * @var AbstractMapping $userMapper
84
-	 */
85
-	protected $groupMapper;
86
-
87
-	/**
88
-	 * @var \OCA\User_LDAP\Helper
89
-	 */
90
-	private $helper;
91
-	/** @var IConfig */
92
-	private $config;
93
-	/** @var IUserManager */
94
-	private $ncUserManager;
95
-	/** @var string */
96
-	private $lastCookie = '';
97
-
98
-	public function __construct(
99
-		Connection $connection,
100
-		ILDAPWrapper $ldap,
101
-		Manager $userManager,
102
-		Helper $helper,
103
-		IConfig $config,
104
-		IUserManager $ncUserManager
105
-	) {
106
-		parent::__construct($ldap);
107
-		$this->connection = $connection;
108
-		$this->userManager = $userManager;
109
-		$this->userManager->setLdapAccess($this);
110
-		$this->helper = $helper;
111
-		$this->config = $config;
112
-		$this->ncUserManager = $ncUserManager;
113
-	}
114
-
115
-	/**
116
-	 * sets the User Mapper
117
-	 *
118
-	 * @param AbstractMapping $mapper
119
-	 */
120
-	public function setUserMapper(AbstractMapping $mapper) {
121
-		$this->userMapper = $mapper;
122
-	}
123
-
124
-	/**
125
-	 * @throws \Exception
126
-	 */
127
-	public function getUserMapper(): UserMapping {
128
-		if (is_null($this->userMapper)) {
129
-			throw new \Exception('UserMapper was not assigned to this Access instance.');
130
-		}
131
-		return $this->userMapper;
132
-	}
133
-
134
-	/**
135
-	 * sets the Group Mapper
136
-	 *
137
-	 * @param AbstractMapping $mapper
138
-	 */
139
-	public function setGroupMapper(AbstractMapping $mapper) {
140
-		$this->groupMapper = $mapper;
141
-	}
142
-
143
-	/**
144
-	 * returns the Group Mapper
145
-	 *
146
-	 * @return AbstractMapping
147
-	 * @throws \Exception
148
-	 */
149
-	public function getGroupMapper() {
150
-		if (is_null($this->groupMapper)) {
151
-			throw new \Exception('GroupMapper was not assigned to this Access instance.');
152
-		}
153
-		return $this->groupMapper;
154
-	}
155
-
156
-	/**
157
-	 * @return bool
158
-	 */
159
-	private function checkConnection() {
160
-		return ($this->connection instanceof Connection);
161
-	}
162
-
163
-	/**
164
-	 * returns the Connection instance
165
-	 *
166
-	 * @return \OCA\User_LDAP\Connection
167
-	 */
168
-	public function getConnection() {
169
-		return $this->connection;
170
-	}
171
-
172
-	/**
173
-	 * reads a given attribute for an LDAP record identified by a DN
174
-	 *
175
-	 * @param string $dn the record in question
176
-	 * @param string $attr the attribute that shall be retrieved
177
-	 *        if empty, just check the record's existence
178
-	 * @param string $filter
179
-	 * @return array|false an array of values on success or an empty
180
-	 *          array if $attr is empty, false otherwise
181
-	 * @throws ServerNotAvailableException
182
-	 */
183
-	public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
184
-		if (!$this->checkConnection()) {
185
-			\OCP\Util::writeLog('user_ldap',
186
-				'No LDAP Connector assigned, access impossible for readAttribute.',
187
-				ILogger::WARN);
188
-			return false;
189
-		}
190
-		$cr = $this->connection->getConnectionResource();
191
-		if (!$this->ldap->isResource($cr)) {
192
-			//LDAP not available
193
-			\OCP\Util::writeLog('user_ldap', 'LDAP resource not available.', ILogger::DEBUG);
194
-			return false;
195
-		}
196
-		//Cancel possibly running Paged Results operation, otherwise we run in
197
-		//LDAP protocol errors
198
-		$this->abandonPagedSearch();
199
-		// openLDAP requires that we init a new Paged Search. Not needed by AD,
200
-		// but does not hurt either.
201
-		$pagingSize = (int)$this->connection->ldapPagingSize;
202
-		// 0 won't result in replies, small numbers may leave out groups
203
-		// (cf. #12306), 500 is default for paging and should work everywhere.
204
-		$maxResults = $pagingSize > 20 ? $pagingSize : 500;
205
-		$attr = mb_strtolower($attr, 'UTF-8');
206
-		// the actual read attribute later may contain parameters on a ranged
207
-		// request, e.g. member;range=99-199. Depends on server reply.
208
-		$attrToRead = $attr;
209
-
210
-		$values = [];
211
-		$isRangeRequest = false;
212
-		do {
213
-			$result = $this->executeRead($cr, $dn, $attrToRead, $filter, $maxResults);
214
-			if (is_bool($result)) {
215
-				// when an exists request was run and it was successful, an empty
216
-				// array must be returned
217
-				return $result ? [] : false;
218
-			}
219
-
220
-			if (!$isRangeRequest) {
221
-				$values = $this->extractAttributeValuesFromResult($result, $attr);
222
-				if (!empty($values)) {
223
-					return $values;
224
-				}
225
-			}
226
-
227
-			$isRangeRequest = false;
228
-			$result = $this->extractRangeData($result, $attr);
229
-			if (!empty($result)) {
230
-				$normalizedResult = $this->extractAttributeValuesFromResult(
231
-					[$attr => $result['values']],
232
-					$attr
233
-				);
234
-				$values = array_merge($values, $normalizedResult);
235
-
236
-				if ($result['rangeHigh'] === '*') {
237
-					// when server replies with * as high range value, there are
238
-					// no more results left
239
-					return $values;
240
-				} else {
241
-					$low = $result['rangeHigh'] + 1;
242
-					$attrToRead = $result['attributeName'] . ';range=' . $low . '-*';
243
-					$isRangeRequest = true;
244
-				}
245
-			}
246
-		} while ($isRangeRequest);
247
-
248
-		\OCP\Util::writeLog('user_ldap', 'Requested attribute ' . $attr . ' not found for ' . $dn, ILogger::DEBUG);
249
-		return false;
250
-	}
251
-
252
-	/**
253
-	 * Runs an read operation against LDAP
254
-	 *
255
-	 * @param resource $cr the LDAP connection
256
-	 * @param string $dn
257
-	 * @param string $attribute
258
-	 * @param string $filter
259
-	 * @param int $maxResults
260
-	 * @return array|bool false if there was any error, true if an exists check
261
-	 *                    was performed and the requested DN found, array with the
262
-	 *                    returned data on a successful usual operation
263
-	 * @throws ServerNotAvailableException
264
-	 */
265
-	public function executeRead($cr, $dn, $attribute, $filter, $maxResults) {
266
-		$this->initPagedSearch($filter, $dn, [$attribute], $maxResults, 0);
267
-		$dn = $this->helper->DNasBaseParameter($dn);
268
-		$rr = @$this->invokeLDAPMethod('read', $cr, $dn, $filter, [$attribute]);
269
-		if (!$this->ldap->isResource($rr)) {
270
-			if ($attribute !== '') {
271
-				//do not throw this message on userExists check, irritates
272
-				\OCP\Util::writeLog('user_ldap', 'readAttribute failed for DN ' . $dn, ILogger::DEBUG);
273
-			}
274
-			//in case an error occurs , e.g. object does not exist
275
-			return false;
276
-		}
277
-		if ($attribute === '' && ($filter === 'objectclass=*' || $this->invokeLDAPMethod('countEntries', $cr, $rr) === 1)) {
278
-			\OCP\Util::writeLog('user_ldap', 'readAttribute: ' . $dn . ' found', ILogger::DEBUG);
279
-			return true;
280
-		}
281
-		$er = $this->invokeLDAPMethod('firstEntry', $cr, $rr);
282
-		if (!$this->ldap->isResource($er)) {
283
-			//did not match the filter, return false
284
-			return false;
285
-		}
286
-		//LDAP attributes are not case sensitive
287
-		$result = \OCP\Util::mb_array_change_key_case(
288
-			$this->invokeLDAPMethod('getAttributes', $cr, $er), MB_CASE_LOWER, 'UTF-8');
289
-
290
-		return $result;
291
-	}
292
-
293
-	/**
294
-	 * Normalizes a result grom getAttributes(), i.e. handles DNs and binary
295
-	 * data if present.
296
-	 *
297
-	 * @param array $result from ILDAPWrapper::getAttributes()
298
-	 * @param string $attribute the attribute name that was read
299
-	 * @return string[]
300
-	 */
301
-	public function extractAttributeValuesFromResult($result, $attribute) {
302
-		$values = [];
303
-		if (isset($result[$attribute]) && $result[$attribute]['count'] > 0) {
304
-			$lowercaseAttribute = strtolower($attribute);
305
-			for ($i = 0; $i < $result[$attribute]['count']; $i++) {
306
-				if ($this->resemblesDN($attribute)) {
307
-					$values[] = $this->helper->sanitizeDN($result[$attribute][$i]);
308
-				} elseif ($lowercaseAttribute === 'objectguid' || $lowercaseAttribute === 'guid') {
309
-					$values[] = $this->convertObjectGUID2Str($result[$attribute][$i]);
310
-				} else {
311
-					$values[] = $result[$attribute][$i];
312
-				}
313
-			}
314
-		}
315
-		return $values;
316
-	}
317
-
318
-	/**
319
-	 * Attempts to find ranged data in a getAttribute results and extracts the
320
-	 * returned values as well as information on the range and full attribute
321
-	 * name for further processing.
322
-	 *
323
-	 * @param array $result from ILDAPWrapper::getAttributes()
324
-	 * @param string $attribute the attribute name that was read. Without ";range=…"
325
-	 * @return array If a range was detected with keys 'values', 'attributeName',
326
-	 *               'attributeFull' and 'rangeHigh', otherwise empty.
327
-	 */
328
-	public function extractRangeData($result, $attribute) {
329
-		$keys = array_keys($result);
330
-		foreach ($keys as $key) {
331
-			if ($key !== $attribute && strpos($key, $attribute) === 0) {
332
-				$queryData = explode(';', $key);
333
-				if (strpos($queryData[1], 'range=') === 0) {
334
-					$high = substr($queryData[1], 1 + strpos($queryData[1], '-'));
335
-					$data = [
336
-						'values' => $result[$key],
337
-						'attributeName' => $queryData[0],
338
-						'attributeFull' => $key,
339
-						'rangeHigh' => $high,
340
-					];
341
-					return $data;
342
-				}
343
-			}
344
-		}
345
-		return [];
346
-	}
347
-
348
-	/**
349
-	 * Set password for an LDAP user identified by a DN
350
-	 *
351
-	 * @param string $userDN the user in question
352
-	 * @param string $password the new password
353
-	 * @return bool
354
-	 * @throws HintException
355
-	 * @throws \Exception
356
-	 */
357
-	public function setPassword($userDN, $password) {
358
-		if ((int)$this->connection->turnOnPasswordChange !== 1) {
359
-			throw new \Exception('LDAP password changes are disabled.');
360
-		}
361
-		$cr = $this->connection->getConnectionResource();
362
-		if (!$this->ldap->isResource($cr)) {
363
-			//LDAP not available
364
-			\OCP\Util::writeLog('user_ldap', 'LDAP resource not available.', ILogger::DEBUG);
365
-			return false;
366
-		}
367
-		try {
368
-			// try PASSWD extended operation first
369
-			return @$this->invokeLDAPMethod('exopPasswd', $cr, $userDN, '', $password) ||
370
-				@$this->invokeLDAPMethod('modReplace', $cr, $userDN, $password);
371
-		} catch (ConstraintViolationException $e) {
372
-			throw new HintException('Password change rejected.', \OC::$server->getL10N('user_ldap')->t('Password change rejected. Hint: ') . $e->getMessage(), $e->getCode());
373
-		}
374
-	}
375
-
376
-	/**
377
-	 * checks whether the given attributes value is probably a DN
378
-	 *
379
-	 * @param string $attr the attribute in question
380
-	 * @return boolean if so true, otherwise false
381
-	 */
382
-	private function resemblesDN($attr) {
383
-		$resemblingAttributes = [
384
-			'dn',
385
-			'uniquemember',
386
-			'member',
387
-			// memberOf is an "operational" attribute, without a definition in any RFC
388
-			'memberof'
389
-		];
390
-		return in_array($attr, $resemblingAttributes);
391
-	}
392
-
393
-	/**
394
-	 * checks whether the given string is probably a DN
395
-	 *
396
-	 * @param string $string
397
-	 * @return boolean
398
-	 */
399
-	public function stringResemblesDN($string) {
400
-		$r = $this->ldap->explodeDN($string, 0);
401
-		// if exploding a DN succeeds and does not end up in
402
-		// an empty array except for $r[count] being 0.
403
-		return (is_array($r) && count($r) > 1);
404
-	}
405
-
406
-	/**
407
-	 * returns a DN-string that is cleaned from not domain parts, e.g.
408
-	 * cn=foo,cn=bar,dc=foobar,dc=server,dc=org
409
-	 * becomes dc=foobar,dc=server,dc=org
410
-	 *
411
-	 * @param string $dn
412
-	 * @return string
413
-	 */
414
-	public function getDomainDNFromDN($dn) {
415
-		$allParts = $this->ldap->explodeDN($dn, 0);
416
-		if ($allParts === false) {
417
-			//not a valid DN
418
-			return '';
419
-		}
420
-		$domainParts = [];
421
-		$dcFound = false;
422
-		foreach ($allParts as $part) {
423
-			if (!$dcFound && strpos($part, 'dc=') === 0) {
424
-				$dcFound = true;
425
-			}
426
-			if ($dcFound) {
427
-				$domainParts[] = $part;
428
-			}
429
-		}
430
-		return implode(',', $domainParts);
431
-	}
432
-
433
-	/**
434
-	 * returns the LDAP DN for the given internal Nextcloud name of the group
435
-	 *
436
-	 * @param string $name the Nextcloud name in question
437
-	 * @return string|false LDAP DN on success, otherwise false
438
-	 */
439
-	public function groupname2dn($name) {
440
-		return $this->groupMapper->getDNByName($name);
441
-	}
442
-
443
-	/**
444
-	 * returns the LDAP DN for the given internal Nextcloud name of the user
445
-	 *
446
-	 * @param string $name the Nextcloud name in question
447
-	 * @return string|false with the LDAP DN on success, otherwise false
448
-	 */
449
-	public function username2dn($name) {
450
-		$fdn = $this->userMapper->getDNByName($name);
451
-
452
-		//Check whether the DN belongs to the Base, to avoid issues on multi-
453
-		//server setups
454
-		if (is_string($fdn) && $this->isDNPartOfBase($fdn, $this->connection->ldapBaseUsers)) {
455
-			return $fdn;
456
-		}
457
-
458
-		return false;
459
-	}
460
-
461
-	/**
462
-	 * returns the internal Nextcloud name for the given LDAP DN of the group, false on DN outside of search DN or failure
463
-	 *
464
-	 * @param string $fdn the dn of the group object
465
-	 * @param string $ldapName optional, the display name of the object
466
-	 * @return string|false with the name to use in Nextcloud, false on DN outside of search DN
467
-	 * @throws \Exception
468
-	 */
469
-	public function dn2groupname($fdn, $ldapName = null) {
470
-		//To avoid bypassing the base DN settings under certain circumstances
471
-		//with the group support, check whether the provided DN matches one of
472
-		//the given Bases
473
-		if (!$this->isDNPartOfBase($fdn, $this->connection->ldapBaseGroups)) {
474
-			return false;
475
-		}
476
-
477
-		return $this->dn2ocname($fdn, $ldapName, false);
478
-	}
479
-
480
-	/**
481
-	 * returns the internal Nextcloud name for the given LDAP DN of the user, false on DN outside of search DN or failure
482
-	 *
483
-	 * @param string $dn the dn of the user object
484
-	 * @param string $ldapName optional, the display name of the object
485
-	 * @return string|false with with the name to use in Nextcloud
486
-	 * @throws \Exception
487
-	 */
488
-	public function dn2username($fdn, $ldapName = null) {
489
-		//To avoid bypassing the base DN settings under certain circumstances
490
-		//with the group support, check whether the provided DN matches one of
491
-		//the given Bases
492
-		if (!$this->isDNPartOfBase($fdn, $this->connection->ldapBaseUsers)) {
493
-			return false;
494
-		}
495
-
496
-		return $this->dn2ocname($fdn, $ldapName, true);
497
-	}
498
-
499
-	/**
500
-	 * returns an internal Nextcloud name for the given LDAP DN, false on DN outside of search DN
501
-	 *
502
-	 * @param string $fdn the dn of the user object
503
-	 * @param string|null $ldapName optional, the display name of the object
504
-	 * @param bool $isUser optional, whether it is a user object (otherwise group assumed)
505
-	 * @param bool|null $newlyMapped
506
-	 * @param array|null $record
507
-	 * @return false|string with with the name to use in Nextcloud
508
-	 * @throws \Exception
509
-	 */
510
-	public function dn2ocname($fdn, $ldapName = null, $isUser = true, &$newlyMapped = null, array $record = null) {
511
-		$newlyMapped = false;
512
-		if ($isUser) {
513
-			$mapper = $this->getUserMapper();
514
-			$nameAttribute = $this->connection->ldapUserDisplayName;
515
-			$filter = $this->connection->ldapUserFilter;
516
-		} else {
517
-			$mapper = $this->getGroupMapper();
518
-			$nameAttribute = $this->connection->ldapGroupDisplayName;
519
-			$filter = $this->connection->ldapGroupFilter;
520
-		}
521
-
522
-		//let's try to retrieve the Nextcloud name from the mappings table
523
-		$ncName = $mapper->getNameByDN($fdn);
524
-		if (is_string($ncName)) {
525
-			return $ncName;
526
-		}
527
-
528
-		//second try: get the UUID and check if it is known. Then, update the DN and return the name.
529
-		$uuid = $this->getUUID($fdn, $isUser, $record);
530
-		if (is_string($uuid)) {
531
-			$ncName = $mapper->getNameByUUID($uuid);
532
-			if (is_string($ncName)) {
533
-				$mapper->setDNbyUUID($fdn, $uuid);
534
-				return $ncName;
535
-			}
536
-		} else {
537
-			//If the UUID can't be detected something is foul.
538
-			\OCP\Util::writeLog('user_ldap', 'Cannot determine UUID for ' . $fdn . '. Skipping.', ILogger::INFO);
539
-			return false;
540
-		}
541
-
542
-		if (is_null($ldapName)) {
543
-			$ldapName = $this->readAttribute($fdn, $nameAttribute, $filter);
544
-			if (!isset($ldapName[0]) && empty($ldapName[0])) {
545
-				\OCP\Util::writeLog('user_ldap', 'No or empty name for ' . $fdn . ' with filter ' . $filter . '.', ILogger::INFO);
546
-				return false;
547
-			}
548
-			$ldapName = $ldapName[0];
549
-		}
550
-
551
-		if ($isUser) {
552
-			$usernameAttribute = (string)$this->connection->ldapExpertUsernameAttr;
553
-			if ($usernameAttribute !== '') {
554
-				$username = $this->readAttribute($fdn, $usernameAttribute);
555
-				$username = $username[0];
556
-			} else {
557
-				$username = $uuid;
558
-			}
559
-			try {
560
-				$intName = $this->sanitizeUsername($username);
561
-			} catch (\InvalidArgumentException $e) {
562
-				\OC::$server->getLogger()->logException($e, [
563
-					'app' => 'user_ldap',
564
-					'level' => ILogger::WARN,
565
-				]);
566
-				// we don't attempt to set a username here. We can go for
567
-				// for an alternative 4 digit random number as we would append
568
-				// otherwise, however it's likely not enough space in bigger
569
-				// setups, and most importantly: this is not intended.
570
-				return false;
571
-			}
572
-		} else {
573
-			$intName = $ldapName;
574
-		}
575
-
576
-		//a new user/group! Add it only if it doesn't conflict with other backend's users or existing groups
577
-		//disabling Cache is required to avoid that the new user is cached as not-existing in fooExists check
578
-		//NOTE: mind, disabling cache affects only this instance! Using it
579
-		// outside of core user management will still cache the user as non-existing.
580
-		$originalTTL = $this->connection->ldapCacheTTL;
581
-		$this->connection->setConfiguration(['ldapCacheTTL' => 0]);
582
-		if ($intName !== ''
583
-			&& (($isUser && !$this->ncUserManager->userExists($intName))
584
-				|| (!$isUser && !\OC::$server->getGroupManager()->groupExists($intName))
585
-			)
586
-		) {
587
-			$this->connection->setConfiguration(['ldapCacheTTL' => $originalTTL]);
588
-			$newlyMapped = $this->mapAndAnnounceIfApplicable($mapper, $fdn, $intName, $uuid, $isUser);
589
-			if ($newlyMapped) {
590
-				return $intName;
591
-			}
592
-		}
593
-
594
-		$this->connection->setConfiguration(['ldapCacheTTL' => $originalTTL]);
595
-		$altName = $this->createAltInternalOwnCloudName($intName, $isUser);
596
-		if (is_string($altName)) {
597
-			if ($this->mapAndAnnounceIfApplicable($mapper, $fdn, $altName, $uuid, $isUser)) {
598
-				$newlyMapped = true;
599
-				return $altName;
600
-			}
601
-		}
602
-
603
-		//if everything else did not help..
604
-		\OCP\Util::writeLog('user_ldap', 'Could not create unique name for ' . $fdn . '.', ILogger::INFO);
605
-		return false;
606
-	}
607
-
608
-	public function mapAndAnnounceIfApplicable(
609
-		AbstractMapping $mapper,
610
-		string $fdn,
611
-		string $name,
612
-		string $uuid,
613
-		bool $isUser
614
-	): bool {
615
-		if ($mapper->map($fdn, $name, $uuid)) {
616
-			if ($this->ncUserManager instanceof PublicEmitter && $isUser) {
617
-				$this->cacheUserExists($name);
618
-				$this->ncUserManager->emit('\OC\User', 'assignedUserId', [$name]);
619
-			} elseif (!$isUser) {
620
-				$this->cacheGroupExists($name);
621
-			}
622
-			return true;
623
-		}
624
-		return false;
625
-	}
626
-
627
-	/**
628
-	 * gives back the user names as they are used ownClod internally
629
-	 *
630
-	 * @param array $ldapUsers as returned by fetchList()
631
-	 * @return array an array with the user names to use in Nextcloud
632
-	 *
633
-	 * gives back the user names as they are used ownClod internally
634
-	 * @throws \Exception
635
-	 */
636
-	public function nextcloudUserNames($ldapUsers) {
637
-		return $this->ldap2NextcloudNames($ldapUsers, true);
638
-	}
639
-
640
-	/**
641
-	 * gives back the group names as they are used ownClod internally
642
-	 *
643
-	 * @param array $ldapGroups as returned by fetchList()
644
-	 * @return array an array with the group names to use in Nextcloud
645
-	 *
646
-	 * gives back the group names as they are used ownClod internally
647
-	 * @throws \Exception
648
-	 */
649
-	public function nextcloudGroupNames($ldapGroups) {
650
-		return $this->ldap2NextcloudNames($ldapGroups, false);
651
-	}
652
-
653
-	/**
654
-	 * @param array $ldapObjects as returned by fetchList()
655
-	 * @param bool $isUsers
656
-	 * @return array
657
-	 * @throws \Exception
658
-	 */
659
-	private function ldap2NextcloudNames($ldapObjects, $isUsers) {
660
-		if ($isUsers) {
661
-			$nameAttribute = $this->connection->ldapUserDisplayName;
662
-			$sndAttribute = $this->connection->ldapUserDisplayName2;
663
-		} else {
664
-			$nameAttribute = $this->connection->ldapGroupDisplayName;
665
-		}
666
-		$nextcloudNames = [];
667
-
668
-		foreach ($ldapObjects as $ldapObject) {
669
-			$nameByLDAP = null;
670
-			if (isset($ldapObject[$nameAttribute])
671
-				&& is_array($ldapObject[$nameAttribute])
672
-				&& isset($ldapObject[$nameAttribute][0])
673
-			) {
674
-				// might be set, but not necessarily. if so, we use it.
675
-				$nameByLDAP = $ldapObject[$nameAttribute][0];
676
-			}
677
-
678
-			$ncName = $this->dn2ocname($ldapObject['dn'][0], $nameByLDAP, $isUsers);
679
-			if ($ncName) {
680
-				$nextcloudNames[] = $ncName;
681
-				if ($isUsers) {
682
-					$this->updateUserState($ncName);
683
-					//cache the user names so it does not need to be retrieved
684
-					//again later (e.g. sharing dialogue).
685
-					if (is_null($nameByLDAP)) {
686
-						continue;
687
-					}
688
-					$sndName = isset($ldapObject[$sndAttribute][0])
689
-						? $ldapObject[$sndAttribute][0] : '';
690
-					$this->cacheUserDisplayName($ncName, $nameByLDAP, $sndName);
691
-				} elseif ($nameByLDAP !== null) {
692
-					$this->cacheGroupDisplayName($ncName, $nameByLDAP);
693
-				}
694
-			}
695
-		}
696
-		return $nextcloudNames;
697
-	}
698
-
699
-	/**
700
-	 * removes the deleted-flag of a user if it was set
701
-	 *
702
-	 * @param string $ncname
703
-	 * @throws \Exception
704
-	 */
705
-	public function updateUserState($ncname) {
706
-		$user = $this->userManager->get($ncname);
707
-		if ($user instanceof OfflineUser) {
708
-			$user->unmark();
709
-		}
710
-	}
711
-
712
-	/**
713
-	 * caches the user display name
714
-	 *
715
-	 * @param string $ocName the internal Nextcloud username
716
-	 * @param string|false $home the home directory path
717
-	 */
718
-	public function cacheUserHome($ocName, $home) {
719
-		$cacheKey = 'getHome' . $ocName;
720
-		$this->connection->writeToCache($cacheKey, $home);
721
-	}
722
-
723
-	/**
724
-	 * caches a user as existing
725
-	 *
726
-	 * @param string $ocName the internal Nextcloud username
727
-	 */
728
-	public function cacheUserExists($ocName) {
729
-		$this->connection->writeToCache('userExists' . $ocName, true);
730
-	}
731
-
732
-	/**
733
-	 * caches a group as existing
734
-	 */
735
-	public function cacheGroupExists(string $gid): void {
736
-		$this->connection->writeToCache('groupExists' . $gid, true);
737
-	}
738
-
739
-	/**
740
-	 * caches the user display name
741
-	 *
742
-	 * @param string $ocName the internal Nextcloud username
743
-	 * @param string $displayName the display name
744
-	 * @param string $displayName2 the second display name
745
-	 * @throws \Exception
746
-	 */
747
-	public function cacheUserDisplayName($ocName, $displayName, $displayName2 = '') {
748
-		$user = $this->userManager->get($ocName);
749
-		if ($user === null) {
750
-			return;
751
-		}
752
-		$displayName = $user->composeAndStoreDisplayName($displayName, $displayName2);
753
-		$cacheKeyTrunk = 'getDisplayName';
754
-		$this->connection->writeToCache($cacheKeyTrunk . $ocName, $displayName);
755
-	}
756
-
757
-	public function cacheGroupDisplayName(string $ncName, string $displayName): void {
758
-		$cacheKey = 'group_getDisplayName' . $ncName;
759
-		$this->connection->writeToCache($cacheKey, $displayName);
760
-	}
761
-
762
-	/**
763
-	 * creates a unique name for internal Nextcloud use for users. Don't call it directly.
764
-	 *
765
-	 * @param string $name the display name of the object
766
-	 * @return string|false with with the name to use in Nextcloud or false if unsuccessful
767
-	 *
768
-	 * Instead of using this method directly, call
769
-	 * createAltInternalOwnCloudName($name, true)
770
-	 */
771
-	private function _createAltInternalOwnCloudNameForUsers($name) {
772
-		$attempts = 0;
773
-		//while loop is just a precaution. If a name is not generated within
774
-		//20 attempts, something else is very wrong. Avoids infinite loop.
775
-		while ($attempts < 20) {
776
-			$altName = $name . '_' . rand(1000, 9999);
777
-			if (!$this->ncUserManager->userExists($altName)) {
778
-				return $altName;
779
-			}
780
-			$attempts++;
781
-		}
782
-		return false;
783
-	}
784
-
785
-	/**
786
-	 * creates a unique name for internal Nextcloud use for groups. Don't call it directly.
787
-	 *
788
-	 * @param string $name the display name of the object
789
-	 * @return string|false with with the name to use in Nextcloud or false if unsuccessful.
790
-	 *
791
-	 * Instead of using this method directly, call
792
-	 * createAltInternalOwnCloudName($name, false)
793
-	 *
794
-	 * Group names are also used as display names, so we do a sequential
795
-	 * numbering, e.g. Developers_42 when there are 41 other groups called
796
-	 * "Developers"
797
-	 */
798
-	private function _createAltInternalOwnCloudNameForGroups($name) {
799
-		$usedNames = $this->groupMapper->getNamesBySearch($name, "", '_%');
800
-		if (!$usedNames || count($usedNames) === 0) {
801
-			$lastNo = 1; //will become name_2
802
-		} else {
803
-			natsort($usedNames);
804
-			$lastName = array_pop($usedNames);
805
-			$lastNo = (int)substr($lastName, strrpos($lastName, '_') + 1);
806
-		}
807
-		$altName = $name . '_' . (string)($lastNo + 1);
808
-		unset($usedNames);
809
-
810
-		$attempts = 1;
811
-		while ($attempts < 21) {
812
-			// Check to be really sure it is unique
813
-			// while loop is just a precaution. If a name is not generated within
814
-			// 20 attempts, something else is very wrong. Avoids infinite loop.
815
-			if (!\OC::$server->getGroupManager()->groupExists($altName)) {
816
-				return $altName;
817
-			}
818
-			$altName = $name . '_' . ($lastNo + $attempts);
819
-			$attempts++;
820
-		}
821
-		return false;
822
-	}
823
-
824
-	/**
825
-	 * creates a unique name for internal Nextcloud use.
826
-	 *
827
-	 * @param string $name the display name of the object
828
-	 * @param boolean $isUser whether name should be created for a user (true) or a group (false)
829
-	 * @return string|false with with the name to use in Nextcloud or false if unsuccessful
830
-	 */
831
-	private function createAltInternalOwnCloudName($name, $isUser) {
832
-		$originalTTL = $this->connection->ldapCacheTTL;
833
-		$this->connection->setConfiguration(['ldapCacheTTL' => 0]);
834
-		if ($isUser) {
835
-			$altName = $this->_createAltInternalOwnCloudNameForUsers($name);
836
-		} else {
837
-			$altName = $this->_createAltInternalOwnCloudNameForGroups($name);
838
-		}
839
-		$this->connection->setConfiguration(['ldapCacheTTL' => $originalTTL]);
840
-
841
-		return $altName;
842
-	}
843
-
844
-	/**
845
-	 * fetches a list of users according to a provided loginName and utilizing
846
-	 * the login filter.
847
-	 */
848
-	public function fetchUsersByLoginName(string $loginName, array $attributes = ['dn']): array {
849
-		$loginName = $this->escapeFilterPart($loginName);
850
-		$filter = str_replace('%uid', $loginName, $this->connection->ldapLoginFilter);
851
-		return $this->fetchListOfUsers($filter, $attributes);
852
-	}
853
-
854
-	/**
855
-	 * counts the number of users according to a provided loginName and
856
-	 * utilizing the login filter.
857
-	 *
858
-	 * @param string $loginName
859
-	 * @return int
860
-	 */
861
-	public function countUsersByLoginName($loginName) {
862
-		$loginName = $this->escapeFilterPart($loginName);
863
-		$filter = str_replace('%uid', $loginName, $this->connection->ldapLoginFilter);
864
-		return $this->countUsers($filter);
865
-	}
866
-
867
-	/**
868
-	 * @throws \Exception
869
-	 */
870
-	public function fetchListOfUsers(string $filter, array $attr, int $limit = null, int $offset = null, bool $forceApplyAttributes = false): array {
871
-		$ldapRecords = $this->searchUsers($filter, $attr, $limit, $offset);
872
-		$recordsToUpdate = $ldapRecords;
873
-		if (!$forceApplyAttributes) {
874
-			$isBackgroundJobModeAjax = $this->config
875
-					->getAppValue('core', 'backgroundjobs_mode', 'ajax') === 'ajax';
876
-			$listOfDNs = array_reduce($ldapRecords, function ($listOfDNs, $entry) {
877
-				$listOfDNs[] = $entry['dn'][0];
878
-				return $listOfDNs;
879
-			}, []);
880
-			$idsByDn = $this->userMapper->getListOfIdsByDn($listOfDNs);
881
-			$recordsToUpdate = array_filter($ldapRecords, function ($record) use ($isBackgroundJobModeAjax, $idsByDn) {
882
-				$newlyMapped = false;
883
-				$uid = $idsByDn[$record['dn'][0]] ?? null;
884
-				if ($uid === null) {
885
-					$uid = $this->dn2ocname($record['dn'][0], null, true, $newlyMapped, $record);
886
-				}
887
-				if (is_string($uid)) {
888
-					$this->cacheUserExists($uid);
889
-				}
890
-				return ($uid !== false) && ($newlyMapped || $isBackgroundJobModeAjax);
891
-			});
892
-		}
893
-		$this->batchApplyUserAttributes($recordsToUpdate);
894
-		return $this->fetchList($ldapRecords, $this->manyAttributes($attr));
895
-	}
896
-
897
-	/**
898
-	 * provided with an array of LDAP user records the method will fetch the
899
-	 * user object and requests it to process the freshly fetched attributes and
900
-	 * and their values
901
-	 *
902
-	 * @param array $ldapRecords
903
-	 * @throws \Exception
904
-	 */
905
-	public function batchApplyUserAttributes(array $ldapRecords) {
906
-		$displayNameAttribute = strtolower($this->connection->ldapUserDisplayName);
907
-		foreach ($ldapRecords as $userRecord) {
908
-			if (!isset($userRecord[$displayNameAttribute])) {
909
-				// displayName is obligatory
910
-				continue;
911
-			}
912
-			$ocName = $this->dn2ocname($userRecord['dn'][0], null, true);
913
-			if ($ocName === false) {
914
-				continue;
915
-			}
916
-			$this->updateUserState($ocName);
917
-			$user = $this->userManager->get($ocName);
918
-			if ($user !== null) {
919
-				$user->processAttributes($userRecord);
920
-			} else {
921
-				\OC::$server->getLogger()->debug(
922
-					"The ldap user manager returned null for $ocName",
923
-					['app' => 'user_ldap']
924
-				);
925
-			}
926
-		}
927
-	}
928
-
929
-	/**
930
-	 * @param string $filter
931
-	 * @param string|string[] $attr
932
-	 * @param int $limit
933
-	 * @param int $offset
934
-	 * @return array
935
-	 */
936
-	public function fetchListOfGroups($filter, $attr, $limit = null, $offset = null) {
937
