Merge pull request #258 from wardragon/ldap_existence_check_no_refactor
LDAP: improved object existence check
This commit is contained in:
commit
64ac208fb2
|
@ -40,9 +40,11 @@ abstract class Access {
|
||||||
* @brief reads a given attribute for an LDAP record identified by a DN
|
* @brief reads a given attribute for an LDAP record identified by a DN
|
||||||
* @param $dn the record in question
|
* @param $dn the record in question
|
||||||
* @param $attr the attribute that shall be retrieved
|
* @param $attr the attribute that shall be retrieved
|
||||||
* @returns the values in an array on success, false otherwise
|
* if empty, just check the record's existence
|
||||||
|
* @returns an array of values on success or an empty
|
||||||
|
* array if $attr is empty, false otherwise
|
||||||
*
|
*
|
||||||
* Reads an attribute from an LDAP entry
|
* Reads an attribute from an LDAP entry or check if entry exists
|
||||||
*/
|
*/
|
||||||
public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
|
public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
|
||||||
if(!$this->checkConnection()) {
|
if(!$this->checkConnection()) {
|
||||||
|
@ -57,10 +59,14 @@ abstract class Access {
|
||||||
}
|
}
|
||||||
$rr = @ldap_read($cr, $dn, $filter, array($attr));
|
$rr = @ldap_read($cr, $dn, $filter, array($attr));
|
||||||
if(!is_resource($rr)) {
|
if(!is_resource($rr)) {
|
||||||
\OCP\Util::writeLog('user_ldap', 'readAttribute '.$attr.' failed for DN '.$dn, \OCP\Util::DEBUG);
|
\OCP\Util::writeLog('user_ldap', 'readAttribute failed for DN '.$dn, \OCP\Util::DEBUG);
|
||||||
//in case an error occurs , e.g. object does not exist
|
//in case an error occurs , e.g. object does not exist
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
if (empty($attr)) {
|
||||||
|
\OCP\Util::writeLog('user_ldap', 'readAttribute: '.$dn.' found', \OCP\Util::DEBUG);
|
||||||
|
return array();
|
||||||
|
}
|
||||||
$er = ldap_first_entry($cr, $rr);
|
$er = ldap_first_entry($cr, $rr);
|
||||||
if(!is_resource($er)) {
|
if(!is_resource($er)) {
|
||||||
//did not match the filter, return false
|
//did not match the filter, return false
|
||||||
|
|
|
@ -149,9 +149,8 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
//if user really still exists, we will be able to read his objectclass
|
//check if user really still exists by reading its entry
|
||||||
$objcs = $this->readAttribute($dn, 'objectclass');
|
if(!is_array($this->readAttribute($dn, ''))) {
|
||||||
if(!$objcs || empty($objcs)) {
|
|
||||||
$this->connection->writeToCache('userExists'.$uid, false);
|
$this->connection->writeToCache('userExists'.$uid, false);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue