summaryrefslogtreecommitdiff
path: root/lib/plugins/authad/auth.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/plugins/authad/auth.php')
-rw-r--r--lib/plugins/authad/auth.php188
1 files changed, 171 insertions, 17 deletions
diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php
index a3119dda6..60c68efc4 100644
--- a/lib/plugins/authad/auth.php
+++ b/lib/plugins/authad/auth.php
@@ -3,6 +3,7 @@
if(!defined('DOKU_INC')) die();
require_once(DOKU_PLUGIN.'authad/adLDAP/adLDAP.php');
+require_once(DOKU_PLUGIN.'authad/adLDAP/classes/adLDAPUtils.php');
/**
* Active Directory authentication backend for DokuWiki
@@ -67,6 +68,10 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
*/
protected $_pattern = array();
+ protected $_actualstart = 0;
+
+ protected $_grpsusers = array();
+
/**
* Constructor
*/
@@ -116,6 +121,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
// other can do's are changed in $this->_loadServerConfig() base on domain setup
$this->cando['modName'] = true;
$this->cando['modMail'] = true;
+ $this->cando['getUserCount'] = true;
}
/**
@@ -203,6 +209,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
}
//general user info
+ $info = array();
$info['name'] = $result[0]['displayname'][0];
$info['mail'] = $result[0]['mail'][0];
$info['uid'] = $result[0]['samaccountname'][0];
@@ -251,7 +258,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
($info['expiresin'] <= $this->conf['expirywarn']) &&
!$this->msgshown
) {
- $msg = sprintf($lang['authpwdexpire'], $info['expiresin']);
+ $msg = sprintf($this->getLang('authpwdexpire'), $info['expiresin']);
if($this->canDo('modPass')) {
$url = wl($ID, array('do'=> 'profile'));
$msg .= ' <a href="'.$url.'">'.$lang['btn_profile'].'</a>';
@@ -325,13 +332,137 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
}
/**
+ * Create a Search-String useable by adLDAPUsers::all($includeDescription = false, $search = "*", $sorted = true)
+ *
+ * @param array $filter
+ * @return string
+ */
+ protected function _constructSearchString($filter){
+ if (!$filter){
+ return '*';
+ }
+ $adldapUtils = new adLDAPUtils($this->_adldap(null));
+ $result = '*';
+ if (isset($filter['name'])) {
+ $result .= ')(displayname=*' . $adldapUtils->ldapSlashes($filter['name']) . '*';
+ unset($filter['name']);
+ }
+
+ if (isset($filter['user'])) {
+ $result .= ')(samAccountName=*' . $adldapUtils->ldapSlashes($filter['user']) . '*';
+ unset($filter['user']);
+ }
+
+ if (isset($filter['mail'])) {
+ $result .= ')(mail=*' . $adldapUtils->ldapSlashes($filter['mail']) . '*';
+ unset($filter['mail']);
+ }
+ return $result;
+ }
+
+ /**
+ * Return a count of the number of user which meet $filter criteria
+ *
+ * @param array $filter $filter array of field/pattern pairs, empty array for no filter
+ * @return int number of users
+ */
+ public function getUserCount($filter = array()) {
+ $adldap = $this->_adldap(null);
+ if(!$adldap) {
+ dbglog("authad/auth.php getUserCount(): _adldap not set.");
+ return -1;
+ }
+ if ($filter == array()) {
+ $result = $adldap->user()->all();
+ } else {
+ $searchString = $this->_constructSearchString($filter);
+ $result = $adldap->user()->all(false, $searchString);
+ if (isset($filter['grps'])) {
+ $this->users = array_fill_keys($result, false);
+ $usermanager = plugin_load("admin", "usermanager", false);
+ $usermanager->setLastdisabled(true);
+ if (!isset($this->_grpsusers[$this->_filterToString($filter)])){
+ $this->_fillGroupUserArray($filter,$usermanager->getStart() + 3*$usermanager->getPagesize());
+ } elseif (count($this->_grpsusers[$this->_filterToString($filter)]) < $usermanager->getStart() + 3*$usermanager->getPagesize()) {
+ $this->_fillGroupUserArray($filter,$usermanager->getStart() + 3*$usermanager->getPagesize() - count($this->_grpsusers[$this->_filterToString($filter)]));
+ }
+ $result = $this->_grpsusers[$this->_filterToString($filter)];
+ } else {
+ $usermanager = plugin_load("admin", "usermanager", false);
+ $usermanager->setLastdisabled(false);
+ }
+
+ }
+
+ if (!$result) {
+ return 0;
+ }
+ return count($result);
+ }
+
+ /**
+ *
+ * create a unique string for each filter used with a group
+ *
+ * @param array $filter
+ * @return string
+ */
+ protected function _filterToString ($filter) {
+ $result = '';
+ if (isset($filter['user'])) {
+ $result .= 'user-' . $filter['user'];
+ }
+ if (isset($filter['name'])) {
+ $result .= 'name-' . $filter['name'];
+ }
+ if (isset($filter['mail'])) {
+ $result .= 'mail-' . $filter['mail'];
+ }
+ if (isset($filter['grps'])) {
+ $result .= 'grps-' . $filter['grps'];
+ }
+ return $result;
+ }
+
+ /**
+ * Create an array of $numberOfAdds users passing a certain $filter, including belonging
+ * to a certain group and save them to a object-wide array. If the array
+ * already exists try to add $numberOfAdds further users to it.