-		$groupRecords = $this->searchGroups($filter, $attr, $limit, $offset);
938
-
939
-		$listOfDNs = array_reduce($groupRecords, function ($listOfDNs, $entry) {
940
-			$listOfDNs[] = $entry['dn'][0];
941
-			return $listOfDNs;
942
-		}, []);
943
-		$idsByDn = $this->groupMapper->getListOfIdsByDn($listOfDNs);
944
-
945
-		array_walk($groupRecords, function ($record) use ($idsByDn) {
946
-			$newlyMapped = false;
947
-			$gid = $uidsByDn[$record['dn'][0]] ?? null;
948
-			if ($gid === null) {
949
-				$gid = $this->dn2ocname($record['dn'][0], null, false, $newlyMapped, $record);
950
-			}
951
-			if (!$newlyMapped && is_string($gid)) {
952
-				$this->cacheGroupExists($gid);
953
-			}
954
-		});
955
-		return $this->fetchList($groupRecords, $this->manyAttributes($attr));
956
-	}
957
-
958
-	/**
959
-	 * @param array $list
960
-	 * @param bool $manyAttributes
961
-	 * @return array
962
-	 */
963
-	private function fetchList($list, $manyAttributes) {
964
-		if (is_array($list)) {
965
-			if ($manyAttributes) {
966
-				return $list;
967
-			} else {
968
-				$list = array_reduce($list, function ($carry, $item) {
969
-					$attribute = array_keys($item)[0];
970
-					$carry[] = $item[$attribute][0];
971
-					return $carry;
972
-				}, []);
973
-				return array_unique($list, SORT_LOCALE_STRING);
974
-			}
975
-		}
976
-
977
-		//error cause actually, maybe throw an exception in future.
978
-		return [];
979
-	}
980
-
981
-	/**
982
-	 * @throws ServerNotAvailableException
983
-	 */
984
-	public function searchUsers(string $filter, array $attr = null, int $limit = null, int $offset = null): array {
985
-		$result = [];
986
-		foreach ($this->connection->ldapBaseUsers as $base) {
987
-			$result = array_merge($result, $this->search($filter, $base, $attr, $limit, $offset));
988
-		}
989
-		return $result;
990
-	}
991
-
992
-	/**
993
-	 * @param string $filter
994
-	 * @param string|string[] $attr
995
-	 * @param int $limit
996
-	 * @param int $offset
997
-	 * @return false|int
998
-	 * @throws ServerNotAvailableException
999
-	 */
1000
-	public function countUsers($filter, $attr = ['dn'], $limit = null, $offset = null) {
1001
-		$result = false;
1002
-		foreach ($this->connection->ldapBaseUsers as $base) {
1003
-			$count = $this->count($filter, [$base], $attr, $limit, $offset);
1004
-			$result = is_int($count) ? (int)$result + $count : $result;
1005
-		}
1006
-		return $result;
1007
-	}
1008
-
1009
-	/**
1010
-	 * executes an LDAP search, optimized for Groups
1011
-	 *
1012
-	 * @param string $filter the LDAP filter for the search
1013
-	 * @param string|string[] $attr optional, when a certain attribute shall be filtered out
1014
-	 * @param integer $limit
1015
-	 * @param integer $offset
1016
-	 * @return array with the search result
1017
-	 *
1018
-	 * Executes an LDAP search
1019
-	 * @throws ServerNotAvailableException
1020
-	 */
1021
-	public function searchGroups($filter, $attr = null, $limit = null, $offset = null) {
1022
-		$result = [];
1023
-		foreach ($this->connection->ldapBaseGroups as $base) {
1024
-			$result = array_merge($result, $this->search($filter, $base, $attr, $limit, $offset));
1025
-		}
1026
-		return $result;
1027
-	}
1028
-
1029
-	/**
1030
-	 * returns the number of available groups
1031
-	 *
1032
-	 * @param string $filter the LDAP search filter
1033
-	 * @param string[] $attr optional
1034
-	 * @param int|null $limit
1035
-	 * @param int|null $offset
1036
-	 * @return int|bool
1037
-	 * @throws ServerNotAvailableException
1038
-	 */
1039
-	public function countGroups($filter, $attr = ['dn'], $limit = null, $offset = null) {
1040
-		$result = false;
1041
-		foreach ($this->connection->ldapBaseGroups as $base) {
1042
-			$count = $this->count($filter, [$base], $attr, $limit, $offset);
1043
-			$result = is_int($count) ? (int)$result + $count : $result;
1044
-		}
1045
-		return $result;
1046
-	}
1047
-
1048
-	/**
1049
-	 * returns the number of available objects on the base DN
1050
-	 *
1051
-	 * @param int|null $limit
1052
-	 * @param int|null $offset
1053
-	 * @return int|bool
1054
-	 * @throws ServerNotAvailableException
1055
-	 */
1056
-	public function countObjects($limit = null, $offset = null) {
1057
-		$result = false;
1058
-		foreach ($this->connection->ldapBase as $base) {
1059
-			$count = $this->count('objectclass=*', [$base], ['dn'], $limit, $offset);
1060
-			$result = is_int($count) ? (int)$result + $count : $result;
1061
-		}
1062
-		return $result;
1063
-	}
1064
-
1065
-	/**
1066
-	 * Returns the LDAP handler
1067
-	 *
1068
-	 * @throws \OC\ServerNotAvailableException
1069
-	 */
1070
-
1071
-	/**
1072
-	 * @return mixed
1073
-	 * @throws \OC\ServerNotAvailableException
1074
-	 */
1075
-	private function invokeLDAPMethod() {
1076
-		$arguments = func_get_args();
1077
-		$command = array_shift($arguments);
1078
-		$cr = array_shift($arguments);
1079
-		if (!method_exists($this->ldap, $command)) {
1080
-			return null;
1081
-		}
1082
-		array_unshift($arguments, $cr);
1083
-		// php no longer supports call-time pass-by-reference
1084
-		// thus cannot support controlPagedResultResponse as the third argument
1085
-		// is a reference
1086
-		$doMethod = function () use ($command, &$arguments) {
1087
-			if ($command == 'controlPagedResultResponse') {
1088
-				throw new \InvalidArgumentException('Invoker does not support controlPagedResultResponse, call LDAP Wrapper directly instead.');
1089
-			} else {
1090
-				return call_user_func_array([$this->ldap, $command], $arguments);
1091
-			}
1092
-		};
1093
-		try {
1094
-			$ret = $doMethod();
1095
-		} catch (ServerNotAvailableException $e) {
1096
-			/* Server connection lost, attempt to reestablish it
68
+    public const UUID_ATTRIBUTES = ['entryuuid', 'nsuniqueid', 'objectguid', 'guid', 'ipauniqueid'];
69
+
70
+    /** @var \OCA\User_LDAP\Connection */
71
+    public $connection;
72
+    /** @var Manager */
73
+    public $userManager;
74
+    //never ever check this var directly, always use getPagedSearchResultState
75
+    protected $pagedSearchedSuccessful;
76
+
77
+    /**
78
+     * @var UserMapping $userMapper
79
+     */
80
+    protected $userMapper;
81
+
82
+    /**
83
+     * @var AbstractMapping $userMapper
84
+     */
85
+    protected $groupMapper;
86
+
87
+    /**
88
+     * @var \OCA\User_LDAP\Helper
89
+     */
90
+    private $helper;
91
+    /** @var IConfig */
92
+    private $config;
93
+    /** @var IUserManager */
94
+    private $ncUserManager;
95
+    /** @var string */
96
+    private $lastCookie = '';
97
+
98
+    public function __construct(
99
+        Connection $connection,
100
+        ILDAPWrapper $ldap,
101
+        Manager $userManager,
102
+        Helper $helper,
103
+        IConfig $config,
104
+        IUserManager $ncUserManager
105
+    ) {
106
+        parent::__construct($ldap);
107
+        $this->connection = $connection;
108
+        $this->userManager = $userManager;
109
+        $this->userManager->setLdapAccess($this);
110
+        $this->helper = $helper;
111
+        $this->config = $config;
112
+        $this->ncUserManager = $ncUserManager;
113
+    }
114
+
115
+    /**
116
+     * sets the User Mapper
117
+     *
118
+     * @param AbstractMapping $mapper
119
+     */
120
+    public function setUserMapper(AbstractMapping $mapper) {
121
+        $this->userMapper = $mapper;
122
+    }
123
+
124
+    /**
125
+     * @throws \Exception
126
+     */
127
+    public function getUserMapper(): UserMapping {
128
+        if (is_null($this->userMapper)) {
129
+            throw new \Exception('UserMapper was not assigned to this Access instance.');
130
+        }
131
+        return $this->userMapper;
132
+    }
133
+
134
+    /**
135
+     * sets the Group Mapper
136
+     *
137
+     * @param AbstractMapping $mapper
138
+     */
139
+    public function setGroupMapper(AbstractMapping $mapper) {
140
+        $this->groupMapper = $mapper;
141
+    }
142
+
143
+    /**
144
+     * returns the Group Mapper
145
+     *
146
+     * @return AbstractMapping
147
+     * @throws \Exception
148
+     */
149
+    public function getGroupMapper() {
150
+        if (is_null($this->groupMapper)) {
151
+            throw new \Exception('GroupMapper was not assigned to this Access instance.');
152
+        }
153
+        return $this->groupMapper;
154
+    }
155
+
156
+    /**
157
+     * @return bool
158
+     */
159
+    private function checkConnection() {
160
+        return ($this->connection instanceof Connection);
161
+    }
162
+
163
+    /**
164
+     * returns the Connection instance
165
+     *
166
+     * @return \OCA\User_LDAP\Connection
167
+     */
168
+    public function getConnection() {
169
+        return $this->connection;
170
+    }
171
+
172
+    /**
173
+     * reads a given attribute for an LDAP record identified by a DN
174
+     *
175
+     * @param string $dn the record in question
176
+     * @param string $attr the attribute that shall be retrieved
177
+     *        if empty, just check the record's existence
178
+     * @param string $filter
179
+     * @return array|false an array of values on success or an empty
180
+     *          array if $attr is empty, false otherwise
181
+     * @throws ServerNotAvailableException
182
+     */
183
+    public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
184
+        if (!$this->checkConnection()) {
185
+            \OCP\Util::writeLog('user_ldap',
186
+                'No LDAP Connector assigned, access impossible for readAttribute.',
187
+                ILogger::WARN);
188
+            return false;
189
+        }
190
+        $cr = $this->connection->getConnectionResource();
191
+        if (!$this->ldap->isResource($cr)) {
192
+            //LDAP not available
193
+            \OCP\Util::writeLog('user_ldap', 'LDAP resource not available.', ILogger::DEBUG);
194
+            return false;
195
+        }
196
+        //Cancel possibly running Paged Results operation, otherwise we run in
197
+        //LDAP protocol errors
198
+        $this->abandonPagedSearch();
199
+        // openLDAP requires that we init a new Paged Search. Not needed by AD,
200
+        // but does not hurt either.
201
+        $pagingSize = (int)$this->connection->ldapPagingSize;
202
+        // 0 won't result in replies, small numbers may leave out groups
203
+        // (cf. #12306), 500 is default for paging and should work everywhere.
204
+        $maxResults = $pagingSize > 20 ? $pagingSize : 500;
205
+        $attr = mb_strtolower($attr, 'UTF-8');
206
+        // the actual read attribute later may contain parameters on a ranged
207
+        // request, e.g. member;range=99-199. Depends on server reply.
208
+        $attrToRead = $attr;
209
+
210
+        $values = [];
211
+        $isRangeRequest = false;
212
+        do {
213
+            $result = $this->executeRead($cr, $dn, $attrToRead, $filter, $maxResults);
214
+            if (is_bool($result)) {
215
+                // when an exists request was run and it was successful, an empty
216
+                // array must be returned
217
+                return $result ? [] : false;
218
+            }
219
+
220
+            if (!$isRangeRequest) {
221
+                $values = $this->extractAttributeValuesFromResult($result, $attr);
222
+                if (!empty($values)) {
223
+                    return $values;
224
+                }
225
+            }
226
+
227
+            $isRangeRequest = false;
228
+            $result = $this->extractRangeData($result, $attr);
229
+            if (!empty($result)) {
230
+                $normalizedResult = $this->extractAttributeValuesFromResult(
231
+                    [$attr => $result['values']],
232
+                    $attr
233
+                );
234
+                $values = array_merge($values, $normalizedResult);
235
+
236
+                if ($result['rangeHigh'] === '*') {
237
+                    // when server replies with * as high range value, there are
238
+                    // no more results left
239
+                    return $values;
240
+                } else {
241
+                    $low = $result['rangeHigh'] + 1;
242
+                    $attrToRead = $result['attributeName'] . ';range=' . $low . '-*';
243
+                    $isRangeRequest = true;
244
+                }
245
+            }
246
+        } while ($isRangeRequest);
247
+
248
+        \OCP\Util::writeLog('user_ldap', 'Requested attribute ' . $attr . ' not found for ' . $dn, ILogger::DEBUG);
249
+        return false;
250
+    }
251
+
252
+    /**
253
+     * Runs an read operation against LDAP
254
+     *
255
+     * @param resource $cr the LDAP connection
256
+     * @param string $dn
257
+     * @param string $attribute
258
+     * @param string $filter
259
+     * @param int $maxResults
260
+     * @return array|bool false if there was any error, true if an exists check
261
+     *                    was performed and the requested DN found, array with the
262
+     *                    returned data on a successful usual operation
263
+     * @throws ServerNotAvailableException
264
+     */
265
+    public function executeRead($cr, $dn, $attribute, $filter, $maxResults) {
266
+        $this->initPagedSearch($filter, $dn, [$attribute], $maxResults, 0);
267
+        $dn = $this->helper->DNasBaseParameter($dn);
268
+        $rr = @$this->invokeLDAPMethod('read', $cr, $dn, $filter, [$attribute]);
269
+        if (!$this->ldap->isResource($rr)) {
270
+            if ($attribute !== '') {
271
+                //do not throw this message on userExists check, irritates
272
+                \OCP\Util::writeLog('user_ldap', 'readAttribute failed for DN ' . $dn, ILogger::DEBUG);
273
+            }
274
+            //in case an error occurs , e.g. object does not exist
275
+            return false;
276
+        }
277
+        if ($attribute === '' && ($filter === 'objectclass=*' || $this->invokeLDAPMethod('countEntries', $cr, $rr) === 1)) {
278
+            \OCP\Util::writeLog('user_ldap', 'readAttribute: ' . $dn . ' found', ILogger::DEBUG);
279
+            return true;
280
+        }
281
+        $er = $this->invokeLDAPMethod('firstEntry', $cr, $rr);
282
+        if (!$this->ldap->isResource($er)) {
283
+            //did not match the filter, return false
284
+            return false;
285
+        }
286
+        //LDAP attributes are not case sensitive
287
+        $result = \OCP\Util::mb_array_change_key_case(
288
+            $this->invokeLDAPMethod('getAttributes', $cr, $er), MB_CASE_LOWER, 'UTF-8');
289
+
290
+        return $result;
291
+    }
292
+
293
+    /**
294
+     * Normalizes a result grom getAttributes(), i.e. handles DNs and binary
295
+     * data if present.
296
+     *
297
+     * @param array $result from ILDAPWrapper::getAttributes()
298
+     * @param string $attribute the attribute name that was read
299
+     * @return string[]
300
+     */
301
+    public function extractAttributeValuesFromResult($result, $attribute) {
302
+        $values = [];
303
+        if (isset($result[$attribute]) && $result[$attribute]['count'] > 0) {
304
+            $lowercaseAttribute = strtolower($attribute);
305
+            for ($i = 0; $i < $result[$attribute]['count']; $i++) {
306
+                if ($this->resemblesDN($attribute)) {
307
+                    $values[] = $this->helper->sanitizeDN($result[$attribute][$i]);
308
+                } elseif ($lowercaseAttribute === 'objectguid' || $lowercaseAttribute === 'guid') {
309
+                    $values[] = $this->convertObjectGUID2Str($result[$attribute][$i]);
310
+                } else {
311
+                    $values[] = $result[$attribute][$i];
312
+                }
313
+            }
314
+        }
315
+        return $values;
316
+    }
317
+
318
+    /**
319
+     * Attempts to find ranged data in a getAttribute results and extracts the
320
+     * returned values as well as information on the range and full attribute
321
+     * name for further processing.
322
+     *
323
+     * @param array $result from ILDAPWrapper::getAttributes()
324
+     * @param string $attribute the attribute name that was read. Without ";range=…"
325
+     * @return array If a range was detected with keys 'values', 'attributeName',
326
+     *               'attributeFull' and 'rangeHigh', otherwise empty.
327
+     */
328
+    public function extractRangeData($result, $attribute) {
329
+        $keys = array_keys($result);
330
+        foreach ($keys as $key) {
331
+            if ($key !== $attribute && strpos($key, $attribute) === 0) {
332
+                $queryData = explode(';', $key);
333
+                if (strpos($queryData[1], 'range=') === 0) {
334
+                    $high = substr($queryData[1], 1 + strpos($queryData[1], '-'));
335
+                    $data = [
336
+                        'values' => $result[$key],
337
+                        'attributeName' => $queryData[0],
338
+                        'attributeFull' => $key,
339
+                        'rangeHigh' => $high,
340
+                    ];
341
+                    return $data;
342
+                }
343
+            }
344
+        }
345
+        return [];
346
+    }
347
+
348
+    /**
349
+     * Set password for an LDAP user identified by a DN
350
+     *
351
+     * @param string $userDN the user in question
352
+     * @param string $password the new password
353
+     * @return bool
354
+     * @throws HintException
355
+     * @throws \Exception
356
+     */
357
+    public function setPassword($userDN, $password) {
358
+        if ((int)$this->connection->turnOnPasswordChange !== 1) {
359
+            throw new \Exception('LDAP password changes are disabled.');
360
+        }
361
+        $cr = $this->connection->getConnectionResource();
362
+        if (!$this->ldap->isResource($cr)) {
363
+            //LDAP not available
364
+            \OCP\Util::writeLog('user_ldap', 'LDAP resource not available.', ILogger::DEBUG);
365
+            return false;
366
+        }
367
+        try {
368
+            // try PASSWD extended operation first
369
+            return @$this->invokeLDAPMethod('exopPasswd', $cr, $userDN, '', $password) ||
370
+                @$this->invokeLDAPMethod('modReplace', $cr, $userDN, $password);
371
+        } catch (ConstraintViolationException $e) {
372
+            throw new HintException('Password change rejected.', \OC::$server->getL10N('user_ldap')->t('Password change rejected. Hint: ') . $e->getMessage(), $e->getCode());
373
+        }
374
+    }
375
+
376
+    /**
377
+     * checks whether the given attributes value is probably a DN
378
+     *
379
+     * @param string $attr the attribute in question
380
+     * @return boolean if so true, otherwise false
381
+     */
382
+    private function resemblesDN($attr) {
383
+        $resemblingAttributes = [
384
+            'dn',
385
+            'uniquemember',
386
+            'member',
387
+            // memberOf is an "operational" attribute, without a definition in any RFC
388
+            'memberof'
389
+        ];
390
+        return in_array($attr, $resemblingAttributes);
391
+    }
392
+
393
+    /**
394
+     * checks whether the given string is probably a DN
395
+     *
396
+     * @param string $string
397
+     * @return boolean
398
+     */
399
+    public function stringResemblesDN($string) {
400
+        $r = $this->ldap->explodeDN($string, 0);
401
+        // if exploding a DN succeeds and does not end up in
402
+        // an empty array except for $r[count] being 0.
403
+        return (is_array($r) && count($r) > 1);
404
+    }
405
+
406
+    /**
407
+     * returns a DN-string that is cleaned from not domain parts, e.g.
408
+     * cn=foo,cn=bar,dc=foobar,dc=server,dc=org
409
+     * becomes dc=foobar,dc=server,dc=org
410
+     *
411
+     * @param string $dn
412
+     * @return string
413
+     */
414
+    public function getDomainDNFromDN($dn) {
415
+        $allParts = $this->ldap->explodeDN($dn, 0);
416
+        if ($allParts === false) {
417
+            //not a valid DN
418
+            return '';
419
+        }
420
+        $domainParts = [];
421
+        $dcFound = false;
422
+        foreach ($allParts as $part) {
423
+            if (!$dcFound && strpos($part, 'dc=') === 0) {
424
+                $dcFound = true;
425
+            }
426
+            if ($dcFound) {
427
+                $domainParts[] = $part;
428
+            }
429
+        }
430
+        return implode(',', $domainParts);
431
+    }
432
+
433
+    /**
434
+     * returns the LDAP DN for the given internal Nextcloud name of the group
435
+     *
436
+     * @param string $name the Nextcloud name in question
437
+     * @return string|false LDAP DN on success, otherwise false
438
+     */
439
+    public function groupname2dn($name) {
440
+        return $this->groupMapper->getDNByName($name);
441
+    }
442
+
443
+    /**
444
+     * returns the LDAP DN for the given internal Nextcloud name of the user
445
+     *
446
+     * @param string $name the Nextcloud name in question
447
+     * @return string|false with the LDAP DN on success, otherwise false
448
+     */
449
+    public function username2dn($name) {
450
+        $fdn = $this->userMapper->getDNByName($name);
451
+
452
+        //Check whether the DN belongs to the Base, to avoid issues on multi-
453
+        //server setups
454
+        if (is_string($fdn) && $this->isDNPartOfBase($fdn, $this->connection->ldapBaseUsers)) {
455
+            return $fdn;
456
+        }
457
+
458
+        return false;
459
+    }
460
+
461
+    /**
462
+     * returns the internal Nextcloud name for the given LDAP DN of the group, false on DN outside of search DN or failure
463
+     *
464
+     * @param string $fdn the dn of the group object
465
+     * @param string $ldapName optional, the display name of the object
466
+     * @return string|false with the name to use in Nextcloud, false on DN outside of search DN
467
+     * @throws \Exception
468
+     */
469
+    public function dn2groupname($fdn, $ldapName = null) {
470
+        //To avoid bypassing the base DN settings under certain circumstances
471
+        //with the group support, check whether the provided DN matches one of
472
+        //the given Bases
473
+        if (!$this->isDNPartOfBase($fdn, $this->connection->ldapBaseGroups)) {
474
+            return false;
475
+        }
476
+
477
+        return $this->dn2ocname($fdn, $ldapName, false);
478
+    }
479
+
480
+    /**
481
+     * returns the internal Nextcloud name for the given LDAP DN of the user, false on DN outside of search DN or failure
482
+     *
483
+     * @param string $dn the dn of the user object
484
+     * @param string $ldapName optional, the display name of the object
485
+     * @return string|false with with the name to use in Nextcloud
486
+     * @throws \Exception
487
+     */
488
+    public function dn2username($fdn, $ldapName = null) {
489
+        //To avoid bypassing the base DN settings under certain circumstances
490
+        //with the group support, check whether the provided DN matches one of
491
+        //the given Bases
492
+        if (!$this->isDNPartOfBase($fdn, $this->connection->ldapBaseUsers)) {
493
+            return false;
494
+        }
495
+
496
+        return $this->dn2ocname($fdn, $ldapName, true);
497
+    }
498
+
499
+    /**
500
+     * returns an internal Nextcloud name for the given LDAP DN, false on DN outside of search DN
501
+     *
502
+     * @param string $fdn the dn of the user object
503
+     * @param string|null $ldapName optional, the display name of the object
504
+     * @param bool $isUser optional, whether it is a user object (otherwise group assumed)
505
+     * @param bool|null $newlyMapped
506
+     * @param array|null $record
507
+     * @return false|string with with the name to use in Nextcloud
508
+     * @throws \Exception
509
+     */
510
+    public function dn2ocname($fdn, $ldapName = null, $isUser = true, &$newlyMapped = null, array $record = null) {
511
+        $newlyMapped = false;
512
+        if ($isUser) {
513
+            $mapper = $this->getUserMapper();
514
+            $nameAttribute = $this->connection->ldapUserDisplayName;
515
+            $filter = $this->connection->ldapUserFilter;
516
+        } else {
517
+            $mapper = $this->getGroupMapper();
518
+            $nameAttribute = $this->connection->ldapGroupDisplayName;
519
+            $filter = $this->connection->ldapGroupFilter;
520
+        }
521
+
522
+        //let's try to retrieve the Nextcloud name from the mappings table
523
+        $ncName = $mapper->getNameByDN($fdn);
524
+        if (is_string($ncName)) {
525
+            return $ncName;
526
+        }
527
+
528
+        //second try: get the UUID and check if it is known. Then, update the DN and return the name.
529
+        $uuid = $this->getUUID($fdn, $isUser, $record);
530
+        if (is_string($uuid)) {
531
+            $ncName = $mapper->getNameByUUID($uuid);
532
+            if (is_string($ncName)) {
533
+                $mapper->setDNbyUUID($fdn, $uuid);
534
+                return $ncName;
535
+            }
536
+        } else {
537
+            //If the UUID can't be detected something is foul.
538
+            \OCP\Util::writeLog('user_ldap', 'Cannot determine UUID for ' . $fdn . '. Skipping.', ILogger::INFO);
539
+            return false;
540
+        }
541
+
542
+        if (is_null($ldapName)) {
543
+            $ldapName = $this->readAttribute($fdn, $nameAttribute, $filter);
544
+            if (!isset($ldapName[0]) && empty($ldapName[0])) {
545
+                \OCP\Util::writeLog('user_ldap', 'No or empty name for ' . $fdn . ' with filter ' . $filter . '.', ILogger::INFO);
546
+                return false;
547
+            }
548
+            $ldapName = $ldapName[0];
549
+        }
550
+
551
+        if ($isUser) {
552
+            $usernameAttribute = (string)$this->connection->ldapExpertUsernameAttr;
553
+            if ($usernameAttribute !== '') {
554
+                $username = $this->readAttribute($fdn, $usernameAttribute);
555
+                $username = $username[0];
556
+            } else {
557
+                $username = $uuid;
558
+            }
559
+            try {
560
+                $intName = $this->sanitizeUsername($username);
561
+            } catch (\InvalidArgumentException $e) {
562
+                \OC::$server->getLogger()->logException($e, [
563
+                    'app' => 'user_ldap',
564
+                    'level' => ILogger::WARN,
565
+                ]);
566
+                // we don't attempt to set a username here. We can go for
567
+                // for an alternative 4 digit random number as we would append
568
+                // otherwise, however it's likely not enough space in bigger
569
+                // setups, and most importantly: this is not intended.
570
+                return false;
571
+            }
572
+        } else {
573
+            $intName = $ldapName;
574
+        }
575
+
576
+        //a new user/group! Add it only if it doesn't conflict with other backend's users or existing groups
577
+        //disabling Cache is required to avoid that the new user is cached as not-existing in fooExists check
578
+        //NOTE: mind, disabling cache affects only this instance! Using it
579
+        // outside of core user management will still cache the user as non-existing.
580
+        $originalTTL = $this->connection->ldapCacheTTL;
581
+        $this->connection->setConfiguration(['ldapCacheTTL' => 0]);
582
+        if ($intName !== ''
583
+            && (($isUser && !$this->ncUserManager->userExists($intName))
584
+                || (!$isUser && !\OC::$server->getGroupManager()->groupExists($intName))
585
+            )
586
+        ) {
587
+            $this->connection->setConfiguration(['ldapCacheTTL' => $originalTTL]);
588
+            $newlyMapped = $this->mapAndAnnounceIfApplicable($mapper, $fdn, $intName, $uuid, $isUser);
589
+            if ($newlyMapped) {
590
+                return $intName;
591
+            }
592
+        }
593
+
594
+        $this->connection->setConfiguration(['ldapCacheTTL' => $originalTTL]);
595
+        $altName = $this->createAltInternalOwnCloudName($intName, $isUser);
596
+        if (is_string($altName)) {
597
+            if ($this->mapAndAnnounceIfApplicable($mapper, $fdn, $altName, $uuid, $isUser)) {
598
+                $newlyMapped = true;
599
+                return $altName;
600
+            }
601
+        }
602
+
603
+        //if everything else did not help..
604
+        \OCP\Util::writeLog('user_ldap', 'Could not create unique name for ' . $fdn . '.', ILogger::INFO);
605
+        return false;
606
+    }
607
+
608
+    public function mapAndAnnounceIfApplicable(
609
+        AbstractMapping $mapper,
610
+        string $fdn,
611
+        string $name,
612
+        string $uuid,
613
+        bool $isUser
614
+    ): bool {
615
+        if ($mapper->map($fdn, $name, $uuid)) {
616
+            if ($this->ncUserManager instanceof PublicEmitter && $isUser) {
617
+                $this->cacheUserExists($name);
618
+                $this->ncUserManager->emit('\OC\User', 'assignedUserId', [$name]);
619
+            } elseif (!$isUser) {
620
+                $this->cacheGroupExists($name);
621
+            }
622
+            return true;
623
+        }
624
+        return false;
625
+    }
626
+
627
+    /**
628
+     * gives back the user names as they are used ownClod internally
629
+     *
630
+     * @param array $ldapUsers as returned by fetchList()
631
+     * @return array an array with the user names to use in Nextcloud
632
+     *
633
+     * gives back the user names as they are used ownClod internally
634
+     * @throws \Exception
635
+     */
636
+    public function nextcloudUserNames($ldapUsers) {
637
+        return $this->ldap2NextcloudNames($ldapUsers, true);
638
+    }
639
+
640
+    /**
641
+     * gives back the group names as they are used ownClod internally
642
+     *
643
+     * @param array $ldapGroups as returned by fetchList()
644
+     * @return array an array with the group names to use in Nextcloud
645
+     *
646
+     * gives back the group names as they are used ownClod internally
647
+     * @throws \Exception
648
+     */
649
+    public function nextcloudGroupNames($ldapGroups) {
650
+        return $this->ldap2NextcloudNames($ldapGroups, false);
651
+    }
652
+
653
+    /**
654
+     * @param array $ldapObjects as returned by fetchList()
655
+     * @param bool $isUsers
656
+     * @return array
657
+     * @throws \Exception
658
+     */
659
+    private function ldap2NextcloudNames($ldapObjects, $isUsers) {
660
+        if ($isUsers) {
661
+            $nameAttribute = $this->connection->ldapUserDisplayName;
662
+            $sndAttribute = $this->connection->ldapUserDisplayName2;
663
+        } else {
664
+            $nameAttribute = $this->connection->ldapGroupDisplayName;
665
+        }
666
+        $nextcloudNames = [];
667
+
668
+        foreach ($ldapObjects as $ldapObject) {
669
+            $nameByLDAP = null;
670
+            if (isset($ldapObject[$nameAttribute])
671
+                && is_array($ldapObject[$nameAttribute])
672
+                && isset($ldapObject[$nameAttribute][0])
673
+            ) {
674
+                // might be set, but not necessarily. if so, we use it.
675
+                $nameByLDAP = $ldapObject[$nameAttribute][0];
676
+            }
677
+
678
+            $ncName = $this->dn2ocname($ldapObject['dn'][0], $nameByLDAP, $isUsers);
679
