From accf28a35547700a860a01049f23dd047f97337b Mon Sep 17 00:00:00 2001 From: Thomas Müller Date: Wed, 10 Aug 2016 17:59:11 +0200 Subject: [stable8.2] check if renamed user is still valid by reapplying the ld… (#25394) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable8.2] check if renamed user is still valid by reapplying the ldap filter (#25338) * Add missing filter during cleanup * Fix another missing check --- apps/user_ldap/lib/access.php | 2 +- apps/user_ldap/user_ldap.php | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php index dca9c29ec63..a4e4b6873ff 100644 --- a/apps/user_ldap/lib/access.php +++ b/apps/user_ldap/lib/access.php @@ -177,7 +177,7 @@ class Access extends LDAPUtility implements user\IUserTools { //in case an error occurs , e.g. object does not exist return false; } - if (empty($attr)) { + if (empty($attr) && ($filter === 'objectclass=*' || $this->ldap->countEntries($cr, $rr) === 1)) { \OCP\Util::writeLog('user_ldap', 'readAttribute: '.$dn.' found', \OCP\Util::DEBUG); return array(); } diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php index 3ceacc72415..4e95fbd5f78 100644 --- a/apps/user_ldap/user_ldap.php +++ b/apps/user_ldap/user_ldap.php @@ -215,7 +215,7 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn $dn = $user->getDN(); //check if user really still exists by reading its entry - if(!is_array($this->access->readAttribute($dn, ''))) { + if(!is_array($this->access->readAttribute($dn, '', $this->access->connection->ldapUserFilter))) { $lcr = $this->access->connection->getConnectionResource(); if(is_null($lcr)) { throw new \Exception('No LDAP Connection to server ' . $this->access->connection->ldapHost); @@ -227,6 +227,11 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn return false; } $newDn = $this->access->getUserDnByUuid($uuid); + //check if renamed user is still valid by reapplying the ldap filter + if(!is_array($this->access->readAttribute($newDn, '', $this->access->connection->ldapUserFilter))) { + return false; + } + $this->access->getUserMapper()->setDNbyUUID($newDn, $uuid); return true; } catch (\Exception $e) { -- cgit v1.2.3