LDAP: when checking group for matching filter, also take base DN into consideration. Fixes #17516

author: Arthur Schiwon <blizzz@owncloud.com> 2015-07-09 12:19:04 +0200
committer: Arthur Schiwon <blizzz@owncloud.com> 2015-07-09 12:19:04 +0200
commit: bfdf39b9bd286e7739937f8856f85787e987043a (patch)
tree: 81533dea2371f9f50b993e9748309ba967d51984 /apps/user_ldap/lib/access.php
parent: 2b86ba43e33b2cd4339722548d22800ea4218a57 (diff)
download: nextcloud-server-bfdf39b9bd286e7739937f8856f85787e987043a.tar.gz
nextcloud-server-bfdf39b9bd286e7739937f8856f85787e987043a.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index b201220d725..44237b52393 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -365,10 +365,21 @@ class Access extends LDAPUtility implements user\IUserTools {
 				continue;
 			}
 
+			// Check the base DN first. If this is not met already, we don't
+			// need to ask the server at all.
+			if(!$this->isDNPartOfBase($dn, $this->connection->ldapBaseGroups)) {
+				$this->connection->writeToCache($cacheKey, false);
+				continue;
+			}
+
 			$result = $this->readAttribute($dn, 'cn', $this->connection->ldapGroupFilter);
 			if(is_array($result)) {
+				$this->connection->writeToCache($cacheKey, true);
 				$validGroupDNs[] = $dn;
+			} else {
+				$this->connection->writeToCache($cacheKey, false);
 			}
+
 		}
 		return $validGroupDNs;
 	}
author	Arthur Schiwon <blizzz@owncloud.com>	2015-07-09 12:19:04 +0200
committer	Arthur Schiwon <blizzz@owncloud.com>	2015-07-09 12:19:04 +0200
commit	bfdf39b9bd286e7739937f8856f85787e987043a (patch)
tree	81533dea2371f9f50b993e9748309ba967d51984 /apps/user_ldap/lib/access.php
parent	2b86ba43e33b2cd4339722548d22800ea4218a57 (diff)
download	nextcloud-server-bfdf39b9bd286e7739937f8856f85787e987043a.tar.gz nextcloud-server-bfdf39b9bd286e7739937f8856f85787e987043a.zip