diff options
author | Morris Jobke <hey@morrisjobke.de> | 2015-08-26 11:42:47 +0200 |
---|---|---|
committer | Morris Jobke <hey@morrisjobke.de> | 2015-08-26 11:42:47 +0200 |
commit | 27af0e82ddba29512a4a5fe08cbd060cc6251264 (patch) | |
tree | e2e1e8f721305e3abdb95f13ac55e921db61c4c1 /apps | |
parent | 7ed8c7f75c0aa035b44e7db6fa1f9f486dedbdf8 (diff) | |
parent | a55f233e9ffac7d492733f50a37343b4243898bf (diff) | |
download | nextcloud-server-27af0e82ddba29512a4a5fe08cbd060cc6251264.tar.gz nextcloud-server-27af0e82ddba29512a4a5fe08cbd060cc6251264.zip |
Merge pull request #18042 from GreenArchon/master
Properly nest groups when using memberOf to detect group membership, …
Diffstat (limited to 'apps')
-rw-r--r-- | apps/user_ldap/group_ldap.php | 35 | ||||
-rw-r--r-- | apps/user_ldap/tests/group_ldap.php | 7 |
2 files changed, 35 insertions, 7 deletions
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php index 1bc0392a7d7..a5fc59d3b07 100644 --- a/apps/user_ldap/group_ldap.php +++ b/apps/user_ldap/group_ldap.php @@ -182,6 +182,36 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface { } /** + * @param string $DN + * @param array|null &$seen + * @return array + */ + private function _getGroupDNsFromMemberOf($DN, &$seen = null) { + if ($seen === null) { + $seen = array(); + } + if (array_key_exists($DN, $seen)) { + // avoid loops + return array(); + } + $seen[$DN] = 1; + $groups = $this->access->readAttribute($DN, 'memberOf'); + if (!is_array($groups)) { + return array(); + } + $groups = $this->access->groupsMatchFilter($groups); + $allGroups = $groups; + $nestedGroups = $this->access->connection->ldapNestedGroups; + if (intval($nestedGroups) === 1) { + foreach ($groups as $group) { + $subGroups = $this->_getGroupDNsFromMemberOf($group, $seen); + $allGroups = array_merge($allGroups, $subGroups); + } + } + return $allGroups; + } + + /** * translates a primary group ID into an ownCloud internal name * @param string $gid as given by primaryGroupID on AD * @param string $dn a DN that belongs to the same domain as the group @@ -377,10 +407,8 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface { if(intval($this->access->connection->hasMemberOfFilterSupport) === 1 && intval($this->access->connection->useMemberOfToDetectMembership) === 1 ) { - $groupDNs = $this->access->readAttribute($userDN, 'memberOf'); - + $groupDNs = $this->_getGroupDNsFromMemberOf($userDN); if (is_array($groupDNs)) { - $groupDNs = $this->access->groupsMatchFilter($groupDNs); foreach ($groupDNs as $dn) { $groupName = $this->access->dn2groupname($dn); if(is_string($groupName)) { @@ -390,6 +418,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface { } } } + if($primaryGroup !== false) { $groups[] = $primaryGroup; } diff --git a/apps/user_ldap/tests/group_ldap.php b/apps/user_ldap/tests/group_ldap.php index f716618ce48..805238e7d37 100644 --- a/apps/user_ldap/tests/group_ldap.php +++ b/apps/user_ldap/tests/group_ldap.php @@ -395,16 +395,15 @@ class Test_Group_Ldap extends \Test\TestCase { ->method('username2dn') ->will($this->returnValue($dn)); - $access->expects($this->once()) + $access->expects($this->exactly(3)) ->method('readAttribute') - ->with($dn, 'memberOf') - ->will($this->returnValue(['cn=groupA,dc=foobar', 'cn=groupB,dc=foobar'])); + ->will($this->onConsecutiveCalls(['cn=groupA,dc=foobar', 'cn=groupB,dc=foobar'], [], [])); $access->expects($this->exactly(2)) ->method('dn2groupname') ->will($this->returnArgument(0)); - $access->expects($this->once()) + $access->expects($this->exactly(3)) ->method('groupsMatchFilter') ->will($this->returnArgument(0)); |