Merge pull request #19635 from owncloud/fix-ldap-value-limitation
allow an attribute to return more than one value
This commit is contained in:
Thomas Müller
commit
3f083353c1
|
|
@ -247,7 +247,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
|
|||
if(empty($result)) {
|
||||
return false;
|
||||
}
|
||||
$dn = $result[0];
|
||||
$dn = $result[0]['dn'][0];
|
||||
|
||||
//and now the group name
|
||||
//NOTE once we have separate ownCloud group IDs and group names we can
|
||||
|
|
@ -491,7 +491,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
|
|||
array($this->access->connection->ldapGroupDisplayName, 'dn'));
|
||||
if (is_array($groups)) {
|
||||
foreach ($groups as $groupobj) {
|
||||
$groupDN = $groupobj['dn'];
|
||||
$groupDN = $groupobj['dn'][0];
|
||||
$allGroups[$groupDN] = $groupobj;
|
||||
$nestedGroups = $this->access->connection->ldapNestedGroups;
|
||||
if (!empty($nestedGroups)) {
|
||||
|
|
@ -653,7 +653,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
|
|||
str_replace('%uid', $member, $this->access->connection->ldapLoginFilter),
|
||||
$this->access->getFilterPartForUserSearch($search)
|
||||
));
|
||||
$ldap_users = $this->access->fetchListOfUsers($filter, 'dn');
|
||||
$ldap_users = $this->access->fetchListOfUsers($filter, 'dn', 1);
|
||||
if(count($ldap_users) < 1) {
|
||||
continue;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -489,7 +489,7 @@ class Access extends LDAPUtility implements user\IUserTools {
|
|||
|
||||
/**
|
||||
* gives back the user names as they are used ownClod internally
|
||||
* @param array $ldapUsers an array with the ldap Users result in style of array ( array ('dn' => foo, 'uid' => bar), ... )
|
||||
* @param array $ldapUsers as returned by fetchList()
|
||||
* @return array an array with the user names to use in ownCloud
|
||||
*
|
||||
* gives back the user names as they are used ownClod internally
|
||||
|
|
@ -500,7 +500,7 @@ class Access extends LDAPUtility implements user\IUserTools {
|
|||
|
||||
/**
|
||||
* gives back the group names as they are used ownClod internally
|
||||
* @param array $ldapGroups an array with the ldap Groups result in style of array ( array ('dn' => foo, 'cn' => bar), ... )
|
||||
* @param array $ldapGroups as returned by fetchList()
|
||||
* @return array an array with the group names to use in ownCloud
|
||||
*
|
||||
* gives back the group names as they are used ownClod internally
|
||||
|
|
@ -510,7 +510,7 @@ class Access extends LDAPUtility implements user\IUserTools {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param array $ldapObjects
|
||||
* @param array $ldapObjects as returned by fetchList()
|
||||
* @param bool $isUsers
|
||||
* @return array
|
||||
*/
|
||||
|
|
@ -523,15 +523,25 @@ class Access extends LDAPUtility implements user\IUserTools {
|
|||
$ownCloudNames = array();
|
||||
|
||||
foreach($ldapObjects as $ldapObject) {
|
||||
$nameByLDAP = isset($ldapObject[$nameAttribute]) ? $ldapObject[$nameAttribute] : null;
|
||||
$ocName = $this->dn2ocname($ldapObject['dn'], $nameByLDAP, $isUsers);
|
||||
$nameByLDAP = null;
|
||||
if( isset($ldapObject[$nameAttribute])
|
||||
&& is_array($ldapObject[$nameAttribute])
|
||||
&& isset($ldapObject[$nameAttribute][0])
|
||||
) {
|
||||
// might be set, but not necessarily. if so, we use it.
|
||||
$nameByLDAP = $ldapObject[$nameAttribute][0];
|
||||
}
|
||||
|
||||
$ocName = $this->dn2ocname($ldapObject['dn'][0], $nameByLDAP, $isUsers);
|
||||
if($ocName) {
|
||||
$ownCloudNames[] = $ocName;
|
||||
if($isUsers) {
|
||||
//cache the user names so it does not need to be retrieved
|
||||
//again later (e.g. sharing dialogue).
