Backport of #9848

Fix memberOf detection. Fixes: #9835

Fix remarks in #9848

Fix initializing in #9848

diff --git a/apps/user_ldap/lib/wizard.php b/apps/user_ldap/lib/wizard.php
index 42d612fa7368e67c8c0e42773adf241485fb6e49..eb2a1ab02defc950ad9083d1573d556c92e6dc9f 100644 (file)
--- a/apps/user_ldap/lib/wizard.php
+++ b/apps/user_ldap/lib/wizard.php
@@ -268,10 +268,10 @@ class Wizard extends LDAPUtility {
                        throw new \Exception('Could not connect to LDAP');
                }
 
-               $this->fetchGroups($dbKey, $confKey);
+               $groups = $this->fetchGroups($dbKey, $confKey);
 
                if($testMemberOf) {
-                       $this->configuration->hasMemberOfFilterSupport = $this->testMemberOf();
+                       $this->configuration->hasMemberOfFilterSupport = $this->testMemberOf($groups);
                        $this->result->markChange();
                        if(!$this->configuration->hasMemberOfFilterSupport) {
                                throw new \Exception('memberOf is not supported by the server');
@@ -285,6 +285,7 @@ class Wizard extends LDAPUtility {
         * fetches all groups from LDAP
         * @param string $dbKey
         * @param string $confKey
+        * @return array $groupEntries
         */
        public function fetchGroups($dbKey, $confKey) {
                $obclasses = array('posixGroup', 'group', 'zimbraDistributionList', 'groupOfNames');
@@ -300,19 +301,22 @@ class Wizard extends LDAPUtility {
                $filter = $ldapAccess->combineFilterWithOr($filterParts);
                $filter = $ldapAccess->combineFilterWithAnd(array($filter, 'cn=*'));
 
+               $groupNames = array();
+               $groupEntries = array();
                $limit = 400;
                $offset = 0;
                do {
-                       $result = $ldapAccess->searchGroups($filter, array('cn'), $limit, $offset);
+                       $result = $ldapAccess->searchGroups($filter, array('cn','dn'), $limit, $offset);
                        foreach($result as $item) {
-                               $groups[] = $item[0];
+                               $groupNames[] = $item['cn'];
+                               $groupEntries[] = $item;
                        }
                        $offset += $limit;
-               } while (count($groups) > 0 && count($groups) % $limit === 0);
+               } while (count($groupNames) > 0 && count($groupNames) % $limit === 0);
 
-               if(count($groups) > 0) {
-                       natsort($groups);
-                       $this->result->addOptions($dbKey, array_values($groups));
+               if(count($groupNames) > 0) {
+                       natsort($groupNames);
+                       $this->result->addOptions($dbKey, array_values($groupNames));
                } else {
                        throw new \Exception(self::$l->t('Could not find the desired feature'));
                }
@@ -322,6 +326,7 @@ class Wizard extends LDAPUtility {
                        //something is already configured? pre-select it.
                        $this->result->addChange($dbKey, $setFeatures);
                }
+               return $groupEntries;
        }
 
        public function determineGroupMemberAssoc() {
@@ -653,10 +658,11 @@ class Wizard extends LDAPUtility {
         * Checks whether the server supports memberOf in LDAP Filter.
         * Requires that groups are determined, thus internally called from within
         * determineGroups()
+        * @param array $groups
         * @return bool true if it does, false otherwise
         * @throws \Exception
         */
-       private function testMemberOf() {
+       private function testMemberOf($groups) {
                $cr = $this->getConnection();
                if(!$cr) {
                        throw new \Exception('Could not connect to LDAP');
@@ -669,12 +675,12 @@ class Wizard extends LDAPUtility {
                $filterPrefix = '(&(objectclass=*)(memberOf=';
                $filterSuffix = '))';
 
-               foreach($this->resultCache as $dn => $properties) {
-                       if(!isset($properties['cn'])) {
+               foreach($groups as $groupProperties) {
+                       if(!isset($groupProperties['cn'])) {
                                //assuming only groups have their cn cached :)
                                continue;
                        }
-                       $filter = strtolower($filterPrefix . $dn . $filterSuffix);
+                       $filter = strtolower($filterPrefix . $groupProperties['dn'] . $filterSuffix);
                        $rr = $this->ldap->search($cr, $base, $filter, array('dn'));
                        if(!$this->ldap->isResource($rr)) {
                                continue;