LDAP: usersInGroup now also does LDAP serverside search.

1 files changed, 41 insertions, 30 deletions

diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index dafe2c0c316..6c6cc5679ba 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -139,61 +139,72 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
 		if(!$this->enabled) {
 			return array();
 		}
-		$this->groupSearch = $search;
-		if($this->connection->isCached('usersInGroup'.$gid)) {
-			$groupUsers = $this->connection->getFromCache('usersInGroup'.$gid);
-			if(!empty($this->groupSearch)) {
-				$groupUsers = array_filter($groupUsers, array($this, 'groupMatchesFilter'));
-			}
-			if($limit == -1) {
-				$limit = null;
-			}
-			return array_slice($groupUsers, $offset, $limit);
+		$cachekey = 'usersInGroup-'.$gid.'-'.$search.'-'.$limit.'-'.$offset;
+		// check for cache of the exact query
+		$groupUsers = $this->connection->getFromCache($cachekey);
+		if(!is_null($groupUsers)) {
+			return $groupUsers;
+		}
+
+		// check for cache of the query without limit and offset
+		$groupUsers = $this->connection->getFromCache('usersInGroup-'.$gid.'-'.$search);
+		if(!is_null($groupUsers)) {
+			$groupUsers = array_slice($groupUsers, $offset, $limit);
+			$this->connection->writeToCache($cachekey, $groupUsers);
+			return $groupUsers;
 		}
 
+		if($limit == -1) {
+			$limit = null;
+		}
 		$groupDN = $this->groupname2dn($gid);
 		if(!$groupDN) {
-			$this->connection->writeToCache('usersInGroup'.$gid, array());
+			// group couldn't be found, return empty resultset
+			$this->connection->writeToCache($cachekey, array());
 			return array();
 		}
 
 		$members = $this->readAttribute($groupDN, $this->connection->ldapGroupMemberAssocAttr);
 		if(!$members) {
-			$this->connection->writeToCache('usersInGroup'.$gid, array());
+			//in case users could not be retrieved, return empty resultset
+			$this->connection->writeToCache($cachekey, array());
 			return array();
 		}
 
-		$result = array();
+		$search = empty($search) ? '*' : '*'.$search.'*';
+		$groupUsers = array();
 		$isMemberUid = (strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid');
 		foreach($members as $member) {
 			if($isMemberUid) {
-				$filter = \OCP\Util::mb_str_replace('%uid', $member, $this->connection->ldapLoginFilter, 'UTF-8');
+				//we got uids, need to get their DNs to 'tranlsate' them to usernames
+				$filter = $this->combineFilterWithAnd(array(
+					\OCP\Util::mb_str_replace('%uid', $member, $this->connection>ldapLoginFilter, 'UTF-8'),
+					$this->connection->ldapUserDisplayName.'='.$search
+				));
 				$ldap_users = $this->fetchListOfUsers($filter, 'dn');
 				if(count($ldap_users) < 1) {
 					continue;
 				}
-				$result[] = $this->dn2username($ldap_users[0]);
-				continue;
+				$groupUsers[] = $this->dn2username($ldap_users[0]);
 			} else {
+				//we got DNs, check if we need to filter by search or we can give back all of them
+				if($search != '*') {
+					if(!$this->readAttribute($member, $this->connection->ldapUserDisplayName, $this->connection->ldapUserDisplayName.'='.$search)) {
+						continue;
+					}
+				}
+				// dn2username will also check if the users belong to the allowed base
 				if($ocname = $this->dn2username($member)) {
-					$result[] = $ocname;
+					$groupUsers[] = $ocname;
 				}
 			}
 		}
-		if(!$isMemberUid) {
-			$result = array_intersect($result, \OCP\User::getUsers());
-		}
-		$groupUsers = array_unique($result, SORT_LOCALE_STRING);
-		$this->connection->writeToCache('usersInGroup'.$gid, $groupUsers);
-
-		if(!empty($this->groupSearch)) {
-			$groupUsers = array_filter($groupUsers, array($this, 'groupMatchesFilter'));
-		}
-		if($limit == -1) {
-			$limit = null;
-		}
-		return array_slice($groupUsers, $offset, $limit);
+		natsort($groupUsers);
+		$this->connection->writeToCache('usersInGroup-'.$gid.'-'.$search, $groupUsers);
+		$groupUsers = array_slice($groupUsers, $offset, $limit);
+		$this->connection->writeToCache($cachekey, $groupUsers);
 
+		return $groupUsers;
 	}
 
 	/**