Merge pull request #44859 from nextcloud/feat/add-ldap-connection-setup-check
feat(user_ldap): Add setup check to verify connection configuration
This commit is contained in:
commit
78cef3b0e0
|
@ -83,6 +83,7 @@ return array(
|
|||
'OCA\\User_LDAP\\Service\\UpdateGroupsService' => $baseDir . '/../lib/Service/UpdateGroupsService.php',
|
||||
'OCA\\User_LDAP\\Settings\\Admin' => $baseDir . '/../lib/Settings/Admin.php',
|
||||
'OCA\\User_LDAP\\Settings\\Section' => $baseDir . '/../lib/Settings/Section.php',
|
||||
'OCA\\User_LDAP\\SetupChecks\\LdapConnection' => $baseDir . '/../lib/SetupChecks/LdapConnection.php',
|
||||
'OCA\\User_LDAP\\SetupChecks\\LdapInvalidUuids' => $baseDir . '/../lib/SetupChecks/LdapInvalidUuids.php',
|
||||
'OCA\\User_LDAP\\UserPluginManager' => $baseDir . '/../lib/UserPluginManager.php',
|
||||
'OCA\\User_LDAP\\User\\DeletedUsersIndex' => $baseDir . '/../lib/User/DeletedUsersIndex.php',
|
||||
|
|
|
@ -98,6 +98,7 @@ class ComposerStaticInitUser_LDAP
|
|||
'OCA\\User_LDAP\\Service\\UpdateGroupsService' => __DIR__ . '/..' . '/../lib/Service/UpdateGroupsService.php',
|
||||
'OCA\\User_LDAP\\Settings\\Admin' => __DIR__ . '/..' . '/../lib/Settings/Admin.php',
|
||||
'OCA\\User_LDAP\\Settings\\Section' => __DIR__ . '/..' . '/../lib/Settings/Section.php',
|
||||
'OCA\\User_LDAP\\SetupChecks\\LdapConnection' => __DIR__ . '/..' . '/../lib/SetupChecks/LdapConnection.php',
|
||||
'OCA\\User_LDAP\\SetupChecks\\LdapInvalidUuids' => __DIR__ . '/..' . '/../lib/SetupChecks/LdapInvalidUuids.php',
|
||||
'OCA\\User_LDAP\\UserPluginManager' => __DIR__ . '/..' . '/../lib/UserPluginManager.php',
|
||||
'OCA\\User_LDAP\\User\\DeletedUsersIndex' => __DIR__ . '/..' . '/../lib/User/DeletedUsersIndex.php',
|
||||
|
|
|
@ -40,6 +40,7 @@ use OCA\User_LDAP\ILDAPWrapper;
|
|||
use OCA\User_LDAP\LDAP;
|
||||
use OCA\User_LDAP\LoginListener;
|
||||
use OCA\User_LDAP\Notification\Notifier;
|
||||
use OCA\User_LDAP\SetupChecks\LdapConnection;
|
||||
use OCA\User_LDAP\SetupChecks\LdapInvalidUuids;
|
||||
use OCA\User_LDAP\User\Manager;
|
||||
use OCA\User_LDAP\User_Proxy;
|
||||
|
@ -118,6 +119,7 @@ class Application extends App implements IBootstrap {
|
|||
);
|
||||
$context->registerEventListener(PostLoginEvent::class, LoginListener::class);
|
||||
$context->registerSetupCheck(LdapInvalidUuids::class);
|
||||
$context->registerSetupCheck(LdapConnection::class);
|
||||
}
|
||||
|
||||
public function boot(IBootContext $context): void {
|
||||
|
|
|
@ -0,0 +1,111 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2024 Côme Chilliet <come.chilliet@nextcloud.com>
|
||||
*
|
||||
* @author Côme Chilliet <come.chilliet@nextcloud.com>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCA\User_LDAP\SetupChecks;
|
||||
|
||||
use OCA\User_LDAP\AccessFactory;
|
||||
use OCA\User_LDAP\ConnectionFactory;
|
||||
use OCA\User_LDAP\Helper;
|
||||
use OCP\IL10N;
|
||||
use OCP\SetupCheck\ISetupCheck;
|
||||
use OCP\SetupCheck\SetupResult;
|
||||
|
||||
class LdapConnection implements ISetupCheck {
|
||||
public function __construct(
|
||||
private IL10N $l10n,
|
||||
private Helper $helper,
|
||||
private ConnectionFactory $connectionFactory,
|
||||
private AccessFactory $accessFactory,
|
||||
) {
|
||||
}
|
||||
|
||||
public function getCategory(): string {
|
||||
return 'ldap';
|
||||
}
|
||||
|
||||
public function getName(): string {
|
||||
return $this->l10n->t('LDAP Connection');
|
||||
}
|
||||
|
||||
public function run(): SetupResult {
|
||||
$availableConfigs = $this->helper->getServerConfigurationPrefixes();
|
||||
$inactiveConfigurations = [];
|
||||
$bindFailedConfigurations = [];
|
||||
$searchFailedConfigurations = [];
|
||||
foreach ($availableConfigs as $configID) {
|
||||
$connection = $this->connectionFactory->get($configID);
|
||||
if (!$connection->ldapConfigurationActive) {
|
||||
$inactiveConfigurations[] = $configID;
|
||||
continue;
|
||||
}
|
||||
if (!$connection->bind()) {
|
||||
$bindFailedConfigurations[] = $configID;
|
||||
continue;
|
||||
}
|
||||
$access = $this->accessFactory->get($connection);
|
||||
$result = $access->countObjects(1);
|
||||
if (!is_int($result) || ($result <= 0)) {
|
||||
$searchFailedConfigurations[] = $configID;
|
||||
}
|
||||
}
|
||||
$output = '';
|
||||
if (!empty($bindFailedConfigurations)) {
|
||||
$output .= $this->l10n->n(
|
||||
'Binding failed for this LDAP configuration: %s',
|
||||
'Binding failed for these LDAP configurations: %s',
|
||||
count($bindFailedConfigurations),
|
||||
[implode(',', $bindFailedConfigurations)]
|
||||
)."\n";
|
||||
}
|
||||
if (!empty($searchFailedConfigurations)) {
|
||||
$output .= $this->l10n->n(
|
||||
'Searching failed for this LDAP configuration: %s',
|
||||
'Searching failed for these LDAP configurations: %s',
|
||||
count($searchFailedConfigurations),
|
||||
[implode(',', $searchFailedConfigurations)]
|
||||
)."\n";
|
||||
}
|
||||
if (!empty($inactiveConfigurations)) {
|
||||
$output .= $this->l10n->n(
|
||||
'There is an inactive LDAP configuration: %s',
|
||||
'There are inactive LDAP configurations: %s',
|
||||
count($inactiveConfigurations),
|
||||
[implode(',', $inactiveConfigurations)]
|
||||
)."\n";
|
||||
}
|
||||
if (!empty($bindFailedConfigurations) || !empty($searchFailedConfigurations)) {
|
||||
return SetupResult::error($output);
|
||||
} elseif (!empty($inactiveConfigurations)) {
|
||||
return SetupResult::warning($output);
|
||||
}
|
||||
return SetupResult::success($this->l10n->n(
|
||||
'Binding and searching works on the configured LDAP connection (%s)',
|
||||
'Binding and searching works on all of the configured LDAP connections (%s)',
|
||||
count($availableConfigs),
|
||||
[implode(',', $availableConfigs)]
|
||||
));
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue