diff options
| author | Thomas Müller <DeepDiver1975@users.noreply.github.com> | 2016-08-10 17:59:11 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-08-10 17:59:11 +0200 |
| commit | accf28a35547700a860a01049f23dd047f97337b (patch) | |
| tree | 7da8dec27d32537abde9e97d6c1b76568b368e52 | |
| parent | 2160d9f3ea6a41185deb798dc927e1b07ea47bc0 (diff) | |
| download | nextcloud-server-accf28a35547700a860a01049f23dd047f97337b.tar.gz nextcloud-server-accf28a35547700a860a01049f23dd047f97337b.zip | |
[stable8.2] check if renamed user is still valid by reapplying the ld… (#25394)
* [stable8.2] check if renamed user is still valid by reapplying the ldap filter (#25338)
* Add missing filter during cleanup
* Fix another missing check
| -rw-r--r-- | apps/user_ldap/lib/access.php | 2 | ||||
| -rw-r--r-- | apps/user_ldap/user_ldap.php | 7 |
2 files changed, 7 insertions, 2 deletions
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php index dca9c29ec63..a4e4b6873ff 100644 --- a/apps/user_ldap/lib/access.php +++ b/apps/user_ldap/lib/access.php @@ -177,7 +177,7 @@ class Access extends LDAPUtility implements user\IUserTools { //in case an error occurs , e.g. object does not exist return false; } - if (empty($attr)) { + if (empty($attr) && ($filter === 'objectclass=*' || $this->ldap->countEntries($cr, $rr) === 1)) { \OCP\Util::writeLog('user_ldap', 'readAttribute: '.$dn.' found', \OCP\Util::DEBUG); return array(); } diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php index 3ceacc72415..4e95fbd5f78 100644 --- a/apps/user_ldap/user_ldap.php +++ b/apps/user_ldap/user_ldap.php @@ -215,7 +215,7 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn $dn = $user->getDN(); //check if user really still exists by reading its entry - if(!is_array($this->access->readAttribute($dn, ''))) { + if(!is_array($this->access->readAttribute($dn, '', $this->access->connection->ldapUserFilter))) { $lcr = $this->access->connection->getConnectionResource(); if(is_null($lcr)) { throw new \Exception('No LDAP Connection to server ' . $this->access->connection->ldapHost); @@ -227,6 +227,11 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn return false; } $newDn = $this->access->getUserDnByUuid($uuid); + //check if renamed user is still valid by reapplying the ldap filter + if(!is_array($this->access->readAttribute($newDn, '', $this->access->connection->ldapUserFilter))) { + return false; + } + $this->access->getUserMapper()->setDNbyUUID($newDn, $uuid); return true; } catch (\Exception $e) { |