Merge pull request #19419 from owncloud/ldap-fix-dn-not-sanitized-when-fetched-by-memberof

memberOf resembles a DN as well and is actively used

2 files changed, 37 insertions, 1 deletions

diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index fe9eefb3116..2a605a2a0f0 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -215,7 +215,9 @@ class Access extends LDAPUtility implements user\IUserTools {
 		$resemblingAttributes = array(
 			'dn',
 			'uniquemember',
-			'member'
+			'member',
+			// memberOf is an "operational" attribute, without a definition in any RFC
+			'memberof'
 		);
 		return in_array($attr, $resemblingAttributes);
 	}
diff --git a/apps/user_ldap/tests/access.php b/apps/user_ldap/tests/access.php
index 5bf1a65bd51..cb6dbf0cd5d 100644
--- a/apps/user_ldap/tests/access.php
+++ b/apps/user_ldap/tests/access.php
@@ -260,4 +260,38 @@ class Test_Access extends \Test\TestCase {
 
 		$access->batchApplyUserAttributes($data);
 	}
+
+	public function dNAttributeProvider() {
+		// corresponds to Access::resemblesDN()
+		return array(
+			'dn' => array('dn'),
+			'uniqueMember' => array('uniquemember'),
+			'member' => array('member'),
+			'memberOf' => array('memberof')
+		);
+	}
+
+	/**
+	 * @dataProvider dNAttributeProvider
+	 */
+	public function testSanitizeDN($attribute) {
+		list($lw, $con, $um) = $this->getConnectorAndLdapMock();
+
+
+		$dnFromServer = 'cn=Mixed Cases,ou=Are Sufficient To,ou=Test,dc=example,dc=org';
+
+		$lw->expects($this->any())
+			->method('isResource')
+			->will($this->returnValue(true));
+
+		$lw->expects($this->any())
+			->method('getAttributes')
+			->will($this->returnValue(array(
+				$attribute => array('count' => 1, $dnFromServer)
+			)));
+
+		$access = new Access($con, $lw, $um);
+		$values = $access->readAttribute('uid=whoever,dc=example,dc=org', $attribute);
+		$this->assertSame($values[0], strtolower($dnFromServer));
+	}
 }