Merge pull request #13865 from nextcloud/fix/noid/ldap-pagedsearch-multiplebases

fix paged search with multiple bases (LDAP)

4 files changed, 52 insertions, 7 deletions

diff --git a/.drone.yml b/.drone.yml
index 9f08ab16f89..53c09422429 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -1087,7 +1087,7 @@ services:
       matrix:
         TESTS: acceptance
   openldap:
-    image: nextcloudci/openldap:openldap-5
+    image: nextcloudci/openldap:openldap-6
     environment:
       - SLAPD_DOMAIN=nextcloud.ci
       - SLAPD_ORGANIZATION=Nextcloud
diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php
index 6fe2c155416..1044938446e 100644
--- a/apps/user_ldap/lib/Access.php
+++ b/apps/user_ldap/lib/Access.php
@@ -975,7 +975,11 @@ class Access extends LDAPUtility {
 	 * Executes an LDAP search
 	 */
 	public function searchUsers($filter, $attr = null, $limit = null, $offset = null) {
-		return $this->search($filter, $this->connection->ldapBaseUsers, $attr, $limit, $offset);
+		$result = [];
+		foreach($this->connection->ldapBaseUsers as $base) {
+			$result = array_merge($result, $this->search($filter, [$base], $attr, $limit, $offset));
+		}
+		return $result;
 	}
 
 	/**
@@ -986,7 +990,12 @@ class Access extends LDAPUtility {
 	 * @return false|int
 	 */
 	public function countUsers($filter, $attr = array('dn'), $limit = null, $offset = null) {
-		return $this->count($filter, $this->connection->ldapBaseUsers, $attr, $limit, $offset);
+		$result = false;
+		foreach($this->connection->ldapBaseUsers as $base) {
+			$count = $this->count($filter, [$base], $attr, $limit, $offset);
+			$result = is_int($count) ? (int)$result + $count : $result;
+		}
+		return $result;
 	}
 
 	/**
@@ -1000,7 +1009,11 @@ class Access extends LDAPUtility {
 	 * Executes an LDAP search
 	 */
 	public function searchGroups($filter, $attr = null, $limit = null, $offset = null) {
-		return $this->search($filter, $this->connection->ldapBaseGroups, $attr, $limit, $offset);
+		$result = [];
+		foreach($this->connection->ldapBaseGroups as $base) {
+			$result = array_merge($result, $this->search($filter, [$base], $attr, $limit, $offset));
+		}
+		return $result;
 	}
 
 	/**
@@ -1012,7 +1025,12 @@ class Access extends LDAPUtility {
 	 * @return int|bool
 	 */
 	public function countGroups($filter, $attr = array('dn'), $limit = null, $offset = null) {
-		return $this->count($filter, $this->connection->ldapBaseGroups, $attr, $limit, $offset);
+		$result = false;
+		foreach($this->connection->ldapBaseGroups as $base) {
+			$count = $this->count($filter, [$base], $attr, $limit, $offset);
+			$result = is_int($count) ? (int)$result + $count : $result;
+		}
+		return $result;
 	}
 
 	/**
@@ -1023,7 +1041,12 @@ class Access extends LDAPUtility {
 	 * @return int|bool
 	 */
 	public function countObjects($limit = null, $offset = null) {
-		return $this->count('objectclass=*', $this->connection->ldapBase, array('dn'), $limit, $offset);
+		$result = false;
+		foreach($this->connection->ldapBase as $base) {
+			$count = $this->count('objectclass=*', [$base], ['dn'], $limit, $offset);
+			$result = is_int($count) ? (int)$result + $count : $result;
+		}
+		return $result;
 	}
 
 	/**
diff --git a/build/integration/ldap_features/ldap-openldap.feature b/build/integration/ldap_features/ldap-openldap.feature
index 4c507e74595..4b0b02c5b4f 100644
--- a/build/integration/ldap_features/ldap-openldap.feature
+++ b/build/integration/ldap_features/ldap-openldap.feature
@@ -24,7 +24,7 @@ Feature: LDAP
     And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
     Then the HTTP status code should be "200"
 
-  Scenario: Test valid configuration with LDAP protoccol and port by logging in
+  Scenario: Test valid configuration with LDAP protocol and port by logging in
     Given modify LDAP configuration
       | ldapHost | ldap://openldap:389 |
     And cookies are reset
diff --git a/build/integration/ldap_features/openldap-uid-username.feature b/build/integration/ldap_features/openldap-uid-username.feature
index d267870ca26..3c87c479de2 100644
--- a/build/integration/ldap_features/openldap-uid-username.feature
+++ b/build/integration/ldap_features/openldap-uid-username.feature
@@ -86,3 +86,25 @@ Feature: LDAP
       | juliana |
       | leo     |
       | stigur  |
+
+  Scenario: Fetch from second batch of all users, invoking pagination with two bases
+    Given modify LDAP configuration
+      | ldapBaseUsers  | ou=PagingTest,dc=nextcloud,dc=ci;ou=PagingTestSecondBase,dc=nextcloud,dc=ci |
+      | ldapPagingSize | 2                                |
+    And As an "admin"
+    And sending "GET" to "/cloud/users?limit=10&offset=2"
+    Then the OCS status code should be "200"
+    And the "users" result should contain "5" of
+      | ebba    |
+      | eindis  |
+      | fjolnir |
+      | gunna   |
+      | juliana |
+      | leo     |
+      | stigur  |
+    And the "users" result should contain "3" of
+      | allisha   |
+      | dogukan   |
+      | lloyd     |
+      | priscilla |
+      | shannah   |