summaryrefslogtreecommitdiffstats
path: root/apps/user_ldap
diff options
context:
space:
mode:
Diffstat (limited to 'apps/user_ldap')
-rw-r--r--apps/user_ldap/lib/wizard.php47
1 files changed, 14 insertions, 33 deletions
diff --git a/apps/user_ldap/lib/wizard.php b/apps/user_ldap/lib/wizard.php
index 6c39f406e83..a1c0b2dadbc 100644
--- a/apps/user_ldap/lib/wizard.php
+++ b/apps/user_ldap/lib/wizard.php
@@ -389,10 +389,10 @@ class Wizard extends LDAPUtility {
throw new \Exception('Could not connect to LDAP');
}
- $groups = $this->fetchGroups($dbKey, $confKey);
+ $this->fetchGroups($dbKey, $confKey);
if($testMemberOf) {
- $this->configuration->hasMemberOfFilterSupport = $this->testMemberOf($groups);
+ $this->configuration->hasMemberOfFilterSupport = $this->testMemberOf();
$this->result->markChange();
if(!$this->configuration->hasMemberOfFilterSupport) {
throw new \Exception('memberOf is not supported by the server');
@@ -403,10 +403,12 @@ class Wizard extends LDAPUtility {
}
/**
- * fetches all groups from LDAP
+ * fetches all groups from LDAP and adds them to the result object
+ *
* @param string $dbKey
* @param string $confKey
* @return array $groupEntries
+ * @throws \Exception
*/
public function fetchGroups($dbKey, $confKey) {
$obclasses = array('posixGroup', 'group', 'zimbraDistributionList', 'groupOfNames');
@@ -485,7 +487,7 @@ class Wizard extends LDAPUtility {
throw new \Exception('Could not connect to LDAP');
}
- $obclasses = array('group', 'posixGroup', '*');
+ $obclasses = array('groupOfNames', 'group', 'posixGroup', '*');
$this->determineFeature($obclasses,
'objectclass',
'ldap_groupfilter_objectclass',
@@ -831,43 +833,22 @@ class Wizard extends LDAPUtility {
/**
* Checks whether the server supports memberOf in LDAP Filter.
- * Requires that groups are determined, thus internally called from within
- * determineGroups()
- * @param array $groups
+ * Note: at least in OpenLDAP, availability of memberOf is dependent on
+ * a configured objectClass. I.e. not necessarily for all available groups
+ * memberOf does work.
+ *
* @return bool true if it does, false otherwise
* @throws \Exception
*/
- private function testMemberOf($groups) {
+ private function testMemberOf() {
$cr = $this->getConnection();
if(!$cr) {
throw new \Exception('Could not connect to LDAP');
}
- if(!is_array($this->configuration->ldapBase)
- || !isset($this->configuration->ldapBase[0])) {
- return false;
- }
- $base = $this->configuration->ldapBase[0];
- $filterPrefix = '(&(objectclass=*)(memberOf=';
- $filterSuffix = '))';
-
- foreach($groups as $groupProperties) {
- if(!isset($groupProperties['cn'])) {
- //assuming only groups have their cn cached :)
- continue;
- }
- $filter = strtolower($filterPrefix . $groupProperties['dn'] . $filterSuffix);
- $rr = $this->ldap->search($cr, $base, $filter, array('dn'));
- if(!$this->ldap->isResource($rr)) {
- continue;
- }
- $entries = $this->ldap->countEntries($cr, $rr);
- //we do not know which groups are empty, so test any and return
- //success on the first match that returns at least one user
- if(($entries !== false) && ($entries > 0)) {
- return true;
- }
+ $result = $this->access->countUsers('memberOf=*', array('memberOf'), 1);
+ if(is_int($result) && $result > 0) {
+ return true;
}
-
return false;
}