summaryrefslogtreecommitdiffstats
path: root/apps/user_ldap
diff options
context:
space:
mode:
authorThomas Müller <thomas.mueller@tmit.eu>2015-10-13 14:09:52 +0200
committerThomas Müller <thomas.mueller@tmit.eu>2015-10-13 14:09:52 +0200
commit3f083353c10f92788613d0de9a89f428f7970940 (patch)
treedfae46539952e4d196532dc848fcb5002b3d20ee /apps/user_ldap
parent2df006d0b7094ab77691bf89ec7d526449110e9d (diff)
parente3a148584a434fe9748a4164dcddf77a402e0966 (diff)
downloadnextcloud-server-3f083353c10f92788613d0de9a89f428f7970940.tar.gz
nextcloud-server-3f083353c10f92788613d0de9a89f428f7970940.zip
Merge pull request #19635 from owncloud/fix-ldap-value-limitation
allow an attribute to return more than one value
Diffstat (limited to 'apps/user_ldap')
-rw-r--r--apps/user_ldap/group_ldap.php6
-rw-r--r--apps/user_ldap/lib/access.php70
-rw-r--r--apps/user_ldap/lib/user/user.php17
-rw-r--r--apps/user_ldap/lib/wizard.php6
-rw-r--r--apps/user_ldap/tests/group_ldap.php4
-rw-r--r--apps/user_ldap/tests/user_ldap.php4
-rw-r--r--apps/user_ldap/user_ldap.php4
7 files changed, 59 insertions, 52 deletions
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index 97ed8fa91ac..cf58e5b902d 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -247,7 +247,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
if(empty($result)) {
return false;
}
- $dn = $result[0];
+ $dn = $result[0]['dn'][0];
//and now the group name
//NOTE once we have separate ownCloud group IDs and group names we can
@@ -491,7 +491,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
array($this->access->connection->ldapGroupDisplayName, 'dn'));
if (is_array($groups)) {
foreach ($groups as $groupobj) {
- $groupDN = $groupobj['dn'];
+ $groupDN = $groupobj['dn'][0];
$allGroups[$groupDN] = $groupobj;
$nestedGroups = $this->access->connection->ldapNestedGroups;
if (!empty($nestedGroups)) {
@@ -653,7 +653,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
str_replace('%uid', $member, $this->access->connection->ldapLoginFilter),
$this->access->getFilterPartForUserSearch($search)
));
- $ldap_users = $this->access->fetchListOfUsers($filter, 'dn');
+ $ldap_users = $this->access->fetchListOfUsers($filter, 'dn', 1);
if(count($ldap_users) < 1) {
continue;
}
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index 0707b95013c..32472c13b03 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -489,7 +489,7 @@ class Access extends LDAPUtility implements user\IUserTools {
/**
* gives back the user names as they are used ownClod internally
- * @param array $ldapUsers an array with the ldap Users result in style of array ( array ('dn' => foo, 'uid' => bar), ... )
+ * @param array $ldapUsers as returned by fetchList()
* @return array an array with the user names to use in ownCloud
*
* gives back the user names as they are used ownClod internally
@@ -500,7 +500,7 @@ class Access extends LDAPUtility implements user\IUserTools {
/**
* gives back the group names as they are used ownClod internally
- * @param array $ldapGroups an array with the ldap Groups result in style of array ( array ('dn' => foo, 'cn' => bar), ... )
+ * @param array $ldapGroups as returned by fetchList()
* @return array an array with the group names to use in ownCloud
*
* gives back the group names as they are used ownClod internally
@@ -510,7 +510,7 @@ class Access extends LDAPUtility implements user\IUserTools {
}
/**
- * @param array $ldapObjects
+ * @param array $ldapObjects as returned by fetchList()
* @param bool $isUsers
* @return array
*/
@@ -523,15 +523,25 @@ class Access extends LDAPUtility implements user\IUserTools {
$ownCloudNames = array();
foreach($ldapObjects as $ldapObject) {
- $nameByLDAP = isset($ldapObject[$nameAttribute]) ? $ldapObject[$nameAttribute] : null;
- $ocName = $this->dn2ocname($ldapObject['dn'], $nameByLDAP, $isUsers);
+ $nameByLDAP = null;
+ if( isset($ldapObject[$nameAttribute])
+ && is_array($ldapObject[$nameAttribute])
+ && isset($ldapObject[$nameAttribute][0])
+ ) {
+ // might be set, but not necessarily. if so, we use it.
+ $nameByLDAP = $ldapObject[$nameAttribute][0];
+ }
+
+ $ocName = $this->dn2ocname($ldapObject['dn'][0], $nameByLDAP, $isUsers);
if($ocName) {
$ownCloudNames[] = $ocName;
if($isUsers) {
//cache the user names so it does not need to be retrieved
//again later (e.g. sharing dialogue).
