Merge pull request #19635 from owncloud/fix-ldap-value-limitation

allow an attribute to return more than one value

3 files changed, 50 insertions, 43 deletions

diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index 0707b95013c..32472c13b03 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -489,7 +489,7 @@ class Access extends LDAPUtility implements user\IUserTools {
 
 	/**
 	 * gives back the user names as they are used ownClod internally
-	 * @param array $ldapUsers an array with the ldap Users result in style of array ( array ('dn' => foo, 'uid' => bar), ... )
+	 * @param array $ldapUsers as returned by fetchList()
 	 * @return array an array with the user names to use in ownCloud
 	 *
 	 * gives back the user names as they are used ownClod internally
@@ -500,7 +500,7 @@ class Access extends LDAPUtility implements user\IUserTools {
 
 	/**
 	 * gives back the group names as they are used ownClod internally
-	 * @param array $ldapGroups an array with the ldap Groups result in style of array ( array ('dn' => foo, 'cn' => bar), ... )
+	 * @param array $ldapGroups as returned by fetchList()
 	 * @return array an array with the group names to use in ownCloud
 	 *
 	 * gives back the group names as they are used ownClod internally
@@ -510,7 +510,7 @@ class Access extends LDAPUtility implements user\IUserTools {
 	}
 
 	/**
-	 * @param array $ldapObjects
+	 * @param array $ldapObjects as returned by fetchList()
 	 * @param bool $isUsers
 	 * @return array
 	 */
@@ -523,15 +523,25 @@ class Access extends LDAPUtility implements user\IUserTools {
 		$ownCloudNames = array();
 
 		foreach($ldapObjects as $ldapObject) {
-			$nameByLDAP = isset($ldapObject[$nameAttribute]) ? $ldapObject[$nameAttribute] : null;
-			$ocName = $this->dn2ocname($ldapObject['dn'], $nameByLDAP, $isUsers);
+			$nameByLDAP = null;
+			if(    isset($ldapObject[$nameAttribute])
+				&& is_array($ldapObject[$nameAttribute])
+				&& isset($ldapObject[$nameAttribute][0])
+			) {
+				// might be set, but not necessarily. if so, we use it.
+				$nameByLDAP = $ldapObject[$nameAttribute][0];
+			}
+
+			$ocName = $this->dn2ocname($ldapObject['dn'][0], $nameByLDAP, $isUsers);
 			if($ocName) {
 				$ownCloudNames[] = $ocName;
 				if($isUsers) {
 					//cache the user names so it does not need to be retrieved
 					//again later (e.g. sharing dialogue).
 					$this->cacheUserExists($ocName);
-					$this->cacheUserDisplayName($ocName, $nameByLDAP);
+					if(!is_null($nameByLDAP)) {
+						$this->cacheUserDisplayName($ocName, $nameByLDAP);
+					}
 				}
 			}
 			continue;
@@ -682,7 +692,7 @@ class Access extends LDAPUtility implements user\IUserTools {
 	 */
 	public function batchApplyUserAttributes(array $ldapRecords){
 		foreach($ldapRecords as $userRecord) {
-			$ocName  = $this->dn2ocname($userRecord['dn'], $userRecord[$this->connection->ldapUserDisplayName]);
+			$ocName  = $this->dn2ocname($userRecord['dn'][0], $userRecord[$this->connection->ldapUserDisplayName]);
 			$this->cacheUserExists($ocName);
 			$user = $this->userManager->get($ocName);
 			$user->processAttributes($userRecord);
@@ -710,6 +720,11 @@ class Access extends LDAPUtility implements user\IUserTools {
 			if($manyAttributes) {
 				return $list;
 			} else {
+				$list = array_reduce($list, function($carry, $item) {
+					$attribute = array_keys($item)[0];
+					$carry[] = $item[$attribute][0];
+					return $carry;
+				}, array());
 				return array_unique($list, SORT_LOCALE_STRING);
 			}
 		}
@@ -982,44 +997,29 @@ class Access extends LDAPUtility implements user\IUserTools {
 