+            if ($ncName) {
680
+                $nextcloudNames[] = $ncName;
681
+                if ($isUsers) {
682
+                    $this->updateUserState($ncName);
683
+                    //cache the user names so it does not need to be retrieved
684
+                    //again later (e.g. sharing dialogue).
685
+                    if (is_null($nameByLDAP)) {
686
+                        continue;
687
+                    }
688
+                    $sndName = isset($ldapObject[$sndAttribute][0])
689
+                        ? $ldapObject[$sndAttribute][0] : '';
690
+                    $this->cacheUserDisplayName($ncName, $nameByLDAP, $sndName);
691
+                } elseif ($nameByLDAP !== null) {
692
+                    $this->cacheGroupDisplayName($ncName, $nameByLDAP);
693
+                }
694
+            }
695
+        }
696
+        return $nextcloudNames;
697
+    }
698
+
699
+    /**
700
+     * removes the deleted-flag of a user if it was set
701
+     *
702
+     * @param string $ncname
703
+     * @throws \Exception
704
+     */
705
+    public function updateUserState($ncname) {
706
+        $user = $this->userManager->get($ncname);
707
+        if ($user instanceof OfflineUser) {
708
+            $user->unmark();
709
+        }
710
+    }
711
+
712
+    /**
713
+     * caches the user display name
714
+     *
715
+     * @param string $ocName the internal Nextcloud username
716
+     * @param string|false $home the home directory path
717
+     */
718
+    public function cacheUserHome($ocName, $home) {
719
+        $cacheKey = 'getHome' . $ocName;
720
+        $this->connection->writeToCache($cacheKey, $home);
721
+    }
722
+
723
+    /**
724
+     * caches a user as existing
725
+     *
726
+     * @param string $ocName the internal Nextcloud username
727
+     */
728
+    public function cacheUserExists($ocName) {
729
+        $this->connection->writeToCache('userExists' . $ocName, true);
730
+    }
731
+
732
+    /**
733
+     * caches a group as existing
734
+     */
735
+    public function cacheGroupExists(string $gid): void {
736
+        $this->connection->writeToCache('groupExists' . $gid, true);
737
+    }
738
+
739
+    /**
740
+     * caches the user display name
741
+     *
742
+     * @param string $ocName the internal Nextcloud username
743
+     * @param string $displayName the display name
744
+     * @param string $displayName2 the second display name
745
+     * @throws \Exception
746
+     */
747
+    public function cacheUserDisplayName($ocName, $displayName, $displayName2 = '') {
748
+        $user = $this->userManager->get($ocName);
749
+        if ($user === null) {
750
+            return;
751
+        }
752
+        $displayName = $user->composeAndStoreDisplayName($displayName, $displayName2);
753
+        $cacheKeyTrunk = 'getDisplayName';
754
+        $this->connection->writeToCache($cacheKeyTrunk . $ocName, $displayName);
755
+    }
756
+
757
+    public function cacheGroupDisplayName(string $ncName, string $displayName): void {
758
+        $cacheKey = 'group_getDisplayName' . $ncName;
759
+        $this->connection->writeToCache($cacheKey, $displayName);
760
+    }
761
+
762
+    /**
763
+     * creates a unique name for internal Nextcloud use for users. Don't call it directly.
764
+     *
765
+     * @param string $name the display name of the object
766
+     * @return string|false with with the name to use in Nextcloud or false if unsuccessful
767
+     *
768
+     * Instead of using this method directly, call
769
+     * createAltInternalOwnCloudName($name, true)
770
+     */
771
+    private function _createAltInternalOwnCloudNameForUsers($name) {
772
+        $attempts = 0;
773
+        //while loop is just a precaution. If a name is not generated within
774
+        //20 attempts, something else is very wrong. Avoids infinite loop.
775
+        while ($attempts < 20) {
776
+            $altName = $name . '_' . rand(1000, 9999);
777
+            if (!$this->ncUserManager->userExists($altName)) {
778
+                return $altName;
779
+            }
780
+            $attempts++;
781
+        }
782
+        return false;
783
+    }
784
+
785
+    /**
786
+     * creates a unique name for internal Nextcloud use for groups. Don't call it directly.
787
+     *
788
+     * @param string $name the display name of the object
789
+     * @return string|false with with the name to use in Nextcloud or false if unsuccessful.
790
+     *
791
+     * Instead of using this method directly, call
792
+     * createAltInternalOwnCloudName($name, false)
793
+     *
794
+     * Group names are also used as display names, so we do a sequential
795
+     * numbering, e.g. Developers_42 when there are 41 other groups called
796
+     * "Developers"
797
+     */
798
+    private function _createAltInternalOwnCloudNameForGroups($name) {
799
+        $usedNames = $this->groupMapper->getNamesBySearch($name, "", '_%');
800
+        if (!$usedNames || count($usedNames) === 0) {
801
+            $lastNo = 1; //will become name_2
802
+        } else {
803
+            natsort($usedNames);
804
+            $lastName = array_pop($usedNames);
805
+            $lastNo = (int)substr($lastName, strrpos($lastName, '_') + 1);
806
+        }
807
+        $altName = $name . '_' . (string)($lastNo + 1);
808
+        unset($usedNames);
809
+
810
+        $attempts = 1;
811
+        while ($attempts < 21) {
812
+            // Check to be really sure it is unique
813
+            // while loop is just a precaution. If a name is not generated within
814
+            // 20 attempts, something else is very wrong. Avoids infinite loop.
815
+            if (!\OC::$server->getGroupManager()->groupExists($altName)) {
816
+                return $altName;
817
+            }
818
+            $altName = $name . '_' . ($lastNo + $attempts);
819
+            $attempts++;
820
+        }
821
+        return false;
822
+    }
823
+
824
+    /**
825
+     * creates a unique name for internal Nextcloud use.
826
+     *
827
+     * @param string $name the display name of the object
828
+     * @param boolean $isUser whether name should be created for a user (true) or a group (false)
829
+     * @return string|false with with the name to use in Nextcloud or false if unsuccessful
830
+     */
831
+    private function createAltInternalOwnCloudName($name, $isUser) {
832
+        $originalTTL = $this->connection->ldapCacheTTL;
833
+        $this->connection->setConfiguration(['ldapCacheTTL' => 0]);
834
+        if ($isUser) {
835
+            $altName = $this->_createAltInternalOwnCloudNameForUsers($name);
836
+        } else {
837
+            $altName = $this->_createAltInternalOwnCloudNameForGroups($name);
838
+        }
839
+        $this->connection->setConfiguration(['ldapCacheTTL' => $originalTTL]);
840
+
841
+        return $altName;
842
+    }
843
+
844
+    /**
845
+     * fetches a list of users according to a provided loginName and utilizing
846
+     * the login filter.
847
+     */
848
+    public function fetchUsersByLoginName(string $loginName, array $attributes = ['dn']): array {
849
+        $loginName = $this->escapeFilterPart($loginName);
850
+        $filter = str_replace('%uid', $loginName, $this->connection->ldapLoginFilter);
851
+        return $this->fetchListOfUsers($filter, $attributes);
852
+    }
853
+
854
+    /**
855
+     * counts the number of users according to a provided loginName and
856
+     * utilizing the login filter.
857
+     *
858
+     * @param string $loginName
859
+     * @return int
860
+     */
861
+    public function countUsersByLoginName($loginName) {
862
+        $loginName = $this->escapeFilterPart($loginName);
863
+        $filter = str_replace('%uid', $loginName, $this->connection->ldapLoginFilter);
864
+        return $this->countUsers($filter);
865
+    }
866
+
867
+    /**
868
+     * @throws \Exception
869
+     */
870
+    public function fetchListOfUsers(string $filter, array $attr, int $limit = null, int $offset = null, bool $forceApplyAttributes = false): array {
871
+        $ldapRecords = $this->searchUsers($filter, $attr, $limit, $offset);
872
+        $recordsToUpdate = $ldapRecords;
873
+        if (!$forceApplyAttributes) {
874
+            $isBackgroundJobModeAjax = $this->config
875
+                    ->getAppValue('core', 'backgroundjobs_mode', 'ajax') === 'ajax';
876
+            $listOfDNs = array_reduce($ldapRecords, function ($listOfDNs, $entry) {
877
+                $listOfDNs[] = $entry['dn'][0];
878
+                return $listOfDNs;
879
+            }, []);
880
+            $idsByDn = $this->userMapper->getListOfIdsByDn($listOfDNs);
881
+            $recordsToUpdate = array_filter($ldapRecords, function ($record) use ($isBackgroundJobModeAjax, $idsByDn) {
882
+                $newlyMapped = false;
883
+                $uid = $idsByDn[$record['dn'][0]] ?? null;
884
+                if ($uid === null) {
885
+                    $uid = $this->dn2ocname($record['dn'][0], null, true, $newlyMapped, $record);
886
+                }
887
+                if (is_string($uid)) {
888
+                    $this->cacheUserExists($uid);
889
+                }
890
+                return ($uid !== false) && ($newlyMapped || $isBackgroundJobModeAjax);
891
+            });
892
+        }
893
+        $this->batchApplyUserAttributes($recordsToUpdate);
894
+        return $this->fetchList($ldapRecords, $this->manyAttributes($attr));
895
+    }
896
+
897
+    /**
898
+     * provided with an array of LDAP user records the method will fetch the
899
+     * user object and requests it to process the freshly fetched attributes and
900
+     * and their values
901
+     *
902
+     * @param array $ldapRecords
903
+     * @throws \Exception
904
+     */
905
+    public function batchApplyUserAttributes(array $ldapRecords) {
906
+        $displayNameAttribute = strtolower($this->connection->ldapUserDisplayName);
907
+        foreach ($ldapRecords as $userRecord) {
908
+            if (!isset($userRecord[$displayNameAttribute])) {
909
+                // displayName is obligatory
910
+                continue;
911
+            }
912
+            $ocName = $this->dn2ocname($userRecord['dn'][0], null, true);
913
+            if ($ocName === false) {
914
+                continue;
915
+            }
916
+            $this->updateUserState($ocName);
917
+            $user = $this->userManager->get($ocName);
918
+            if ($user !== null) {
919
+                $user->processAttributes($userRecord);
920
+            } else {
921
+                \OC::$server->getLogger()->debug(
922
+                    "The ldap user manager returned null for $ocName",
923
+                    ['app' => 'user_ldap']
924
+                );
925
+            }
926
+        }
927
+    }
928
+
929
+    /**
930
+     * @param string $filter
931
+     * @param string|string[] $attr
932
+     * @param int $limit
933
+     * @param int $offset
934
+     * @return array
935
+     */
936
+    public function fetchListOfGroups($filter, $attr, $limit = null, $offset = null) {
937
+        $groupRecords = $this->searchGroups($filter, $attr, $limit, $offset);
938
+
939
+        $listOfDNs = array_reduce($groupRecords, function ($listOfDNs, $entry) {
940
+            $listOfDNs[] = $entry['dn'][0];
941
+            return $listOfDNs;
942
+        }, []);
943
+        $idsByDn = $this->groupMapper->getListOfIdsByDn($listOfDNs);
944
+
945
+        array_walk($groupRecords, function ($record) use ($idsByDn) {
946
+            $newlyMapped = false;
947
+            $gid = $uidsByDn[$record['dn'][0]] ?? null;
948
+            if ($gid === null) {
949
+                $gid = $this->dn2ocname($record['dn'][0], null, false, $newlyMapped, $record);
950
+            }
951
+            if (!$newlyMapped && is_string($gid)) {
952
+                $this->cacheGroupExists($gid);
953
+            }
954
+        });
955
+        return $this->fetchList($groupRecords, $this->manyAttributes($attr));
956
+    }
957
+
958
+    /**
959
+     * @param array $list
960
+     * @param bool $manyAttributes
961
+     * @return array
962
+     */
963
+    private function fetchList($list, $manyAttributes) {
964
+        if (is_array($list)) {
965
+            if ($manyAttributes) {
966
+                return $list;
967
+            } else {
968
+                $list = array_reduce($list, function ($carry, $item) {
969
+                    $attribute = array_keys($item)[0];
970
+                    $carry[] = $item[$attribute][0];
971
+                    return $carry;
972
+                }, []);
973
+                return array_unique($list, SORT_LOCALE_STRING);
974
+            }
975
+        }
976
+
977
+        //error cause actually, maybe throw an exception in future.
978
+        return [];
979
+    }
980
+
981
+    /**
982
+     * @throws ServerNotAvailableException
983
+     */
984
+    public function searchUsers(string $filter, array $attr = null, int $limit = null, int $offset = null): array {
985
+        $result = [];
986
+        foreach ($this->connection->ldapBaseUsers as $base) {
987
+            $result = array_merge($result, $this->search($filter, $base, $attr, $limit, $offset));
988
+        }
989
+        return $result;
990
+    }
991
+
992
+    /**
993
+     * @param string $filter
994
+     * @param string|string[] $attr
995
+     * @param int $limit
996
+     * @param int $offset
997
+     * @return false|int
998
+     * @throws ServerNotAvailableException
999
+     */
1000
+    public function countUsers($filter, $attr = ['dn'], $limit = null, $offset = null) {
1001
+        $result = false;
1002
+        foreach ($this->connection->ldapBaseUsers as $base) {
1003
+            $count = $this->count($filter, [$base], $attr, $limit, $offset);
1004
+            $result = is_int($count) ? (int)$result + $count : $result;
1005
+        }
1006
+        return $result;
1007
+    }
1008
+
1009
+    /**
1010
+     * executes an LDAP search, optimized for Groups
1011
+     *
1012
+     * @param string $filter the LDAP filter for the search
1013
+     * @param string|string[] $attr optional, when a certain attribute shall be filtered out
1014
+     * @param integer $limit
1015
+     * @param integer $offset
1016
+     * @return array with the search result
1017
+     *
1018
+     * Executes an LDAP search
1019
+     * @throws ServerNotAvailableException
1020
+     */
1021
+    public function searchGroups($filter, $attr = null, $limit = null, $offset = null) {
1022
+        $result = [];
1023
+        foreach ($this->connection->ldapBaseGroups as $base) {
1024
+            $result = array_merge($result, $this->search($filter, $base, $attr, $limit, $offset));
1025
+        }
1026
+        return $result;
1027
+    }
1028
+
1029
+    /**
1030
+     * returns the number of available groups
1031
+     *
1032
+     * @param string $filter the LDAP search filter
1033
+     * @param string[] $attr optional
1034
+     * @param int|null $limit
1035
+     * @param int|null $offset
1036
+     * @return int|bool
1037
+     * @throws ServerNotAvailableException
1038
+     */
1039
+    public function countGroups($filter, $attr = ['dn'], $limit = null, $offset = null) {
1040
+        $result = false;
1041
+        foreach ($this->connection->ldapBaseGroups as $base) {
1042
+            $count = $this->count($filter, [$base], $attr, $limit, $offset);
1043
+            $result = is_int($count) ? (int)$result + $count : $result;
1044
+        }
1045
+        return $result;
1046
+    }
1047
+
1048
+    /**
1049
+     * returns the number of available objects on the base DN
1050
+     *
1051
+     * @param int|null $limit
1052
+     * @param int|null $offset
1053
+     * @return int|bool
1054
+     * @throws ServerNotAvailableException
1055
+     */
1056
+    public function countObjects($limit = null, $offset = null) {
1057
+        $result = false;
1058
+        foreach ($this->connection->ldapBase as $base) {
1059
+            $count = $this->count('objectclass=*', [$base], ['dn'], $limit, $offset);
1060
+            $result = is_int($count) ? (int)$result + $count : $result;
1061
+        }
1062
+        return $result;
1063
+    }
1064
+
1065
+    /**
1066
+     * Returns the LDAP handler
1067
+     *
1068
+     * @throws \OC\ServerNotAvailableException
1069
+     */
1070
+
1071
+    /**
1072
+     * @return mixed
1073
+     * @throws \OC\ServerNotAvailableException
1074
+     */
1075
+    private function invokeLDAPMethod() {
1076
+        $arguments = func_get_args();
1077
+        $command = array_shift($arguments);
1078
+        $cr = array_shift($arguments);
1079
+        if (!method_exists($this->ldap, $command)) {
1080
+            return null;
1081
+        }
1082
+        array_unshift($arguments, $cr);
1083
+        // php no longer supports call-time pass-by-reference
1084
+        // thus cannot support controlPagedResultResponse as the third argument
1085
+        // is a reference
1086
+        $doMethod = function () use ($command, &$arguments) {
1087
+            if ($command == 'controlPagedResultResponse') {
1088
+                throw new \InvalidArgumentException('Invoker does not support controlPagedResultResponse, call LDAP Wrapper directly instead.');
1089
+            } else {
1090
+                return call_user_func_array([$this->ldap, $command], $arguments);
1091
+            }
1092
+        };
1093
+        try {
1094
+            $ret = $doMethod();
1095
+        } catch (ServerNotAvailableException $e) {
1096
+            /* Server connection lost, attempt to reestablish it
1097 1097
 			 * Maybe implement exponential backoff?
1098 1098
 			 * This was enough to get solr indexer working which has large delays between LDAP fetches.
1099 1099
 			 */
1100
-			\OCP\Util::writeLog('user_ldap', "Connection lost on $command, attempting to reestablish.", ILogger::DEBUG);
1101
-			$this->connection->resetConnectionResource();
1102
-			$cr = $this->connection->getConnectionResource();
1103
-
1104
-			if (!$this->ldap->isResource($cr)) {
1105
-				// Seems like we didn't find any resource.
1106
-				\OCP\Util::writeLog('user_ldap', "Could not $command, because resource is missing.", ILogger::DEBUG);
1107
-				throw $e;
1108
-			}
1109
-
1110
-			$arguments[0] = $cr;
1111
-			$ret = $doMethod();
1112
-		}
1113
-		return $ret;
1114
-	}
1115
-
1116
-	/**
1117
-	 * retrieved. Results will according to the order in the array.
1118
-	 *
1119
-	 * @param string $filter
1120
-	 * @param string $base
1121
-	 * @param string[] $attr
1122
-	 * @param int|null $limit optional, maximum results to be counted
1123
-	 * @param int|null $offset optional, a starting point
1124
-	 * @return array|false array with the search result as first value and pagedSearchOK as
1125
-	 * second | false if not successful
1126
-	 * @throws ServerNotAvailableException
1127
-	 */
1128
-	private function executeSearch(
1129
-		string $filter,
1130
-		string $base,
1131
-		?array &$attr,
1132
-		?int $limit,
1133
-		?int $offset
1134
-	) {
1135
-		// See if we have a resource, in case not cancel with message
1136
-		$cr = $this->connection->getConnectionResource();
1137
-		if (!$this->ldap->isResource($cr)) {
1138
-			// Seems like we didn't find any resource.
1139
-			// Return an empty array just like before.
1140
-			\OCP\Util::writeLog('user_ldap', 'Could not search, because resource is missing.', ILogger::DEBUG);
1141
-			return false;
1142
-		}
1143
-
1144
-		//check whether paged search should be attempted
1145
-		$pagedSearchOK = $this->initPagedSearch($filter, $base, $attr, (int)$limit, (int)$offset);
1146
-
1147
-		$sr = $this->invokeLDAPMethod('search', $cr, $base, $filter, $attr);
1148
-		// cannot use $cr anymore, might have changed in the previous call!
1149
-		$error = $this->ldap->errno($this->connection->getConnectionResource());
1150
-		if (!$this->ldap->isResource($sr) || $error !== 0) {
1151
-			\OCP\Util::writeLog('user_ldap', 'Attempt for Paging?  ' . print_r($pagedSearchOK, true), ILogger::ERROR);
1152
-			return false;
1153
-		}
1154
-
1155
-		return [$sr, $pagedSearchOK];
1156
-	}
1157
-
1158
-	/**
1159
-	 * processes an LDAP paged search operation
1160
-	 *
1161
-	 * @param resource $sr the array containing the LDAP search resources
1162
-	 * @param int $foundItems number of results in the single search operation
1163
-	 * @param int $limit maximum results to be counted
1164
-	 * @param bool $pagedSearchOK whether a paged search has been executed
1165
-	 * @param bool $skipHandling required for paged search when cookies to
1166
-	 * prior results need to be gained
1167
-	 * @return bool cookie validity, true if we have more pages, false otherwise.
1168
-	 * @throws ServerNotAvailableException
1169
-	 */
1170
-	private function processPagedSearchStatus(
1171
-		$sr,
1172
-		int $foundItems,
1173
-		int $limit,
1174
-		bool $pagedSearchOK,
1175
-		bool $skipHandling
1176
-	): bool {
1177
-		$cookie = null;
1178
-		if ($pagedSearchOK) {
1179
-			$cr = $this->connection->getConnectionResource();
1180
-			if ($this->ldap->controlPagedResultResponse($cr, $sr, $cookie)) {
1181
-				$this->lastCookie = $cookie;
1182
-			}
1183
-
1184
-			//browsing through prior pages to get the cookie for the new one
1185
-			if ($skipHandling) {
1186
-				return false;
1187
-			}
1188
-			// if count is bigger, then the server does not support
1189
-			// paged search. Instead, he did a normal search. We set a
1190
-			// flag here, so the callee knows how to deal with it.
1191
-			if ($foundItems <= $limit) {
1192
-				$this->pagedSearchedSuccessful = true;
1193
-			}
1194
-		} else {
1195
-			if (!is_null($limit) && (int)$this->connection->ldapPagingSize !== 0) {
1196
-				\OC::$server->getLogger()->debug(
1197
-					'Paged search was not available',
1198
-					['app' => 'user_ldap']
1199
-				);
1200
-			}
1201
-		}
1202
-		/* ++ Fixing RHDS searches with pages with zero results ++
1100
+            \OCP\Util::writeLog('user_ldap', "Connection lost on $command, attempting to reestablish.", ILogger::DEBUG);
1101
+            $this->connection->resetConnectionResource();
1102
+            $cr = $this->connection->getConnectionResource();
1103
+
1104
+            if (!$this->ldap->isResource($cr)) {
1105
+                // Seems like we didn't find any resource.
1106
+                \OCP\Util::writeLog('user_ldap', "Could not $command, because resource is missing.", ILogger::DEBUG);
1107
+                throw $e;
1108
+            }
1109
+
1110
+            $arguments[0] = $cr;
1111
+            $ret = $doMethod();
1112
+        }
1113
+        return $ret;
1114
+    }
1115
+
1116
+    /**
1117
+     * retrieved. Results will according to the order in the array.
1118
+     *
1119
+     * @param string $filter
1120
+     * @param string $base
1121
+     * @param string[] $attr
1122
+     * @param int|null $limit optional, maximum results to be counted
1123
+     * @param int|null $offset optional, a starting point
1124
+     * @return array|false array with the search result as first value and pagedSearchOK as
1125
+     * second | false if not successful
1126
+     * @throws ServerNotAvailableException
1127
+     */
1128
+    private function executeSearch(
1129
+        string $filter,
1130
+        string $base,
1131
+        ?array &$attr,
1132
+        ?int $limit,
1133
+        ?int $offset
1134
+    ) {
1135
+        // See if we have a resource, in case not cancel with message
1136
+        $cr = $this->connection->getConnectionResource();
1137
+        if (!$this->ldap->isResource($cr)) {
1138
+            // Seems like we didn't find any resource.
1139
+            // Return an empty array just like before.
1140
+            \OCP\Util::writeLog('user_ldap', 'Could not search, because resource is missing.', ILogger::DEBUG);
1141
+            return false;
1142
+        }
1143
+
1144
+        //check whether paged search should be attempted
1145
+        $pagedSearchOK = $this->initPagedSearch($filter, $base, $attr, (int)$limit, (int)$offset);
1146
+
1147
+        $sr = $this->invokeLDAPMethod('search', $cr, $base, $filter, $attr);
1148
+        // cannot use $cr anymore, might have changed in the previous call!
1149
+        $error = $this->ldap->errno($this->connection->getConnectionResource());
1150
+        if (!$this->ldap->isResource($sr) || $error !== 0) {
1151
+            \OCP\Util::writeLog('user_ldap', 'Attempt for Paging?  ' . print_r($pagedSearchOK, true), ILogger::ERROR);
1152
+            return false;
1153
+        }
1154
+
1155
+        return [$sr, $pagedSearchOK];
1156
+    }
1157
+
1158
+    /**
1159
+     * processes an LDAP paged search operation
1160
+     *
1161
+     * @param resource $sr the array containing the LDAP search resources
1162
+     * @param int $foundItems number of results in the single search operation
1163
+     * @param int $limit maximum results to be counted
1164
+     * @param bool $pagedSearchOK whether a paged search has been executed
1165
+     * @param bool $skipHandling required for paged search when cookies to
1166
+     * prior results need to be gained
1167
+     * @return bool cookie validity, true if we have more pages, false otherwise.
1168
+     * @throws ServerNotAvailableException
1169
+     */
1170
+    private function processPagedSearchStatus(
1171
+        $sr,
1172
+        int $foundItems,
1173
+        int $limit,
1174
+        bool $pagedSearchOK,
1175
+        bool $skipHandling
1176
+    ): bool {
1177
+        $cookie = null;
1178
+        if ($pagedSearchOK) {
1179
+            $cr = $this->connection->getConnectionResource();
1180
+            if ($this->ldap->controlPagedResultResponse($cr, $sr, $cookie)) {
1181
+                $this->lastCookie = $cookie;
1182
+            }
1183
+
1184
+            //browsing through prior pages to get the cookie for the new one
1185
+            if ($skipHandling) {
1186
+                return false;
1187
+            }
1188
+            // if count is bigger, then the server does not support
1189
+            // paged search. Instead, he did a normal search. We set a
1190
+            // flag here, so the callee knows how to deal with it.
1191
+            if ($foundItems <= $limit) {
1192
+                $this->pagedSearchedSuccessful = true;
1193
+            }
1194
+        } else {
1195
+            if (!is_null($limit) && (int)$this->connection->ldapPagingSize !== 0) {
1196
+                \OC::$server->getLogger()->debug(
1197
+                    'Paged search was not available',
1198
+                    ['app' => 'user_ldap']
1199
+                );
1200
+            }
1201
+        }
1202
+        /* ++ Fixing RHDS searches with pages with zero results ++
1203 1203
 		 * Return cookie status. If we don't have more pages, with RHDS
1204 1204
 		 * cookie is null, with openldap cookie is an empty string and
1205 1205
 		 * to 386ds '0' is a valid cookie. Even if $iFoundItems == 0
1206 1206
 		 */
1207
-		return !empty($cookie) || $cookie === '0';
1208
-	}
1209
-
1210
-	/**
1211
-	 * executes an LDAP search, but counts the results only
1212
-	 *
1213
-	 * @param string $filter the LDAP filter for the search
1214
-	 * @param array $bases an array containing the LDAP subtree(s) that shall be searched
1215
-	 * @param string|string[] $attr optional, array, one or more attributes that shall be
1216
-	 * retrieved. Results will according to the order in the array.
1217
-	 * @param int $limit optional, maximum results to be counted
1218
-	 * @param int $offset optional, a starting point
1219
-	 * @param bool $skipHandling indicates whether the pages search operation is
1220
-	 * completed
1221
-	 * @return int|false Integer or false if the search could not be initialized
1222
-	 * @throws ServerNotAvailableException
1223
-	 */
1224
-	private function count(
1225
-		string $filter,
1226
-		array $bases,
1227
-		$attr = null,
1228
-		?int $limit = null,
1229
-		?int $offset = null,
1230
-		bool $skipHandling = false
1231
-	) {
1232
-		\OC::$server->getLogger()->debug('Count filter: {filter}', [
1233
-			'app' => 'user_ldap',
1234
-			'filter' => $filter
1235
-		]);
1236
-
1237
-		if (!is_null($attr) && !is_array($attr)) {
1238
-			$attr = [mb_strtolower($attr, 'UTF-8')];
1239
-		}
1240
-
1241
-		$limitPerPage = (int)$this->connection->ldapPagingSize;
1242
-		if (!is_null($limit) && $limit < $limitPerPage && $limit > 0) {
1243
-			$limitPerPage = $limit;
1244
-		}
1245
-
1246
-		$counter = 0;
1247
-		$count = null;
1248
-		$this->connection->getConnectionResource();
1249
-
1250
-		foreach ($bases as $base) {
1251
-			do {
1252
-				$search = $this->executeSearch($filter, $base, $attr, $limitPerPage, $offset);
1253
-				if ($search === false) {
1254
-					return $counter > 0 ? $counter : false;
1255
-				}
1256
-				list($sr, $pagedSearchOK) = $search;
1257
-
1258
-				/* ++ Fixing RHDS searches with pages with zero results ++
1207
+        return !empty($cookie) || $cookie === '0';
1208
+    }
1209
+
1210
+    /**
1211
+     * executes an LDAP search, but counts the results only
1212
+     *
1213
+     * @param string $filter the LDAP filter for the search
1214
+     * @param array $bases an array containing the LDAP subtree(s) that shall be searched
1215
+     * @param string|string[] $attr optional, array, one or more attributes that shall be
1216
+     * retrieved. Results will according to the order in the array.
1217
+     * @param int $limit optional, maximum results to be counted
1218
+     * @param int $offset optional, a starting point
1219
+     * @param bool $skipHandling indicates whether the pages search operation is
1220
+     * completed
1221
+     * @return int|false Integer or false if the search could not be initialized
1222
+     * @throws ServerNotAvailableException
1223
+     */
1224
+    private function count(
1225
+        string $filter,
1226
+        array $bases,
1227
+        $attr = null,
1228
+        ?int $limit = null,
1229
+        ?int $offset = null,
1230
+        bool $skipHandling = false
1231
+    ) {
1232
+        \OC::$server->getLogger()->debug('Count filter: {filter}', [
1233
+            'app' => 'user_ldap',
1234
+            'filter' => $filter
1235
+        ]);
1236
+
1237
+        if (!is_null($attr) && !is_array($attr)) {
1238
+            $attr = [mb_strtolower($attr, 'UTF-8')];
1239
+        }
1240
+
1241
+        $limitPerPage = (int)$this->connection->ldapPagingSize;
1242
+        if (!is_null($limit) && $limit < $limitPerPage && $limit > 0) {
1243
+            $limitPerPage = $limit;
1244
+        }
1245
+
1246
+        $counter = 0;
1247
+        $count = null;
1248
+        $this->connection->getConnectionResource();
1249
+
1250
+        foreach ($bases as $base) {
1251
+            do {
1252
+                $search = $this->executeSearch($filter, $base, $attr, $limitPerPage, $offset);
1253
+                if ($search === false) {
1254
+                    return $counter > 0 ? $counter : false;
1255
+                }
1256
+                list($sr, $pagedSearchOK) = $search;
1257
+
1258
+                /* ++ Fixing RHDS searches with pages with zero results ++
1259 1259
 				 * countEntriesInSearchResults() method signature changed
1260 1260
 				 * by removing $limit and &$hasHitLimit parameters
1261 1261
 				 */
1262
-				$count = $this->countEntriesInSearchResults($sr);
1263
-				$counter += $count;
1262
+                $count = $this->countEntriesInSearchResults($sr);
1263
+                $counter += $count;
1264 1264
 
1265
-				$hasMorePages = $this->processPagedSearchStatus($sr, $count, $limitPerPage, $pagedSearchOK, $skipHandling);
1266
-				$offset += $limitPerPage;
1267
-				/* ++ Fixing RHDS searches with pages with zero results ++
1265
+                $hasMorePages = $this->processPagedSearchStatus($sr, $count, $limitPerPage, $pagedSearchOK, $skipHandling);
1266
+                $offset += $limitPerPage;
1267
+                /* ++ Fixing RHDS searches with pages with zero results ++
1268 1268
 				 * Continue now depends on $hasMorePages value
1269 1269
 				 */
1270
-				$continue = $pagedSearchOK && $hasMorePages;
1271
-			} while ($continue && (is_null($limit) || $limit <= 0 || $limit > $counter));
1272
-		}
1273
-
1274
-		return $counter;
1275
-	}
1276
-
1277
-	/**
1278
-	 * @param resource $sr
1279
-	 * @return int
1280
-	 * @throws ServerNotAvailableException
1281
-	 */
1282
-	private function countEntriesInSearchResults($sr): int {
1283
-		return (int)$this->invokeLDAPMethod('countEntries', $this->connection->getConnectionResource(), $sr);
1284
-	}
1285
-
1286
-	/**
1287
-	 * Executes an LDAP search
1288
-	 *
1289
-	 * @throws ServerNotAvailableException
1290
-	 */
1291
-	public function search(
1292
-		string $filter,
1293
-		string $base,
1294
-		?array $attr = null,
1295
-		?int $limit = null,
1296
-		?int $offset = null,
1297
-		bool $skipHandling = false
1298
-	): array {
1299
-		$limitPerPage = (int)$this->connection->ldapPagingSize;
1300
-		if (!is_null($limit) && $limit < $limitPerPage && $limit > 0) {
1301
-			$limitPerPage = $limit;
1302
-		}
1303
-
1304
-		if (!is_null($attr) && !is_array($attr)) {
1305
-			$attr = [mb_strtolower($attr, 'UTF-8')];
1306
-		}
1307
-
1308
-		/* ++ Fixing RHDS searches with pages with zero results ++
1270
+                $continue = $pagedSearchOK && $hasMorePages;
1271
+            } while ($continue && (is_null($limit) || $limit <= 0 || $limit > $counter));
1272
+        }
1273
+
1274
+        return $counter;
1275
+    }
1276
+
1277
+    /**
1278
+     * @param resource $sr
1279
+     * @return int
1280
+     * @throws ServerNotAvailableException
1281
+     */
1282
+    private function countEntriesInSearchResults($sr): int {
1283
+        return (int)$this->invokeLDAPMethod('countEntries', $this->connection->getConnectionResource(), $sr);
1284
+    }
1285
+
1286
+    /**
1287
+     * Executes an LDAP search
1288
+     *
1289
+     * @throws ServerNotAvailableException
1290
+     */
1291
+    public function search(
1292
+        string $filter,
1293
+        string $base,
1294
+        ?array $attr = null,
1295
+        ?int $limit = null,
1296
+        ?int $offset = null,
1297
+        bool $skipHandling = false
1298
+    ): array {
1299
+        $limitPerPage = (int)$this->connection->ldapPagingSize;
1300
+        if (!is_null($limit) && $limit < $limitPerPage && $limit > 0) {
1301
+            $limitPerPage = $limit;
1302
+        }
1303
+
1304
+        if (!is_null($attr) && !is_array($attr)) {
1305
+            $attr = [mb_strtolower($attr, 'UTF-8')];
1306
+        }
1307
+
1308
+        /* ++ Fixing RHDS searches with pages with zero results ++
1309 1309
 		 * As we can have pages with zero results and/or pages with less
1310 1310
 		 * than $limit results but with a still valid server 'cookie',
1311 1311
 		 * loops through until we get $continue equals true and
1312 1312
 		 * $findings['count'] < $limit
1313 1313
 		 */
1314
-		$findings = [];
1315
-		$savedoffset = $offset;
1316
-		$iFoundItems = 0;
1317
-
1318
-		do {
1319
-			$search = $this->executeSearch($filter, $base, $attr, $limitPerPage, $offset);
1320
-			if ($search === false) {
1321
-				return [];
1322
-			}
1323
-			list($sr, $pagedSearchOK) = $search;
1324
-			$cr = $this->connection->getConnectionResource();
1325
-
1326
-			if ($skipHandling) {
1327
-				//i.e. result do not need to be fetched, we just need the cookie
1328
-				//thus pass 1 or any other value as $iFoundItems because it is not
1329
-				//used
1330
-				$this->processPagedSearchStatus($sr, 1, $limitPerPage, $pagedSearchOK, $skipHandling);
1331
-				return [];
1332
-			}
1333
-
1334
-			$findings = array_merge($findings, $this->invokeLDAPMethod('getEntries', $cr, $sr));
1335
-			$iFoundItems = max($iFoundItems, $findings['count']);
1336
-			unset($findings['count']);
1337
-
1338
-			$continue = $this->processPagedSearchStatus($sr, $iFoundItems, $limitPerPage, $pagedSearchOK, $skipHandling);
1339
-			$offset += $limitPerPage;
1340
-		} while ($continue && $pagedSearchOK && ($limit === null || count($findings) < $limit));
1341
-
1342
-		// resetting offset
1343
-		$offset = $savedoffset;
1344
-
1345
-		// if we're here, probably no connection resource is returned.
1346
-		// to make Nextcloud behave nicely, we simply give back an empty array.
1347
-		if (is_null($findings)) {
1348
-			return [];
1349
-		}
1350
-
1351
-		if (!is_null($attr)) {
1352
-			$selection = [];
1353
-			$i = 0;
1354
-			foreach ($findings as $item) {
1355
-				if (!is_array($item)) {
1356
-					continue;
1357
-				}
1358
-				$item = \OCP\Util::mb_array_change_key_case($item, MB_CASE_LOWER, 'UTF-8');
1359
-				foreach ($attr as $key) {
1360
-					if (isset($item[$key])) {
1361
-						if (is_array($item[$key]) && isset($item[$key]['count'])) {
1362
-							unset($item[$key]['count']);
1363
-						}
1364
-						if ($key !== 'dn') {
1365
-							if ($this->resemblesDN($key)) {
1366
-								$selection[$i][$key] = $this->helper->sanitizeDN($item[$key]);
1367
-							} elseif ($key === 'objectguid' || $key === 'guid') {
1368
-								$selection[$i][$key] = [$this->convertObjectGUID2Str($item[$key][0])];
1369
-							} else {
1370
-								$selection[$i][$key] = $item[$key];
1371
-							}
1372
-						} else {
1373
-							$selection[$i][$key] = [$this->helper->sanitizeDN($item[$key])];
1374
-						}
1375
-					}
1376
-				}
1377
-				$i++;
1378
-			}
1379
-			$findings = $selection;
1380
-		}
1381
-		//we slice the findings, when
1382
-		//a) paged search unsuccessful, though attempted
1383
-		//b) no paged search, but limit set
1384
-		if ((!$this->getPagedSearchResultState()
1385
-				&& $pagedSearchOK)
1386
-			|| (
1387
-				!$pagedSearchOK
1388
-				&& !is_null($limit)
1389
-			)
1390
-		) {
1391
-			$findings = array_slice($findings, (int)$offset, $limit);
1392
-		}
1393
-		return $findings;
1394
-	}
1395
-
1396
-	/**
1397
-	 * @param string $name
1398
-	 * @return string
1399
-	 * @throws \InvalidArgumentException
1400
-	 */
1401
-	public function sanitizeUsername($name) {
1402
-		$name = trim($name);
1403
-
1404
-		if ($this->connection->ldapIgnoreNamingRules) {
1405
-			return $name;
1406
-		}
1407
-
1408
-		// Transliteration to ASCII
1409
-		$transliterated = @iconv('UTF-8', 'ASCII//TRANSLIT', $name);
1410
-		if ($transliterated !== false) {
1411
-			// depending on system config iconv can work or not
1412
-			$name = $transliterated;
1413
-		}
1414
-
1415
-		// Replacements
1416
-		$name = str_replace(' ', '_', $name);
1417
-
1418
-		// Every remaining disallowed characters will be removed
1419
-		$name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name);
1420
-
1421
-		if ($name === '') {
1422
-			throw new \InvalidArgumentException('provided name template for username does not contain any allowed characters');
1423
-		}
1424
-
1425
-		return $name;
1426
-	}
1427
-
1428
-	/**
1429
-	 * escapes (user provided) parts for LDAP filter
1430
-	 *
1431
-	 * @param string $input , the provided value
1432
-	 * @param bool $allowAsterisk whether in * at the beginning should be preserved
1433
-	 * @return string the escaped string
1434
-	 */
1435
-	public function escapeFilterPart($input, $allowAsterisk = false): string {
1436
-		$asterisk = '';
1437
-		if ($allowAsterisk && strlen($input) > 0 && $input[0] === '*') {
1438
-			$asterisk = '*';
1439
-			$input = mb_substr($input, 1, null, 'UTF-8');
1440
-		}
1441
-		$search = ['*', '\\', '(', ')'];
1442
-		$replace = ['\\*', '\\\\', '\\(', '\\)'];
1443
-		return $asterisk . str_replace($search, $replace, $input);
1444
-	}
1445
-
1446
-	/**
1447
-	 * combines the input filters with AND
1448
-	 *
1449
-	 * @param string[] $filters the filters to connect
1450
-	 * @return string the combined filter
1451
-	 */
1452
-	public function combineFilterWithAnd($filters): string {
1453
-		return $this->combineFilter($filters, '&');
1454
-	}
1455
-
1456
-	/**
1457
-	 * combines the input filters with OR
1458
-	 *
1459
-	 * @param string[] $filters the filters to connect
1460
-	 * @return string the combined filter
1461
-	 * Combines Filter arguments with OR
1462
-	 */
1463
-	public function combineFilterWithOr($filters) {
1464
-		return $this->combineFilter($filters, '|');
1465
-	}
1466
-
1467
-	/**
1468
-	 * combines the input filters with given operator
1469
-	 *
1470
-	 * @param string[] $filters the filters to connect
1471
-	 * @param string $operator either & or |
1472
-	 * @return string the combined filter
1473
-	 */
1474
-	private function combineFilter($filters, $operator) {
1475
-		$combinedFilter = '(' . $operator;
1476
-		foreach ($filters as $filter) {
1477
-			if ($filter !== '' && $filter[0] !== '(') {
1478
-				$filter = '(' . $filter . ')';
1479
-			}
1480
-			$combinedFilter .= $filter;
1481
-		}
1482
-		$combinedFilter .= ')';
1483
-		return $combinedFilter;
1484
-	}
1485
-
1486
-	/**
1487
-	 * creates a filter part for to perform search for users
1488
-	 *
1489
-	 * @param string $search the search term
1490
-	 * @return string the final filter part to use in LDAP searches
1491
-	 */
1492
-	public function getFilterPartForUserSearch($search) {
1493
-		return $this->getFilterPartForSearch($search,
1494
-			$this->connection->ldapAttributesForUserSearch,
1495
-			$this->connection->ldapUserDisplayName);
1496
-	}
1497
-
1498
-	/**
1499
-	 * creates a filter part for to perform search for groups
1500
-	 *
1501
-	 * @param string $search the search term
1502
-	 * @return string the final filter part to use in LDAP searches
1503
-	 */
1504
-	public function getFilterPartForGroupSearch($search) {
1505
-		return $this->getFilterPartForSearch($search,
1506
-			$this->connection->ldapAttributesForGroupSearch,
1507
-			$this->connection->ldapGroupDisplayName);
1508
-	}
1509
-
1510
-	/**
1511
-	 * creates a filter part for searches by splitting up the given search
1512
-	 * string into single words
1513
-	 *
1514
-	 * @param string $search the search term
1515
-	 * @param string[] $searchAttributes needs to have at least two attributes,
1516
-	 * otherwise it does not make sense :)
1517
-	 * @return string the final filter part to use in LDAP searches
1518
-	 * @throws DomainException
1519
-	 */
1520
-	private function getAdvancedFilterPartForSearch($search, $searchAttributes) {
1521
-		if (!is_array($searchAttributes) || count($searchAttributes) < 2) {
1522
-			throw new DomainException('searchAttributes must be an array with at least two string');
1523
-		}
1524
-		$searchWords = explode(' ', trim($search));
1525
-		$wordFilters = [];
1526
-		foreach ($searchWords as $word) {
1527
-			$word = $this->prepareSearchTerm($word);
1528
-			//every word needs to appear at least once
1529
-			$wordMatchOneAttrFilters = [];
1530
-			foreach ($searchAttributes as $attr) {
1531
-				$wordMatchOneAttrFilters[] = $attr . '=' . $word;
1532
-			}
1533
-			$wordFilters[] = $this->combineFilterWithOr($wordMatchOneAttrFilters);
1534
-		}
1535
-		return $this->combineFilterWithAnd($wordFilters);
1536
-	}
1537
-
1538
-	/**
1539
-	 * creates a filter part for searches
1540
-	 *
1541
-	 * @param string $search the search term
1542
-	 * @param string[]|null $searchAttributes
1543
-	 * @param string $fallbackAttribute a fallback attribute in case the user
1544
-	 * did not define search attributes. Typically the display name attribute.
1545
-	 * @return string the final filter part to use in LDAP searches
1546
-	 */
1547
-	private function getFilterPartForSearch($search, $searchAttributes, $fallbackAttribute) {
1548
-		$filter = [];
1549
-		$haveMultiSearchAttributes = (is_array($searchAttributes) && count($searchAttributes) > 0);
1550
-		if ($haveMultiSearchAttributes && strpos(trim($search), ' ') !== false) {
1551
-			try {
1552
-				return $this->getAdvancedFilterPartForSearch($search, $searchAttributes);
1553
-			} catch (DomainException $e) {
1554
-				// Creating advanced filter for search failed, falling back to simple method. Edge case, but valid.
1555
-			}
1556
-		}
1557
-
1558
-		$search = $this->prepareSearchTerm($search);
1559
-		if (!is_array($searchAttributes) || count($searchAttributes) === 0) {
1560
-			if ($fallbackAttribute === '') {
1561
-				return '';
1562
-			}
1563
-			$filter[] = $fallbackAttribute . '=' . $search;
1564
-		} else {
1565
-			foreach ($searchAttributes as $attribute) {
1566
-				$filter[] = $attribute . '=' . $search;
1567
-			}
1568
-		}
1569
-		if (count($filter) === 1) {
1570
-			return '(' . $filter[0] . ')';
1571
-		}
1572
-		return $this->combineFilterWithOr($filter);
1573
-	}
1574
-
1575
-	/**
1576
-	 * returns the search term depending on whether we are allowed
1577
-	 * list users found by ldap with the current input appended by
1578
-	 * a *
1579
-	 *
1580
-	 * @return string
1581
-	 */
1582
-	private function prepareSearchTerm($term) {
1583
-		$config = \OC::$server->getConfig();
1584
-
1585
-		$allowEnum = $config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes');
1586
-
1587
-		$result = $term;
1588
-		if ($term === '') {
1589
-			$result = '*';
1590
-		} elseif ($allowEnum !== 'no') {
1591
-			$result = $term . '*';
1592
-		}
1593
-		return $result;
1594
-	}
1595
-
1596
-	/**
1597
-	 * returns the filter used for counting users
1598
-	 *
1599
-	 * @return string
1600
-	 */
1601
-	public function getFilterForUserCount() {
1602
-		$filter = $this->combineFilterWithAnd([
1603
-			$this->connection->ldapUserFilter,
1604
-			$this->connection->ldapUserDisplayName . '=*'
1605
-		]);
1606
-
1607
-		return $filter;
1608
-	}
1609
-
1610
-	/**
1611
-	 * @param string $name
1612
-	 * @param string $password
1613
-	 * @return bool
1614
-	 */
1615
-	public function areCredentialsValid($name, $password) {
1616
-		$name = $this->helper->DNasBaseParameter($name);
1617
-		$testConnection = clone $this->connection;
1618
-		$credentials = [
1619
-			'ldapAgentName' => $name,
1620
-			'ldapAgentPassword' => $password
1621
-		];
1622
-		if (!$testConnection->setConfiguration($credentials)) {
1623
-			return false;
1624
-		}
1625
-		return $testConnection->bind();
1626
-	}
1627
-
1628
-	/**
1629
-	 * reverse lookup of a DN given a known UUID
1630
-	 *
1631
-	 * @param string $uuid
1632
-	 * @return string
1633
-	 * @throws \Exception
1634
-	 */
1635
-	public function getUserDnByUuid($uuid) {
1636
-		$uuidOverride = $this->connection->ldapExpertUUIDUserAttr;
1637
-		$filter = $this->connection->ldapUserFilter;
1638
-		$bases = $this->connection->ldapBaseUsers;
1639
-
1640
-		if ($this->connection->ldapUuidUserAttribute === 'auto' && $uuidOverride === '') {
1641
-			// Sacrebleu! The UUID attribute is unknown :( We need first an
1642
-			// existing DN to be able to reliably detect it.
1643
-			foreach ($bases as $base) {
1644
-				$result = $this->search($filter, $base, ['dn'], 1);
1645
-				if (!isset($result[0]) || !isset($result[0]['dn'])) {
1646
-					continue;
1647
-				}
1648
-				$dn = $result[0]['dn'][0];
1649
-				if ($hasFound = $this->detectUuidAttribute($dn, true)) {
1650
-					break;
1651
-				}
1652
-			}
1653
-			if (!isset($hasFound) || !$hasFound) {
1654
-				throw new \Exception('Cannot determine UUID attribute');
1655
-			}
1656
-		} else {
1657
-			// The UUID attribute is either known or an override is given.
1658
-			// By calling this method we ensure that $this->connection->$uuidAttr
1659
-			// is definitely set
1660
-			if (!$this->detectUuidAttribute('', true)) {
1661
-				throw new \Exception('Cannot determine UUID attribute');
1662
-			}
1663
-		}
1664
-
1665
-		$uuidAttr = $this->connection->ldapUuidUserAttribute;
1666
-		if ($uuidAttr === 'guid' || $uuidAttr === 'objectguid') {
1667
-			$uuid = $this->formatGuid2ForFilterUser($uuid);
1668
-		}
1669
-
1670
-		$filter = $uuidAttr . '=' . $uuid;
1671
-		$result = $this->searchUsers($filter, ['dn'], 2);
1672
-		if (is_array($result) && isset($result[0]) && isset($result[0]['dn']) && count($result) === 1) {
1673
-			// we put the count into account to make sure that this is
1674
-			// really unique
1675
-			return $result[0]['dn'][0];
1676
-		}
1677
-
1678
-		throw new \Exception('Cannot determine UUID attribute');
1679
-	}
1680
-
1681
-	/**
1682
-	 * auto-detects the directory's UUID attribute
1683
-	 *
1684
-	 * @param string $dn a known DN used to check against
1685
-	 * @param bool $isUser
1686
-	 * @param bool $force the detection should be run, even if it is not set to auto
1687
-	 * @param array|null $ldapRecord
1688
-	 * @return bool true on success, false otherwise
1689
-	 * @throws ServerNotAvailableException
1690
-	 */
1691
-	private function detectUuidAttribute($dn, $isUser = true, $force = false, array $ldapRecord = null) {
1692
-		if ($isUser) {
1693
-			$uuidAttr = 'ldapUuidUserAttribute';
1694
-			$uuidOverride = $this->connection->ldapExpertUUIDUserAttr;
1695
-		} else {
1696
-			$uuidAttr = 'ldapUuidGroupAttribute';
1697
-			$uuidOverride = $this->connection->ldapExpertUUIDGroupAttr;
1698
-		}
1699
-
1700
-		if (!$force) {
1701
-			if ($this->connection->$uuidAttr !== 'auto') {
1702
-				return true;
1703
-			} elseif (is_string($uuidOverride) && trim($uuidOverride) !== '') {
1704
-				$this->connection->$uuidAttr = $uuidOverride;
1705
-				return true;
1706
-			}
1707
-
1708
-			$attribute = $this->connection->getFromCache($uuidAttr);
1709
-			if (!$attribute === null) {
1710
-				$this->connection->$uuidAttr = $attribute;
1711
-				return true;
1712
-			}
1713
-		}
1714
-
1715
-		foreach (self::UUID_ATTRIBUTES as $attribute) {
1716
-			if ($ldapRecord !== null) {
1717
-				// we have the info from LDAP already, we don't need to talk to the server again
1718
-				if (isset($ldapRecord[$attribute])) {
1719
-					$this->connection->$uuidAttr = $attribute;
1720
-					return true;
1721
-				}
1722
-			}
1723
-
1724
-			$value = $this->readAttribute($dn, $attribute);
1725
-			if (is_array($value) && isset($value[0]) && !empty($value[0])) {
1726
-				\OC::$server->getLogger()->debug(
1727
-					'Setting {attribute} as {subject}',
1728
-					[
1729
-						'app' => 'user_ldap',
1730
-						'attribute' => $attribute,
1731
-						'subject' => $uuidAttr
1732
-					]
1733
-				);
1734
-				$this->connection->$uuidAttr = $attribute;
1735
-				$this->connection->writeToCache($uuidAttr, $attribute);
1736
-				return true;
1737
-			}
1738
-		}
1739
-		\OC::$server->getLogger()->debug('Could not autodetect the UUID attribute', ['app' => 'user_ldap']);
1740
-
1741
-		return false;
1742
-	}
1743
-
1744
-	/**
1745
-	 * @param string $dn
1746
-	 * @param bool $isUser
1747
-	 * @param null $ldapRecord
1748
-	 * @return bool|string
1749
-	 * @throws ServerNotAvailableException
1750
-	 */
1751
-	public function getUUID($dn, $isUser = true, $ldapRecord = null) {
1752
-		if ($isUser) {
1753
-			$uuidAttr = 'ldapUuidUserAttribute';
1754
-			$uuidOverride = $this->connection->ldapExpertUUIDUserAttr;
1755
-		} else {
1756
-			$uuidAttr = 'ldapUuidGroupAttribute';
1757
-			$uuidOverride = $this->connection->ldapExpertUUIDGroupAttr;
1758
-		}
1759
-
1760
-		$uuid = false;
1761
-		if ($this->detectUuidAttribute($dn, $isUser, false, $ldapRecord)) {
1762
-			$attr = $this->connection->$uuidAttr;
1763
-			$uuid = isset($ldapRecord[$attr]) ? $ldapRecord[$attr] : $this->readAttribute($dn, $attr);
1764
-			if (!is_array($uuid)
1765
-				&& $uuidOverride !== ''
1766
-				&& $this->detectUuidAttribute($dn, $isUser, true, $ldapRecord)) {
1767
-				$uuid = isset($ldapRecord[$this->connection->$uuidAttr])
1768
-					? $ldapRecord[$this->connection->$uuidAttr]
1769
-					: $this->readAttribute($dn, $this->connection->$uuidAttr);
1770
-			}
1771
-			if (is_array($uuid) && isset($uuid[0]) && !empty($uuid[0])) {
1772
-				$uuid = $uuid[0];
1773
-			}
1774
-		}
1775
-
1776
-		return $uuid;
1777
-	}
1778
-
1779
-	/**
1780
-	 * converts a binary ObjectGUID into a string representation
1781
-	 *
1782
-	 * @param string $oguid the ObjectGUID in it's binary form as retrieved from AD
1783
-	 * @return string
1784
-	 * @link http://www.php.net/manual/en/function.ldap-get-values-len.php#73198
1785
-	 */
1786
-	private function convertObjectGUID2Str($oguid) {
1787
-		$hex_guid = bin2hex($oguid);
1788
-		$hex_guid_to_guid_str = '';
1789
-		for ($k = 1; $k <= 4; ++$k) {
1790
-			$hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2);
1791
-		}
1792
-		$hex_guid_to_guid_str .= '-';
1793
-		for ($k = 1; $k <= 2; ++$k) {
1794
-			$hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2);
1795
-		}
1796
-		$hex_guid_to_guid_str .= '-';
1797
-		for ($k = 1; $k <= 2; ++$k) {
1798
-			$hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2);
1799
-		}
1800
-		$hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4);
1801
-		$hex_guid_to_guid_str .= '-' . substr($hex_guid, 20);
1802
-
1803
-		return strtoupper($hex_guid_to_guid_str);
1804
-	}
1805
-
1806
-	/**
1807
-	 * the first three blocks of the string-converted GUID happen to be in
1808
-	 * reverse order. In order to use it in a filter, this needs to be
1809
-	 * corrected. Furthermore the dashes need to be replaced and \\ preprended
1810
-	 * to every two hax figures.
1811
-	 *
1812
-	 * If an invalid string is passed, it will be returned without change.
1813
-	 *
1814
-	 * @param string $guid
1815
-	 * @return string
1816
-	 */
1817
-	public function formatGuid2ForFilterUser($guid) {
1818
-		if (!is_string($guid)) {
1819
-			throw new \InvalidArgumentException('String expected');
1820
-		}
1821
-		$blocks = explode('-', $guid);
1822
-		if (count($blocks) !== 5) {
1823
-			/*
1314
+        $findings = [];
1315
+        $savedoffset = $offset;
1316
+        $iFoundItems = 0;
1317
+
1318
+        do {
1319
+            $search = $this->executeSearch($filter, $base, $attr, $limitPerPage, $offset);
1320
+            if ($search === false) {
1321
+                return [];
1322
+            }
1323
+            list($sr, $pagedSearchOK) = $search;
1324
+            $cr = $this->connection->getConnectionResource();
1325
+
1326
+            if ($skipHandling) {
1327
+                //i.e. result do not need to be fetched, we just need the cookie
1328
+                //thus pass 1 or any other value as $iFoundItems because it is not
1329
+                //used
1330
+                $this->processPagedSearchStatus($sr, 1, $limitPerPage, $pagedSearchOK, $skipHandling);
1331
+                return [];
1332
+            }
1333
+
1334
+            $findings = array_merge($findings, $this->invokeLDAPMethod('getEntries', $cr, $sr));
1335
+            $iFoundItems = max($iFoundItems, $findings['count']);
1336
+            unset($findings['count']);
1337
+
1338
+            $continue = $this->processPagedSearchStatus($sr, $iFoundItems, $limitPerPage, $pagedSearchOK, $skipHandling);
1339
+            $offset += $limitPerPage;
1340
+        } while ($continue && $pagedSearchOK && ($limit === null || count($findings) < $limit));
1341
+
1342
+        // resetting offset
1343
+        $offset = $savedoffset;
1344
+
1345
+        // if we're here, probably no connection resource is returned.
1346
+        // to make Nextcloud behave nicely, we simply give back an empty array.
1347
+        if (is_null($findings)) {
1348
+            return [];
1349
+        }
1350
+
1351
+        if (!is_null($attr)) {
1352
+            $selection = [];
1353
+            $i = 0;
1354
+            foreach ($findings as $item) {
1355
+                if (!is_array($item)) {
1356
+                    continue;
1357
+                }
1358
+                $item = \OCP\Util::mb_array_change_key_case($item, MB_CASE_LOWER, 'UTF-8');
1359
+                foreach ($attr as $key) {
1360
+                    if (isset($item[$key])) {
1361
+                        if (is_array($item[$key]) && isset($item[$key]['count'])) {
1362
+                            unset($item[$key]['count']);
1363
+                        }
1364
+                        if ($key !== 'dn') {
1365
+                            if ($this->resemblesDN($key)) {
1366
+                                $selection[$i][$key] = $this->helper->sanitizeDN($item[$key]);
1367
+                            } elseif ($key === 'objectguid' || $key === 'guid') {
1368
+                                $selection[$i][$key] = [$this->convertObjectGUID2Str($item[$key][0])];
1369
+                            } else {
1370
+                                $selection[$i][$key] = $item[$key];
1371
+                            }
1372
+                        } else {
1373
+                            $selection[$i][$key] = [$this->helper->sanitizeDN($item[$key])];
1374
+                        }
1375
+                    }
1376
+                }
1377
+                $i++;
1378
+            }
1379
+            $findings = $selection;
1380
+        }
1381
+        //we slice the findings, when
1382
+        //a) paged search unsuccessful, though attempted
1383
+        //b) no paged search, but limit set
1384
+        if ((!$this->getPagedSearchResultState()
1385
+                && $pagedSearchOK)
1386
+            || (
1387
+                !$pagedSearchOK
1388
+                && !is_null($limit)
1389
+            )
1390
+        ) {
1391
+            $findings = array_slice($findings, (int)$offset, $limit);
1392
+        }
1393
+        return $findings;
1394
+    }
1395
+
1396
+    /**
1397
+     * @param string $name
1398
+     * @return string
1399
+     * @throws \InvalidArgumentException
1400
+     */
1401
+    public function sanitizeUsername($name) {
1402
+        $name = trim($name);
1403
+
1404
+        if ($this->connection->ldapIgnoreNamingRules) {
1405
+            return $name;
1406
+        }
1407
+
1408
+        // Transliteration to ASCII
1409
+        $transliterated = @iconv('UTF-8', 'ASCII//TRANSLIT', $name);
1410
+        if ($transliterated !== false) {
1411
+            // depending on system config iconv can work or not
1412
+            $name = $transliterated;
1413
+        }
1414
+
1415
+        // Replacements
1416
+        $name = str_replace(' ', '_', $name);
1417
+
1418
+        // Every remaining disallowed characters will be removed
1419
+        $name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name);
1420
+
1421
+        if ($name === '') {
1422
+            throw new \InvalidArgumentException('provided name template for username does not contain any allowed characters');
1423
+        }
1424
+
1425
+        return $name;
1426
+    }
1427
+
1428
+    /**
1429
+     * escapes (user provided) parts for LDAP filter
1430
+     *
1431
+     * @param string $input , the provided value
1432
+     * @param bool $allowAsterisk whether in * at the beginning should be preserved
1433
+     * @return string the escaped string
1434
+     */
1435
+    public function escapeFilterPart($input, $allowAsterisk = false): string {
1436
+        $asterisk = '';
1437
+        if ($allowAsterisk && strlen($input) > 0 && $input[0] === '*') {
1438
+            $asterisk = '*';
1439
+            $input = mb_substr($input, 1, null, 'UTF-8');
1440
+        }
1441
+        $search = ['*', '\\', '(', ')'];
1442
+        $replace = ['\\*', '\\\\', '\\(', '\\)'];
1443
+        return $asterisk . str_replace($search, $replace, $input);
1444
+    }
1445
+
1446
+    /**
1447
+     * combines the input filters with AND
1448
+     *
1449
+     * @param string[] $filters the filters to connect
1450
+     * @return string the combined filter
1451
+     */
1452
+    public function combineFilterWithAnd($filters): string {
1453
+        return $this->combineFilter($filters, '&');
1454
+    }
1455
+
1456
+    /**
1457
+     * combines the input filters with OR
1458
+     *
1459
+     * @param string[] $filters the filters to connect
1460
+     * @return string the combined filter
1461
+     * Combines Filter arguments with OR
1462
+     */
1463
+    public function combineFilterWithOr($filters) {
1464
+        return $this->combineFilter($filters, '|');
1465
+    }
1466
+
1467
+    /**
1468
+     * combines the input filters with given operator
1469
+     *
1470
+     * @param string[] $filters the filters to connect
1471
+     * @param string $operator either & or |
1472
+     * @return string the combined filter
1473
+     */
1474
+    private function combineFilter($filters, $operator) {
1475
+        $combinedFilter = '(' . $operator;
1476
+        foreach ($filters as $filter) {
1477
+            if ($filter !== '' && $filter[0] !== '(') {
1478
+                $filter = '(' . $filter . ')';
1479
+            }
1480
+            $combinedFilter .= $filter;
1481
+        }
1482
+        $combinedFilter .= ')';
1483
+        return $combinedFilter;
1484
+    }
1485
+
1486
+    /**
1487
+     * creates a filter part for to perform search for users
1488
+     *
1489
+     * @param string $search the search term
1490
+     * @return string the final filter part to use in LDAP searches
1491
+     */
1492
+    public function getFilterPartForUserSearch($search) {
1493
+        return $this->getFilterPartForSearch($search,
1494
+            $this->connection->ldapAttributesForUserSearch,
1495
+            $this->connection->ldapUserDisplayName);
1496
+    }
1497
+
1498
+    /**
1499
+     * creates a filter part for to perform search for groups
1500
+     *
1501
+     * @param string $search the search term
1502
+     * @return string the final filter part to use in LDAP searches
1503
+     */
1504
+    public function getFilterPartForGroupSearch($search) {
1505
+        return $this->getFilterPartForSearch($search,
1506
+            $this->connection->ldapAttributesForGroupSearch,
1507
+            $this->connection->ldapGroupDisplayName);
1508
+    }
1509
+
1510
+    /**
1511
+     * creates a filter part for searches by splitting up the given search
1512
+     * string into single words
1513
+     *
1514
+     * @param string $search the search term
1515
+     * @param string[] $searchAttributes needs to have at least two attributes,
1516
+     * otherwise it does not make sense :)
1517
+     * @return string the final filter part to use in LDAP searches
1518
+     * @throws DomainException
1519
+     */
1520
+    private function getAdvancedFilterPartForSearch($search, $searchAttributes) {
1521
+        if (!is_array($searchAttributes) || count($searchAttributes) < 2) {
1522
+            throw new DomainException('searchAttributes must be an array with at least two string');
1523
+        }
1524
+        $searchWords = explode(' ', trim($search));
1525
+        $wordFilters = [];
1526
+        foreach ($searchWords as $word) {
1527
+            $word = $this->prepareSearchTerm($word);
1528
+            //every word needs to appear at least once
1529
+            $wordMatchOneAttrFilters = [];
1530
+            foreach ($searchAttributes as $attr) {
1531
+                $wordMatchOneAttrFilters[] = $attr . '=' . $word;
1532
+            }
1533
+            $wordFilters[] = $this->combineFilterWithOr($wordMatchOneAttrFilters);
1534
+        }
1535
+        return $this->combineFilterWithAnd($wordFilters);
1536
+    }
1537
+
1538
+    /**
1539
+     * creates a filter part for searches
1540
+     *
1541
+     * @param string $search the search term
1542
+     * @param string[]|null $searchAttributes
1543
+     * @param string $fallbackAttribute a fallback attribute in case the user
1544
+     * did not define search attributes. Typically the display name attribute.
1545
+     * @return string the final filter part to use in LDAP searches
1546
+     */
1547
