From 58828d205facd67ba953eb9b7846ef27bede2d55 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Sat, 27 Oct 2012 19:42:50 +0200 Subject: [PATCH] LDAP: usersInGroup now also does LDAP serverside search. --- apps/user_ldap/group_ldap.php | 71 ++++++++++++++++++++--------------- 1 file changed, 41 insertions(+), 30 deletions(-) diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php index dafe2c0c31..6c6cc5679b 100644 --- a/apps/user_ldap/group_ldap.php +++ b/apps/user_ldap/group_ldap.php @@ -139,61 +139,72 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface { if(!$this->enabled) { return array(); } - $this->groupSearch = $search; - if($this->connection->isCached('usersInGroup'.$gid)) { - $groupUsers = $this->connection->getFromCache('usersInGroup'.$gid); - if(!empty($this->groupSearch)) { - $groupUsers = array_filter($groupUsers, array($this, 'groupMatchesFilter')); - } - if($limit == -1) { - $limit = null; - } - return array_slice($groupUsers, $offset, $limit); + $cachekey = 'usersInGroup-'.$gid.'-'.$search.'-'.$limit.'-'.$offset; + // check for cache of the exact query + $groupUsers = $this->connection->getFromCache($cachekey); + if(!is_null($groupUsers)) { + return $groupUsers; } + // check for cache of the query without limit and offset + $groupUsers = $this->connection->getFromCache('usersInGroup-'.$gid.'-'.$search); + if(!is_null($groupUsers)) { + $groupUsers = array_slice($groupUsers, $offset, $limit); + $this->connection->writeToCache($cachekey, $groupUsers); + return $groupUsers; + } + + if($limit == -1) { + $limit = null; + } $groupDN = $this->groupname2dn($gid); if(!$groupDN) { - $this->connection->writeToCache('usersInGroup'.$gid, array()); + // group couldn't be found, return empty resultset + $this->connection->writeToCache($cachekey, array()); return array(); } $members = $this->readAttribute($groupDN, $this->connection->ldapGroupMemberAssocAttr); if(!$members) { - $this->connection->writeToCache('usersInGroup'.$gid, array()); + //in case users could not be retrieved, return empty resultset + $this->connection->writeToCache($cachekey, array()); return array(); } - $result = array(); + $search = empty($search) ? '*' : '*'.$search.'*'; + $groupUsers = array(); $isMemberUid = (strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid'); foreach($members as $member) { if($isMemberUid) { - $filter = \OCP\Util::mb_str_replace('%uid', $member, $this->connection->ldapLoginFilter, 'UTF-8'); + //we got uids, need to get their DNs to 'tranlsate' them to usernames + $filter = $this->combineFilterWithAnd(array( + \OCP\Util::mb_str_replace('%uid', $member, $this->connection>ldapLoginFilter, 'UTF-8'), + $this->connection->ldapUserDisplayName.'='.$search + )); $ldap_users = $this->fetchListOfUsers($filter, 'dn'); if(count($ldap_users) < 1) { continue; } - $result[] = $this->dn2username($ldap_users[0]); - continue; + $groupUsers[] = $this->dn2username($ldap_users[0]); } else { + //we got DNs, check if we need to filter by search or we can give back all of them + if($search != '*') { + if(!$this->readAttribute($member, $this->connection->ldapUserDisplayName, $this->connection->ldapUserDisplayName.'='.$search)) { + continue; + } + } + // dn2username will also check if the users belong to the allowed base if($ocname = $this->dn2username($member)) { - $result[] = $ocname; + $groupUsers[] = $ocname; } } } - if(!$isMemberUid) { - $result = array_intersect($result, \OCP\User::getUsers()); - } - $groupUsers = array_unique($result, SORT_LOCALE_STRING); - $this->connection->writeToCache('usersInGroup'.$gid, $groupUsers); - - if(!empty($this->groupSearch)) { - $groupUsers = array_filter($groupUsers, array($this, 'groupMatchesFilter')); - } - if($limit == -1) { - $limit = null; - } - return array_slice($groupUsers, $offset, $limit); + natsort($groupUsers); + $this->connection->writeToCache('usersInGroup-'.$gid.'-'.$search, $groupUsers); + $groupUsers = array_slice($groupUsers, $offset, $limit); + $this->connection->writeToCache($cachekey, $groupUsers); + return $groupUsers; } /**