$this->cacheUserExists($ocName);
- $this->cacheUserDisplayName($ocName, $nameByLDAP);
+ if(!is_null($nameByLDAP)) {
+ $this->cacheUserDisplayName($ocName, $nameByLDAP);
+ }
}
}
continue;
@@ -682,7 +692,7 @@ class Access extends LDAPUtility implements user\IUserTools {
*/
public function batchApplyUserAttributes(array $ldapRecords){
foreach($ldapRecords as $userRecord) {
- $ocName = $this->dn2ocname($userRecord['dn'], $userRecord[$this->connection->ldapUserDisplayName]);
+ $ocName = $this->dn2ocname($userRecord['dn'][0], $userRecord[$this->connection->ldapUserDisplayName]);
$this->cacheUserExists($ocName);
$user = $this->userManager->get($ocName);
$user->processAttributes($userRecord);
@@ -710,6 +720,11 @@ class Access extends LDAPUtility implements user\IUserTools {
if($manyAttributes) {
return $list;
} else {
+ $list = array_reduce($list, function($carry, $item) {
+ $attribute = array_keys($item)[0];
+ $carry[] = $item[$attribute][0];
+ return $carry;
+ }, array());
return array_unique($list, SORT_LOCALE_STRING);
}
}
@@ -982,44 +997,29 @@ class Access extends LDAPUtility implements user\IUserTools {
if(!is_null($attr)) {
$selection = array();
- $multiArray = false;
- if(count($attr) > 1) {
- $multiArray = true;
- $i = 0;
- }
+ $i = 0;
foreach($findings as $item) {
if(!is_array($item)) {
continue;
}
$item = \OCP\Util::mb_array_change_key_case($item, MB_CASE_LOWER, 'UTF-8');
-
- if($multiArray) {
- foreach($attr as $key) {
- $key = mb_strtolower($key, 'UTF-8');
- if(isset($item[$key])) {
- if($key !== 'dn') {
- $selection[$i][$key] = $this->resemblesDN($key) ?
- $this->sanitizeDN($item[$key][0])
- : $item[$key][0];
- } else {
- $selection[$i][$key] = $this->sanitizeDN($item[$key]);
- }
- }
-
- }
- $i++;
- } else {
- //tribute to case insensitivity
- $key = mb_strtolower($attr[0], 'UTF-8');
-
+ foreach($attr as $key) {
+ $key = mb_strtolower($key, 'UTF-8');
if(isset($item[$key])) {
- if($this->resemblesDN($key)) {
- $selection[] = $this->sanitizeDN($item[$key]);
+ if(is_array($item[$key]) && isset($item[$key]['count'])) {
+ unset($item[$key]['count']);
+ }
+ if($key !== 'dn') {
+ $selection[$i][$key] = $this->resemblesDN($key) ?
+ $this->sanitizeDN($item[$key])
+ : $item[$key];
} else {
- $selection[] = $item[$key];
+ $selection[$i][$key] = [$this->sanitizeDN($item[$key])];
}
}
+
}
+ $i++;
}
$findings = $selection;
}
diff --git a/apps/user_ldap/lib/user/user.php b/apps/user_ldap/lib/user/user.php
index 6498cdf913f..d8148035d3f 100644
--- a/apps/user_ldap/lib/user/user.php
+++ b/apps/user_ldap/lib/user/user.php
@@ -147,21 +147,21 @@ class User {
//Quota
$attr = strtolower($this->connection->ldapQuotaAttribute);
if(isset($ldapEntry[$attr])) {
- $this->updateQuota($ldapEntry[$attr]);
+ $this->updateQuota($ldapEntry[$attr][0]);
}
unset($attr);
//Email
$attr = strtolower($this->connection->ldapEmailAttribute);
if(isset($ldapEntry[$attr])) {
- $this->updateEmail($ldapEntry[$attr]);
+ $this->updateEmail($ldapEntry[$attr][0]);
}
unset($attr);
//displayName
$attr = strtolower($this->connection->ldapUserDisplayName);
if(isset($ldapEntry[$attr])) {
- $displayName = $ldapEntry[$attr];
+ $displayName = $ldapEntry[$attr][0];
if(!empty($displayName)) {
$this->storeDisplayName($displayName);
$this->access->cacheUserDisplayName($this->getUsername(), $displayName);
@@ -171,18 +171,20 @@ class User {
// LDAP Username, needed for s2s sharing
if(isset($ldapEntry['uid'])) {
- $this->storeLDAPUserName($ldapEntry['uid']);
+ $this->storeLDAPUserName($ldapEntry['uid'][0]);
} else if(isset($ldapEntry['samaccountname'])) {
- $this->storeLDAPUserName($ldapEntry['samaccountname']);
+ $this->storeLDAPUserName($ldapEntry['samaccountname'][0]);
}
+
//homePath
if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) {