|
||||
$this->cacheUserExists($ocName);
|
||||
$this->cacheUserDisplayName($ocName, $nameByLDAP);
|
||||
if(!is_null($nameByLDAP)) {
|
||||
$this->cacheUserDisplayName($ocName, $nameByLDAP);
|
||||
}
|
||||
}
|
||||
}
|
||||
continue;
|
||||
|
|
@ -682,7 +692,7 @@ class Access extends LDAPUtility implements user\IUserTools {
|
|||
*/
|
||||
public function batchApplyUserAttributes(array $ldapRecords){
|
||||
foreach($ldapRecords as $userRecord) {
|
||||
$ocName = $this->dn2ocname($userRecord['dn'], $userRecord[$this->connection->ldapUserDisplayName]);
|
||||
$ocName = $this->dn2ocname($userRecord['dn'][0], $userRecord[$this->connection->ldapUserDisplayName]);
|
||||
$this->cacheUserExists($ocName);
|
||||
$user = $this->userManager->get($ocName);
|
||||
$user->processAttributes($userRecord);
|
||||
|
|
@ -710,6 +720,11 @@ class Access extends LDAPUtility implements user\IUserTools {
|
|||
if($manyAttributes) {
|
||||
return $list;
|
||||
} else {
|
||||
$list = array_reduce($list, function($carry, $item) {
|
||||
$attribute = array_keys($item)[0];
|
||||
$carry[] = $item[$attribute][0];
|
||||
return $carry;
|
||||
}, array());
|
||||
return array_unique($list, SORT_LOCALE_STRING);
|
||||
}
|
||||
}
|
||||
|
|
@ -982,44 +997,29 @@ class Access extends LDAPUtility implements user\IUserTools {
|
|||
|
||||
if(!is_null($attr)) {
|
||||
$selection = array();
|
||||
$multiArray = false;
|
||||
if(count($attr) > 1) {
|
||||
$multiArray = true;
|
||||
$i = 0;
|
||||
}
|
||||
$i = 0;
|
||||
foreach($findings as $item) {
|
||||
if(!is_array($item)) {
|
||||
continue;
|
||||
}
|
||||
$item = \OCP\Util::mb_array_change_key_case($item, MB_CASE_LOWER, 'UTF-8');
|
||||
|
||||
if($multiArray) {
|
||||
foreach($attr as $key) {
|
||||
$key = mb_strtolower($key, 'UTF-8');
|
||||
if(isset($item[$key])) {
|
||||
if($key !== 'dn') {
|
||||
$selection[$i][$key] = $this->resemblesDN($key) ?
|
||||
$this->sanitizeDN($item[$key][0])
|
||||
: $item[$key][0];
|
||||
} else {
|
||||
$selection[$i][$key] = $this->sanitizeDN($item[$key]);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
$i++;
|
||||
} else {
|
||||
//tribute to case insensitivity
|
||||
$key = mb_strtolower($attr[0], 'UTF-8');
|
||||
|
||||
foreach($attr as $key) {
|
||||
$key = mb_strtolower($key, 'UTF-8');
|
||||
if(isset($item[$key])) {
|
||||
if($this->resemblesDN($key)) {
|
||||
$selection[] = $this->sanitizeDN($item[$key]);
|
||||
if(is_array($item[$key]) && isset($item[$key]['count'])) {
|
||||
unset($item[$key]['count']);
|
||||
}
|
||||
if($key !== 'dn') {
|
||||
$selection[$i][$key] = $this->resemblesDN($key) ?
|
||||
$this->sanitizeDN($item[$key])
|
||||
: $item[$key];
|
||||
} else {
|
||||
$selection[] = $item[$key];
|
||||
$selection[$i][$key] = [$this->sanitizeDN($item[$key])];
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
$i++;
|
||||
}
|
||||
$findings = $selection;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -147,21 +147,21 @@ class User {
|
|||
//Quota
|
||||
$attr = strtolower($this->connection->ldapQuotaAttribute);
|
||||
if(isset($ldapEntry[$attr])) {
|
||||
$this->updateQuota($ldapEntry[$attr]);
|
||||
$this->updateQuota($ldapEntry[$attr][0]);
|
||||
}
|
||||
unset($attr);
|
||||
|
||||
//Email
|
||||
$attr = strtolower($this->connection->ldapEmailAttribute);
|
||||
if(isset($ldapEntry[$attr])) {
|
||||
$this->updateEmail($ldapEntry[$attr]);
|
||||
$this->updateEmail($ldapEntry[$attr][0]);
|
||||
}
|
||||
unset($attr);
|
||||
|
||||
//displayName
|
||||
$attr = strtolower($this->connection->ldapUserDisplayName);
|
||||
if(isset($ldapEntry[$attr])) {
|
||||
$displayName = $ldapEntry[$attr];
|
||||
$displayName = $ldapEntry[$attr][0];
|
||||
if(!empty($displayName)) {
|
||||
$this->storeDisplayName($displayName);
|
||||
$this->access->cacheUserDisplayName($this->getUsername(), $displayName);
|
||||
|
|
@ -171,18 +171,20 @@ class User {
|
|||
|
||||
// LDAP Username, needed for s2s sharing
|
||||
if(isset($ldapEntry['uid'])) {
|
||||
$this->storeLDAPUserName($ldapEntry['uid']);
|
||||
