diff options
author | Thomas Müller <thomas.mueller@tmit.eu> | 2015-10-13 14:09:52 +0200 |
---|---|---|
committer | Thomas Müller <thomas.mueller@tmit.eu> | 2015-10-13 14:09:52 +0200 |
commit | 3f083353c10f92788613d0de9a89f428f7970940 (patch) | |
tree | dfae46539952e4d196532dc848fcb5002b3d20ee /apps/user_ldap | |
parent | 2df006d0b7094ab77691bf89ec7d526449110e9d (diff) | |
parent | e3a148584a434fe9748a4164dcddf77a402e0966 (diff) | |
download | nextcloud-server-3f083353c10f92788613d0de9a89f428f7970940.tar.gz nextcloud-server-3f083353c10f92788613d0de9a89f428f7970940.zip |
Merge pull request #19635 from owncloud/fix-ldap-value-limitation
allow an attribute to return more than one value
Diffstat (limited to 'apps/user_ldap')
-rw-r--r-- | apps/user_ldap/group_ldap.php | 6 | ||||
-rw-r--r-- | apps/user_ldap/lib/access.php | 70 | ||||
-rw-r--r-- | apps/user_ldap/lib/user/user.php | 17 | ||||
-rw-r--r-- | apps/user_ldap/lib/wizard.php | 6 | ||||
-rw-r--r-- | apps/user_ldap/tests/group_ldap.php | 4 | ||||
-rw-r--r-- | apps/user_ldap/tests/user_ldap.php | 4 | ||||
-rw-r--r-- | apps/user_ldap/user_ldap.php | 4 |
7 files changed, 59 insertions, 52 deletions
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php index 97ed8fa91ac..cf58e5b902d 100644 --- a/apps/user_ldap/group_ldap.php +++ b/apps/user_ldap/group_ldap.php @@ -247,7 +247,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface { if(empty($result)) { return false; } - $dn = $result[0]; + $dn = $result[0]['dn'][0]; //and now the group name //NOTE once we have separate ownCloud group IDs and group names we can @@ -491,7 +491,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface { array($this->access->connection->ldapGroupDisplayName, 'dn')); if (is_array($groups)) { foreach ($groups as $groupobj) { - $groupDN = $groupobj['dn']; + $groupDN = $groupobj['dn'][0]; $allGroups[$groupDN] = $groupobj; $nestedGroups = $this->access->connection->ldapNestedGroups; if (!empty($nestedGroups)) { @@ -653,7 +653,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface { str_replace('%uid', $member, $this->access->connection->ldapLoginFilter), $this->access->getFilterPartForUserSearch($search) )); - $ldap_users = $this->access->fetchListOfUsers($filter, 'dn'); + $ldap_users = $this->access->fetchListOfUsers($filter, 'dn', 1); if(count($ldap_users) < 1) { continue; } diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php index 0707b95013c..32472c13b03 100644 --- a/apps/user_ldap/lib/access.php +++ b/apps/user_ldap/lib/access.php @@ -489,7 +489,7 @@ class Access extends LDAPUtility implements user\IUserTools { /** * gives back the user names as they are used ownClod internally - * @param array $ldapUsers an array with the ldap Users result in style of array ( array ('dn' => foo, 'uid' => bar), ... ) + * @param array $ldapUsers as returned by fetchList() * @return array an array with the user names to use in ownCloud * * gives back the user names as they are used ownClod internally @@ -500,7 +500,7 @@ class Access extends LDAPUtility implements user\IUserTools { /** * gives back the group names as they are used ownClod internally - * @param array $ldapGroups an array with the ldap Groups result in style of array ( array ('dn' => foo, 'cn' => bar), ... ) + * @param array $ldapGroups as returned by fetchList() * @return array an array with the group names to use in ownCloud * * gives back the group names as they are used ownClod internally @@ -510,7 +510,7 @@ class Access extends LDAPUtility implements user\IUserTools { } /** - * @param array $ldapObjects + * @param array $ldapObjects as returned by fetchList() * @param bool $isUsers * @return array */ @@ -523,15 +523,25 @@ class Access extends LDAPUtility implements user\IUserTools { $ownCloudNames = array(); foreach($ldapObjects as $ldapObject) { - $nameByLDAP = isset($ldapObject[$nameAttribute]) ? $ldapObject[$nameAttribute] : null; - $ocName = $this->dn2ocname($ldapObject['dn'], $nameByLDAP, $isUsers); + $nameByLDAP = null; + if( isset($ldapObject[$nameAttribute]) + && is_array($ldapObject[$nameAttribute]) + && isset($ldapObject[$nameAttribute][0]) + ) { + // might be set, but not necessarily. if so, we use it. + $nameByLDAP = $ldapObject[$nameAttribute][0]; + } + + $ocName = $this->dn2ocname($ldapObject['dn'][0], $nameByLDAP, $isUsers); if($ocName) { $ownCloudNames[] = $ocName; if($isUsers) { //cache the user names so it does not need to be retrieved //again later (e.g. sharing dialogue). $this->cacheUserExists($ocName); - $this->cacheUserDisplayName($ocName, $nameByLDAP); + if(!is_null($nameByLDAP)) { + $this->cacheUserDisplayName($ocName, $nameByLDAP); + } } } continue; @@ -682,7 +692,7 @@ class Access extends LDAPUtility implements user\IUserTools { */ public function batchApplyUserAttributes(array $ldapRecords){ foreach($ldapRecords as $userRecord) { - $ocName = $this->dn2ocname($userRecord['dn'], $userRecord[$this->connection->ldapUserDisplayName]); + $ocName = $this->dn2ocname($userRecord['dn'][0], $userRecord[$this->connection->ldapUserDisplayName]); $this->cacheUserExists($ocName); $user = $this->userManager->get($ocName); $user->processAttributes($userRecord); @@ -710,6 +720,11 @@ class Access extends LDAPUtility implements user\IUserTools { if($manyAttributes) { return $list; } else { + $list = array_reduce($list, function($carry, $item) { + $attribute = array_keys($item)[0]; + $carry[] = $item[$attribute][0]; + return $carry; + }, array()); return array_unique($list, SORT_LOCALE_STRING); } } @@ -982,44 +997,29 @@ class Access extends LDAPUtility implements user\IUserTools { if(!is_null($attr)) { $selection = array(); - $multiArray = false; - if(count($attr) > 1) { - $multiArray = true; - $i = 0; - } + $i = 0; foreach($findings as $item) { if(!is_array($item)) { continue; } $item = \OCP\Util::mb_array_change_key_case($item, MB_CASE_LOWER, 'UTF-8'); - - if($multiArray) { - foreach($attr as $key) { - $key = mb_strtolower($key, 'UTF-8'); - if(isset($item[$key])) { - if($key !== 'dn') { - $selection[$i][$key] = $this->resemblesDN($key) ? - $this->sanitizeDN($item[$key][0]) - : $item[$key][0]; - } else { - $selection[$i][$key] = $this->sanitizeDN($item[$key]); - } - } - - } - $i++; - } else { - //tribute to case insensitivity - $key = mb_strtolower($attr[0], 'UTF-8'); - + foreach($attr as $key) { + $key = mb_strtolower($key, 'UTF-8'); if(isset($item[$key])) { - if($this->resemblesDN($key)) { - $selection[] = $this->sanitizeDN($item[$key]); + if(is_array($item[$key]) && isset($item[$key]['count'])) { + unset($item[$key]['count']); + } + if($key !== 'dn') { + $selection[$i][$key] = $this->resemblesDN($key) ? + $this->sanitizeDN($item[$key]) + : $item[$key]; } else { - $selection[] = $item[$key]; + $selection[$i][$key] = [$this->sanitizeDN($item[$key])]; } } + } + $i++; } $findings = $selection; } diff --git a/apps/user_ldap/lib/user/user.php b/apps/user_ldap/lib/user/user.php index 6498cdf913f..d8148035d3f 100644 --- a/apps/user_ldap/lib/user/user.php +++ b/apps/user_ldap/lib/user/user.php @@ -147,21 +147,21 @@ class User { //Quota $attr = strtolower($this->connection->ldapQuotaAttribute); if(isset($ldapEntry[$attr])) { - $this->updateQuota($ldapEntry[$attr]); + $this->updateQuota($ldapEntry[$attr][0]); } unset($attr); //Email $attr = strtolower($this->connection->ldapEmailAttribute); if(isset($ldapEntry[$attr])) { - $this->updateEmail($ldapEntry[$attr]); + $this->updateEmail($ldapEntry[$attr][0]); } unset($attr); //displayName $attr = strtolower($this->connection->ldapUserDisplayName); if(isset($ldapEntry[$attr])) { - $displayName = $ldapEntry[$attr]; + $displayName = $ldapEntry[$attr][0]; if(!empty($displayName)) { $this->storeDisplayName($displayName); $this->access->cacheUserDisplayName($this->getUsername(), $displayName); @@ -171,18 +171,20 @@ class User { // LDAP Username, needed for s2s sharing if(isset($ldapEntry['uid'])) { - $this->storeLDAPUserName($ldapEntry['uid']); + $this->storeLDAPUserName($ldapEntry['uid'][0]); } else if(isset($ldapEntry['samaccountname'])) { - $this->storeLDAPUserName($ldapEntry['samaccountname']); + $this->storeLDAPUserName($ldapEntry['samaccountname'][0]); } + //homePath if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) { $attr = strtolower(substr($this->connection->homeFolderNamingRule, strlen('attr:'))); if(isset($ldapEntry[$attr])) { $this->access->cacheUserHome( - $this->getUsername(), $this->getHomePath($ldapEntry[$attr])); + $this->getUsername(), $this->getHomePath($ldapEntry[$attr][0])); } } + //memberOf groups $cacheKey = 'getMemberOf'.