diff options
| author | Côme Chilliet <come.chilliet@nextcloud.com> | 2022-07-26 09:39:48 +0200 |
|---|---|---|
| committer | Carl Schwan <carl@carlschwan.eu> | 2022-10-20 13:14:39 +0200 |
| commit | 746a5fb7e07c806af7f0e9b0ebb3f72d823452a8 (patch) | |
| tree | 24f1aac308421a92c5cf4889a578816c43be5899 /apps/user_ldap/lib | |
| parent | be5338e57264b95a6e444a5ea16b07ef6553387d (diff) | |
| download | nextcloud-server-746a5fb7e07c806af7f0e9b0ebb3f72d823452a8.tar.gz nextcloud-server-746a5fb7e07c806af7f0e9b0ebb3f72d823452a8.zip | |
Fix LDAP recursive nested group support
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
Diffstat (limited to 'apps/user_ldap/lib')
| -rw-r--r-- | apps/user_ldap/lib/Group_LDAP.php | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/apps/user_ldap/lib/Group_LDAP.php b/apps/user_ldap/lib/Group_LDAP.php index 70cc7a0107a..d5d715d1b51 100644 --- a/apps/user_ldap/lib/Group_LDAP.php +++ b/apps/user_ldap/lib/Group_LDAP.php @@ -62,7 +62,7 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I protected CappedMemoryCache $cachedGroupsByMember; /** @var CappedMemoryCache<string[]> $cachedNestedGroups array of groups with gid (DN) as key */ protected CappedMemoryCache $cachedNestedGroups; - protected GroupInterface $groupPluginManager; + protected GroupPluginManager $groupPluginManager; protected LoggerInterface $logger; /** @@ -243,8 +243,9 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I * @psalm-param array<string, bool> $seen List of DN that have already been processed. * @throws ServerNotAvailableException */ - private function _groupMembers(string $dnGroup, array &$seen = []): array { + private function _groupMembers(string $dnGroup, array $seen = [], bool &$recursive = false): array { if (isset($seen[$dnGroup])) { + $recursive = true; return []; } $seen[$dnGroup] = true; @@ -293,7 +294,7 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I if (is_array($members)) { if ((int)$this->access->connection->ldapNestedGroups === 1) { while ($recordDn = array_shift($members)) { - $nestedMembers = $this->_groupMembers($recordDn, $seen); + $nestedMembers = $this->_groupMembers($recordDn, $seen, $recursive); if (!empty($nestedMembers)) { // Group, queue its members for processing $members = array_merge($members, $nestedMembers); @@ -317,7 +318,9 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I unset($allMembers[$index]); } - $this->access->connection->writeToCache($cacheKey, $allMembers); + if (!$recursive) { + $this->access->connection->writeToCache($cacheKey, $allMembers); + } if (isset($attemptedLdapMatchingRuleInChain) && $this->access->connection->ldapMatchingRuleInChainState === Configuration::LDAP_SERVER_FEATURE_UNKNOWN |