$this->storeLDAPUserName($ldapEntry['uid'][0]);
|
||||
} else if(isset($ldapEntry['samaccountname'])) {
|
||||
$this->storeLDAPUserName($ldapEntry['samaccountname']);
|
||||
$this->storeLDAPUserName($ldapEntry['samaccountname'][0]);
|
||||
}
|
||||
|
||||
//homePath
|
||||
if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) {
|
||||
$attr = strtolower(substr($this->connection->homeFolderNamingRule, strlen('attr:')));
|
||||
if(isset($ldapEntry[$attr])) {
|
||||
$this->access->cacheUserHome(
|
||||
$this->getUsername(), $this->getHomePath($ldapEntry[$attr]));
|
||||
$this->getUsername(), $this->getHomePath($ldapEntry[$attr][0]));
|
||||
}
|
||||
}
|
||||
|
||||
//memberOf groups
|
||||
$cacheKey = 'getMemberOf'.$this->getUsername();
|
||||
$groups = false;
|
||||
|
|
@ -190,11 +192,12 @@ class User {
|
|||
$groups = $ldapEntry['memberof'];
|
||||
}
|
||||
$this->connection->writeToCache($cacheKey, $groups);
|
||||
|
||||
//Avatar
|
||||
$attrs = array('jpegphoto', 'thumbnailphoto');
|
||||
foreach ($attrs as $attr) {
|
||||
if(isset($ldapEntry[$attr])) {
|
||||
$this->avatarImage = $ldapEntry[$attr];
|
||||
$this->avatarImage = $ldapEntry[$attr][0];
|
||||
$this->updateAvatar();
|
||||
break;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -435,7 +435,11 @@ class Wizard extends LDAPUtility {
|
|||
// detection will fail later
|
||||
$result = $this->access->searchGroups($filter, array('cn', 'dn'), $limit, $offset);
|
||||
foreach($result as $item) {
|
||||
$groupNames[] = $item['cn'];
|
||||
if(!isset($item['cn']) && !is_array($item['cn']) && !isset($item['cn'][0])) {
|
||||
// just in case - no issue known
|
||||
continue;
|
||||
}
|
||||
$groupNames[] = $item['cn'][0];
|
||||
$groupEntries[] = $item;
|
||||
}
|
||||
$offset += $limit;
|
||||
|
|
|
|||
|
|
@ -145,7 +145,7 @@ class Test_Group_Ldap extends \Test\TestCase {
|
|||
|
||||
$access->expects($this->once())
|
||||
->method('searchGroups')
|
||||
->will($this->returnValue(array('cn=foo,dc=barfoo,dc=bar')));
|
||||
->will($this->returnValue([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]));
|
||||
|
||||
$access->expects($this->once())
|
||||
->method('dn2groupname')
|
||||
|
|
@ -221,7 +221,7 @@ class Test_Group_Ldap extends \Test\TestCase {
|
|||
|
||||
$access->expects($this->once())
|
||||
->method('searchGroups')
|
||||
->will($this->returnValue(array('cn=foo,dc=barfoo,dc=bar')));
|
||||
->will($this->returnValue([['dn' => ['cn=foo,dc=barfoo,dc=bar']]]));
|
||||
|
||||
$access->expects($this->once())
|
||||
->method('dn2groupname')
|
||||
|
|
|
|||
|
|
@ -124,7 +124,7 @@ class Test_User_Ldap_Direct extends \Test\TestCase {
|
|||
->method('fetchListOfUsers')
|
||||
->will($this->returnCallback(function($filter) {
|
||||
if($filter === 'roland') {
|
||||
return array(array('dn' => 'dnOfRoland,dc=test'));
|
||||
return array(array('dn' => ['dnOfRoland,dc=test']));
|
||||
}
|
||||
return array();
|
||||
}));
|
||||
|
|
@ -133,7 +133,7 @@ class Test_User_Ldap_Direct extends \Test\TestCase {
|
|||
->method('fetchUsersByLoginName')
|
||||
->will($this->returnCallback(function($uid) {
|
||||
if($uid === 'roland') {
|
||||
return array(array('dn' => 'dnOfRoland,dc=test'));
|
||||
return array(array('dn' => ['dnOfRoland,dc=test']));
|
||||
}
|
||||
return array();
|
||||
}));
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
|
|||
public function loginName2UserName($loginName) {
|
||||
try {
|
||||
$ldapRecord = $this->getLDAPUserByLoginName($loginName);
|
||||
$user = $this->access->userManager->get($ldapRecord['dn']);
|
||||
$user = $this->access->userManager->get($ldapRecord['dn'][0]);
|
||||
if($user instanceof OfflineUser) {
|
||||
return false;
|
||||
}
|
||||
|
|
@ -119,7 +119,7 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
|
|||
} catch(\Exception $e) {
|
||||
return false;
|
||||
}
|
||||
$dn = $ldapRecord['dn'];
|
||||
$dn = $ldapRecord['dn'][0];
|
||||
$user = $this->access->userManager->get($dn);
|
||||
|
||||
if(!$user instanceof User) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue