use uniquemember instead of deprecated memberuid to identify LDAP group members. Attention: not every method is adjusted yet, so it breaks some things.

2 files changed, 33 insertions, 4 deletions

diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index fe0789cdeb7..df82162a67f 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -25,12 +25,10 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
 // 	//group specific settings
 	protected $ldapGroupFilter;
 	protected $ldapGroupDisplayName;
-	protected $ldapGroupMemberAttr;
 
 	public function __construct() {
 		$this->ldapGroupFilter      = OC_Appconfig::getValue('user_ldap', 'ldap_group_filter', '(objectClass=posixGroup)');
 		$this->ldapGroupDisplayName = OC_Appconfig::getValue('user_ldap', 'ldap_group_display_name', 'cn');
-		$this->ldapGroupMemberAttr  = OC_Appconfig::getValue('user_ldap', 'ldap_group_member_attr', 'memberUid');
 	}
 
 	/**
@@ -83,7 +81,17 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
 			$this->ldapGroupDisplayName.'='.$gid
 		));
 
-		return $this->retrieveList($filter, $this->ldapGroupMemberAttr, false);
+		$userDNs = $this->retrieveList($filter, LDAP_GROUP_MEMBER_ASSOC_ATTR, false);
+		$users = array();
+		$attr = OC_LDAP::conf('ldapUserDisplayName');
+		foreach($userDNs as $dn) {
+			$uid = OC_LDAP::readAttribute($dn, $attr);
+			if($uid) {
+// 			if(($uid = OC_LDAP::readAttribute($dn, $attr)) != false){
+				$users[] = $uid;
+			}
+		}
+		return $users;
 	}
 
 	/**
diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php
index 752ac4f2289..bd5f290779f 100644
--- a/apps/user_ldap/lib_ldap.php
+++ b/apps/user_ldap/lib_ldap.php
@@ -21,7 +21,7 @@
  *
  */
 
-define('LDAP_GROUP_MEMBER_ASSOC_ATTR','memberUid');
+define('LDAP_GROUP_MEMBER_ASSOC_ATTR','uniquemember');
 
 //needed to unbind, because we use OC_LDAP only statically
 class OC_LDAP_DESTRUCTOR {
@@ -67,6 +67,27 @@ class OC_LDAP {
 	}
 
 	/**
+	 * @brief reads a given attribute for an LDAP record identified by a DN
+	 * @param $dn the record in question
+	 * @param $attr the attribute that shall be retrieved
+	 * @returns the value on success, false otherwise
+	 *
+	 * Reads an attribute from an LDAP entry
+	 */
+	static public function readAttribute($dn, $attr) {
+		$attr = strtolower($attr);
+		$cr = self::getConnectionResource();
+
+		$rr = ldap_read($cr, $dn, 'objectClass=*', array($attr));
+		$er = ldap_first_entry($cr, $rr);
+		$result = ldap_get_attributes($cr, $er);
+		if($result['count'] > 0){
+			return $result[$attr][0];
+		}
+		return false;
+	}
+
+	/**
 	 * @brief executes an LDAP search, optimized for Users
 	 * @param $filter the LDAP filter for the search
 	 * @param $attr optional, when a certain attribute shall be filtered out