LDAP: only map users within the User Base Tree

2 files changed, 11 insertions, 3 deletions

diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index 78bc5b46566..a3117b5a41e 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -166,7 +166,9 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
 				$result[] = OC_LDAP::dn2username($ldap_users[0]);
 				continue;
 			} else {
-				$result[] = OC_LDAP::dn2username($member);
+				if($ocname = OC_LDAP::dn2username($member)){
+					$result[] = $ocname;
+				}
 			}
 		}
 		if(!$isMemberUid) {
diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php
index befdf267bcd..6feb6d3c659 100644
--- a/apps/user_ldap/lib_ldap.php
+++ b/apps/user_ldap/lib_ldap.php
@@ -166,11 +166,14 @@ class OC_LDAP {
 	 * @brief returns the internal ownCloud name for the given LDAP DN of the group
 	 * @param $dn the dn of the group object
 	 * @param $ldapname optional, the display name of the object
-	 * @returns string with with the name to use in ownCloud
+	 * @returns string with with the name to use in ownCloud, false on DN outside of search DN
 	 *
 	 * returns the internal ownCloud name for the given LDAP DN of the group
 	 */
 	static public function dn2groupname($dn, $ldapname = null) {
+		if(strrpos($dn, self::ldapBaseGroups) !== (strlen($dn)-strlen(self::ldapBaseGroups)-1)) {
+			return false;
+		}
 		return self::dn2ocname($dn, $ldapname, false);
 	}
 
@@ -180,9 +183,12 @@ class OC_LDAP {
 	 * @param $ldapname optional, the display name of the object
 	 * @returns string with with the name to use in ownCloud
 	 *
-	 * returns the internal ownCloud name for the given LDAP DN of the user
+	 * returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN
 	 */
 	static public function dn2username($dn, $ldapname = null) {
+		if(strrpos($dn, self::ldapBaseUsers) !== (strlen($dn)-strlen(self::ldapBaseUsers)-1)) {
+			return false;
+		}
 		return self::dn2ocname($dn, $ldapname, true);
 	}