LDAP: usersInGroup now also does LDAP serverside search.
This commit is contained in:
parent
3f85432df9
commit
58828d205f
|
@ -139,61 +139,72 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
|
||||||
if(!$this->enabled) {
|
if(!$this->enabled) {
|
||||||
return array();
|
return array();
|
||||||
}
|
}
|
||||||
$this->groupSearch = $search;
|
$cachekey = 'usersInGroup-'.$gid.'-'.$search.'-'.$limit.'-'.$offset;
|
||||||
if($this->connection->isCached('usersInGroup'.$gid)) {
|
// check for cache of the exact query
|
||||||
$groupUsers = $this->connection->getFromCache('usersInGroup'.$gid);
|
$groupUsers = $this->connection->getFromCache($cachekey);
|
||||||
if(!empty($this->groupSearch)) {
|
if(!is_null($groupUsers)) {
|
||||||
$groupUsers = array_filter($groupUsers, array($this, 'groupMatchesFilter'));
|
return $groupUsers;
|
||||||
}
|
|
||||||
if($limit == -1) {
|
|
||||||
$limit = null;
|
|
||||||
}
|
|
||||||
return array_slice($groupUsers, $offset, $limit);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// check for cache of the query without limit and offset
|
||||||
|
$groupUsers = $this->connection->getFromCache('usersInGroup-'.$gid.'-'.$search);
|
||||||
|
if(!is_null($groupUsers)) {
|
||||||
|
$groupUsers = array_slice($groupUsers, $offset, $limit);
|
||||||
|
$this->connection->writeToCache($cachekey, $groupUsers);
|
||||||
|
return $groupUsers;
|
||||||
|
}
|
||||||
|
|
||||||
|
if($limit == -1) {
|
||||||
|
$limit = null;
|
||||||
|
}
|
||||||
$groupDN = $this->groupname2dn($gid);
|
$groupDN = $this->groupname2dn($gid);
|
||||||
if(!$groupDN) {
|
if(!$groupDN) {
|
||||||
$this->connection->writeToCache('usersInGroup'.$gid, array());
|
// group couldn't be found, return empty resultset
|
||||||
|
$this->connection->writeToCache($cachekey, array());
|
||||||
return array();
|
return array();
|
||||||
}
|
}
|
||||||
|
|
||||||
$members = $this->readAttribute($groupDN, $this->connection->ldapGroupMemberAssocAttr);
|
$members = $this->readAttribute($groupDN, $this->connection->ldapGroupMemberAssocAttr);
|
||||||
if(!$members) {
|
if(!$members) {
|
||||||
$this->connection->writeToCache('usersInGroup'.$gid, array());
|
//in case users could not be retrieved, return empty resultset
|
||||||
|
$this->connection->writeToCache($cachekey, array());
|
||||||
return array();
|
return array();
|
||||||
}
|
}
|
||||||
|
|
||||||
$result = array();
|
$search = empty($search) ? '*' : '*'.$search.'*';
|
||||||
|
$groupUsers = array();
|
||||||
$isMemberUid = (strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid');
|
$isMemberUid = (strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid');
|
||||||
foreach($members as $member) {
|
foreach($members as $member) {
|
||||||
if($isMemberUid) {
|
if($isMemberUid) {
|
||||||
$filter = \OCP\Util::mb_str_replace('%uid', $member, $this->connection->ldapLoginFilter, 'UTF-8');
|
//we got uids, need to get their DNs to 'tranlsate' them to usernames
|
||||||
|
$filter = $this->combineFilterWithAnd(array(
|
||||||
|
\OCP\Util::mb_str_replace('%uid', $member, $this->connection>ldapLoginFilter, 'UTF-8'),
|
||||||
|
$this->connection->ldapUserDisplayName.'='.$search
|
||||||
|
));
|
||||||
$ldap_users = $this->fetchListOfUsers($filter, 'dn');
|
$ldap_users = $this->fetchListOfUsers($filter, 'dn');
|
||||||
if(count($ldap_users) < 1) {
|
if(count($ldap_users) < 1) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
$result[] = $this->dn2username($ldap_users[0]);
|
$groupUsers[] = $this->dn2username($ldap_users[0]);
|
||||||
continue;
|
|
||||||
} else {
|
} else {
|
||||||
|
//we got DNs, check if we need to filter by search or we can give back all of them
|
||||||
|
if($search != '*') {
|
||||||
|
if(!$this->readAttribute($member, $this->connection->ldapUserDisplayName, $this->connection->ldapUserDisplayName.'='.$search)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// dn2username will also check if the users belong to the allowed base
|
||||||
if($ocname = $this->dn2username($member)) {
|
if($ocname = $this->dn2username($member)) {
|
||||||
$result[] = $ocname;
|
$groupUsers[] = $ocname;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(!$isMemberUid) {
|
natsort($groupUsers);
|
||||||
$result = array_intersect($result, \OCP\User::getUsers());
|
$this->connection->writeToCache('usersInGroup-'.$gid.'-'.$search, $groupUsers);
|
||||||
}
|
$groupUsers = array_slice($groupUsers, $offset, $limit);
|
||||||
$groupUsers = array_unique($result, SORT_LOCALE_STRING);
|
$this->connection->writeToCache($cachekey, $groupUsers);
|
||||||
$this->connection->writeToCache('usersInGroup'.$gid, $groupUsers);
|
|
||||||
|
|
||||||
if(!empty($this->groupSearch)) {
|
|
||||||
$groupUsers = array_filter($groupUsers, array($this, 'groupMatchesFilter'));
|
|
||||||
}
|
|
||||||
if($limit == -1) {
|
|
||||||
$limit = null;
|
|
||||||
}
|
|
||||||
return array_slice($groupUsers, $offset, $limit);
|
|
||||||
|
|
||||||
|
return $groupUsers;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue