Merge pull request #9848 from dupondje/master

Fix memberOf detection. Fixes: #9835

1 files changed, 18 insertions, 12 deletions

diff --git a/apps/user_ldap/lib/wizard.php b/apps/user_ldap/lib/wizard.php
index 42d612fa736..eb2a1ab02de 100644
--- a/apps/user_ldap/lib/wizard.php
+++ b/apps/user_ldap/lib/wizard.php
@@ -268,10 +268,10 @@ class Wizard extends LDAPUtility {
 			throw new \Exception('Could not connect to LDAP');
 		}
 
-		$this->fetchGroups($dbKey, $confKey);
+		$groups = $this->fetchGroups($dbKey, $confKey);
 
 		if($testMemberOf) {
-			$this->configuration->hasMemberOfFilterSupport = $this->testMemberOf();
+			$this->configuration->hasMemberOfFilterSupport = $this->testMemberOf($groups);
 			$this->result->markChange();
 			if(!$this->configuration->hasMemberOfFilterSupport) {
 				throw new \Exception('memberOf is not supported by the server');
@@ -285,6 +285,7 @@ class Wizard extends LDAPUtility {
 	 * fetches all groups from LDAP
 	 * @param string $dbKey
 	 * @param string $confKey
+	 * @return array $groupEntries
 	 */
 	public function fetchGroups($dbKey, $confKey) {
 		$obclasses = array('posixGroup', 'group', 'zimbraDistributionList', 'groupOfNames');
@@ -300,19 +301,22 @@ class Wizard extends LDAPUtility {
 		$filter = $ldapAccess->combineFilterWithOr($filterParts);
 		$filter = $ldapAccess->combineFilterWithAnd(array($filter, 'cn=*'));
 
+		$groupNames = array();
+		$groupEntries = array();
 		$limit = 400;
 		$offset = 0;
 		do {
-			$result = $ldapAccess->searchGroups($filter, array('cn'), $limit, $offset);
+			$result = $ldapAccess->searchGroups($filter, array('cn','dn'), $limit, $offset);
 			foreach($result as $item) {
-				$groups[] = $item[0];
+				$groupNames[] = $item['cn'];
+				$groupEntries[] = $item;
 			}
 			$offset += $limit;
-		} while (count($groups) > 0 && count($groups) % $limit === 0);
+		} while (count($groupNames) > 0 && count($groupNames) % $limit === 0);
 
-		if(count($groups) > 0) {
-			natsort($groups);
-			$this->result->addOptions($dbKey, array_values($groups));
+		if(count($groupNames) > 0) {
+			natsort($groupNames);
+			$this->result->addOptions($dbKey, array_values($groupNames));
 		} else {
 			throw new \Exception(self::$l->t('Could not find the desired feature'));
 		}
@@ -322,6 +326,7 @@ class Wizard extends LDAPUtility {
 			//something is already configured? pre-select it.
 			$this->result->addChange($dbKey, $setFeatures);
 		}
+		return $groupEntries;
 	}
 
 	public function determineGroupMemberAssoc() {
@@ -653,10 +658,11 @@ class Wizard extends LDAPUtility {
 	 * Checks whether the server supports memberOf in LDAP Filter.
 	 * Requires that groups are determined, thus internally called from within
 	 * determineGroups()
+	 * @param array $groups
 	 * @return bool true if it does, false otherwise
 	 * @throws \Exception
 	 */
-	private function testMemberOf() {
+	private function testMemberOf($groups) {
 		$cr = $this->getConnection();
 		if(!$cr) {
 			throw new \Exception('Could not connect to LDAP');
@@ -669,12 +675,12 @@ class Wizard extends LDAPUtility {
 		$filterPrefix = '(&(objectclass=*)(memberOf=';
 		$filterSuffix = '))';
 
-		foreach($this->resultCache as $dn => $properties) {
-			if(!isset($properties['cn'])) {
+		foreach($groups as $groupProperties) {
+			if(!isset($groupProperties['cn'])) {
 				//assuming only groups have their cn cached :)
 				continue;
 			}
-			$filter = strtolower($filterPrefix . $dn . $filterSuffix);
+			$filter = strtolower($filterPrefix . $groupProperties['dn'] . $filterSuffix);
 			$rr = $this->ldap->search($cr, $base, $filter, array('dn'));
 			if(!$this->ldap->isResource($rr)) {
 				continue;