$this->getUsername(); $groups = false; @@ -190,11 +192,12 @@ class User { $groups = $ldapEntry['memberof']; } $this->connection->writeToCache($cacheKey, $groups); + //Avatar $attrs = array('jpegphoto', 'thumbnailphoto'); foreach ($attrs as $attr) { if(isset($ldapEntry[$attr])) { - $this->avatarImage = $ldapEntry[$attr]; + $this->avatarImage = $ldapEntry[$attr][0]; $this->updateAvatar(); break; } diff --git a/apps/user_ldap/lib/wizard.php b/apps/user_ldap/lib/wizard.php index 84a1225d6ec..a819b2e0e46 100644 --- a/apps/user_ldap/lib/wizard.php +++ b/apps/user_ldap/lib/wizard.php @@ -435,7 +435,11 @@ class Wizard extends LDAPUtility { // detection will fail later $result = $this->access->searchGroups($filter, array('cn', 'dn'), $limit, $offset); foreach($result as $item) { - $groupNames[] = $item['cn']; + if(!isset($item['cn']) && !is_array($item['cn']) && !isset($item['cn'][0])) { + // just in case - no issue known + continue; + } + $groupNames[] = $item['cn'][0]; $groupEntries[] = $item; } $offset += $limit; diff --git a/apps/user_ldap/tests/group_ldap.php b/apps/user_ldap/tests/group_ldap.php index 132fbfdf687..8ed2bc5c677 100644 --- a/apps/user_ldap/tests/group_ldap.php +++ b/apps/user_ldap/tests/group_ldap.php @@ -145,7 +145,7 @@ class Test_Group_Ldap extends \Test\TestCase { $access->expects($this->once()) ->method('searchGroups') - ->will($this->returnValue(array('cn=foo,dc=barfoo,dc=bar'))); + ->will($this->returnValue([['dn' => ['cn=foo,dc=barfoo,dc=bar']]])); $access->expects($this->once()) ->method('dn2groupname') @@ -221,7 +221,7 @@ class Test_Group_Ldap extends \Test\TestCase { $access->expects($this->once()) ->method('searchGroups') - ->will($this->returnValue(array('cn=foo,dc=barfoo,dc=bar'))); + ->will($this->returnValue([['dn' => ['cn=foo,dc=barfoo,dc=bar']]])); $access->expects($this->once()) ->method('dn2groupname') diff --git a/apps/user_ldap/tests/user_ldap.php b/apps/user_ldap/tests/user_ldap.php index 69a76c0b7ac..0f70c43fc11 100644 --- a/apps/user_ldap/tests/user_ldap.php +++ b/apps/user_ldap/tests/user_ldap.php @@ -124,7 +124,7 @@ class Test_User_Ldap_Direct extends \Test\TestCase { ->method('fetchListOfUsers') ->will($this->returnCallback(function($filter) { if($filter === 'roland') { - return array(array('dn' => 'dnOfRoland,dc=test')); + return array(array('dn' => ['dnOfRoland,dc=test'])); } return array(); })); @@ -133,7 +133,7 @@ class Test_User_Ldap_Direct extends \Test\TestCase { ->method('fetchUsersByLoginName') ->will($this->returnCallback(function($uid) { if($uid === 'roland') { - return array(array('dn' => 'dnOfRoland,dc=test')); + return array(array('dn' => ['dnOfRoland,dc=test'])); } return array(); })); diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php index 59c61524c9b..fc8ce361637 100644 --- a/apps/user_ldap/user_ldap.php +++ b/apps/user_ldap/user_ldap.php @@ -78,7 +78,7 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn public function loginName2UserName($loginName) { try { $ldapRecord = $this->getLDAPUserByLoginName($loginName); - $user = $this->access->userManager->get($ldapRecord['dn']); + $user = $this->access->userManager->get($ldapRecord['dn'][0]); if($user instanceof OfflineUser) { return false; } @@ -119,7 +119,7 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn } catch(\Exception $e) { return false; } - $dn = $ldapRecord['dn']; + $dn = $ldapRecord['dn'][0]; $user = $this->access->userManager->get($dn); if(!$user instanceof User) { |