diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2015-02-24 16:37:49 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-02-24 16:37:49 +0100 |
| commit | 52495dc99585a88137f628ddc2a2fc8d20583396 (patch) | |
| tree | 5487fbf81838e77a10d6176e8480b04d0b017184 /apps/user_ldap/lib | |
| parent | b6289542e8e1e7bbadc67fee377f7af5cd29e2bb (diff) | |
| parent | 73600cfdd80694a9ffa526147d79b231fd85c5b2 (diff) | |
| download | nextcloud-server-52495dc99585a88137f628ddc2a2fc8d20583396.tar.gz nextcloud-server-52495dc99585a88137f628ddc2a2fc8d20583396.zip | |
Merge pull request #13740 from owncloud/fix-12190-2
Include primary groups in user and login filter when restricting group access and also fix user counting in primary groups
Diffstat (limited to 'apps/user_ldap/lib')
| -rw-r--r-- | apps/user_ldap/lib/access.php | 2 | ||||
| -rw-r--r-- | apps/user_ldap/lib/connection.php | 1 | ||||
| -rw-r--r-- | apps/user_ldap/lib/wizard.php | 14 |
3 files changed, 14 insertions, 3 deletions
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php index 06d96fce441..3a8630fbdcc 100644 --- a/apps/user_ldap/lib/access.php +++ b/apps/user_ldap/lib/access.php @@ -968,7 +968,7 @@ class Access extends LDAPUtility implements user\IUserTools { /** * escapes (user provided) parts for LDAP filter * @param string $input, the provided value - * @param bool $allowAsterisk wether in * at the beginning should be preserved + * @param bool $allowAsterisk whether in * at the beginning should be preserved * @return string the escaped string */ public function escapeFilterPart($input, $allowAsterisk = false) { diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php index f3e36fbbf26..4434780ce0b 100644 --- a/apps/user_ldap/lib/connection.php +++ b/apps/user_ldap/lib/connection.php @@ -38,6 +38,7 @@ namespace OCA\user_ldap\lib; * @property boolean hasPagedResultSupport * @property string[] ldapBaseUsers * @property int|string ldapPagingSize holds an integer + * @property bool|mixed|void ldapGroupMemberAssocAttr */ class Connection extends LDAPUtility { private $ldapConnectionRes = null; diff --git a/apps/user_ldap/lib/wizard.php b/apps/user_ldap/lib/wizard.php index 753c8e48a92..fe4eebf9e11 100644 --- a/apps/user_ldap/lib/wizard.php +++ b/apps/user_ldap/lib/wizard.php @@ -857,13 +857,23 @@ class Wizard extends LDAPUtility { } $base = $this->configuration->ldapBase[0]; foreach($cns as $cn) { - $rr = $this->ldap->search($cr, $base, 'cn=' . $cn, array('dn')); + $rr = $this->ldap->search($cr, $base, 'cn=' . $cn, array('dn', 'primaryGroupToken')); if(!$this->ldap->isResource($rr)) { continue; } $er = $this->ldap->firstEntry($cr, $rr); + $attrs = $this->ldap->getAttributes($cr, $er); $dn = $this->ldap->getDN($cr, $er); - $filter .= '(memberof=' . $dn . ')'; + if(empty($dn)) { + continue; + } + $filterPart = '(memberof=' . $dn . ')'; + if(isset($attrs['primaryGroupToken'])) { + $pgt = $attrs['primaryGroupToken'][0]; + $primaryFilterPart = '(primaryGroupID=' . $pgt .')'; + $filterPart = '(|' . $filterPart . $primaryFilterPart . ')'; + } + $filter .= $filterPart; } $filter .= ')'; } |