diff --git a/apps/user_ldap/appinfo/info.xml b/apps/user_ldap/appinfo/info.xml
index 3b94c0bc4445e..0cc0bbb34a5b9 100644
--- a/apps/user_ldap/appinfo/info.xml
+++ b/apps/user_ldap/appinfo/info.xml
@@ -64,6 +64,7 @@ A user logs into Nextcloud with their LDAP or AD credentials, and is granted acc
OCA\User_LDAP\Command\ShowConfig
OCA\User_LDAP\Command\ShowRemnants
OCA\User_LDAP\Command\TestConfig
+ OCA\User_LDAP\Command\TestUserSettings
OCA\User_LDAP\Command\UpdateUUID
diff --git a/apps/user_ldap/composer/composer/autoload_classmap.php b/apps/user_ldap/composer/composer/autoload_classmap.php
index 48fe59a9a51cc..2be727a240c24 100644
--- a/apps/user_ldap/composer/composer/autoload_classmap.php
+++ b/apps/user_ldap/composer/composer/autoload_classmap.php
@@ -23,6 +23,7 @@
'OCA\\User_LDAP\\Command\\ShowConfig' => $baseDir . '/../lib/Command/ShowConfig.php',
'OCA\\User_LDAP\\Command\\ShowRemnants' => $baseDir . '/../lib/Command/ShowRemnants.php',
'OCA\\User_LDAP\\Command\\TestConfig' => $baseDir . '/../lib/Command/TestConfig.php',
+ 'OCA\\User_LDAP\\Command\\TestUserSettings' => $baseDir . '/../lib/Command/TestUserSettings.php',
'OCA\\User_LDAP\\Command\\UpdateUUID' => $baseDir . '/../lib/Command/UpdateUUID.php',
'OCA\\User_LDAP\\Configuration' => $baseDir . '/../lib/Configuration.php',
'OCA\\User_LDAP\\Connection' => $baseDir . '/../lib/Connection.php',
diff --git a/apps/user_ldap/composer/composer/autoload_static.php b/apps/user_ldap/composer/composer/autoload_static.php
index dd5ad0322af37..a03e0e8eb9709 100644
--- a/apps/user_ldap/composer/composer/autoload_static.php
+++ b/apps/user_ldap/composer/composer/autoload_static.php
@@ -38,6 +38,7 @@ class ComposerStaticInitUser_LDAP
'OCA\\User_LDAP\\Command\\ShowConfig' => __DIR__ . '/..' . '/../lib/Command/ShowConfig.php',
'OCA\\User_LDAP\\Command\\ShowRemnants' => __DIR__ . '/..' . '/../lib/Command/ShowRemnants.php',
'OCA\\User_LDAP\\Command\\TestConfig' => __DIR__ . '/..' . '/../lib/Command/TestConfig.php',
+ 'OCA\\User_LDAP\\Command\\TestUserSettings' => __DIR__ . '/..' . '/../lib/Command/TestUserSettings.php',
'OCA\\User_LDAP\\Command\\UpdateUUID' => __DIR__ . '/..' . '/../lib/Command/UpdateUUID.php',
'OCA\\User_LDAP\\Configuration' => __DIR__ . '/..' . '/../lib/Configuration.php',
'OCA\\User_LDAP\\Connection' => __DIR__ . '/..' . '/../lib/Connection.php',
diff --git a/apps/user_ldap/lib/Command/TestUserSettings.php b/apps/user_ldap/lib/Command/TestUserSettings.php
new file mode 100644
index 0000000000000..88524eded02cc
--- /dev/null
+++ b/apps/user_ldap/lib/Command/TestUserSettings.php
@@ -0,0 +1,236 @@
+setName('ldap:test-user-settings')
+ ->setDescription('Runs tests and show information about user related LDAP settings')
+ ->addArgument(
+ 'user',
+ InputArgument::REQUIRED,
+ 'the user name as used in Nextcloud, or the LDAP DN'
+ )
+ ->addOption(
+ 'group',
+ 'g',
+ InputOption::VALUE_REQUIRED,
+ 'A group DN to check if the user is a member or not'
+ )
+ ->addOption(
+ 'clearcache',
+ null,
+ InputOption::VALUE_NONE,
+ 'Clear the cache of the LDAP connection before the beginning of tests'
+ )
+ ;
+ }
+
+ protected function execute(InputInterface $input, OutputInterface $output): int {
+ try {
+ $uid = $input->getArgument('user');
+ $access = $this->backend->getLDAPAccess($uid);
+ $connection = $access->getConnection();
+ if ($input->getOption('clearcache')) {
+ $connection->clearCache();
+ }
+ $configPrefix = $connection->getConfigPrefix();
+ $knownDn = '';
+ if ($access->stringResemblesDN($uid)) {
+ $knownDn = $uid;
+ $username = $access->dn2username($uid);
+ if ($username !== false) {
+ $uid = $username;
+ }
+ }
+
+ $dn = $this->mapping->getDNByName($uid);
+ if ($dn !== false) {
+ $output->writeln("User $dn is mapped with account name $uid.");
+ $uuid = $this->mapping->getUUIDByDN($dn);
+ $output->writeln("Known UUID is $uuid.");
+ if ($knownDn === '') {
+ $knownDn = $dn;
+ }
+ } else {
+ $output->writeln("User $uid is not mapped.");
+ }
+
+ if ($knownDn === '') {
+ return self::SUCCESS;
+ }
+
+ if (!$access->isDNPartOfBase($knownDn, $access->getConnection()->ldapBaseUsers)) {
+ $output->writeln(
+ "User $knownDn is not in one of the configured user bases: " .
+ implode(',', $access->getConnection()->ldapBaseUsers) .
+ '.'
+ );
+ }
+
+ $output->writeln("Configuration prefix is $configPrefix");
+ $output->writeln('');
+
+ $attributeNames = [
+ 'ldapExpertUsernameAttr',
+ 'ldapUuidUserAttribute',
+ 'ldapExpertUUIDUserAttr',
+ 'ldapQuotaAttribute',
+ 'ldapEmailAttribute',
+ 'ldapUserDisplayName',
+ 'ldapUserDisplayName2',
+ 'ldapExtStorageHomeAttribute',
+ 'ldapAttributePhone',
+ 'ldapAttributeWebsite',
+ 'ldapAttributeAddress',
+ 'ldapAttributeTwitter',
+ 'ldapAttributeFediverse',
+ 'ldapAttributeOrganisation',
+ 'ldapAttributeRole',
+ 'ldapAttributeHeadline',
+ 'ldapAttributeBiography',
+ 'ldapAttributeBirthDate',
+ 'ldapAttributePronouns',
+ ];
+ $output->writeln('Attributes set in configuration:');
+ foreach ($attributeNames as $attributeName) {
+ if ($connection->$attributeName !== '') {
+ $output->writeln("- $attributeName: " . $connection->$attributeName . '');
+ }
+ }
+
+ $filter = $connection->ldapUserFilter;
+ $attrs = $access->userManager->getAttributes(true);
+ $attrs[] = strtolower($connection->ldapExpertUsernameAttr);
+ if ($connection->ldapUuidUserAttribute !== 'auto') {
+ $attrs[] = strtolower($connection->ldapUuidUserAttribute);
+ }
+ $attrs[] = 'memberof';
+ $attrs = array_values(array_unique($attrs));
+ $attributes = $access->readAttributes($knownDn, $attrs, $filter);
+
+ if ($attributes === false) {
+ $output->writeln(
+ "LDAP read on $knownDn with filter $filter failed."
+ );
+ return self::FAILURE;
+ }
+
+ $output->writeln("Attributes fetched from LDAP using filter $filter:");
+ foreach ($attributes as $attribute => $value) {
+ $output->writeln(
+ "- $attribute: " . json_encode($value) . ''
+ );
+ }
+
+ $uuid = $access->getUUID($knownDn);
+ if ($connection->ldapUuidUserAttribute === 'auto') {
+ $output->writeln('Failed to detect UUID attribute');
+ } else {
+ $output->writeln('Detected UUID attribute: ' . $connection->ldapUuidUserAttribute . '');
+ }
+ if ($uuid === false) {
+ $output->writeln("Failed to find UUID for $knownDn");
+ } else {
+ $output->writeln("UUID for $knownDn: $uuid");
+ }
+
+ $groupLdapInstance = $this->groupBackend->getBackend($configPrefix);
+
+ $output->writeln('');
+ $output->writeln('Group information:');
+
+ $attributeNames = [
+ 'ldapDynamicGroupMemberURL',
+ 'ldapGroupFilter',
+ 'ldapGroupMemberAssocAttr',
+ ];
+ $output->writeln('Configuration:');
+ foreach ($attributeNames as $attributeName) {
+ if ($connection->$attributeName !== '') {
+ $output->writeln("- $attributeName: " . $connection->$attributeName . '');
+ }
+ }
+
+ $primaryGroup = $groupLdapInstance->getUserPrimaryGroup($knownDn);
+ $output->writeln('Primary group: ' . ($primaryGroup !== false? $primaryGroup:'') . '');
+
+ $groupByGid = $groupLdapInstance->getUserGroupByGid($knownDn);
+ $output->writeln('Group from gidNumber: ' . ($groupByGid !== false? $groupByGid:'') . '');
+
+ $groups = $groupLdapInstance->getUserGroups($uid);
+ $output->writeln('All known groups: ' . json_encode($groups) . '');
+
+ $memberOfUsed = ((int)$access->connection->hasMemberOfFilterSupport === 1
+ && (int)$access->connection->useMemberOfToDetectMembership === 1);
+
+ $output->writeln('MemberOf usage: ' . ($memberOfUsed ? 'on' : 'off') . ' (' . $access->connection->hasMemberOfFilterSupport . ',' . $access->connection->useMemberOfToDetectMembership . ')');
+
+ $gid = (string)$input->getOption('group');
+ if ($gid === '') {
+ return self::SUCCESS;
+ }
+
+ $output->writeln('');
+ $output->writeln("Group $gid:");
+ $knownGroupDn = '';
+ if ($access->stringResemblesDN($gid)) {
+ $knownGroupDn = $gid;
+ $groupname = $access->dn2groupname($gid);
+ if ($groupname !== false) {
+ $gid = $groupname;
+ }
+ }
+
+ $groupDn = $this->groupMapping->getDNByName($gid);
+ if ($groupDn !== false) {
+ $output->writeln("Group $groupDn is mapped with name $gid.");
+ $groupUuid = $this->groupMapping->getUUIDByDN($groupDn);
+ $output->writeln("Known UUID is $groupUuid.");
+ if ($knownGroupDn === '') {
+ $knownGroupDn = $groupDn;
+ }
+ } else {
+ $output->writeln("Group $gid is not mapped.");
+ }
+
+ $members = $groupLdapInstance->usersInGroup($gid);
+ $output->writeln('Members: ' . json_encode($members) . '');
+
+ return self::SUCCESS;
+
+ } catch (\Exception $e) {
+ $output->writeln('' . $e->getMessage() . '');
+ return self::FAILURE;
+ }
+ }
+}
diff --git a/apps/user_ldap/lib/Group_Proxy.php b/apps/user_ldap/lib/Group_Proxy.php
index cd35f86db779e..ceaa5c2fb5ac9 100644
--- a/apps/user_ldap/lib/Group_Proxy.php
+++ b/apps/user_ldap/lib/Group_Proxy.php
@@ -18,12 +18,11 @@
use OCP\IConfig;
use OCP\IUserManager;
+/**
+ * @template-extends Proxy
+ */
class Group_Proxy extends Proxy implements \OCP\GroupInterface, IGroupLDAP, IGetDisplayNameBackend, INamedBackend, IDeleteGroupBackend, IBatchMethodsBackend, IIsAdminBackend {
- private $backends = [];
- private ?Group_LDAP $refBackend = null;
- private Helper $helper;
private GroupPluginManager $groupPluginManager;
- private bool $isSetUp = false;
private IConfig $config;
private IUserManager $ncUserManager;
@@ -35,28 +34,15 @@ public function __construct(
IConfig $config,
IUserManager $ncUserManager,
) {
- parent::__construct($ldap, $accessFactory);
- $this->helper = $helper;
+ parent::__construct($helper, $ldap, $accessFactory);
$this->groupPluginManager = $groupPluginManager;
$this->config = $config;
$this->ncUserManager = $ncUserManager;
}
- protected function setup(): void {
- if ($this->isSetUp) {
- return;
- }
- $serverConfigPrefixes = $this->helper->getServerConfigurationPrefixes(true);
- foreach ($serverConfigPrefixes as $configPrefix) {
- $this->backends[$configPrefix] =
- new Group_LDAP($this->getAccess($configPrefix), $this->groupPluginManager, $this->config, $this->ncUserManager);
- if (is_null($this->refBackend)) {
- $this->refBackend = $this->backends[$configPrefix];
- }
- }
-
- $this->isSetUp = true;
+ protected function newInstance(string $configPrefix): Group_LDAP {
+ return new Group_LDAP($this->getAccess($configPrefix), $this->groupPluginManager, $this->config, $this->ncUserManager);
}
/**
@@ -152,9 +138,7 @@ public function getUserGroups($uid) {
$groups = [];
foreach ($this->backends as $backend) {
$backendGroups = $backend->getUserGroups($uid);
- if (is_array($backendGroups)) {
- $groups = array_merge($groups, $backendGroups);
- }
+ $groups = array_merge($groups, $backendGroups);
}
return array_values(array_unique($groups));
diff --git a/apps/user_ldap/lib/Proxy.php b/apps/user_ldap/lib/Proxy.php
index 285427bfd4d09..2179af72860fa 100644
--- a/apps/user_ldap/lib/Proxy.php
+++ b/apps/user_ldap/lib/Proxy.php
@@ -12,6 +12,9 @@