+ *
+ * @param array $filter
+ * @param int $numberOfAdds additional number of users requested
+ * @return int number of Users actually add to Array
+ */
+ protected function _fillGroupUserArray($filter, $numberOfAdds){
+ $this->_grpsusers[$this->_filterToString($filter)];
+ $i = 0;
+ $count = 0;
+ $this->_constructPattern($filter);
+ foreach ($this->users as $user => &$info) {
+ if($i++ < $this->_actualstart) {
+ continue;
+ }
+ if($info === false) {
+ $info = $this->getUserData($user);
+ }
+ if($this->_filter($user, $info)) {
+ $this->_grpsusers[$this->_filterToString($filter)][$user] = $info;
+ if(($numberOfAdds > 0) && (++$count >= $numberOfAdds)) break;
+ }
+ }
+ $this->_actualstart = $i;
+ return $count;
+ }
+
+ /**
* Bulk retrieval of user data
*
* @author Dominik Eckelmann <dokuwiki@cosmocode.de>
- * @param int $start index of first user to be returned
- * @param int $limit max number of users to be returned
- * @param array $filter array of field/pattern pairs, null for no filter
- * @return array userinfo (refer getUserData for internal userinfo details)
+ *
+ * @param int $start index of first user to be returned
+ * @param int $limit max number of users to be returned
+ * @param array $filter array of field/pattern pairs, null for no filter
+ * @return array userinfo (refer getUserData for internal userinfo details)
*/
public function retrieveUsers($start = 0, $limit = 0, $filter = array()) {
$adldap = $this->_adldap(null);
@@ -339,27 +470,44 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
if(!$this->users) {
//get info for given user
- $result = $adldap->user()->all();
+ $result = $adldap->user()->all(false, $this->_constructSearchString($filter));
if (!$result) return array();
$this->users = array_fill_keys($result, false);
}
$i = 0;
$count = 0;
- $this->_constructPattern($filter);
$result = array();
- foreach($this->users as $user => &$info) {
- if($i++ < $start) {
- continue;
+ if (!isset($filter['grps'])) {
+ $usermanager = plugin_load("admin", "usermanager", false);
+ $usermanager->setLastdisabled(false);
+ $this->_constructPattern($filter);
+ foreach($this->users as $user => &$info) {
+ if($i++ < $start) {
+ continue;
+ }
+ if($info === false) {
+ $info = $this->getUserData($user);
+ }
+ $result[$user] = $info;
+ if(($limit > 0) && (++$count >= $limit)) break;
}
- if($info === false) {
- $info = $this->getUserData($user);
+ } else {
+ $usermanager = plugin_load("admin", "usermanager", false);
+ $usermanager->setLastdisabled(true);
+ if (!isset($this->_grpsusers[$this->_filterToString($filter)]) || count($this->_grpsusers[$this->_filterToString($filter)]) < ($start+$limit)) {
+ $this->_fillGroupUserArray($filter,$start+$limit - count($this->_grpsusers[$this->_filterToString($filter)]) +1);
}
- if($this->_filter($user, $info)) {
+ if (!$this->_grpsusers[$this->_filterToString($filter)]) return false;
+ foreach($this->_grpsusers[$this->_filterToString($filter)] as $user => &$info) {
+ if($i++ < $start) {
+ continue;
+ }
$result[$user] = $info;
if(($limit > 0) && (++$count >= $limit)) break;
}
+
}
return $result;
}
@@ -374,7 +522,10 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
public function modifyUser($user, $changes) {
$return = true;
$adldap = $this->_adldap($this->_userDomain($user));
- if(!$adldap) return false;
+ if(!$adldap) {
+ msg($this->getLang('connectfail'), -1);
+ return false;
+ }
// password changing
if(isset($changes['pass'])) {
@@ -384,7 +535,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
if ($this->conf['debug']) msg('AD Auth: '.$e->getMessage(), -1);
$return = false;
}
- if(!$return) msg('AD Auth: failed to change the password. Maybe the password policy was not met?', -1);
+ if(!$return) msg($this->getLang('passchangefail'), -1);
}
// changing user data
@@ -406,6 +557,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
if ($this->conf['debug']) msg('AD Auth: '.$e->getMessage(), -1);
$return = false;
}
+ if(!$return) msg($this->getLang('userchangefail'), -1);
}
return $return;
@@ -446,7 +598,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
/**
* Get the domain part from a user
*
- * @param $user
+ * @param string $user
* @return string
*/
public function _userDomain($user) {
@@ -457,7 +609,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
/**
* Get the user part from a user
*
- * @param $user
+ * @param string $user
* @return string
*/
public function _userName($user) {
@@ -543,6 +695,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
* The patterns are set up with $this->_constructPattern()
*
* @author Chris Smith <chris@jalakai.co.uk>
+ *
* @param string $user
* @param array $info
* @return bool
@@ -564,6 +717,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin {
* Create a pattern for $this->_filter()
*
* @author Chris Smith <chris@jalakai.co.uk>
+ *
* @param array $filter
*/
protected function _constructPattern($filter) {
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-09 23:45:07 +0000