LDAP: usersInGroup now also does LDAP serverside search.

This commit is contained in:
Arthur Schiwon 2012-10-27 19:42:50 +02:00
parent 3f85432df9
commit 58828d205f
1 changed files with 41 additions and 30 deletions

View File

@ -139,61 +139,72 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
if(!$this->enabled) { if(!$this->enabled) {
return array(); return array();
} }
$this->groupSearch = $search; $cachekey = 'usersInGroup-'.$gid.'-'.$search.'-'.$limit.'-'.$offset;
if($this->connection->isCached('usersInGroup'.$gid)) { // check for cache of the exact query
$groupUsers = $this->connection->getFromCache('usersInGroup'.$gid); $groupUsers = $this->connection->getFromCache($cachekey);
if(!empty($this->groupSearch)) { if(!is_null($groupUsers)) {
$groupUsers = array_filter($groupUsers, array($this, 'groupMatchesFilter')); return $groupUsers;
}
if($limit == -1) {
$limit = null;
}
return array_slice($groupUsers, $offset, $limit);
} }
// check for cache of the query without limit and offset
$groupUsers = $this->connection->getFromCache('usersInGroup-'.$gid.'-'.$search);
if(!is_null($groupUsers)) {
$groupUsers = array_slice($groupUsers, $offset, $limit);
$this->connection->writeToCache($cachekey, $groupUsers);
return $groupUsers;
}
if($limit == -1) {
$limit = null;
}
$groupDN = $this->groupname2dn($gid); $groupDN = $this->groupname2dn($gid);
if(!$groupDN) { if(!$groupDN) {
$this->connection->writeToCache('usersInGroup'.$gid, array()); // group couldn't be found, return empty resultset
$this->connection->writeToCache($cachekey, array());
return array(); return array();
} }
$members = $this->readAttribute($groupDN, $this->connection->ldapGroupMemberAssocAttr); $members = $this->readAttribute($groupDN, $this->connection->ldapGroupMemberAssocAttr);
if(!$members) { if(!$members) {
$this->connection->writeToCache('usersInGroup'.$gid, array()); //in case users could not be retrieved, return empty resultset
$this->connection->writeToCache($cachekey, array());
return array(); return array();
} }
$result = array(); $search = empty($search) ? '*' : '*'.$search.'*';
$groupUsers = array();
$isMemberUid = (strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid'); $isMemberUid = (strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid');
foreach($members as $member) { foreach($members as $member) {
if($isMemberUid) { if($isMemberUid) {
$filter = \OCP\Util::mb_str_replace('%uid', $member, $this->connection->ldapLoginFilter, 'UTF-8'); //we got uids, need to get their DNs to 'tranlsate' them to usernames
$filter = $this->combineFilterWithAnd(array(
\OCP\Util::mb_str_replace('%uid', $member, $this->connection>ldapLoginFilter, 'UTF-8'),
$this->connection->ldapUserDisplayName.'='.$search
));
$ldap_users = $this->fetchListOfUsers($filter, 'dn'); $ldap_users = $this->fetchListOfUsers($filter, 'dn');
if(count($ldap_users) < 1) { if(count($ldap_users) < 1) {
continue; continue;
} }
$result[] = $this->dn2username($ldap_users[0]); $groupUsers[] = $this->dn2username($ldap_users[0]);
continue;
} else { } else {
//we got DNs, check if we need to filter by search or we can give back all of them
if($search != '*') {
if(!$this->readAttribute($member, $this->connection->ldapUserDisplayName, $this->connection->ldapUserDisplayName.'='.$search)) {
continue;
}
}
// dn2username will also check if the users belong to the allowed base
if($ocname = $this->dn2username($member)) { if($ocname = $this->dn2username($member)) {
$result[] = $ocname; $groupUsers[] = $ocname;
} }
} }
} }
if(!$isMemberUid) { natsort($groupUsers);
$result = array_intersect($result, \OCP\User::getUsers()); $this->connection->writeToCache('usersInGroup-'.$gid.'-'.$search, $groupUsers);
} $groupUsers = array_slice($groupUsers, $offset, $limit);
$groupUsers = array_unique($result, SORT_LOCALE_STRING); $this->connection->writeToCache($cachekey, $groupUsers);
$this->connection->writeToCache('usersInGroup'.$gid, $groupUsers);
if(!empty($this->groupSearch)) {
$groupUsers = array_filter($groupUsers, array($this, 'groupMatchesFilter'));
}
if($limit == -1) {
$limit = null;
}
return array_slice($groupUsers, $offset, $limit);
return $groupUsers;
} }
/** /**