use OCP\ICache;
use OCP\Server;
+/**
+ * @template T
+ */
abstract class Proxy {
/** @var array */
private static array $accesses = [];
@@ -20,7 +23,15 @@ abstract class Proxy {
private ?ICache $cache = null;
private AccessFactory $accessFactory;
+ /** @var T[] */
+ protected array $backends = [];
+ /** @var ?T */
+ protected $refBackend = null;
+
+ protected bool $isSetUp = false;
+
public function __construct(
+ private Helper $helper,
ILDAPWrapper $ldap,
AccessFactory $accessFactory
) {
@@ -32,6 +43,36 @@ public function __construct(
}
}
+ protected function setup(): void {
+ if ($this->isSetUp) {
+ return;
+ }
+
+ $serverConfigPrefixes = $this->helper->getServerConfigurationPrefixes(true);
+ foreach ($serverConfigPrefixes as $configPrefix) {
+ $this->backends[$configPrefix] = $this->newInstance($configPrefix);
+
+ if (is_null($this->refBackend)) {
+ $this->refBackend = $this->backends[$configPrefix];
+ }
+ }
+
+ $this->isSetUp = true;
+ }
+
+ /**
+ * @return T
+ */
+ abstract protected function newInstance(string $configPrefix): object;
+
+ /**
+ * @return T
+ */
+ public function getBackend(string $configPrefix): object {
+ $this->setup();
+ return $this->backends[$configPrefix];
+ }
+
private function addAccess(string $configPrefix): void {
$userMap = Server::get(UserMapping::class);
$groupMap = Server::get(GroupMapping::class);
diff --git a/apps/user_ldap/lib/User_Proxy.php b/apps/user_ldap/lib/User_Proxy.php
index d3197296d7c0c..320dfdb68cfee 100644
--- a/apps/user_ldap/lib/User_Proxy.php
+++ b/apps/user_ldap/lib/User_Proxy.php
@@ -18,13 +18,10 @@
use OCP\UserInterface;
use Psr\Log\LoggerInterface;
+/**
+ * @template-extends Proxy
+ */
class User_Proxy extends Proxy implements IUserBackend, UserInterface, IUserLDAP, ICountUsersBackend, ICountMappedUsersBackend, IProvideEnabledStateBackend {
- /** @var User_LDAP[] */
- private array $backends = [];
- private ?User_LDAP $refBackend = null;
-
- private bool $isSetUp = false;
- private Helper $helper;
private INotificationManager $notificationManager;
private UserPluginManager $userPluginManager;
private LoggerInterface $logger;
@@ -39,35 +36,21 @@ public function __construct(
LoggerInterface $logger,
DeletedUsersIndex $deletedUsersIndex,
) {
- parent::__construct($ldap, $accessFactory);
- $this->helper = $helper;
+ parent::__construct($helper, $ldap, $accessFactory);
$this->notificationManager = $notificationManager;
$this->userPluginManager = $userPluginManager;
$this->logger = $logger;
$this->deletedUsersIndex = $deletedUsersIndex;
}
- protected function setup(): void {
- if ($this->isSetUp) {
- return;
- }
-
- $serverConfigPrefixes = $this->helper->getServerConfigurationPrefixes(true);
- foreach ($serverConfigPrefixes as $configPrefix) {
- $this->backends[$configPrefix] = new User_LDAP(
- $this->getAccess($configPrefix),
- $this->notificationManager,
- $this->userPluginManager,
- $this->logger,
- $this->deletedUsersIndex,
- );
-
- if (is_null($this->refBackend)) {
- $this->refBackend = $this->backends[$configPrefix];
- }
- }
-
- $this->isSetUp = true;
+ protected function newInstance(string $configPrefix): User_LDAP {
+ return new User_LDAP(
+ $this->getAccess($configPrefix),
+ $this->notificationManager,
+ $this->userPluginManager,
+ $this->logger,
+ $this->deletedUsersIndex,
+ );
}
/**