+    private function getFilterPartForSearch($search, $searchAttributes, $fallbackAttribute) {
1548
+        $filter = [];
1549
+        $haveMultiSearchAttributes = (is_array($searchAttributes) && count($searchAttributes) > 0);
1550
+        if ($haveMultiSearchAttributes && strpos(trim($search), ' ') !== false) {
1551
+            try {
1552
+                return $this->getAdvancedFilterPartForSearch($search, $searchAttributes);
1553
+            } catch (DomainException $e) {
1554
+                // Creating advanced filter for search failed, falling back to simple method. Edge case, but valid.
1555
+            }
1556
+        }
1557
+
1558
+        $search = $this->prepareSearchTerm($search);
1559
+        if (!is_array($searchAttributes) || count($searchAttributes) === 0) {
1560
+            if ($fallbackAttribute === '') {
1561
+                return '';
1562
+            }
1563
+            $filter[] = $fallbackAttribute . '=' . $search;
1564
+        } else {
1565
+            foreach ($searchAttributes as $attribute) {
1566
+                $filter[] = $attribute . '=' . $search;
1567
+            }
1568
+        }
1569
+        if (count($filter) === 1) {
1570
+            return '(' . $filter[0] . ')';
1571
+        }
1572
+        return $this->combineFilterWithOr($filter);
1573
+    }
1574
+
1575
+    /**
1576
+     * returns the search term depending on whether we are allowed
1577
+     * list users found by ldap with the current input appended by
1578
+     * a *
1579
+     *
1580
+     * @return string
1581
+     */
1582
+    private function prepareSearchTerm($term) {
1583
+        $config = \OC::$server->getConfig();
1584
+
1585
+        $allowEnum = $config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes');
1586
+
1587
+        $result = $term;
1588
+        if ($term === '') {
1589
+            $result = '*';
1590
+        } elseif ($allowEnum !== 'no') {
1591
+            $result = $term . '*';
1592
+        }
1593
+        return $result;
1594
+    }
1595
+
1596
+    /**
1597
+     * returns the filter used for counting users
1598
+     *
1599
+     * @return string
1600
+     */
1601
+    public function getFilterForUserCount() {
1602
+        $filter = $this->combineFilterWithAnd([
1603
+            $this->connection->ldapUserFilter,
1604
+            $this->connection->ldapUserDisplayName . '=*'
1605
+        ]);
1606
+
1607
+        return $filter;
1608
+    }
1609
+
1610
+    /**
1611
+     * @param string $name
1612
+     * @param string $password
1613
+     * @return bool
1614
+     */
1615
+    public function areCredentialsValid($name, $password) {
1616
+        $name = $this->helper->DNasBaseParameter($name);
1617
+        $testConnection = clone $this->connection;
1618
+        $credentials = [
1619
+            'ldapAgentName' => $name,
1620
+            'ldapAgentPassword' => $password
1621
+        ];
1622
+        if (!$testConnection->setConfiguration($credentials)) {
1623
+            return false;
1624
+        }
1625
+        return $testConnection->bind();
1626
+    }
1627
+
1628
+    /**
1629
+     * reverse lookup of a DN given a known UUID
1630
+     *
1631
+     * @param string $uuid
1632
+     * @return string
1633
+     * @throws \Exception
1634
+     */
1635
+    public function getUserDnByUuid($uuid) {
1636
+        $uuidOverride = $this->connection->ldapExpertUUIDUserAttr;
1637
+        $filter = $this->connection->ldapUserFilter;
1638
+        $bases = $this->connection->ldapBaseUsers;
1639
+
1640
+        if ($this->connection->ldapUuidUserAttribute === 'auto' && $uuidOverride === '') {
1641
+            // Sacrebleu! The UUID attribute is unknown :( We need first an
1642
+            // existing DN to be able to reliably detect it.
1643
+            foreach ($bases as $base) {
1644
+                $result = $this->search($filter, $base, ['dn'], 1);
1645
+                if (!isset($result[0]) || !isset($result[0]['dn'])) {
1646
+                    continue;
1647
+                }
1648
+                $dn = $result[0]['dn'][0];
1649
+                if ($hasFound = $this->detectUuidAttribute($dn, true)) {
1650
+                    break;
1651
+                }
1652
+            }
1653
+            if (!isset($hasFound) || !$hasFound) {
1654
+                throw new \Exception('Cannot determine UUID attribute');
1655
+            }
1656
+        } else {
1657
+            // The UUID attribute is either known or an override is given.
1658
+            // By calling this method we ensure that $this->connection->$uuidAttr
1659
+            // is definitely set
1660
+            if (!$this->detectUuidAttribute('', true)) {
1661
+                throw new \Exception('Cannot determine UUID attribute');
1662
+            }
1663
+        }
1664
+
1665
+        $uuidAttr = $this->connection->ldapUuidUserAttribute;
1666
+        if ($uuidAttr === 'guid' || $uuidAttr === 'objectguid') {
1667
+            $uuid = $this->formatGuid2ForFilterUser($uuid);
1668
+        }
1669
+
1670
+        $filter = $uuidAttr . '=' . $uuid;
1671
+        $result = $this->searchUsers($filter, ['dn'], 2);
1672
+        if (is_array($result) && isset($result[0]) && isset($result[0]['dn']) && count($result) === 1) {
1673
+            // we put the count into account to make sure that this is
1674
+            // really unique
1675
+            return $result[0]['dn'][0];
1676
+        }
1677
+
1678
+        throw new \Exception('Cannot determine UUID attribute');
1679
+    }
1680
+
1681
+    /**
1682
+     * auto-detects the directory's UUID attribute
1683
+     *
1684
+     * @param string $dn a known DN used to check against
1685
+     * @param bool $isUser
1686
+     * @param bool $force the detection should be run, even if it is not set to auto
1687
+     * @param array|null $ldapRecord
1688
+     * @return bool true on success, false otherwise
1689
+     * @throws ServerNotAvailableException
1690
+     */
1691
+    private function detectUuidAttribute($dn, $isUser = true, $force = false, array $ldapRecord = null) {
1692
+        if ($isUser) {
1693
+            $uuidAttr = 'ldapUuidUserAttribute';
1694
+            $uuidOverride = $this->connection->ldapExpertUUIDUserAttr;
1695
+        } else {
1696
+            $uuidAttr = 'ldapUuidGroupAttribute';
1697
+            $uuidOverride = $this->connection->ldapExpertUUIDGroupAttr;
1698
+        }
1699
+
1700
+        if (!$force) {
1701
+            if ($this->connection->$uuidAttr !== 'auto') {
1702
+                return true;
1703
+            } elseif (is_string($uuidOverride) && trim($uuidOverride) !== '') {
1704
+                $this->connection->$uuidAttr = $uuidOverride;
1705
+                return true;
1706
+            }
1707
+
1708
+            $attribute = $this->connection->getFromCache($uuidAttr);
1709
+            if (!$attribute === null) {
1710
+                $this->connection->$uuidAttr = $attribute;
1711
+                return true;
1712
+            }
1713
+        }
1714
+
1715
+        foreach (self::UUID_ATTRIBUTES as $attribute) {
1716
+            if ($ldapRecord !== null) {
1717
+                // we have the info from LDAP already, we don't need to talk to the server again
1718
+                if (isset($ldapRecord[$attribute])) {
1719
+                    $this->connection->$uuidAttr = $attribute;
1720
+                    return true;
1721
+                }
1722
+            }
1723
+
1724
+            $value = $this->readAttribute($dn, $attribute);
1725
+            if (is_array($value) && isset($value[0]) && !empty($value[0])) {
1726
+                \OC::$server->getLogger()->debug(
1727
+                    'Setting {attribute} as {subject}',
1728
+                    [
1729
+                        'app' => 'user_ldap',
1730
+                        'attribute' => $attribute,
1731
+                        'subject' => $uuidAttr
1732
+                    ]
1733
+                );
1734
+                $this->connection->$uuidAttr = $attribute;
1735
+                $this->connection->writeToCache($uuidAttr, $attribute);
1736
+                return true;
1737
+            }
1738
+        }
1739
+        \OC::$server->getLogger()->debug('Could not autodetect the UUID attribute', ['app' => 'user_ldap']);
1740
+
1741
+        return false;
1742
+    }
1743
+
1744
+    /**
1745
+     * @param string $dn
1746
+     * @param bool $isUser
1747
+     * @param null $ldapRecord
1748
+     * @return bool|string
1749
+     * @throws ServerNotAvailableException
1750
+     */
1751
+    public function getUUID($dn, $isUser = true, $ldapRecord = null) {
1752
+        if ($isUser) {
1753
+            $uuidAttr = 'ldapUuidUserAttribute';
1754
+            $uuidOverride = $this->connection->ldapExpertUUIDUserAttr;
1755
+        } else {
1756
+            $uuidAttr = 'ldapUuidGroupAttribute';
1757
+            $uuidOverride = $this->connection->ldapExpertUUIDGroupAttr;
1758
+        }
1759
+
1760
+        $uuid = false;
1761
+        if ($this->detectUuidAttribute($dn, $isUser, false, $ldapRecord)) {
1762
+            $attr = $this->connection->$uuidAttr;
1763
+            $uuid = isset($ldapRecord[$attr]) ? $ldapRecord[$attr] : $this->readAttribute($dn, $attr);
1764
+            if (!is_array($uuid)
1765
+                && $uuidOverride !== ''
1766
+                && $this->detectUuidAttribute($dn, $isUser, true, $ldapRecord)) {
1767
+                $uuid = isset($ldapRecord[$this->connection->$uuidAttr])
1768
+                    ? $ldapRecord[$this->connection->$uuidAttr]
1769
+                    : $this->readAttribute($dn, $this->connection->$uuidAttr);
1770
+            }
1771
+            if (is_array($uuid) && isset($uuid[0]) && !empty($uuid[0])) {
1772
+                $uuid = $uuid[0];
1773
+            }
1774
+        }
1775
+
1776
+        return $uuid;
1777
+    }
1778
+
1779
+    /**
1780
+     * converts a binary ObjectGUID into a string representation
1781
+     *
1782
+     * @param string $oguid the ObjectGUID in it's binary form as retrieved from AD
1783
+     * @return string
1784
+     * @link http://www.php.net/manual/en/function.ldap-get-values-len.php#73198
1785
+     */
1786
+    private function convertObjectGUID2Str($oguid) {
1787
+        $hex_guid = bin2hex($oguid);
1788
+        $hex_guid_to_guid_str = '';
1789
+        for ($k = 1; $k <= 4; ++$k) {
1790
+            $hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2);
1791
+        }
1792
+        $hex_guid_to_guid_str .= '-';
1793
+        for ($k = 1; $k <= 2; ++$k) {
1794
+            $hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2);
1795
+        }
1796
+        $hex_guid_to_guid_str .= '-';
1797
+        for ($k = 1; $k <= 2; ++$k) {
1798
+            $hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2);
1799
+        }
1800
+        $hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4);
1801
+        $hex_guid_to_guid_str .= '-' . substr($hex_guid, 20);
1802
+
1803
+        return strtoupper($hex_guid_to_guid_str);
1804
+    }
1805
+
1806
+    /**
1807
+     * the first three blocks of the string-converted GUID happen to be in
1808
+     * reverse order. In order to use it in a filter, this needs to be
1809
+     * corrected. Furthermore the dashes need to be replaced and \\ preprended
1810
+     * to every two hax figures.
1811
+     *
1812
+     * If an invalid string is passed, it will be returned without change.
1813
+     *
1814
+     * @param string $guid
1815
+     * @return string
1816
+     */
1817
+    public function formatGuid2ForFilterUser($guid) {
1818
+        if (!is_string($guid)) {
1819
+            throw new \InvalidArgumentException('String expected');
1820
+        }
1821
+        $blocks = explode('-', $guid);
1822
+        if (count($blocks) !== 5) {
1823
+            /*
1824 1824
 			 * Why not throw an Exception instead? This method is a utility
1825 1825
 			 * called only when trying to figure out whether a "missing" known
1826 1826
 			 * LDAP user was or was not renamed on the LDAP server. And this
@@ -1831,246 +1831,246 @@  discard block
 block discarded – undo
1831 1831
 			 * an exception here would kill the experience for a valid, acting
1832 1832
 			 * user. Instead we write a log message.
1833 1833
 			 */
1834
-			\OC::$server->getLogger()->info(
1835
-				'Passed string does not resemble a valid GUID. Known UUID ' .
1836
-				'({uuid}) probably does not match UUID configuration.',
1837
-				['app' => 'user_ldap', 'uuid' => $guid]
1838
-			);
1839
-			return $guid;
1840
-		}
1841
-		for ($i = 0; $i < 3; $i++) {
1842
-			$pairs = str_split($blocks[$i], 2);
1843
-			$pairs = array_reverse($pairs);
1844
-			$blocks[$i] = implode('', $pairs);
1845
-		}
1846
-		for ($i = 0; $i < 5; $i++) {
1847
-			$pairs = str_split($blocks[$i], 2);
1848
-			$blocks[$i] = '\\' . implode('\\', $pairs);
1849
-		}
1850
-		return implode('', $blocks);
1851
-	}
1852
-
1853
-	/**
1854
-	 * gets a SID of the domain of the given dn
1855
-	 *
1856
-	 * @param string $dn
1857
-	 * @return string|bool
1858
-	 * @throws ServerNotAvailableException
1859
-	 */
1860
-	public function getSID($dn) {
1861
-		$domainDN = $this->getDomainDNFromDN($dn);
1862
-		$cacheKey = 'getSID-' . $domainDN;
1863
-		$sid = $this->connection->getFromCache($cacheKey);
1864
-		if (!is_null($sid)) {
1865
-			return $sid;
1866
-		}
1867
-
1868
-		$objectSid = $this->readAttribute($domainDN, 'objectsid');
1869
-		if (!is_array($objectSid) || empty($objectSid)) {
1870
-			$this->connection->writeToCache($cacheKey, false);
1871
-			return false;
1872
-		}
1873
-		$domainObjectSid = $this->convertSID2Str($objectSid[0]);
1874
-		$this->connection->writeToCache($cacheKey, $domainObjectSid);
1875
-
1876
-		return $domainObjectSid;
1877
-	}
1878
-
1879
-	/**
1880
-	 * converts a binary SID into a string representation
1881
-	 *
1882
-	 * @param string $sid
1883
-	 * @return string
1884
-	 */
1885
-	public function convertSID2Str($sid) {
1886
-		// The format of a SID binary string is as follows:
1887
-		// 1 byte for the revision level
1888
-		// 1 byte for the number n of variable sub-ids
1889
-		// 6 bytes for identifier authority value
1890
-		// n*4 bytes for n sub-ids
1891
-		//
1892
-		// Example: 010400000000000515000000a681e50e4d6c6c2bca32055f
1893
-		//  Legend: RRNNAAAAAAAAAAAA11111111222222223333333344444444
1894
-		$revision = ord($sid[0]);
1895
-		$numberSubID = ord($sid[1]);
1896
-
1897
-		$subIdStart = 8; // 1 + 1 + 6
1898
-		$subIdLength = 4;
1899
-		if (strlen($sid) !== $subIdStart + $subIdLength * $numberSubID) {
1900
-			// Incorrect number of bytes present.
1901
-			return '';
1902
-		}
1903
-
1904
-		// 6 bytes = 48 bits can be represented using floats without loss of
1905
-		// precision (see https://gist.github.com/bantu/886ac680b0aef5812f71)
1906
-		$iav = number_format(hexdec(bin2hex(substr($sid, 2, 6))), 0, '', '');
1907
-
1908
-		$subIDs = [];
1909
-		for ($i = 0; $i < $numberSubID; $i++) {
1910
-			$subID = unpack('V', substr($sid, $subIdStart + $subIdLength * $i, $subIdLength));
1911
-			$subIDs[] = sprintf('%u', $subID[1]);
1912
-		}
1913
-
1914
-		// Result for example above: S-1-5-21-249921958-728525901-1594176202
1915
-		return sprintf('S-%d-%s-%s', $revision, $iav, implode('-', $subIDs));
1916
-	}
1917
-
1918
-	/**
1919
-	 * checks if the given DN is part of the given base DN(s)
1920
-	 *
1921
-	 * @param string $dn the DN
1922
-	 * @param string[] $bases array containing the allowed base DN or DNs
1923
-	 * @return bool
1924
-	 */
1925
-	public function isDNPartOfBase($dn, $bases) {
1926
-		$belongsToBase = false;
1927
-		$bases = $this->helper->sanitizeDN($bases);
1928
-
1929
-		foreach ($bases as $base) {
1930
-			$belongsToBase = true;
1931
-			if (mb_strripos($dn, $base, 0, 'UTF-8') !== (mb_strlen($dn, 'UTF-8') - mb_strlen($base, 'UTF-8'))) {
1932
-				$belongsToBase = false;
1933
-			}
1934
-			if ($belongsToBase) {
1935
-				break;
1936
-			}
1937
-		}
1938
-		return $belongsToBase;
1939
-	}
1940
-
1941
-	/**
1942
-	 * resets a running Paged Search operation
1943
-	 *
1944
-	 * @throws ServerNotAvailableException
1945
-	 */
1946
-	private function abandonPagedSearch() {
1947
-		if ($this->lastCookie === '') {
1948
-			return;
1949
-		}
1950
-		$cr = $this->connection->getConnectionResource();
1951
-		$this->invokeLDAPMethod('controlPagedResult', $cr, 0, false);
1952
-		$this->getPagedSearchResultState();
1953
-		$this->lastCookie = '';
1954
-	}
1955
-
1956
-	/**
1957
-	 * checks whether an LDAP paged search operation has more pages that can be
1958
-	 * retrieved, typically when offset and limit are provided.
1959
-	 *
1960
-	 * Be very careful to use it: the last cookie value, which is inspected, can
1961
-	 * be reset by other operations. Best, call it immediately after a search(),
1962
-	 * searchUsers() or searchGroups() call. count-methods are probably safe as
1963
-	 * well. Don't rely on it with any fetchList-method.
1964
-	 *
1965
-	 * @return bool
1966
-	 */
1967
-	public function hasMoreResults() {
1968
-		if (empty($this->lastCookie) && $this->lastCookie !== '0') {
1969
-			// as in RFC 2696, when all results are returned, the cookie will
1970
-			// be empty.
1971
-			return false;
1972
-		}
1973
-
1974
-		return true;
1975
-	}
1976
-
1977
-	/**
1978
-	 * Check whether the most recent paged search was successful. It flushed the state var. Use it always after a possible paged search.
1979
-	 *
1980
-	 * @return boolean|null true on success, null or false otherwise
1981
-	 */
1982
-	public function getPagedSearchResultState() {
1983
-		$result = $this->pagedSearchedSuccessful;
1984
-		$this->pagedSearchedSuccessful = null;
1985
-		return $result;
1986
-	}
1987
-
1988
-	/**
1989
-	 * Prepares a paged search, if possible
1990
-	 *
1991
-	 * @param string $filter the LDAP filter for the search
1992
-	 * @param string[] $bases an array containing the LDAP subtree(s) that shall be searched
1993
-	 * @param string[] $attr optional, when a certain attribute shall be filtered outside
1994
-	 * @param int $limit
1995
-	 * @param int $offset
1996
-	 * @return bool|true
1997
-	 * @throws ServerNotAvailableException
1998
-	 */
1999
-	private function initPagedSearch(
2000
-		string $filter,
2001
-		string $base,
2002
-		?array $attr,
2003
-		int $limit,
2004
-		int $offset
2005
-	): bool {
2006
-		$pagedSearchOK = false;
2007
-		if ($limit !== 0) {
2008
-			\OC::$server->getLogger()->debug(
2009
-				'initializing paged search for filter {filter}, base {base}, attr {attr}, limit {limit}, offset {offset}',
2010
-				[
2011
-					'app' => 'user_ldap',
2012
-					'filter' => $filter,
2013
-					'base' => $base,
2014
-					'attr' => $attr,
2015
-					'limit' => $limit,
2016
-					'offset' => $offset
2017
-				]
2018
-			);
2019
-			//get the cookie from the search for the previous search, required by LDAP
2020
-			if (empty($this->lastCookie) && $this->lastCookie !== "0" && ($offset > 0)) {
2021
-				// no cookie known from a potential previous search. We need
2022
-				// to start from 0 to come to the desired page. cookie value
2023
-				// of '0' is valid, because 389ds
2024
-				$reOffset = ($offset - $limit) < 0 ? 0 : $offset - $limit;
2025
-				$this->search($filter, $base, $attr, $limit, $reOffset, true);
2026
-				if (!$this->hasMoreResults()) {
2027
-					// when the cookie is reset with != 0 offset, there are no further
2028
-					// results, so stop.
2029
-					return false;
2030
-				}
2031
-			}
2032
-			if ($this->lastCookie !== '' && $offset === 0) {
2033
-				//since offset = 0, this is a new search. We abandon other searches that might be ongoing.
2034
-				$this->abandonPagedSearch();
2035
-			}
2036
-			$pagedSearchOK = true === $this->invokeLDAPMethod(
2037
-					'controlPagedResult', $this->connection->getConnectionResource(), $limit, false
2038
-				);
2039
-			if ($pagedSearchOK) {
2040
-				\OC::$server->getLogger()->debug('Ready for a paged search', ['app' => 'user_ldap']);
2041
-			}
2042
-			/* ++ Fixing RHDS searches with pages with zero results ++
1834
+            \OC::$server->getLogger()->info(
1835
+                'Passed string does not resemble a valid GUID. Known UUID ' .
1836
+                '({uuid}) probably does not match UUID configuration.',
1837
+                ['app' => 'user_ldap', 'uuid' => $guid]
1838
+            );
1839
+            return $guid;
1840
+        }
1841
+        for ($i = 0; $i < 3; $i++) {
1842
+            $pairs = str_split($blocks[$i], 2);
1843
+            $pairs = array_reverse($pairs);
1844
+            $blocks[$i] = implode('', $pairs);
1845
+        }
1846
+        for ($i = 0; $i < 5; $i++) {
1847
+            $pairs = str_split($blocks[$i], 2);
1848
+            $blocks[$i] = '\\' . implode('\\', $pairs);
1849
+        }
1850
+        return implode('', $blocks);
1851
+    }
1852
+
1853
+    /**
1854
+     * gets a SID of the domain of the given dn
1855
+     *
1856
+     * @param string $dn
1857
+     * @return string|bool
1858
+     * @throws ServerNotAvailableException
1859
+     */
1860
+    public function getSID($dn) {
1861
+        $domainDN = $this->getDomainDNFromDN($dn);
1862
+        $cacheKey = 'getSID-' . $domainDN;
1863
+        $sid = $this->connection->getFromCache($cacheKey);
1864
+        if (!is_null($sid)) {
1865
+            return $sid;
1866
+        }
1867
+
1868
+        $objectSid = $this->readAttribute($domainDN, 'objectsid');
1869
+        if (!is_array($objectSid) || empty($objectSid)) {
1870
+            $this->connection->writeToCache($cacheKey, false);
1871
+            return false;
1872
+        }
1873
+        $domainObjectSid = $this->convertSID2Str($objectSid[0]);
1874
+        $this->connection->writeToCache($cacheKey, $domainObjectSid);
1875
+
1876
+        return $domainObjectSid;
1877
+    }
1878
+
1879
+    /**
1880
+     * converts a binary SID into a string representation
1881
+     *
1882
+     * @param string $sid
1883
+     * @return string
1884
+     */
1885
+    public function convertSID2Str($sid) {
1886
+        // The format of a SID binary string is as follows:
1887
+        // 1 byte for the revision level
1888
+        // 1 byte for the number n of variable sub-ids
1889
+        // 6 bytes for identifier authority value
1890
+        // n*4 bytes for n sub-ids
1891
+        //
1892
+        // Example: 010400000000000515000000a681e50e4d6c6c2bca32055f
1893
+        //  Legend: RRNNAAAAAAAAAAAA11111111222222223333333344444444
1894
+        $revision = ord($sid[0]);
1895
+        $numberSubID = ord($sid[1]);
1896
+
1897
+        $subIdStart = 8; // 1 + 1 + 6
1898
+        $subIdLength = 4;
1899
+        if (strlen($sid) !== $subIdStart + $subIdLength * $numberSubID) {
1900
+            // Incorrect number of bytes present.
1901
+            return '';
1902
+        }
1903
+
1904
+        // 6 bytes = 48 bits can be represented using floats without loss of
1905
+        // precision (see https://gist.github.com/bantu/886ac680b0aef5812f71)
1906
+        $iav = number_format(hexdec(bin2hex(substr($sid, 2, 6))), 0, '', '');
1907
+
1908
+        $subIDs = [];
1909
+        for ($i = 0; $i < $numberSubID; $i++) {
1910
+            $subID = unpack('V', substr($sid, $subIdStart + $subIdLength * $i, $subIdLength));
1911
+            $subIDs[] = sprintf('%u', $subID[1]);
1912
+        }
1913
+
1914
+        // Result for example above: S-1-5-21-249921958-728525901-1594176202
1915
+        return sprintf('S-%d-%s-%s', $revision, $iav, implode('-', $subIDs));
1916
+    }
1917
+
1918
+    /**
1919
+     * checks if the given DN is part of the given base DN(s)
1920
+     *
1921
+     * @param string $dn the DN
1922
+     * @param string[] $bases array containing the allowed base DN or DNs
1923
+     * @return bool
1924
+     */
1925
+    public function isDNPartOfBase($dn, $bases) {
1926
+        $belongsToBase = false;
1927
+        $bases = $this->helper->sanitizeDN($bases);
1928
+
1929
+        foreach ($bases as $base) {
1930
+            $belongsToBase = true;
1931
+            if (mb_strripos($dn, $base, 0, 'UTF-8') !== (mb_strlen($dn, 'UTF-8') - mb_strlen($base, 'UTF-8'))) {
1932
+                $belongsToBase = false;
1933
+            }
1934
+            if ($belongsToBase) {
1935
+                break;
1936
+            }
1937
+        }
1938
+        return $belongsToBase;
1939
+    }
1940
+
1941
+    /**
1942
+     * resets a running Paged Search operation
1943
+     *
1944
+     * @throws ServerNotAvailableException
1945
+     */
1946
+    private function abandonPagedSearch() {
1947
+        if ($this->lastCookie === '') {
1948
+            return;
1949
+        }
1950
+        $cr = $this->connection->getConnectionResource();
1951
+        $this->invokeLDAPMethod('controlPagedResult', $cr, 0, false);
1952
+        $this->getPagedSearchResultState();
1953
+        $this->lastCookie = '';
1954
+    }
1955
+
1956
+    /**
1957
+     * checks whether an LDAP paged search operation has more pages that can be
1958
+     * retrieved, typically when offset and limit are provided.
1959
+     *
1960
+     * Be very careful to use it: the last cookie value, which is inspected, can
1961
+     * be reset by other operations. Best, call it immediately after a search(),
1962
+     * searchUsers() or searchGroups() call. count-methods are probably safe as
1963
+     * well. Don't rely on it with any fetchList-method.
1964
+     *
1965
+     * @return bool
1966
+     */
1967
+    public function hasMoreResults() {
1968
+        if (empty($this->lastCookie) && $this->lastCookie !== '0') {
1969
+            // as in RFC 2696, when all results are returned, the cookie will
1970
+            // be empty.
1971
+            return false;
1972
+        }
1973
+
1974
+        return true;
1975
+    }
1976
+
1977
+    /**
1978
+     * Check whether the most recent paged search was successful. It flushed the state var. Use it always after a possible paged search.
1979
+     *
1980
+     * @return boolean|null true on success, null or false otherwise
1981
+     */
1982
+    public function getPagedSearchResultState() {
1983
+        $result = $this->pagedSearchedSuccessful;
1984
+        $this->pagedSearchedSuccessful = null;
1985
+        return $result;
1986
+    }
1987
+
1988
+    /**
1989
+     * Prepares a paged search, if possible
1990
+     *
1991
+     * @param string $filter the LDAP filter for the search
1992
+     * @param string[] $bases an array containing the LDAP subtree(s) that shall be searched
1993
+     * @param string[] $attr optional, when a certain attribute shall be filtered outside
1994
+     * @param int $limit
1995
+     * @param int $offset
1996
+     * @return bool|true
1997
+     * @throws ServerNotAvailableException
1998
+     */
1999
+    private function initPagedSearch(
2000
+        string $filter,
2001
+        string $base,
2002
+        ?array $attr,
2003
+        int $limit,
2004
+        int $offset
2005
+    ): bool {
2006
+        $pagedSearchOK = false;
2007
+        if ($limit !== 0) {
2008
+            \OC::$server->getLogger()->debug(
2009
+                'initializing paged search for filter {filter}, base {base}, attr {attr}, limit {limit}, offset {offset}',
2010
+                [
2011
+                    'app' => 'user_ldap',
2012
+                    'filter' => $filter,
2013
+                    'base' => $base,
2014
+                    'attr' => $attr,
2015
+                    'limit' => $limit,
2016
+                    'offset' => $offset
2017
+                ]
2018
+            );
2019
+            //get the cookie from the search for the previous search, required by LDAP
2020
+            if (empty($this->lastCookie) && $this->lastCookie !== "0" && ($offset > 0)) {
2021
+                // no cookie known from a potential previous search. We need
2022
+                // to start from 0 to come to the desired page. cookie value
2023
+                // of '0' is valid, because 389ds
2024
+                $reOffset = ($offset - $limit) < 0 ? 0 : $offset - $limit;
2025
+                $this->search($filter, $base, $attr, $limit, $reOffset, true);
2026
+                if (!$this->hasMoreResults()) {
2027
+                    // when the cookie is reset with != 0 offset, there are no further
2028
+                    // results, so stop.
2029
+                    return false;
2030
+                }
2031
+            }
2032
+            if ($this->lastCookie !== '' && $offset === 0) {
2033
+                //since offset = 0, this is a new search. We abandon other searches that might be ongoing.
2034
+                $this->abandonPagedSearch();
2035
+            }
2036
+            $pagedSearchOK = true === $this->invokeLDAPMethod(
2037
+                    'controlPagedResult', $this->connection->getConnectionResource(), $limit, false
2038
+                );
2039
+            if ($pagedSearchOK) {
2040
+                \OC::$server->getLogger()->debug('Ready for a paged search', ['app' => 'user_ldap']);
2041
+            }
2042
+            /* ++ Fixing RHDS searches with pages with zero results ++
2043 2043
 			 * We coudn't get paged searches working with our RHDS for login ($limit = 0),
2044 2044
 			 * due to pages with zero results.
2045 2045
 			 * So we added "&& !empty($this->lastCookie)" to this test to ignore pagination
2046 2046
 			 * if we don't have a previous paged search.
2047 2047
 			 */
2048
-		} elseif ($limit === 0 && !empty($this->lastCookie)) {
2049
-			// a search without limit was requested. However, if we do use
2050
-			// Paged Search once, we always must do it. This requires us to
2051
-			// initialize it with the configured page size.
2052
-			$this->abandonPagedSearch();
2053
-			// in case someone set it to 0 … use 500, otherwise no results will
2054
-			// be returned.
2055
-			$pageSize = (int)$this->connection->ldapPagingSize > 0 ? (int)$this->connection->ldapPagingSize : 500;
2056
-			$pagedSearchOK = $this->invokeLDAPMethod('controlPagedResult',
2057
-				$this->connection->getConnectionResource(),
2058
-				$pageSize, false);
2059
-		}
2060
-
2061
-		return $pagedSearchOK;
2062
-	}
2063
-
2064
-	/**
2065
-	 * Is more than one $attr used for search?
2066
-	 *
2067
-	 * @param string|string[]|null $attr
2068
-	 * @return bool
2069
-	 */
2070
-	private function manyAttributes($attr): bool {
2071
-		if (\is_array($attr)) {
2072
-			return \count($attr) > 1;
2073
-		}
2074
-		return false;
2075
-	}
2048
+        } elseif ($limit === 0 && !empty($this->lastCookie)) {
2049
+            // a search without limit was requested. However, if we do use
2050
+            // Paged Search once, we always must do it. This requires us to
2051
+            // initialize it with the configured page size.
2052
+            $this->abandonPagedSearch();
2053
+            // in case someone set it to 0 … use 500, otherwise no results will
2054
+            // be returned.
2055
+            $pageSize = (int)$this->connection->ldapPagingSize > 0 ? (int)$this->connection->ldapPagingSize : 500;
2056
+            $pagedSearchOK = $this->invokeLDAPMethod('controlPagedResult',
2057
+                $this->connection->getConnectionResource(),
2058
+                $pageSize, false);
2059
+        }
2060
+
2061
+        return $pagedSearchOK;
2062
+    }
2063
+
2064
+    /**
2065
+     * Is more than one $attr used for search?
2066
+     *
2067
+     * @param string|string[]|null $attr
2068
+     * @return bool
2069
+     */
2070
+    private function manyAttributes($attr): bool {
2071
+        if (\is_array($attr)) {
2072
+            return \count($attr) > 1;
2073
+        }
2074
+        return false;
2075
+    }
2076 2076
 }
Please login to merge, or discard this patch.
apps/user_ldap/lib/LDAPProviderFactory.php 1 patch
Indentation   +8 added lines, -8 removed lines patch added patch discarded remove patch
@@ -31,14 +31,14 @@
 block discarded – undo
31 31
 use OCP\LDAP\ILDAPProviderFactory;
32 32
 
