From bfdf39b9bd286e7739937f8856f85787e987043a Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Thu, 9 Jul 2015 12:19:04 +0200 Subject: LDAP: when checking group for matching filter, also take base DN into consideration. Fixes #17516 --- .../lib/IntegrationTestAccessGroupsMatchFilter.php | 28 +++++++++++- .../createExplicitGroupsDifferentOU.php | 52 ++++++++++++++++++++++ 2 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 apps/user_ldap/tests/integration/setup-scripts/createExplicitGroupsDifferentOU.php (limited to 'apps/user_ldap/tests') diff --git a/apps/user_ldap/tests/integration/lib/IntegrationTestAccessGroupsMatchFilter.php b/apps/user_ldap/tests/integration/lib/IntegrationTestAccessGroupsMatchFilter.php index 6560153bb63..92035d94b4b 100644 --- a/apps/user_ldap/tests/integration/lib/IntegrationTestAccessGroupsMatchFilter.php +++ b/apps/user_ldap/tests/integration/lib/IntegrationTestAccessGroupsMatchFilter.php @@ -43,6 +43,7 @@ class IntegrationTestAccessGroupsMatchFilter { public function init() { require('setup-scripts/createExplicitUsers.php'); require('setup-scripts/createExplicitGroups.php'); + require('setup-scripts/createExplicitGroupsDifferentOU.php'); $this->initLDAPWrapper(); $this->initConnection(); @@ -55,7 +56,7 @@ class IntegrationTestAccessGroupsMatchFilter { * If a test failed, the script is exited with return code 1. */ public function run() { - $cases = ['case1', 'case2']; + $cases = ['case1', 'case2', 'case3']; foreach ($cases as $case) { print("running $case " . PHP_EOL); @@ -106,6 +107,30 @@ class IntegrationTestAccessGroupsMatchFilter { return $status; } + /** + * Tests whether a filter for limited groups is effective when more existing + * groups were passed for validation. + * + * @return bool + */ + private function case3() { + $this->connection->setConfiguration(['ldapGroupFilter' => '(objectclass=groupOfNames)']); + + $dns = [ + 'cn=RedGroup,ou=Groups,' . $this->base, + 'cn=PurpleGroup,ou=Groups,' . $this->base, + 'cn=SquaredCircleGroup,ou=SpecialGroups,' . $this->base + ]; + $result = $this->access->groupsMatchFilter($dns); + + $status = + count($result) === 2 + && in_array('cn=RedGroup,ou=Groups,' . $this->base, $result) + && in_array('cn=PurpleGroup,ou=Groups,' . $this->base, $result); + + return $status; + } + /** * initializes the Access test instance */ @@ -129,6 +154,7 @@ class IntegrationTestAccessGroupsMatchFilter { 'ldapHost' => $this->server['host'], 'ldapPort' => $this->server['port'], 'ldapBase' => $this->base, + 'ldapBaseGroups' => 'ou=Groups,' . $this->base, 'ldapAgentName' => $this->server['dn'], 'ldapAgentPassword' => $this->server['pwd'], 'ldapUserFilter' => 'objectclass=inetOrgPerson', diff --git a/apps/user_ldap/tests/integration/setup-scripts/createExplicitGroupsDifferentOU.php b/apps/user_ldap/tests/integration/setup-scripts/createExplicitGroupsDifferentOU.php new file mode 100644 index 00000000000..361881969cc --- /dev/null +++ b/apps/user_ldap/tests/integration/setup-scripts/createExplicitGroupsDifferentOU.php @@ -0,0 +1,52 @@ +