implements identity lookup for carddav

src/backend/carddav/carddav.php

@@ -78,9 +78,18 @@ class BackendCardDAV extends BackendDiff implements ISearchProvider {
      */
     public function Logon($username, $domain, $password) {
         $this->url = CARDDAV_PROTOCOL . '://' . CARDDAV_SERVER . ':' . CARDDAV_PORT . str_replace("%d", $domain, str_replace("%u", $username, CARDDAV_PATH));
+        if(strpos($this->url, "%i") !== false) {
+            $this->url = $this->LookupUserIdentifierInLdap($this->url, $username, $domain);
+        }
         $this->default_url = CARDDAV_PROTOCOL . '://' . CARDDAV_SERVER . ':' . CARDDAV_PORT . str_replace("%d", $domain, str_replace("%u", $username, CARDDAV_DEFAULT_PATH));
+        if(strpos($this->default_url, "%i") !== false) {
+            $this->default_url = $this->LookupUserIdentifierInLdap($this->default_url, $username, $domain);
+        }
         if (defined('CARDDAV_GAL_PATH')) {
             $this->gal_url = CARDDAV_PROTOCOL . '://' . CARDDAV_SERVER . ':' . CARDDAV_PORT . str_replace("%d", $domain, str_replace("%u", $username, CARDDAV_GAL_PATH));
+            if(strpos($this->gal_url, "%i") !== false) {
+                $this->gal_url = $this->LookupUserIdentifierInLdap($this->gal_url, $username, $domain);
+            }
         }
         else {
             $this->gal_url = false;
@@ -106,6 +115,70 @@ class BackendCardDAV extends BackendDiff implements ISearchProvider {
         return $connected;
     }
 
+    private function LookupUserIdentifierInLdap($carddav_path, $username, $domain) {
+        $ldap_conn = null;
+        try {
+            $ldap_conn = ldap_connect(CARDDAV_IDENTITY_LDAP_SERVER, CARDDAV_IDENTITY_LDAP_SERVER_PORT);
+            if ($ldap_conn) {
+                ZLog::Write(LOGLEVEL_DEBUG, sprintf("BackendIMAP->getIdentityFromLdap() - Connected to LDAP"));
+                ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
+                ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
+                $ldap_bind = ldap_bind($ldap_conn, CARDDAV_IDENTITY_LDAP_USER, CARDDAV_IDENTITY_LDAP_PASSWORD);
+
+                if ($ldap_bind) {
+                    ZLog::Write(LOGLEVEL_DEBUG, sprintf("BackendIMAP->getIdentityFromLdap() - Authenticated in LDAP"));
+                    $filter = str_replace('#username', $username, str_replace('#domain', $domain, CARDDAV_IDENTITY_LDAP_QUERY));
+                    ZLog::Write(LOGLEVEL_DEBUG, sprintf("BackendIMAP->getIdentityFromLdap() - Searching From with filter: %s", $filter));
+                    $search = ldap_search($ldap_conn, CARDDAV_IDENTITY_LDAP_BASE, $filter, array(CARDDAV_IDENTITY_LDAP_IDENTIFIER));
+                    $items = ldap_get_entries($ldap_conn, $search);
+                    if ($items['count'] > 0) {
+                        ZLog::Write(LOGLEVEL_DEBUG, sprintf("BackendIMAP->getIdentityFromLdap() - Found entry in LDAP. Generating From"));
+                        // We get the first object. It's your responsability to make the query unique
+
+                        $identity = CARDDAV_IDENTITY_LDAP_IDENTIFIER === "objectguid" ? $this->convertObjectGUID2Str($items[0][CARDDAV_IDENTITY_LDAP_IDENTIFIER][0]) : $items[0][CARDDAV_IDENTITY_LDAP_IDENTIFIER][0];
+                        $carddav_path = str_replace('%i', $identity, $carddav_path);
+                    }
+                    else {
+                        ZLog::Write(LOGLEVEL_DEBUG, sprintf("BackendIMAP->getIdentityFromLdap() - No entry found in LDAP"));
+                    }
+                }
+                else {
+                    ZLog::Write(LOGLEVEL_DEBUG, sprintf("BackendIMAP->getIdentityFromLdap() - Not authenticated in LDAP server"));
+                }
+            }
+            else {
+                ZLog::Write(LOGLEVEL_DEBUG, sprintf("BackendIMAP->getIdentityFromLdap() - Not connected to LDAP server"));
+            }
+        }
+        catch(Exception $ex) {
+            ZLog::Write(LOGLEVEL_WARN, sprintf("BackendIMAP->getIdentityFromLdap() - Error getting From value from LDAP server: %s", $ex));
+        }
+
+        if ($ldap_conn != null) {
+            ldap_close($ldap_conn);
+        }
+        return $carddav_path;
+    }
+
+    private function convertObjectGUID2Str($oguid) {
+		$hex_guid = bin2hex($oguid);
+		$hex_guid_to_guid_str = '';
+		for($k = 1; $k <= 4; ++$k) {
+			$hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2);
+		}
+		$hex_guid_to_guid_str .= '-';
+		for($k = 1; $k <= 2; ++$k) {
+			$hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2);
+		}
+		$hex_guid_to_guid_str .= '-';
+		for($k = 1; $k <= 2; ++$k) {
+			$hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2);
+		}
+		$hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4);
+		$hex_guid_to_guid_str .= '-' . substr($hex_guid, 20);
+		return strtoupper($hex_guid_to_guid_str);
+	}
+
     /**
      * Logs off
      *

src/backend/carddav/config.php

@@ -88,4 +88,19 @@ define('CARDDAV_SUPPORTS_FN_SEARCH', false);
 // If your carddav server needs to use file extension to recover a vcard.
 //    Davical needs it
 //    SOGo official demo online needs it, but some SOGo installation don't need it, so test it
-define('CARDDAV_URL_VCARD_EXTENSION', '.vcf');
\ No newline at end of file
+define('CARDDAV_URL_VCARD_EXTENSION', '.vcf');
+
+// SERVER: ldap server
+// SERVER_PORT: ldap port
+// USER: dn to use for connecting
+// PASSWORD: password
+// QUERY: query to execute
+// FIELDS: columns in the query
+// FROM: string that will be the from, replacing the field names with the values
+define('CARDDAV_IDENTITY_LDAP_SERVER', 'localhost');
+define('CARDDAV_IDENTITY_LDAP_SERVER_PORT', '389');
+define('CARDDAV_IDENTITY_LDAP_USER', 'cn=zpush,ou=servers,dc=zpush,dc=org');
+define('CARDDAV_IDENTITY_LDAP_PASSWORD', 'password');
+define('CARDDAV_IDENTITY_LDAP_BASE', 'dc=zpush,dc=org');
+define('CARDDAV_IDENTITY_LDAP_QUERY', '(sAMAccountName=#username)');
+define('CARDDAV_IDENTITY_LDAP_IDENTIFIER', "objectGUID");
\ No newline at end of file