33 33
 class LDAPProviderFactory implements ILDAPProviderFactory {
34
-	/** * @var IServerContainer */
35
-	private $serverContainer;
34
+    /** * @var IServerContainer */
35
+    private $serverContainer;
36 36
 
37
-	public function __construct(IServerContainer $serverContainer) {
38
-		$this->serverContainer = $serverContainer;
39
-	}
37
+    public function __construct(IServerContainer $serverContainer) {
38
+        $this->serverContainer = $serverContainer;
39
+    }
40 40
 
41
-	public function getLDAPProvider(): ILDAPProvider {
42
-		return $this->serverContainer->get(LDAPProvider::class);
43
-	}
41
+    public function getLDAPProvider(): ILDAPProvider {
42
+        return $this->serverContainer->get(LDAPProvider::class);
43
+    }
44 44
 }
Please login to merge, or discard this patch.
apps/user_ldap/lib/Proxy.php 1 patch
Indentation   +181 added lines, -181 removed lines patch added patch discarded remove patch
@@ -39,185 +39,185 @@
 block discarded – undo
39 39
 use OCP\Share\IManager;
40 40
 
41 41
 abstract class Proxy {
42
-	private static $accesses = [];
43
-	private $ldap = null;
44
-	/** @var bool */
45
-	private $isSingleBackend;
46
-
47
-	/** @var \OCP\ICache|null */
48
-	private $cache;
49
-
50
-	/**
51
-	 * @param ILDAPWrapper $ldap
52
-	 */
53
-	public function __construct(ILDAPWrapper $ldap) {
54
-		$this->ldap = $ldap;
55
-		$memcache = \OC::$server->getMemCacheFactory();
56
-		if ($memcache->isAvailable()) {
57
-			$this->cache = $memcache->createDistributed();
58
-		}
59
-	}
60
-
61
-	/**
62
-	 * @param string $configPrefix
63
-	 */
64
-	private function addAccess($configPrefix) {
65
-		static $ocConfig;
66
-		static $fs;
67
-		static $log;
68
-		static $avatarM;
69
-		static $userMap;
70
-		static $groupMap;
71
-		static $shareManager;
72
-		static $coreUserManager;
73
-		static $coreNotificationManager;
74
-		if ($fs === null) {
75
-			$ocConfig = \OC::$server->getConfig();
76
-			$fs = new FilesystemHelper();
77
-			$log = new LogWrapper();
78
-			$avatarM = \OC::$server->getAvatarManager();
79
-			$db = \OC::$server->getDatabaseConnection();
80
-			$userMap = new UserMapping($db);
81
-			$groupMap = new GroupMapping($db);
82
-			$coreUserManager = \OC::$server->getUserManager();
83
-			$coreNotificationManager = \OC::$server->getNotificationManager();
84
-			$shareManager = \OC::$server->get(IManager::class);
85
-		}
86
-		$userManager =
87
-			new Manager($ocConfig, $fs, $log, $avatarM, new \OCP\Image(),
88
-				$coreUserManager, $coreNotificationManager, $shareManager);
89
-		$connector = new Connection($this->ldap, $configPrefix);
90
-		$access = new Access($connector, $this->ldap, $userManager, new Helper($ocConfig), $ocConfig, $coreUserManager);
91
-		$access->setUserMapper($userMap);
92
-		$access->setGroupMapper($groupMap);
93
-		self::$accesses[$configPrefix] = $access;
94
-	}
95
-
96
-	/**
97
-	 * @param string $configPrefix
98
-	 * @return mixed
99
-	 */
100
-	protected function getAccess($configPrefix) {
101
-		if (!isset(self::$accesses[$configPrefix])) {
102
-			$this->addAccess($configPrefix);
103
-		}
104
-		return self::$accesses[$configPrefix];
105
-	}
106
-
107
-	/**
108
-	 * @param string $uid
109
-	 * @return string
110
-	 */
111
-	protected function getUserCacheKey($uid) {
112
-		return 'user-' . $uid . '-lastSeenOn';
113
-	}
114
-
115
-	/**
116
-	 * @param string $gid
117
-	 * @return string
118
-	 */
119
-	protected function getGroupCacheKey($gid) {
120
-		return 'group-' . $gid . '-lastSeenOn';
121
-	}
122
-
123
-	/**
124
-	 * @param string $id
125
-	 * @param string $method
126
-	 * @param array $parameters
127
-	 * @param bool $passOnWhen
128
-	 * @return mixed
129
-	 */
130
-	abstract protected function callOnLastSeenOn($id, $method, $parameters, $passOnWhen);
131
-
132
-	/**
133
-	 * @param string $id
134
-	 * @param string $method
135
-	 * @param array $parameters
136
-	 * @return mixed
137
-	 */
138
-	abstract protected function walkBackends($id, $method, $parameters);
139
-
140
-	/**
141
-	 * @param string $id
142
-	 * @return Access
143
-	 */
144
-	abstract public function getLDAPAccess($id);
145
-
146
-	abstract protected function activeBackends(): int;
147
-
148
-	protected function isSingleBackend(): bool {
149
-		if ($this->isSingleBackend === null) {
150
-			$this->isSingleBackend = $this->activeBackends() === 1;
151
-		}
152
-		return $this->isSingleBackend;
153
-	}
154
-
155
-	/**
156
-	 * Takes care of the request to the User backend
157
-	 *
158
-	 * @param string $id
159
-	 * @param string $method string, the method of the user backend that shall be called
160
-	 * @param array $parameters an array of parameters to be passed
161
-	 * @param bool $passOnWhen
162
-	 * @return mixed, the result of the specified method
163
-	 */
164
-	protected function handleRequest($id, $method, $parameters, $passOnWhen = false) {
165
-		if (!$this->isSingleBackend()) {
166
-			$result = $this->callOnLastSeenOn($id, $method, $parameters, $passOnWhen);
167
-		}
168
-		if (!isset($result) || $result === $passOnWhen) {
169
-			$result = $this->walkBackends($id, $method, $parameters);
170
-		}
171
-		return $result;
172
-	}
173
-
174
-	/**
175
-	 * @param string|null $key
176
-	 * @return string
177
-	 */
178
-	private function getCacheKey($key) {
179
-		$prefix = 'LDAP-Proxy-';
180
-		if ($key === null) {
181
-			return $prefix;
182
-		}
183
-		return $prefix . hash('sha256', $key);
184
-	}
185
-
186
-	/**
187
-	 * @param string $key
188
-	 * @return mixed|null
189
-	 */
190
-	public function getFromCache($key) {
191
-		if ($this->cache === null) {
192
-			return null;
193
-		}
194
-
195
-		$key = $this->getCacheKey($key);
196
-		$value = $this->cache->get($key);
197
-		if ($value === null) {
198
-			return null;
199
-		}
200
-
201
-		return json_decode(base64_decode($value));
202
-	}
203
-
204
-	/**
205
-	 * @param string $key
206
-	 * @param mixed $value
207
-	 */
208
-	public function writeToCache($key, $value) {
209
-		if ($this->cache === null) {
210
-			return;
211
-		}
212
-		$key = $this->getCacheKey($key);
213
-		$value = base64_encode(json_encode($value));
214
-		$this->cache->set($key, $value, 2592000);
215
-	}
216
-
217
-	public function clearCache() {
218
-		if ($this->cache === null) {
219
-			return;
220
-		}
221
-		$this->cache->clear($this->getCacheKey(null));
222
-	}
42
+    private static $accesses = [];
43
+    private $ldap = null;
44
+    /** @var bool */
45
+    private $isSingleBackend;
46
+
47
+    /** @var \OCP\ICache|null */
48
+    private $cache;
49
+
50
+    /**
51
+     * @param ILDAPWrapper $ldap
52
+     */
53
+    public function __construct(ILDAPWrapper $ldap) {
54
+        $this->ldap = $ldap;
55
+        $memcache = \OC::$server->getMemCacheFactory();
56
+        if ($memcache->isAvailable()) {
57
+            $this->cache = $memcache->createDistributed();
58
+        }
59
+    }
60
+
61
+    /**
62
+     * @param string $configPrefix
63
+     */
64
+    private function addAccess($configPrefix) {
65
+        static $ocConfig;
66
+        static $fs;
67
+        static $log;
68
+        static $avatarM;
69
+        static $userMap;
70
+        static $groupMap;
71
+        static $shareManager;
72
+        static $coreUserManager;
73
+        static $coreNotificationManager;
74
+        if ($fs === null) {
75
+            $ocConfig = \OC::$server->getConfig();
76
+            $fs = new FilesystemHelper();
77
+            $log = new LogWrapper();
78
+            $avatarM = \OC::$server->getAvatarManager();
79
+            $db = \OC::$server->getDatabaseConnection();
80
+            $userMap = new UserMapping($db);
81
+            $groupMap = new GroupMapping($db);
82
+            $coreUserManager = \OC::$server->getUserManager();
83
+            $coreNotificationManager = \OC::$server->getNotificationManager();
84
+            $shareManager = \OC::$server->get(IManager::class);
85
+        }
86
+        $userManager =
87
+            new Manager($ocConfig, $fs, $log, $avatarM, new \OCP\Image(),
88
+                $coreUserManager, $coreNotificationManager, $shareManager);
89
+        $connector = new Connection($this->ldap, $configPrefix);
90
+        $access = new Access($connector, $this->ldap, $userManager, new Helper($ocConfig), $ocConfig, $coreUserManager);
91
+        $access->setUserMapper($userMap);
92
+        $access->setGroupMapper($groupMap);
93
+        self::$accesses[$configPrefix] = $access;
94
+    }
95
+
96
+    /**
97
+     * @param string $configPrefix
98
+     * @return mixed
99
+     */
100
+    protected function getAccess($configPrefix) {
101
+        if (!isset(self::$accesses[$configPrefix])) {
102
+            $this->addAccess($configPrefix);
103
+        }
104
+        return self::$accesses[$configPrefix];
105
+    }
106
+
107
+    /**
108
+     * @param string $uid
109
+     * @return string
110
+     */
111
+    protected function getUserCacheKey($uid) {
112
+        return 'user-' . $uid . '-lastSeenOn';
113
+    }
114
+
115
+    /**
116
+     * @param string $gid
117
+     * @return string
118
+     */
119
+    protected function getGroupCacheKey($gid) {
120
+        return 'group-' . $gid . '-lastSeenOn';
121
+    }
122
+
123
+    /**
124
+     * @param string $id
125
+     * @param string $method
126
+     * @param array $parameters
127
+     * @param bool $passOnWhen
128
+     * @return mixed
129
+     */
130
+    abstract protected function callOnLastSeenOn($id, $method, $parameters, $passOnWhen);
131
+
132
+    /**
133
+     * @param string $id
134
+     * @param string $method
135
+     * @param array $parameters
136
+     * @return mixed
137
+     */
138
+    abstract protected function walkBackends($id, $method, $parameters);
139
+
140
+    /**
141
+     * @param string $id
142
+     * @return Access
143
+     */
144
+    abstract public function getLDAPAccess($id);
145
+
146
+    abstract protected function activeBackends(): int;
147
+
148
+    protected function isSingleBackend(): bool {
149
+        if ($this->isSingleBackend === null) {
150
+            $this->isSingleBackend = $this->activeBackends() === 1;
151
+        }
152
+        return $this->isSingleBackend;
153
+    }
154
+
155
+    /**
156
+     * Takes care of the request to the User backend
157
+     *
158
+     * @param string $id
159
+     * @param string $method string, the method of the user backend that shall be called
160
+     * @param array $parameters an array of parameters to be passed
161
+     * @param bool $passOnWhen
162
+     * @return mixed, the result of the specified method
163
+     */
164
+    protected function handleRequest($id, $method, $parameters, $passOnWhen = false) {
165
+        if (!$this->isSingleBackend()) {
166
+            $result = $this->callOnLastSeenOn($id, $method, $parameters, $passOnWhen);
167
+        }
168
+        if (!isset($result) || $result === $passOnWhen) {
169
+            $result = $this->walkBackends($id, $method, $parameters);
170
+        }
171
+        return $result;
172
+    }
173
+
174
+    /**
175
+     * @param string|null $key
176
+     * @return string
177
+     */
178
+    private function getCacheKey($key) {
179
+        $prefix = 'LDAP-Proxy-';
180
+        if ($key === null) {
181
+            return $prefix;
182
+        }
183
+        return $prefix . hash('sha256', $key);
184
+    }
185
+
186
+    /**
187
+     * @param string $key
188
+     * @return mixed|null
189
+     */
190
+    public function getFromCache($key) {
191
+        if ($this->cache === null) {
192
+            return null;
193
+        }
194
+
195
+        $key = $this->getCacheKey($key);
196
+        $value = $this->cache->get($key);
197
+        if ($value === null) {
198
+            return null;
199
+        }
200
+
201
+        return json_decode(base64_decode($value));
202
+    }
203
+
204
+    /**
205
+     * @param string $key
206
+     * @param mixed $value
207
+     */
208
+    public function writeToCache($key, $value) {
209
+        if ($this->cache === null) {
210
+            return;
211
+        }
212
+        $key = $this->getCacheKey($key);
213
+        $value = base64_encode(json_encode($value));
214
+        $this->cache->set($key, $value, 2592000);
215
+    }
216
+
217
+    public function clearCache() {
218
+        if ($this->cache === null) {
219
+            return;
220
+        }
221
+        $this->cache->clear($this->getCacheKey(null));
222
+    }
223 223
 }
Please login to merge, or discard this patch.
apps/user_ldap/lib/User/Manager.php 1 patch
Indentation   +198 added lines, -198 removed lines patch added patch discarded remove patch
@@ -48,228 +48,228 @@
 block discarded – undo
48 48
  * cache
49 49
  */
50 50
 class Manager {
51
-	/** @var Access */
52
-	protected $access;
51
+    /** @var Access */
52
+    protected $access;
53 53
 
