fixes possible override of uniqueMember by autodetection

* uniqueMember was the default so we did not know whether this setting is
  desired or the initial value
* autodetection of the user-group association attribute runs only when it
  was not set (as far as we knew)
* the default is now empty
* thus LDAPProvider might return this value as well (in exceptional cases)
* if a group base is given (edge case), use this instead of general base
* resolves #12682

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

apps/user_ldap/js/wizard/wizardDetectorUserGroupAssociation.js

@@ -27,7 +27,7 @@ OCA = OCA || {};
 		run: function(model, configID) {
 			// TODO: might be better with configuration marker as uniqueMember
 			// is a valid value (although probably less common then member and memberUid).
-			if(model.configuration.ldap_group_member_assoc_attribute && model.configuration.ldap_group_member_assoc_attribute !== 'uniqueMember') {
+			if(model.configuration.ldap_group_member_assoc_attribute && model.configuration.ldap_group_member_assoc_attribute !== '') {
 				// a value is already set. Don't overwrite and don't ask LDAP
 				// without reason.
 				return false;

apps/user_ldap/lib/Configuration.php

@@ -456,7 +456,7 @@ class Configuration {
 			'ldap_quota_def'                    => '',
 			'ldap_quota_attr'                   => '',
 			'ldap_email_attr'                   => '',
-			'ldap_group_member_assoc_attribute' => 'uniqueMember',
+			'ldap_group_member_assoc_attribute' => '',
 			'ldap_cache_ttl'                    => 600,
 			'ldap_uuid_user_attribute'          => 'auto',
 			'ldap_uuid_group_attribute'         => 'auto',

apps/user_ldap/lib/LDAPProvider.php

@@ -279,7 +279,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
 	/**
 	 * Get the LDAP type of association between users and groups
 	 * @param string $gid group id
-	 * @return string the configuration, one of: 'memberUid', 'uniqueMember', 'member', 'gidNumber'
+	 * @return string the configuration, one of: 'memberUid', 'uniqueMember', 'member', 'gidNumber', ''
 	 * @throws \Exception if group id was not found in LDAP
 	 */
 	public function getLDAPGroupMemberAssoc($gid) {

apps/user_ldap/lib/Wizard.php

@@ -794,7 +794,7 @@ class Wizard extends LDAPUtility {
 	 * @throws \Exception
 	 */
 	private function detectGroupMemberAssoc() {
-		$possibleAttrs = array('uniqueMember', 'memberUid', 'member', 'gidNumber');
+		$possibleAttrs = ['uniqueMember', 'memberUid', 'member', 'gidNumber'];
 		$filter = $this->configuration->ldapGroupFilter;
 		if(empty($filter)) {
 			return false;
@@ -803,7 +803,7 @@ class Wizard extends LDAPUtility {
 		if(!$cr) {
 			throw new \Exception('Could not connect to LDAP');
 		}
-		$base = $this->configuration->ldapBase[0];
+		$base = $this->configuration->ldapBaseGroups[0] ?: $this->configuration->ldapBase[0];
 		$rr = $this->ldap->search($cr, $base, $filter, $possibleAttrs, 0, 1000);
 		if(!$this->ldap->isResource($rr)) {
 			return false;
@@ -812,7 +812,7 @@ class Wizard extends LDAPUtility {
 		while(is_resource($er)) {
 			$this->ldap->getDN($cr, $er);
 			$attrs = $this->ldap->getAttributes($cr, $er);
-			$result = array();
+			$result = [];
 			$possibleAttrsCount = count($possibleAttrs);
 			for($i = 0; $i < $possibleAttrsCount; $i++) {
 				if(isset($attrs[$possibleAttrs[$i]])) {

lib/public/LDAP/ILDAPProvider.php

@@ -151,7 +151,7 @@ interface ILDAPProvider {
 	/**
 	 * Get the LDAP attribute name for the type of association betweeen users and groups
 	 * @param string $gid group id
-	 * @return string the configuration, one of: 'memberUid', 'uniqueMember', 'member', 'gidNumber'
+	 * @return string the configuration, one of: 'memberUid', 'uniqueMember', 'member', 'gidNumber', ''
 	 * @throws \Exception if group id was not found in LDAP
 	 * @since 13.0.0
 	 */