 		if(!is_null($attr)) {
 			$selection = array();
-			$multiArray = false;
-			if(count($attr) > 1) {
-				$multiArray = true;
-				$i = 0;
-			}
+			$i = 0;
 			foreach($findings as $item) {
 				if(!is_array($item)) {
 					continue;
 				}
 				$item = \OCP\Util::mb_array_change_key_case($item, MB_CASE_LOWER, 'UTF-8');
-
-				if($multiArray) {
-					foreach($attr as $key) {
-						$key = mb_strtolower($key, 'UTF-8');
-						if(isset($item[$key])) {
-							if($key !== 'dn') {
-								$selection[$i][$key] = $this->resemblesDN($key) ?
-									$this->sanitizeDN($item[$key][0])
-									: $item[$key][0];
-							} else {
-								$selection[$i][$key] = $this->sanitizeDN($item[$key]);
-							}
-						}
-
-					}
-					$i++;
-				} else {
-					//tribute to case insensitivity
-					$key = mb_strtolower($attr[0], 'UTF-8');
-
+				foreach($attr as $key) {
+					$key = mb_strtolower($key, 'UTF-8');
 					if(isset($item[$key])) {
-						if($this->resemblesDN($key)) {
-							$selection[] = $this->sanitizeDN($item[$key]);
+						if(is_array($item[$key]) && isset($item[$key]['count'])) {
+							unset($item[$key]['count']);
+						}
+						if($key !== 'dn') {
+							$selection[$i][$key] = $this->resemblesDN($key) ?
+								$this->sanitizeDN($item[$key])
+								: $item[$key];
 						} else {
-							$selection[] = $item[$key];
+							$selection[$i][$key] = [$this->sanitizeDN($item[$key])];
 						}
 					}
+
 				}
+				$i++;
 			}
 			$findings = $selection;
 		}
diff --git a/apps/user_ldap/lib/user/user.php b/apps/user_ldap/lib/user/user.php
index 6498cdf913f..d8148035d3f 100644
--- a/apps/user_ldap/lib/user/user.php
+++ b/apps/user_ldap/lib/user/user.php
@@ -147,21 +147,21 @@ class User {
 		//Quota
 		$attr = strtolower($this->connection->ldapQuotaAttribute);
 		if(isset($ldapEntry[$attr])) {
-			$this->updateQuota($ldapEntry[$attr]);
+			$this->updateQuota($ldapEntry[$attr][0]);
 		}
 		unset($attr);
 
 		//Email
 		$attr = strtolower($this->connection->ldapEmailAttribute);
 		if(isset($ldapEntry[$attr])) {
-			$this->updateEmail($ldapEntry[$attr]);
+			$this->updateEmail($ldapEntry[$attr][0]);
 		}
 		unset($attr);
 
 		//displayName
 		$attr = strtolower($this->connection->ldapUserDisplayName);
 		if(isset($ldapEntry[$attr])) {
-			$displayName = $ldapEntry[$attr];
+			$displayName = $ldapEntry[$attr][0];
 			if(!empty($displayName)) {
 				$this->storeDisplayName($displayName);
 				$this->access->cacheUserDisplayName($this->getUsername(), $displayName);
@@ -171,18 +171,20 @@ class User {
 
 		// LDAP Username, needed for s2s sharing
 		if(isset($ldapEntry['uid'])) {
-			$this->storeLDAPUserName($ldapEntry['uid']);
+			$this->storeLDAPUserName($ldapEntry['uid'][0]);
 		} else if(isset($ldapEntry['samaccountname'])) {
-			$this->storeLDAPUserName($ldapEntry['samaccountname']);
+			$this->storeLDAPUserName($ldapEntry['samaccountname'][0]);
 		}
+
 		//homePath
 		if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) {
 			$attr = strtolower(substr($this->connection->homeFolderNamingRule, strlen('attr:')));
 			if(isset($ldapEntry[$attr])) {
 				$this->access->cacheUserHome(
-					$this->getUsername(), $this->getHomePath($ldapEntry[$attr]));
+					$this->getUsername(), $this->getHomePath($ldapEntry[$attr][0]));
 			}
 		}
+
 		//memberOf groups
 		$cacheKey = 'getMemberOf'.$this->getUsername();
 		$groups = false;
@@ -190,11 +192,12 @@ class User {
 			$groups = $ldapEntry['memberof'];
 		}
 		$this->connection->writeToCache($cacheKey, $groups);
+
 		//Avatar
 		$attrs = array('jpegphoto', 'thumbnailphoto');
 		foreach ($attrs as $attr)  {
 			if(isset($ldapEntry[$attr])) {
-				$this->avatarImage = $ldapEntry[$attr];
+				$this->avatarImage = $ldapEntry[$attr][0];
 				$this->updateAvatar();
 				break;
 			}
diff --git a/apps/user_ldap/lib/wizard.php b/apps/user_ldap/lib/wizard.php
index 84a1225d6ec..a819b2e0e46 100644
--- a/apps/user_ldap/lib/wizard.php
+++ b/apps/user_ldap/lib/wizard.php
@@ -435,7 +435,11 @@ class Wizard extends LDAPUtility {
 			// detection will fail later
 			$result = $this->access->searchGroups($filter, array('cn', 'dn'), $limit, $offset);
 			foreach($result as $item) {
-				$groupNames[] = $item['cn'];
+				if(!isset($item['cn']) && !is_array($item['cn']) && !isset($item['cn'][0])) {
+					// just in case - no issue known
+					continue;
+				}
+				$groupNames[] = $item['cn'][0];
 				$groupEntries[] = $item;
 			}
 			$offset += $limit;