aboutsummaryrefslogtreecommitdiffstats
path: root/apps/user_ldap/lib/access.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/user_ldap/lib/access.php')
-rw-r--r--apps/user_ldap/lib/access.php38
1 files changed, 38 insertions, 0 deletions
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index f38d11d4be3..44237b52393 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -347,6 +347,44 @@ class Access extends LDAPUtility implements user\IUserTools {
}
/**
+ * accepts an array of group DNs and tests whether they match the user
+ * filter by doing read operations against the group entries. Returns an
+ * array of DNs that match the filter.
+ *
+ * @param string[] $groupDNs
+ * @return string[]
+ */
+ public function groupsMatchFilter($groupDNs) {
+ $validGroupDNs = [];
+ foreach($groupDNs as $dn) {
+ $cacheKey = 'groupsMatchFilter-'.$dn;
+ if($this->connection->isCached($cacheKey)) {
+ if($this->connection->getFromCache($cacheKey)) {
+ $validGroupDNs[] = $dn;
+ }
+ continue;
+ }
+
+ // Check the base DN first. If this is not met already, we don't
+ // need to ask the server at all.
+ if(!$this->isDNPartOfBase($dn, $this->connection->ldapBaseGroups)) {
+ $this->connection->writeToCache($cacheKey, false);
+ continue;
+ }
+
+ $result = $this->readAttribute($dn, 'cn', $this->connection->ldapGroupFilter);
+ if(is_array($result)) {
+ $this->connection->writeToCache($cacheKey, true);
+ $validGroupDNs[] = $dn;
+ } else {
+ $this->connection->writeToCache($cacheKey, false);
+ }
+
+ }
+ return $validGroupDNs;
+ }
+
+ /**
* returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN or failure
* @param string $dn the dn of the user object
* @param string $ldapName optional, the display name of the object