1 files changed, 19 insertions, 3 deletions

diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php
index c02cc968637..482fc80b0a9 100644
--- a/apps/user_ldap/lib/Access.php
+++ b/apps/user_ldap/lib/Access.php
@@ -579,7 +579,19 @@ class Access extends LDAPUtility implements IUserTools {
 			} else {
 				$username = $uuid;
 			}
-			$intName = $this->sanitizeUsername($username);
+			try {
+				$intName = $this->sanitizeUsername($username);
+			} catch (\InvalidArgumentException $e) {
+				\OC::$server->getLogger()->logException($e, [
+					'app' => 'user_ldap',
+					'level' => Util::WARN,
+				]);
+				// we don't attempt to set a username here. We can go for
+				// for an alternativ 4 digit random number as we would append
+				// otherwise, however it's likely not enough space in bigger
+				// setups, and most importantly: this is not intended.
+				return false;
+			}
 		} else {
 			$intName = $ldapName;
 		}
@@ -1291,7 +1303,7 @@ class Access extends LDAPUtility implements IUserTools {
 
 	/**
 	 * @param string $name
-	 * @return bool|mixed|string
+	 * @return string
 	 */
 	public function sanitizeUsername($name) {
 		if($this->connection->ldapIgnoreNamingRules) {
@@ -1300,7 +1312,7 @@ class Access extends LDAPUtility implements IUserTools {
 
 		// Transliteration
 		// latin characters to ASCII
-		$name = iconv('UTF-8', 'ASCII//TRANSLIT', $name);
+		$name = iconv('UTF-8', 'ASCII//TRANSLIT', trim($name));
 
 		// Replacements
 		$name = str_replace(' ', '_', $name);
@@ -1308,6 +1320,10 @@ class Access extends LDAPUtility implements IUserTools {
 		// Every remaining disallowed characters will be removed
 		$name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name);
 
+		if($name === '') {
+			throw new \InvalidArgumentException('provided name template for username does not contain any allowed characters');
+		}
+
 		return $name;
 	}