54
-	/** @var IConfig */
55
-	protected $ocConfig;
54
+    /** @var IConfig */
55
+    protected $ocConfig;
56 56
 
57
-	/** @var IDBConnection */
58
-	protected $db;
57
+    /** @var IDBConnection */
58
+    protected $db;
59 59
 
60
-	/** @var IUserManager */
61
-	protected $userManager;
60
+    /** @var IUserManager */
61
+    protected $userManager;
62 62
 
63
-	/** @var INotificationManager */
64
-	protected $notificationManager;
63
+    /** @var INotificationManager */
64
+    protected $notificationManager;
65 65
 
66
-	/** @var FilesystemHelper */
67
-	protected $ocFilesystem;
66
+    /** @var FilesystemHelper */
67
+    protected $ocFilesystem;
68 68
 
69
-	/** @var LogWrapper */
70
-	protected $ocLog;
69
+    /** @var LogWrapper */
70
+    protected $ocLog;
71 71
 
72
-	/** @var Image */
73
-	protected $image;
72
+    /** @var Image */
73
+    protected $image;
74 74
 
75
-	/** @param \OCP\IAvatarManager */
76
-	protected $avatarManager;
75
+    /** @param \OCP\IAvatarManager */
76
+    protected $avatarManager;
77 77
 
78
-	/**
79
-	 * @var CappedMemoryCache $usersByDN
80
-	 */
81
-	protected $usersByDN;
82
-	/**
83
-	 * @var CappedMemoryCache $usersByUid
84
-	 */
85
-	protected $usersByUid;
86
-	/** @var IManager */
87
-	private $shareManager;
78
+    /**
79
+     * @var CappedMemoryCache $usersByDN
80
+     */
81
+    protected $usersByDN;
82
+    /**
83
+     * @var CappedMemoryCache $usersByUid
84
+     */
85
+    protected $usersByUid;
86
+    /** @var IManager */
87
+    private $shareManager;
88 88
 
89
-	public function __construct(
90
-		IConfig $ocConfig,
91
-		FilesystemHelper $ocFilesystem,
92
-		LogWrapper $ocLog,
93
-		IAvatarManager $avatarManager,
94
-		Image $image,
95
-		IUserManager $userManager,
96
-		INotificationManager $notificationManager,
97
-		IManager $shareManager
98
-	) {
99
-		$this->ocConfig = $ocConfig;
100
-		$this->ocFilesystem = $ocFilesystem;
101
-		$this->ocLog = $ocLog;
102
-		$this->avatarManager = $avatarManager;
103
-		$this->image = $image;
104
-		$this->userManager = $userManager;
105
-		$this->notificationManager = $notificationManager;
106
-		$this->usersByDN = new CappedMemoryCache();
107
-		$this->usersByUid = new CappedMemoryCache();
108
-		$this->shareManager = $shareManager;
109
-	}
89
+    public function __construct(
90
+        IConfig $ocConfig,
91
+        FilesystemHelper $ocFilesystem,
92
+        LogWrapper $ocLog,
93
+        IAvatarManager $avatarManager,
94
+        Image $image,
95
+        IUserManager $userManager,
96
+        INotificationManager $notificationManager,
97
+        IManager $shareManager
98
+    ) {
99
+        $this->ocConfig = $ocConfig;
100
+        $this->ocFilesystem = $ocFilesystem;
101
+        $this->ocLog = $ocLog;
102
+        $this->avatarManager = $avatarManager;
103
+        $this->image = $image;
104
+        $this->userManager = $userManager;
105
+        $this->notificationManager = $notificationManager;
106
+        $this->usersByDN = new CappedMemoryCache();
107
+        $this->usersByUid = new CappedMemoryCache();
108
+        $this->shareManager = $shareManager;
109
+    }
110 110
 
111
-	/**
112
-	 * Binds manager to an instance of Access.
113
-	 * It needs to be assigned first before the manager can be used.
114
-	 * @param Access
115
-	 */
116
-	public function setLdapAccess(Access $access) {
117
-		$this->access = $access;
118
-	}
111
+    /**
112
+     * Binds manager to an instance of Access.
113
+     * It needs to be assigned first before the manager can be used.
114
+     * @param Access
115
+     */
116
+    public function setLdapAccess(Access $access) {
117
+        $this->access = $access;
118
+    }
119 119
 
120
-	/**
121
-	 * @brief creates an instance of User and caches (just runtime) it in the
122
-	 * property array
123
-	 * @param string $dn the DN of the user
124
-	 * @param string $uid the internal (owncloud) username
125
-	 * @return \OCA\User_LDAP\User\User
126
-	 */
127
-	private function createAndCache($dn, $uid) {
128
-		$this->checkAccess();
129
-		$user = new User($uid, $dn, $this->access, $this->ocConfig,
130
-			$this->ocFilesystem, clone $this->image, $this->ocLog,
131
-			$this->avatarManager, $this->userManager,
132
-			$this->notificationManager);
133
-		$this->usersByDN[$dn] = $user;
134
-		$this->usersByUid[$uid] = $user;
135
-		return $user;
136
-	}
120
+    /**
121
+     * @brief creates an instance of User and caches (just runtime) it in the
122
+     * property array
123
+     * @param string $dn the DN of the user
124
+     * @param string $uid the internal (owncloud) username
125
+     * @return \OCA\User_LDAP\User\User
126
+     */
127
+    private function createAndCache($dn, $uid) {
128
+        $this->checkAccess();
129
+        $user = new User($uid, $dn, $this->access, $this->ocConfig,
130
+            $this->ocFilesystem, clone $this->image, $this->ocLog,
131
+            $this->avatarManager, $this->userManager,
132
+            $this->notificationManager);
133
+        $this->usersByDN[$dn] = $user;
134
+        $this->usersByUid[$uid] = $user;
135
+        return $user;
136
+    }
137 137
 
138
-	/**
139
-	 * removes a user entry from the cache
140
-	 * @param $uid
141
-	 */
142
-	public function invalidate($uid) {
143
-		if (!isset($this->usersByUid[$uid])) {
144
-			return;
145
-		}
146
-		$dn = $this->usersByUid[$uid]->getDN();
147
-		unset($this->usersByUid[$uid]);
148
-		unset($this->usersByDN[$dn]);
149
-	}
138
+    /**
139
+     * removes a user entry from the cache
140
+     * @param $uid
141
+     */
142
+    public function invalidate($uid) {
143
+        if (!isset($this->usersByUid[$uid])) {
144
+            return;
145
+        }
146
+        $dn = $this->usersByUid[$uid]->getDN();
147
+        unset($this->usersByUid[$uid]);
148
+        unset($this->usersByDN[$dn]);
149
+    }
150 150
 
151
-	/**
152
-	 * @brief checks whether the Access instance has been set
153
-	 * @throws \Exception if Access has not been set
154
-	 * @return null
155
-	 */
156
-	private function checkAccess() {
157
-		if (is_null($this->access)) {
158
-			throw new \Exception('LDAP Access instance must be set first');
159
-		}
160
-	}
151
+    /**
152
+     * @brief checks whether the Access instance has been set
153
+     * @throws \Exception if Access has not been set
154
+     * @return null
155
+     */
156
+    private function checkAccess() {
157
+        if (is_null($this->access)) {
158
+            throw new \Exception('LDAP Access instance must be set first');
159
+        }
160
+    }
161 161
 
162
-	/**
163
-	 * returns a list of attributes that will be processed further, e.g. quota,
164
-	 * email, displayname, or others.
165
-	 *
166
-	 * @param bool $minimal - optional, set to true to skip attributes with big
167
-	 * payload
168
-	 * @return string[]
169
-	 */
170
-	public function getAttributes($minimal = false) {
171
-		$baseAttributes = array_merge(Access::UUID_ATTRIBUTES, ['dn', 'uid', 'samaccountname', 'memberof']);
172
-		$attributes = [
173
-			$this->access->getConnection()->ldapExpertUUIDUserAttr,
174
-			$this->access->getConnection()->ldapQuotaAttribute,
175
-			$this->access->getConnection()->ldapEmailAttribute,
176
-			$this->access->getConnection()->ldapUserDisplayName,
177
-			$this->access->getConnection()->ldapUserDisplayName2,
178
-			$this->access->getConnection()->ldapExtStorageHomeAttribute,
179
-		];
162
+    /**
163
+     * returns a list of attributes that will be processed further, e.g. quota,
164
+     * email, displayname, or others.
165
+     *
166
+     * @param bool $minimal - optional, set to true to skip attributes with big
167
+     * payload
168
+     * @return string[]
169
+     */
170
+    public function getAttributes($minimal = false) {
171
+        $baseAttributes = array_merge(Access::UUID_ATTRIBUTES, ['dn', 'uid', 'samaccountname', 'memberof']);
172
+        $attributes = [
173
+            $this->access->getConnection()->ldapExpertUUIDUserAttr,
174
+            $this->access->getConnection()->ldapQuotaAttribute,
175
+            $this->access->getConnection()->ldapEmailAttribute,
176
+            $this->access->getConnection()->ldapUserDisplayName,
177
+            $this->access->getConnection()->ldapUserDisplayName2,
178
+            $this->access->getConnection()->ldapExtStorageHomeAttribute,
179
+        ];
180 180
 
181
-		$homeRule = $this->access->getConnection()->homeFolderNamingRule;
182
-		if (strpos($homeRule, 'attr:') === 0) {
183
-			$attributes[] = substr($homeRule, strlen('attr:'));
184
-		}
181
+        $homeRule = $this->access->getConnection()->homeFolderNamingRule;
182
+        if (strpos($homeRule, 'attr:') === 0) {
183
+            $attributes[] = substr($homeRule, strlen('attr:'));
184
+        }
185 185
 
186
-		if (!$minimal) {
187
-			// attributes that are not really important but may come with big
188
-			// payload.
189
-			$attributes = array_merge(
190
-				$attributes,
191
-				$this->access->getConnection()->resolveRule('avatar')
192
-			);
193
-		}
186
+        if (!$minimal) {
187
+            // attributes that are not really important but may come with big
188
+            // payload.
189
+            $attributes = array_merge(
190
+                $attributes,
191
+                $this->access->getConnection()->resolveRule('avatar')
192
+            );
193
+        }
194 194
 
195
-		$attributes = array_reduce($attributes,
196
-			function ($list, $attribute) {
197
-				$attribute = strtolower(trim((string)$attribute));
198
-				if (!empty($attribute) && !in_array($attribute, $list)) {
199
-					$list[] = $attribute;
200
-				}
195
+        $attributes = array_reduce($attributes,
196
+            function ($list, $attribute) {
197
+                $attribute = strtolower(trim((string)$attribute));
198
+                if (!empty($attribute) && !in_array($attribute, $list)) {
199
+                    $list[] = $attribute;
200
+                }
201 201
 
202
-				return $list;
203
-			},
204
-			$baseAttributes // hard-coded, lower-case, non-empty attributes
205
-		);
202
+                return $list;
203
+            },
204
+            $baseAttributes // hard-coded, lower-case, non-empty attributes
205
+        );
206 206
 
207
-		return $attributes;
208
-	}
207
+        return $attributes;
208
+    }
209 209
 
210
-	/**
211
-	 * Checks whether the specified user is marked as deleted
212
-	 * @param string $id the Nextcloud user name
213
-	 * @return bool
214
-	 */
215
-	public function isDeletedUser($id) {
216
-		$isDeleted = $this->ocConfig->getUserValue(
217
-			$id, 'user_ldap', 'isDeleted', 0);
218
-		return (int)$isDeleted === 1;
219
-	}
210
+    /**
211
+     * Checks whether the specified user is marked as deleted
212
+     * @param string $id the Nextcloud user name
213
+     * @return bool
214
+     */
215
+    public function isDeletedUser($id) {
216
+        $isDeleted = $this->ocConfig->getUserValue(
217
+            $id, 'user_ldap', 'isDeleted', 0);
218
+        return (int)$isDeleted === 1;
219
+    }
220 220
 
221
-	/**
222
-	 * creates and returns an instance of OfflineUser for the specified user
223
-	 * @param string $id
224
-	 * @return \OCA\User_LDAP\User\OfflineUser
225
-	 */
226
-	public function getDeletedUser($id) {
227
-		return new OfflineUser(
228
-			$id,
229
-			$this->ocConfig,
230
-			$this->access->getUserMapper(),
231
-			$this->shareManager
232
-		);
233
-	}
221
+    /**
222
+     * creates and returns an instance of OfflineUser for the specified user
223
+     * @param string $id
224
+     * @return \OCA\User_LDAP\User\OfflineUser
225
+     */
226
+    public function getDeletedUser($id) {
227
+        return new OfflineUser(
228
+            $id,
229
+            $this->ocConfig,
230
+            $this->access->getUserMapper(),
231
+            $this->shareManager
232
+        );
233
+    }
234 234
 
235
-	/**
236
-	 * @brief returns a User object by it's Nextcloud username
237
-	 * @param string $id the DN or username of the user
238
-	 * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
239
-	 */
240
-	protected function createInstancyByUserName($id) {
241
-		//most likely a uid. Check whether it is a deleted user
242
-		if ($this->isDeletedUser($id)) {
243
-			return $this->getDeletedUser($id);
244
-		}
245
-		$dn = $this->access->username2dn($id);
246
-		if ($dn !== false) {
247
-			return $this->createAndCache($dn, $id);
248
-		}
249
-		return null;
250
-	}
235
+    /**
236
+     * @brief returns a User object by it's Nextcloud username
237
+     * @param string $id the DN or username of the user
238
+     * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
239
+     */
240
+    protected function createInstancyByUserName($id) {
241
+        //most likely a uid. Check whether it is a deleted user
242
+        if ($this->isDeletedUser($id)) {
243
+            return $this->getDeletedUser($id);
244
+        }
245
+        $dn = $this->access->username2dn($id);
246
+        if ($dn !== false) {
247
+            return $this->createAndCache($dn, $id);
248
+        }
249
+        return null;
250
+    }
251 251
 
252
-	/**
253
-	 * @brief returns a User object by it's DN or Nextcloud username
254
-	 * @param string $id the DN or username of the user
255
-	 * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
256
-	 * @throws \Exception when connection could not be established
257
-	 */
258
-	public function get($id) {
259
-		$this->checkAccess();
260
-		if (isset($this->usersByDN[$id])) {
261
-			return $this->usersByDN[$id];
262
-		} elseif (isset($this->usersByUid[$id])) {
263
-			return $this->usersByUid[$id];
264
-		}
252
+    /**
253
+     * @brief returns a User object by it's DN or Nextcloud username
254
+     * @param string $id the DN or username of the user
255
+     * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
256
+     * @throws \Exception when connection could not be established
257
+     */
258
+    public function get($id) {
259
+        $this->checkAccess();
260
+        if (isset($this->usersByDN[$id])) {
261
+            return $this->usersByDN[$id];
262
+        } elseif (isset($this->usersByUid[$id])) {
263
+            return $this->usersByUid[$id];
264
+        }
265 265
 
266
-		if ($this->access->stringResemblesDN($id)) {
267
-			$uid = $this->access->dn2username($id);
268
-			if ($uid !== false) {
269
-				return $this->createAndCache($id, $uid);
270
-			}
271
-		}
266
+        if ($this->access->stringResemblesDN($id)) {
267
+            $uid = $this->access->dn2username($id);
268
+            if ($uid !== false) {
269
+                return $this->createAndCache($id, $uid);
270
+            }
271
+        }
272 272
 
273
-		return $this->createInstancyByUserName($id);
274
-	}
273
+        return $this->createInstancyByUserName($id);
274
+    }
275 275
 }
Please login to merge, or discard this patch.
apps/user_ldap/lib/User/DeletedUsersIndex.php 1 patch
Indentation   +69 added lines, -69 removed lines patch added patch discarded remove patch
@@ -33,82 +33,82 @@
 block discarded – undo
33 33
  * @package OCA\User_LDAP
34 34
  */
35 35
 class DeletedUsersIndex {
36
-	/**
37
-	 * @var \OCP\IConfig $config
38
-	 */
39
-	protected $config;
36
+    /**
37
+     * @var \OCP\IConfig $config
38
+     */
39
+    protected $config;
40 40
 
41
-	/**
42
-	 * @var \OCA\User_LDAP\Mapping\UserMapping $mapping
43
-	 */
44
-	protected $mapping;
41
+    /**
42
+     * @var \OCA\User_LDAP\Mapping\UserMapping $mapping
43
+     */
44
+    protected $mapping;
45 45
 
46
-	/**
47
-	 * @var array $deletedUsers
48
-	 */
49
-	protected $deletedUsers;
50
-	/** @var IManager */
51
-	private $shareManager;
46
+    /**
47
+     * @var array $deletedUsers
48
+     */
49
+    protected $deletedUsers;
50
+    /** @var IManager */
51
+    private $shareManager;
52 52
 
