[owncloud-devel] Editing LDAP profile data

user3254 lulahlulah at yahoo.com
Fri Mar 11 08:20:26 GMT 2016


Hi Arthur,

Thanks a lot for the reply.


>
> On Tue, 1 Mar 2016 03:06:49 -0700 (MST)
> user3254 <lulahlulah at yahoo.com> wrote:
>
> Hey Lucy,
>
> > Hi Arthur,
> > 
> > I'm going to write and possibly contribute an app which can write to
> > LDAP and any modifications to user data in the MySQL database should
> > also be done in LDAP. 
> > 
> > Could you please eloborate the interfaces you mentioned? Which
> > methods need to be hooked in? 
>
> Please keep the old mail quoted, so the context is not missing. If I
> would not have it in my maildir it would have been tough to find this
> again ;)
>
> Back then I was writing
>
> >>  However, I am open for needed interfaces or so in here if you
> >> follow the approach with an another app.
>
> That said, there is currently nothing that would let you interact with
> the LDAP backend. 
>
> What we would need to do is to provide an public API in ownCloud core.
> Probably the basic methods would be user centered
>
> * translate an ownCloud username to the LDAP DN: This allows you to
>   work with a user record.
>
> * return the LDAP connection for the specified user (since more than
>   one LDAP server can be configured): This allows you to talk to the
>   LDAP server and you do not need to worry about establishing
>   connections and stuff
>
> Or is there anything else needed by you?


Wow, hm, I initially didn't think that a change in the ownCloud core is
needed. Actually in our project, only user name and password must be stored
in LDAP, storing additional attributes would have been a bonus. And as our
schedule doesn't really allow us to wait for an ownCloud 9.1 release, I'm
now thinking whether I could just write an app that is cloned over from
user_ldap using the same configs, connections etc. and hooks in to the
following methods of \OC\User:

/preSetPassword/: save the password to LDAP. If any error in LDAP occurs,
throw an exception and display a helpful message in ownCloud webUI.

/preCreateUser/: create a user in LDAP with the specified password. If any
error in LDAP occurs, throw an exception and display a helpful message in
ownCloud webUI. 

/preDelete/:delete the corresponding user in LDAP. If any error in LDAP
occurs, throw an exception and display a helpful message in ownCloud webUI. 


Important questions would arise: Firstly, *is it feasible?* Secondly, *how
do you pass such a helpful message or error code to ownCloud webUI, for
example in case of a LDAP password policy violation? And how to do that in
the best way so that the app is not project specific, but can be used
generically?* 

>
> Those methods need to be specified in an interface within a new folder
> lib/public/ldap/
>
> There needs to be a default dummy implementation in core (lib/private/…)
> that would just throw exceptions, and an real implementation in
> apps/user_ldap/. Upon install/update it should override the default
> implementation and set it back when disabling. 
>

Uhm, exceptions not debug messages? But then, I'm not familiar with the core
yet :D


> The server (lib/private/server.php) would just receive a need method
> and provide an instance of that implementation.
>
> This is less complicated than may sound :)
>
> When this is done, your future app would just retrieve the instance via
> \OC::$server->getLDAPProvider() (maybe find a better name), which
> allows you to receive the DN of the user and the LDAP connection
> resource, allowing you to use all the PHP ldap_* methods to interact
> with the server.
>
> What do you think?

Well, it definitely sounds good. However if my proposal above is feasible,
we would stick to that for time reasons.

>
> Cheers
> Arthur
>
> > 
>
>

Your opinion is highly appreciated :)


Best regards,
Lucy



--
View this message in context: http://owncloud.10557.n7.nabble.com/Editing-LDAP-profile-data-tp15999p16871.html
Sent from the Developers mailing list archive at Nabble.com.


More information about the Devel mailing list