diff options
author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2019-05-17 16:19:23 +0200 |
---|---|---|
committer | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2019-05-17 16:19:23 +0200 |
commit | 3372bcc7fcba026b9d2ac58812863e1e74c8ffdf (patch) | |
tree | eee16e38d5a3302957b443ebc990bd2042b9c124 | |
parent | 528eb1b2239a66826f0793fead0e06ab576b7a13 (diff) | |
download | nextcloud-server-3372bcc7fcba026b9d2ac58812863e1e74c8ffdf.tar.gz nextcloud-server-3372bcc7fcba026b9d2ac58812863e1e74c8ffdf.zip |
fixes possible override of uniqueMember by autodetection
* uniqueMember was the default so we did not know whether this setting is
desired or the initial value
* autodetection of the user-group association attribute runs only when it
was not set (as far as we knew)
* the default is now empty
* thus LDAPProvider might return this value as well (in exceptional cases)
* if a group base is given (edge case), use this instead of general base
* resolves #12682
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
-rw-r--r-- | apps/user_ldap/js/wizard/wizardDetectorUserGroupAssociation.js | 2 | ||||
-rw-r--r-- | apps/user_ldap/lib/Configuration.php | 2 | ||||
-rw-r--r-- | apps/user_ldap/lib/LDAPProvider.php | 2 | ||||
-rw-r--r-- | apps/user_ldap/lib/Wizard.php | 6 | ||||
-rw-r--r-- | lib/public/LDAP/ILDAPProvider.php | 2 |
5 files changed, 7 insertions, 7 deletions
diff --git a/apps/user_ldap/js/wizard/wizardDetectorUserGroupAssociation.js b/apps/user_ldap/js/wizard/wizardDetectorUserGroupAssociation.js index 953a0b909a6..a20bdd9ac9b 100644 --- a/apps/user_ldap/js/wizard/wizardDetectorUserGroupAssociation.js +++ b/apps/user_ldap/js/wizard/wizardDetectorUserGroupAssociation.js @@ -27,7 +27,7 @@ OCA = OCA || {}; run: function(model, configID) { // TODO: might be better with configuration marker as uniqueMember // is a valid value (although probably less common then member and memberUid). - if(model.configuration.ldap_group_member_assoc_attribute && model.configuration.ldap_group_member_assoc_attribute !== 'uniqueMember') { + if(model.configuration.ldap_group_member_assoc_attribute && model.configuration.ldap_group_member_assoc_attribute !== '') { // a value is already set. Don't overwrite and don't ask LDAP // without reason. return false; diff --git a/apps/user_ldap/lib/Configuration.php b/apps/user_ldap/lib/Configuration.php index ee77702a090..a6da6d6518f 100644 --- a/apps/user_ldap/lib/Configuration.php +++ b/apps/user_ldap/lib/Configuration.php @@ -456,7 +456,7 @@ class Configuration { 'ldap_quota_def' => '', 'ldap_quota_attr' => '', 'ldap_email_attr' => '', - 'ldap_group_member_assoc_attribute' => 'uniqueMember', + 'ldap_group_member_assoc_attribute' => '', 'ldap_cache_ttl' => 600, 'ldap_uuid_user_attribute' => 'auto', 'ldap_uuid_group_attribute' => 'auto', diff --git a/apps/user_ldap/lib/LDAPProvider.php b/apps/user_ldap/lib/LDAPProvider.php index 94793980b39..4121bdd9d2e 100644 --- a/apps/user_ldap/lib/LDAPProvider.php +++ b/apps/user_ldap/lib/LDAPProvider.php @@ -279,7 +279,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { /** * Get the LDAP type of association between users and groups * @param string $gid group id - * @return string the configuration, one of: 'memberUid', 'uniqueMember', 'member', 'gidNumber' + * @return string the configuration, one of: 'memberUid', 'uniqueMember', 'member', 'gidNumber', '' * @throws \Exception if group id was not found in LDAP */ public function getLDAPGroupMemberAssoc($gid) { diff --git a/apps/user_ldap/lib/Wizard.php b/apps/user_ldap/lib/Wizard.php index 26b5a8cab71..0ffb74a36a3 100644 --- a/apps/user_ldap/lib/Wizard.php +++ b/apps/user_ldap/lib/Wizard.php @@ -794,7 +794,7 @@ class Wizard extends LDAPUtility { * @throws \Exception */ private function detectGroupMemberAssoc() { - $possibleAttrs = array('uniqueMember', 'memberUid', 'member', 'gidNumber'); + $possibleAttrs = ['uniqueMember', 'memberUid', 'member', 'gidNumber']; $filter = $this->configuration->ldapGroupFilter; if(empty($filter)) { return false; @@ -803,7 +803,7 @@ class Wizard extends LDAPUtility { if(!$cr) { throw new \Exception('Could not connect to LDAP'); } - $base = $this->configuration->ldapBase[0]; + $base = $this->configuration->ldapBaseGroups[0] ?: $this->configuration->ldapBase[0]; $rr = $this->ldap->search($cr, $base, $filter, $possibleAttrs, 0, 1000); if(!$this->ldap->isResource($rr)) { return false; @@ -812,7 +812,7 @@ class Wizard extends LDAPUtility { while(is_resource($er)) { $this->ldap->getDN($cr, $er); $attrs = $this->ldap->getAttributes($cr, $er); - $result = array(); + $result = []; $possibleAttrsCount = count($possibleAttrs); for($i = 0; $i < $possibleAttrsCount; $i++) { if(isset($attrs[$possibleAttrs[$i]])) { diff --git a/lib/public/LDAP/ILDAPProvider.php b/lib/public/LDAP/ILDAPProvider.php index 9e13fb7e796..586481d837e 100644 --- a/lib/public/LDAP/ILDAPProvider.php +++ b/lib/public/LDAP/ILDAPProvider.php @@ -151,7 +151,7 @@ interface ILDAPProvider { /** * Get the LDAP attribute name for the type of association betweeen users and groups * @param string $gid group id - * @return string the configuration, one of: 'memberUid', 'uniqueMember', 'member', 'gidNumber' + * @return string the configuration, one of: 'memberUid', 'uniqueMember', 'member', 'gidNumber', '' * @throws \Exception if group id was not found in LDAP * @since 13.0.0 */ |