53
-	public function __construct(\OCP\IConfig $config, UserMapping $mapping, IManager $shareManager) {
54
-		$this->config = $config;
55
-		$this->mapping = $mapping;
56
-		$this->shareManager = $shareManager;
57
-	}
53
+    public function __construct(\OCP\IConfig $config, UserMapping $mapping, IManager $shareManager) {
54
+        $this->config = $config;
55
+        $this->mapping = $mapping;
56
+        $this->shareManager = $shareManager;
57
+    }
58 58
 
59
-	/**
60
-	 * reads LDAP users marked as deleted from the database
61
-	 * @return \OCA\User_LDAP\User\OfflineUser[]
62
-	 */
63
-	private function fetchDeletedUsers() {
64
-		$deletedUsers = $this->config->getUsersForUserValue(
65
-			'user_ldap', 'isDeleted', '1');
59
+    /**
60
+     * reads LDAP users marked as deleted from the database
61
+     * @return \OCA\User_LDAP\User\OfflineUser[]
62
+     */
63
+    private function fetchDeletedUsers() {
64
+        $deletedUsers = $this->config->getUsersForUserValue(
65
+            'user_ldap', 'isDeleted', '1');
66 66
 
67
-		$userObjects = [];
68
-		foreach ($deletedUsers as $user) {
69
-			$userObjects[] = new OfflineUser($user, $this->config, $this->mapping, $this->shareManager);
70
-		}
71
-		$this->deletedUsers = $userObjects;
67
+        $userObjects = [];
68
+        foreach ($deletedUsers as $user) {
69
+            $userObjects[] = new OfflineUser($user, $this->config, $this->mapping, $this->shareManager);
70
+        }
71
+        $this->deletedUsers = $userObjects;
72 72
 
73
-		return $this->deletedUsers;
74
-	}
73
+        return $this->deletedUsers;
74
+    }
75 75
 
76
-	/**
77
-	 * returns all LDAP users that are marked as deleted
78
-	 * @return \OCA\User_LDAP\User\OfflineUser[]
79
-	 */
80
-	public function getUsers() {
81
-		if (is_array($this->deletedUsers)) {
82
-			return $this->deletedUsers;
83
-		}
84
-		return $this->fetchDeletedUsers();
85
-	}
76
+    /**
77
+     * returns all LDAP users that are marked as deleted
78
+     * @return \OCA\User_LDAP\User\OfflineUser[]
79
+     */
80
+    public function getUsers() {
81
+        if (is_array($this->deletedUsers)) {
82
+            return $this->deletedUsers;
83
+        }
84
+        return $this->fetchDeletedUsers();
85
+    }
86 86
 
87
-	/**
88
-	 * whether at least one user was detected as deleted
89
-	 * @return bool
90
-	 */
91
-	public function hasUsers() {
92
-		if (!is_array($this->deletedUsers)) {
93
-			$this->fetchDeletedUsers();
94
-		}
95
-		return is_array($this->deletedUsers) && (count($this->deletedUsers) > 0);
96
-	}
87
+    /**
88
+     * whether at least one user was detected as deleted
89
+     * @return bool
90
+     */
91
+    public function hasUsers() {
92
+        if (!is_array($this->deletedUsers)) {
93
+            $this->fetchDeletedUsers();
94
+        }
95
+        return is_array($this->deletedUsers) && (count($this->deletedUsers) > 0);
96
+    }
97 97
 
98
-	/**
99
-	 * marks a user as deleted
100
-	 *
101
-	 * @param string $ocName
102
-	 * @throws \OCP\PreConditionNotMetException
103
-	 */
104
-	public function markUser($ocName) {
105
-		$curValue = $this->config->getUserValue($ocName, 'user_ldap', 'isDeleted', '0');
106
-		if ($curValue === '1') {
107
-			// the user is already marked, do not write to DB again
108
-			return;
109
-		}
110
-		$this->config->setUserValue($ocName, 'user_ldap', 'isDeleted', '1');
111
-		$this->config->setUserValue($ocName, 'user_ldap', 'foundDeleted', (string)time());
112
-		$this->deletedUsers = null;
113
-	}
98
+    /**
99
+     * marks a user as deleted
100
+     *
101
+     * @param string $ocName
102
+     * @throws \OCP\PreConditionNotMetException
103
+     */
104
+    public function markUser($ocName) {
105
+        $curValue = $this->config->getUserValue($ocName, 'user_ldap', 'isDeleted', '0');
106
+        if ($curValue === '1') {
107
+            // the user is already marked, do not write to DB again
108
+            return;
109
+        }
110
+        $this->config->setUserValue($ocName, 'user_ldap', 'isDeleted', '1');
111
+        $this->config->setUserValue($ocName, 'user_ldap', 'foundDeleted', (string)time());
112
+        $this->deletedUsers = null;
113
+    }
114 114
 }
Please login to merge, or discard this patch.
apps/user_ldap/lib/User/OfflineUser.php 2 patches
Indentation   +217 added lines, -217 removed lines patch added patch discarded remove patch
@@ -32,240 +32,240 @@
 block discarded – undo
32 32
 use OCP\Share\IShare;
33 33
 
34 34
 class OfflineUser {
35
-	/**
36
-	 * @var string $ocName
37
-	 */
38
-	protected $ocName;
39
-	/**
40
-	 * @var string $dn
41
-	 */
42
-	protected $dn;
43
-	/**
44
-	 * @var string $uid the UID as provided by LDAP
45
-	 */
46
-	protected $uid;
47
-	/**
48
-	 * @var string $displayName
49
-	 */
50
-	protected $displayName;
51
-	/**
52
-	 * @var string $homePath
53
-	 */
54
-	protected $homePath;
55
-	/**
56
-	 * @var string $lastLogin the timestamp of the last login
57
-	 */
58
-	protected $lastLogin;
59
-	/**
60
-	 * @var string $foundDeleted the timestamp when the user was detected as unavailable
61
-	 */
62
-	protected $foundDeleted;
63
-	/**
64
-	 * @var string $email
65
-	 */
66
-	protected $email;
67
-	/**
68
-	 * @var bool $hasActiveShares
69
-	 */
70
-	protected $hasActiveShares;
71
-	/**
72
-	 * @var IConfig $config
73
-	 */
74
-	protected $config;
75
-	/**
76
-	 * @var IDBConnection $db
77
-	 */
78
-	protected $db;
79
-	/**
80
-	 * @var \OCA\User_LDAP\Mapping\UserMapping
81
-	 */
82
-	protected $mapping;
83
-	/** @var IManager */
84
-	private $shareManager;
35
+    /**
36
+     * @var string $ocName
37
+     */
38
+    protected $ocName;
39
+    /**
40
+     * @var string $dn
41
+     */
42
+    protected $dn;
43
+    /**
44
+     * @var string $uid the UID as provided by LDAP
45
+     */
46
+    protected $uid;
47
+    /**
48
+     * @var string $displayName
49
+     */
50
+    protected $displayName;
51
+    /**
52
+     * @var string $homePath
53
+     */
54
+    protected $homePath;
55
+    /**
56
+     * @var string $lastLogin the timestamp of the last login
57
+     */
58
+    protected $lastLogin;
59
+    /**
60
+     * @var string $foundDeleted the timestamp when the user was detected as unavailable
61
+     */
62
+    protected $foundDeleted;
63
+    /**
64
+     * @var string $email
65
+     */
66
+    protected $email;
67
+    /**
68
+     * @var bool $hasActiveShares
69
+     */
70
+    protected $hasActiveShares;
71
+    /**
72
+     * @var IConfig $config
73
+     */
74
+    protected $config;
75
+    /**
76
+     * @var IDBConnection $db
77
+     */
78
+    protected $db;
79
+    /**
80
+     * @var \OCA\User_LDAP\Mapping\UserMapping
81
+     */
82
+    protected $mapping;
83
+    /** @var IManager */
84
+    private $shareManager;
85 85
 
86
-	public function __construct(
87
-		$ocName,
88
-		IConfig $config,
89
-		UserMapping $mapping,
90
-		IManager $shareManager
91
-	) {
92
-		$this->ocName = $ocName;
93
-		$this->config = $config;
94
-		$this->mapping = $mapping;
95
-		$this->shareManager = $shareManager;
96
-	}
86
+    public function __construct(
87
+        $ocName,
88
+        IConfig $config,
89
+        UserMapping $mapping,
90
+        IManager $shareManager
91
+    ) {
92
+        $this->ocName = $ocName;
93
+        $this->config = $config;
94
+        $this->mapping = $mapping;
95
+        $this->shareManager = $shareManager;
96
+    }
97 97
 
98
-	/**
99
-	 * remove the Delete-flag from the user.
100
-	 */
101
-	public function unmark() {
102
-		$this->config->deleteUserValue($this->ocName, 'user_ldap', 'isDeleted');
103
-		$this->config->deleteUserValue($this->ocName, 'user_ldap', 'foundDeleted');
104
-	}
98
+    /**
99
+     * remove the Delete-flag from the user.
100
+     */
101
+    public function unmark() {
102
+        $this->config->deleteUserValue($this->ocName, 'user_ldap', 'isDeleted');
103
+        $this->config->deleteUserValue($this->ocName, 'user_ldap', 'foundDeleted');
104
+    }
105 105
 
106
-	/**
107
-	 * exports the user details in an assoc array
108
-	 * @return array
109
-	 */
110
-	public function export() {
111
-		$data = [];
112
-		$data['ocName'] = $this->getOCName();
113
-		$data['dn'] = $this->getDN();
114
-		$data['uid'] = $this->getUID();
115
-		$data['displayName'] = $this->getDisplayName();
116
-		$data['homePath'] = $this->getHomePath();
117
-		$data['lastLogin'] = $this->getLastLogin();
118
-		$data['email'] = $this->getEmail();
119
-		$data['hasActiveShares'] = $this->getHasActiveShares();
106
+    /**
107
+     * exports the user details in an assoc array
108
+     * @return array
109
+     */
110
+    public function export() {
111
+        $data = [];
112
+        $data['ocName'] = $this->getOCName();
113
+        $data['dn'] = $this->getDN();
114
+        $data['uid'] = $this->getUID();
115
+        $data['displayName'] = $this->getDisplayName();
116
+        $data['homePath'] = $this->getHomePath();
117
+        $data['lastLogin'] = $this->getLastLogin();
118
+        $data['email'] = $this->getEmail();
119
+        $data['hasActiveShares'] = $this->getHasActiveShares();
120 120
 
121
-		return $data;
122
-	}
121
+        return $data;
122
+    }
123 123
 
124
-	/**
125
-	 * getter for Nextcloud internal name
126
-	 * @return string
127
-	 */
128
-	public function getOCName() {
129
-		return $this->ocName;
130
-	}
124
+    /**
125
+     * getter for Nextcloud internal name
126
+     * @return string
127
+     */
128
+    public function getOCName() {
129
+        return $this->ocName;
130
+    }
131 131
 
132
-	/**
133
-	 * getter for LDAP uid
134
-	 * @return string
135
-	 */
136
-	public function getUID() {
137
-		if (!isset($this->uid)) {
138
-			$this->fetchDetails();
139
-		}
140
-		return $this->uid;
141
-	}
132
+    /**
133
+     * getter for LDAP uid
134
+     * @return string
135
+     */
136
+    public function getUID() {
137
+        if (!isset($this->uid)) {
138
+            $this->fetchDetails();
139
+        }
140
+        return $this->uid;
141
+    }
142 142
 
143
-	/**
144
-	 * getter for LDAP DN
145
-	 * @return string
146
-	 */
147
-	public function getDN() {
148
-		if (!isset($this->dn)) {
149
-			$this->fetchDetails();
150
-		}
151
-		return $this->dn;
152
-	}
143
+    /**
144
+     * getter for LDAP DN
145
+     * @return string
146
+     */
147
+    public function getDN() {
148
+        if (!isset($this->dn)) {
149
+            $this->fetchDetails();
150
+        }
151
+        return $this->dn;
152
+    }
153 153
 
154
-	/**
155
-	 * getter for display name
156
-	 * @return string
157
-	 */
158
-	public function getDisplayName() {
159
-		if (!isset($this->displayName)) {
160
-			$this->fetchDetails();
161
-		}
162
-		return $this->displayName;
163
-	}
154
+    /**
155
+     * getter for display name
156
+     * @return string
157
+     */
158
+    public function getDisplayName() {
159
+        if (!isset($this->displayName)) {
160
+            $this->fetchDetails();
161
+        }
162
+        return $this->displayName;
163
+    }
164 164
 
165
-	/**
166
-	 * getter for email
167
-	 * @return string
168
-	 */
169
-	public function getEmail() {
170
-		if (!isset($this->email)) {
171
-			$this->fetchDetails();
172
-		}
173
-		return $this->email;
174
-	}
165
+    /**
166
+     * getter for email
167
+     * @return string
168
+     */
169
+    public function getEmail() {
170
+        if (!isset($this->email)) {
171
+            $this->fetchDetails();
172
+        }
173
+        return $this->email;
174
+    }
175 175
 
176
-	/**
177
-	 * getter for home directory path
178
-	 * @return string
179
-	 */
180
-	public function getHomePath() {
181
-		if (!isset($this->homePath)) {
182
-			$this->fetchDetails();
183
-		}
184
-		return $this->homePath;
185
-	}
176
+    /**
177
+     * getter for home directory path
178
+     * @return string
179
+     */
180
+    public function getHomePath() {
181
+        if (!isset($this->homePath)) {
182
+            $this->fetchDetails();
183
+        }
184
+        return $this->homePath;
185
+    }
186 186
 
187
-	/**
188
-	 * getter for the last login timestamp
189
-	 * @return int
190
-	 */
191
-	public function getLastLogin() {
192
-		if (!isset($this->lastLogin)) {
193
-			$this->fetchDetails();
194
-		}
195
-		return (int)$this->lastLogin;
196
-	}
187
+    /**
188
+     * getter for the last login timestamp
189
+     * @return int
190
+     */
191
+    public function getLastLogin() {
192
+        if (!isset($this->lastLogin)) {
193
+            $this->fetchDetails();
194
+        }
195
+        return (int)$this->lastLogin;
196
+    }
197 197
 
198
-	/**
199
-	 * getter for the detection timestamp
200
-	 * @return int
201
-	 */
202
-	public function getDetectedOn() {
203
-		if (!isset($this->foundDeleted)) {
204
-			$this->fetchDetails();
205
-		}
206
-		return (int)$this->foundDeleted;
207
-	}
198
+    /**
199
+     * getter for the detection timestamp
200
+     * @return int
201
+     */
202
+    public function getDetectedOn() {
203
+        if (!isset($this->foundDeleted)) {
204
+            $this->fetchDetails();
205
+        }
206
+        return (int)$this->foundDeleted;
207
+    }
208 208
 
209
-	/**
210
-	 * getter for having active shares
211
-	 * @return bool
212
-	 */
213
-	public function getHasActiveShares() {
214
-		if (!isset($this->hasActiveShares)) {
215
-			$this->fetchDetails();
216
-		}
217
-		return $this->hasActiveShares;
218
-	}
209
+    /**
210
+     * getter for having active shares
211
+     * @return bool
212
+     */
213
+    public function getHasActiveShares() {
214
+        if (!isset($this->hasActiveShares)) {
215
+            $this->fetchDetails();
216
+        }
217
+        return $this->hasActiveShares;
218
+    }
219 219
 
220
-	/**
221
-	 * reads the user details
222
-	 */
223
-	protected function fetchDetails() {
224
-		$properties = [
225
-			'displayName' => 'user_ldap',
226
-			'uid' => 'user_ldap',
227
-			'homePath' => 'user_ldap',
228
-			'foundDeleted' => 'user_ldap',
229
-			'email' => 'settings',
230
-			'lastLogin' => 'login',
231
-		];
232
-		foreach ($properties as $property => $app) {
233
-			$this->$property = $this->config->getUserValue($this->ocName, $app, $property, '');
234
-		}
220
+    /**
221
+     * reads the user details
222
+     */
223
+    protected function fetchDetails() {
224
+        $properties = [
225
+            'displayName' => 'user_ldap',
226
+            'uid' => 'user_ldap',
227
+            'homePath' => 'user_ldap',
228
+            'foundDeleted' => 'user_ldap',
229
+            'email' => 'settings',
230
+            'lastLogin' => 'login',
231
+        ];
232
+        foreach ($properties as $property => $app) {
233
+            $this->$property = $this->config->getUserValue($this->ocName, $app, $property, '');
234
+        }
235 235
 
236
-		$dn = $this->mapping->getDNByName($this->ocName);
237
-		$this->dn = ($dn !== false) ? $dn : '';
236
+        $dn = $this->mapping->getDNByName($this->ocName);
237
+        $this->dn = ($dn !== false) ? $dn : '';
238 238
 
239
-		$this->determineShares();
240
-	}
239
+        $this->determineShares();
240
+    }
241 241
 
242
-	/**
243
-	 * finds out whether the user has active shares. The result is stored in
244
-	 * $this->hasActiveShares
245
-	 */
246
-	protected function determineShares() {
247
-		$shareInterface = new \ReflectionClass(IShare::class);
248
-		$shareConstants = $shareInterface->getConstants();
242
+    /**
243
+     * finds out whether the user has active shares. The result is stored in
244
+     * $this->hasActiveShares
245
+     */
246
+    protected function determineShares() {
247
+        $shareInterface = new \ReflectionClass(IShare::class);
248
+        $shareConstants = $shareInterface->getConstants();
249 249
 
250
-		foreach ($shareConstants as $constantName => $constantValue) {
251
-			if (strpos($constantName, 'TYPE_') !== 0
252
-				|| $constantValue === IShare::TYPE_USERGROUP
253
-			) {
254
-				continue;
255
-			}
256
-			$shares = $this->shareManager->getSharesBy(
257
-				$this->ocName,
258
-				$constantValue,
259
-				null,
260
-				false,
261
-				1
262
-			);
263
-			if (!empty($shares)) {
264
-				$this->hasActiveShares = true;
265
-				return;
266
-			}
267
-		}
250
+        foreach ($shareConstants as $constantName => $constantValue) {
251
+            if (strpos($constantName, 'TYPE_') !== 0
252
+                || $constantValue === IShare::TYPE_USERGROUP
253
+            ) {
254
+                continue;
255
+            }
256
+            $shares = $this->shareManager->getSharesBy(
257
+                $this->ocName,
258
+                $constantValue,
259
+                null,
260
+                false,
261
+                1
262
+            );
263
+            if (!empty($shares)) {
264
+                $this->hasActiveShares = true;
265
+                return;
266
+            }
267
+        }
268 268
 
269
-		$this->hasActiveShares = false;
270
-	}
269
+        $this->hasActiveShares = false;
270
+    }
271 271
 }
Please login to merge, or discard this patch.
Spacing   +2 added lines, -2 removed lines patch added patch discarded remove patch
@@ -192,7 +192,7 @@  discard block
 block discarded – undo
192 192
 		if (!isset($this->lastLogin)) {
193 193
 			$this->fetchDetails();
194 194
 		}
195
-		return (int)$this->lastLogin;
195
+		return (int) $this->lastLogin;
196 196
 	}
197 197
 
198 198
 	/**
@@ -203,7 +203,7 @@  discard block
 block discarded – undo
203 203
 		if (!isset($this->foundDeleted)) {
204 204
 			$this->fetchDetails();
205 205
 		}
206
-		return (int)$this->foundDeleted;
206
+		return (int) $this->foundDeleted;
207 207
 	}
208 208
 
209 209
 	/**
Please login to merge, or discard this patch.
apps/user_ldap/ajax/wizard.php 1 patch
Indentation   +85 added lines, -85 removed lines patch added patch discarded remove patch
@@ -37,13 +37,13 @@  discard block
 block discarded – undo
37 37
 $l = \OC::$server->getL10N('user_ldap');
38 38
 
39 39
 if (!isset($_POST['action'])) {
40
-	\OC_JSON::error(['message' => $l->t('No action specified')]);
40
+    \OC_JSON::error(['message' => $l->t('No action specified')]);
41 41
 }
42 42
 $action = (string)$_POST['action'];
43 43
 
44 44
 
45 45
 if (!isset($_POST['ldap_serverconfig_chooser'])) {
46
-	\OC_JSON::error(['message' => $l->t('No configuration specified')]);
46
+    \OC_JSON::error(['message' => $l->t('No configuration specified')]);
47 47
 }
48 48
 $prefix = (string)$_POST['ldap_serverconfig_chooser'];
49 49
 
@@ -56,97 +56,97 @@  discard block
 block discarded – undo
56 56
 $con->setIgnoreValidation(true);
57 57
 
58 58
 $userManager = new \OCA\User_LDAP\User\Manager(
59
-	\OC::$server->getConfig(),
60
-	new \OCA\User_LDAP\FilesystemHelper(),
61
-	new \OCA\User_LDAP\LogWrapper(),
62
-	\OC::$server->getAvatarManager(),
63
-	new \OCP\Image(),
64
-	\OC::$server->getUserManager(),
65
-	\OC::$server->getNotificationManager(),
66
-	\OC::$server->get(\OCP\Share\IManager::class)
59
+    \OC::$server->getConfig(),
60
+    new \OCA\User_LDAP\FilesystemHelper(),
61
+    new \OCA\User_LDAP\LogWrapper(),
62
+    \OC::$server->getAvatarManager(),
63
+    new \OCP\Image(),
64
+    \OC::$server->getUserManager(),
65
+    \OC::$server->getNotificationManager(),
66
+    \OC::$server->get(\OCP\Share\IManager::class)
67 67
 );
68 68
 
69 69
 $access = new \OCA\User_LDAP\Access(
70
-	$con,
71
-	$ldapWrapper,
72
-	$userManager,
73
-	new \OCA\User_LDAP\Helper(\OC::$server->getConfig()),
74
-	\OC::$server->getConfig(),
75
-	\OC::$server->getUserManager()
70
+    $con,
71
+    $ldapWrapper,
72
+    $userManager,
73
+    new \OCA\User_LDAP\Helper(\OC::$server->getConfig()),
74
+    \OC::$server->getConfig(),
75
+    \OC::$server->getUserManager()
76 76
 );
77 77
 
78 78
 $wizard = new \OCA\User_LDAP\Wizard($configuration, $ldapWrapper, $access);
79 79
 
80 80
 switch ($action) {
81
-	case 'guessPortAndTLS':
82
-	case 'guessBaseDN':
83
-	case 'detectEmailAttribute':
84
-	case 'detectUserDisplayNameAttribute':
85
-	case 'determineGroupMemberAssoc':
86
-	case 'determineUserObjectClasses':
87
-	case 'determineGroupObjectClasses':
88
-	case 'determineGroupsForUsers':
89
-	case 'determineGroupsForGroups':
90
-	case 'determineAttributes':
91
-	case 'getUserListFilter':
92
-	case 'getUserLoginFilter':
93
-	case 'getGroupFilter':
94
-	case 'countUsers':
95
-	case 'countGroups':
96
-	case 'countInBaseDN':
97
-		try {
98
-			$result = $wizard->$action();
99
-			if ($result !== false) {
100
-				\OC_JSON::success($result->getResultArray());
101
-				exit;
102
-			}
103
-		} catch (\Exception $e) {
104
-			\OC_JSON::error(['message' => $e->getMessage(), 'code' => $e->getCode()]);
105
-			exit;
106
-		}
107
-		\OC_JSON::error();
108
-		exit;
109
-		break;
81
+    case 'guessPortAndTLS':
82
+    case 'guessBaseDN':
83
+    case 'detectEmailAttribute':
84
+    case 'detectUserDisplayNameAttribute':
85
+    case 'determineGroupMemberAssoc':
86
+    case 'determineUserObjectClasses':
87
+    case 'determineGroupObjectClasses':
88
+    case 'determineGroupsForUsers':
89
+    case 'determineGroupsForGroups':
90
+    case 'determineAttributes':
91
+    case 'getUserListFilter':
92
+    case 'getUserLoginFilter':
93
+    case 'getGroupFilter':
94
+    case 'countUsers':
95
+    case 'countGroups':
96
+    case 'countInBaseDN':
97
+        try {
98
+            $result = $wizard->$action();
99
+            if ($result !== false) {
100
+                \OC_JSON::success($result->getResultArray());
101
+                exit;
102
+            }
103
+        } catch (\Exception $e) {
104
+            \OC_JSON::error(['message' => $e->getMessage(), 'code' => $e->getCode()]);
105
+            exit;
106
+        }
107
+        \OC_JSON::error();
108
+        exit;
109
+        break;
110 110
 
111
-	case 'testLoginName': {
112
-		try {
113
-			$loginName = $_POST['ldap_test_loginname'];
114
-			$result = $wizard->$action($loginName);
115
-			if ($result !== false) {
116
-				\OC_JSON::success($result->getResultArray());
117
-				exit;
118
-			}
119
-		} catch (\Exception $e) {
120
-			\OC_JSON::error(['message' => $e->getMessage()]);
121
-			exit;
122
-		}
123
-		\OC_JSON::error();
124
-		exit;
125
-		break;
126
-	}
111
+    case 'testLoginName': {
112
+        try {
113
+            $loginName = $_POST['ldap_test_loginname'];
114
+            $result = $wizard->$action($loginName);
115
+            if ($result !== false) {
116
+                \OC_JSON::success($result->getResultArray());
117
+                exit;
118
+            }
119
+        } catch (\Exception $e) {
120
+            \OC_JSON::error(['message' => $e->getMessage()]);
121
+            exit;
122
+        }
123
+        \OC_JSON::error();
124
+        exit;
125
+        break;
126
+    }
127 127
 
128
-	case 'save':
129
-		$key = isset($_POST['cfgkey']) ? $_POST['cfgkey'] : false;
130
-		$val = isset($_POST['cfgval']) ? $_POST['cfgval'] : null;
131
-		if ($key === false || is_null($val)) {
132
-			\OC_JSON::error(['message' => $l->t('No data specified')]);
133
-			exit;
134
-		}
135
-		$cfg = [$key => $val];
136
-		$setParameters = [];
137
-		$configuration->setConfiguration($cfg, $setParameters);
138
-		if (!in_array($key, $setParameters)) {
139
-			\OC_JSON::error(['message' => $l->t($key.
140
-				' Could not set configuration %s', $setParameters[0])]);
141
-			exit;
142
-		}
143
-		$configuration->saveConfiguration();
144
-		//clear the cache on save
145
-		$connection = new \OCA\User_LDAP\Connection($ldapWrapper, $prefix);
146
-		$connection->clearCache();
147
-		\OC_JSON::success();
148
-		break;
149
-	default:
150
-		\OC_JSON::error(['message' => $l->t('Action does not exist')]);
151
-		break;
128
+    case 'save':
129
+        $key = isset($_POST['cfgkey']) ? $_POST['cfgkey'] : false;
130
+        $val = isset($_POST['cfgval']) ? $_POST['cfgval'] : null;
131
+        if ($key === false || is_null($val)) {
132
+            \OC_JSON::error(['message' => $l->t('No data specified')]);
133
+            exit;
134
+        }
135
+        $cfg = [$key => $val];
136
+        $setParameters = [];
137
+        $configuration->setConfiguration($cfg, $setParameters);
138
+        if (!in_array($key, $setParameters)) {
139
+            \OC_JSON::error(['message' => $l->t($key.
140
+                ' Could not set configuration %s', $setParameters[0])]);
141
+            exit;
142
+        }
143
+        $configuration->saveConfiguration();
144
+        //clear the cache on save
145
+        $connection = new \OCA\User_LDAP\Connection($ldapWrapper, $prefix);
146
+        $connection->clearCache();
147
+        \OC_JSON::success();
148
+        break;
149
+    default:
150
+        \OC_JSON::error(['message' => $l->t('Action does not exist')]);
151
+        break;
152 152
 }
Please login to merge, or discard this patch.