aboutsummaryrefslogtreecommitdiffstats
path: root/apps/user_ldap/lib/Group_LDAP.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/user_ldap/lib/Group_LDAP.php')
-rw-r--r--apps/user_ldap/lib/Group_LDAP.php31
1 files changed, 20 insertions, 11 deletions
diff --git a/apps/user_ldap/lib/Group_LDAP.php b/apps/user_ldap/lib/Group_LDAP.php
index 617b9f498ef..3532188d9f0 100644
--- a/apps/user_ldap/lib/Group_LDAP.php
+++ b/apps/user_ldap/lib/Group_LDAP.php
@@ -254,21 +254,27 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I
) {
$attemptedLdapMatchingRuleInChain = true;
// compatibility hack with servers supporting :1.2.840.113556.1.4.1941:, and others)
- $filter = $this->access->combineFilterWithAnd([$this->access->connection->ldapUserFilter, 'memberof:1.2.840.113556.1.4.1941:=' . $dnGroup]);
+ $filter = $this->access->combineFilterWithAnd([
+ $this->access->connection->ldapUserFilter,
+ $this->access->connection->ldapUserDisplayName . '=*',
+ 'memberof:1.2.840.113556.1.4.1941:=' . $dnGroup
+ ]);
$memberRecords = $this->access->fetchListOfUsers(
$filter,
$this->access->userManager->getAttributes(true)
);
- if (!empty($memberRecords)) {
- if ($this->access->connection->ldapMatchingRuleInChainState === Configuration::LDAP_SERVER_FEATURE_UNKNOWN) {
- $this->access->connection->ldapMatchingRuleInChainState = Configuration::LDAP_SERVER_FEATURE_AVAILABLE;
- $this->access->connection->saveConfiguration();
- }
- return array_reduce($memberRecords, function ($carry, $record) {
- $carry[] = $record['dn'][0];
- return $carry;
- }, []);
+ $result = array_reduce($memberRecords, function ($carry, $record) {
+ $carry[] = $record['dn'][0];
+ return $carry;
+ }, []);
+ if ($this->access->connection->ldapMatchingRuleInChainState === Configuration::LDAP_SERVER_FEATURE_AVAILABLE) {
+ return $result;
+ } elseif (!empty($memberRecords)) {
+ $this->access->connection->ldapMatchingRuleInChainState = Configuration::LDAP_SERVER_FEATURE_AVAILABLE;
+ $this->access->connection->saveConfiguration();
+ return $result;
}
+ // when feature availability is unknown, and the result is empty, continue and test with original approach
}
$seen[$dnGroup] = 1;
@@ -283,7 +289,10 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I
$allMembers += $this->getDynamicGroupMembers($dnGroup);
$this->access->connection->writeToCache($cacheKey, $allMembers);
- if (isset($attemptedLdapMatchingRuleInChain) && !empty($allMembers)) {
+ if (isset($attemptedLdapMatchingRuleInChain)
+ && $this->access->connection->ldapMatchingRuleInChainState === Configuration::LDAP_SERVER_FEATURE_UNKNOWN
+ && !empty($allMembers)
+ ) {
$this->access->connection->ldapMatchingRuleInChainState = Configuration::LDAP_SERVER_FEATURE_UNAVAILABLE;
$this->access->connection->saveConfiguration();
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 10:24:34 +0000