$attr = strtolower(substr($this->connection->homeFolderNamingRule, strlen('attr:')));
if(isset($ldapEntry[$attr])) {
$this->access->cacheUserHome(
- $this->getUsername(), $this->getHomePath($ldapEntry[$attr]));
+ $this->getUsername(), $this->getHomePath($ldapEntry[$attr][0]));
}
}
+
//memberOf groups
$cacheKey = 'getMemberOf'.$this->getUsername();
$groups = false;
@@ -190,11 +192,12 @@ class User {
$groups = $ldapEntry['memberof'];
}
$this->connection->writeToCache($cacheKey, $groups);
+
//Avatar
$attrs = array('jpegphoto', 'thumbnailphoto');
foreach ($attrs as $attr) {
if(isset($ldapEntry[$attr])) {
- $this->avatarImage = $ldapEntry[$attr];
+ $this->avatarImage = $ldapEntry[$attr][0];
$this->updateAvatar();
break;
}
diff --git a/apps/user_ldap/lib/wizard.php b/apps/user_ldap/lib/wizard.php
index 84a1225d6ec..a819b2e0e46 100644
--- a/apps/user_ldap/lib/wizard.php
+++ b/apps/user_ldap/lib/wizard.php
@@ -435,7 +435,11 @@ class Wizard extends LDAPUtility {
// detection will fail later
$result = $this->access->searchGroups($filter, array('cn', 'dn'), $limit, $offset);
foreach($result as $item) {
- $groupNames[] = $item['cn'];
+ if(!isset($item['cn']) && !is_array($item['cn']) && !isset($item['cn'][0])) {
+ // just in case - no issue known
+ continue;
+ }
+ $groupNames[] = $item['cn'][0];
$groupEntries[] = $item;
}
$offset += $limit;
diff --git a/apps/user_ldap/tests/group_ldap.php b/apps/user_ldap/tests/group_ldap.php
index 132fbfdf687..8ed2bc5c677 100644
--- a/apps/user_ldap/tests/group_ldap.php
+++ b/apps/user_ldap/tests/group_ldap.php
@@ -145,7 +145,7 @@ class Test_Group_Ldap extends \Test\TestCase {
$access->expects($this->once())
->method('searchGroups')
- ->will($this->returnValue(array('cn=foo,dc=barfoo,dc=bar')));
+ ->will($this->returnValue([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]));
$access->expects($this->once())
->method('dn2groupname')
@@ -221,7 +221,7 @@ class Test_Group_Ldap extends \Test\TestCase {
$access->expects($this->once())
->method('searchGroups')
- ->will($this->returnValue(array('cn=foo,dc=barfoo,dc=bar')));
+ ->will($this->returnValue([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]));
$access->expects($this->once())
->method('dn2groupname')
diff --git a/apps/user_ldap/tests/user_ldap.php b/apps/user_ldap/tests/user_ldap.php
index 69a76c0b7ac..0f70c43fc11 100644
--- a/apps/user_ldap/tests/user_ldap.php
+++ b/apps/user_ldap/tests/user_ldap.php
@@ -124,7 +124,7 @@ class Test_User_Ldap_Direct extends \Test\TestCase {
->method('fetchListOfUsers')
->will($this->returnCallback(function($filter) {
if($filter === 'roland') {
- return array(array('dn' => 'dnOfRoland,dc=test'));
+ return array(array('dn' => ['dnOfRoland,dc=test']));
}
return array();
}));
@@ -133,7 +133,7 @@ class Test_User_Ldap_Direct extends \Test\TestCase {
->method('fetchUsersByLoginName')
->will($this->returnCallback(function($uid) {
if($uid === 'roland') {
- return array(array('dn' => 'dnOfRoland,dc=test'));
+ return array(array('dn' => ['dnOfRoland,dc=test']));
}
return array();
}));
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index 59c61524c9b..fc8ce361637 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -78,7 +78,7 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
public function loginName2UserName($loginName) {
try {
$ldapRecord = $this->getLDAPUserByLoginName($loginName);
- $user = $this->access->userManager->get($ldapRecord['dn']);
+ $user = $this->access->userManager->get($ldapRecord['dn'][0]);
if($user instanceof OfflineUser) {
return false;
}
@@ -119,7 +119,7 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
} catch(\Exception $e) {
return false;
}
- $dn = $ldapRecord['dn'];
+ $dn = $ldapRecord['dn'][0];
$user = $this->access->userManager->get($dn);
if(!$user instanceof User) {