mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #15604 from nextcloud/fix/12682/fix-possible-override-of-uniquemember 

fixes possible override of uniqueMember by autodetection
This commit is contained in:
blizzz 2019-05-22 19:09:28 +02:00 committed by GitHub
parent 78c1492df9 54299f4e66
commit 755611866e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/user_ldap/js/wizard/wizardDetectorUserGroupAssociation.js
View File

@ -27,7 +27,7 @@ OCA = OCA || {};
run: function(model, configID) { run: function(model, configID) {
// TODO: might be better with configuration marker as uniqueMember // TODO: might be better with configuration marker as uniqueMember
// is a valid value (although probably less common then member and memberUid). // is a valid value (although probably less common then member and memberUid).
if(model.configuration.ldap_group_member_assoc_attribute && model.configuration.ldap_group_member_assoc_attribute !== 'uniqueMember') { if(model.configuration.ldap_group_member_assoc_attribute && model.configuration.ldap_group_member_assoc_attribute !== '') {
// a value is already set. Don't overwrite and don't ask LDAP // a value is already set. Don't overwrite and don't ask LDAP
// without reason. // without reason.
return false; return false;

2
apps/user_ldap/lib/Configuration.php
View File

@ -456,7 +456,7 @@ class Configuration {
'ldap_quota_def' => '', 'ldap_quota_def' => '',
'ldap_quota_attr' => '', 'ldap_quota_attr' => '',
'ldap_email_attr' => '', 'ldap_email_attr' => '',
'ldap_group_member_assoc_attribute' => 'uniqueMember', 'ldap_group_member_assoc_attribute' => '',
'ldap_cache_ttl' => 600, 'ldap_cache_ttl' => 600,
'ldap_uuid_user_attribute' => 'auto', 'ldap_uuid_user_attribute' => 'auto',
'ldap_uuid_group_attribute' => 'auto', 'ldap_uuid_group_attribute' => 'auto',

2
apps/user_ldap/lib/LDAPProvider.php
View File

@ -279,7 +279,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
/** /**
* Get the LDAP type of association between users and groups * Get the LDAP type of association between users and groups
* @param string $gid group id * @param string $gid group id
* @return string the configuration, one of: 'memberUid', 'uniqueMember', 'member', 'gidNumber' * @return string the configuration, one of: 'memberUid', 'uniqueMember', 'member', 'gidNumber', ''
* @throws \Exception if group id was not found in LDAP * @throws \Exception if group id was not found in LDAP
*/ */
public function getLDAPGroupMemberAssoc($gid) { public function getLDAPGroupMemberAssoc($gid) {

6
apps/user_ldap/lib/Wizard.php
View File

@ -794,7 +794,7 @@ class Wizard extends LDAPUtility {
* @throws \Exception * @throws \Exception
*/ */
private function detectGroupMemberAssoc() { private function detectGroupMemberAssoc() {
$possibleAttrs = array('uniqueMember', 'memberUid', 'member', 'gidNumber'); $possibleAttrs = ['uniqueMember', 'memberUid', 'member', 'gidNumber'];
$filter = $this->configuration->ldapGroupFilter; $filter = $this->configuration->ldapGroupFilter;
if(empty($filter)) { if(empty($filter)) {
return false; return false;
@ -803,7 +803,7 @@ class Wizard extends LDAPUtility {
if(!$cr) { if(!$cr) {
throw new \Exception('Could not connect to LDAP'); throw new \Exception('Could not connect to LDAP');
} }
$base = $this->configuration->ldapBase[0]; $base = $this->configuration->ldapBaseGroups[0] ?: $this->configuration->ldapBase[0];
$rr = $this->ldap->search($cr, $base, $filter, $possibleAttrs, 0, 1000); $rr = $this->ldap->search($cr, $base, $filter, $possibleAttrs, 0, 1000);
if(!$this->ldap->isResource($rr)) { if(!$this->ldap->isResource($rr)) {
return false; return false;
@ -812,7 +812,7 @@ class Wizard extends LDAPUtility {
while(is_resource($er)) { while(is_resource($er)) {
$this->ldap->getDN($cr, $er); $this->ldap->getDN($cr, $er);
$attrs = $this->ldap->getAttributes($cr, $er); $attrs = $this->ldap->getAttributes($cr, $er);
$result = array(); $result = [];
$possibleAttrsCount = count($possibleAttrs); $possibleAttrsCount = count($possibleAttrs);
for($i = 0; $i < $possibleAttrsCount; $i++) { for($i = 0; $i < $possibleAttrsCount; $i++) {
if(isset($attrs[$possibleAttrs[$i]])) { if(isset($attrs[$possibleAttrs[$i]])) {

3
build/integration/ldap_features/ldap-openldap.feature
View File

@ -43,6 +43,7 @@ Feature: LDAP
Scenario: Test group filter with one specific group Scenario: Test group filter with one specific group
Given modify LDAP configuration Given modify LDAP configuration
| ldapGroupFilter | cn=RedGroup | | ldapGroupFilter | cn=RedGroup |
| ldapGroupMemberAssocAttr | member |
| ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci | | ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
And As an "admin" And As an "admin"
And sending "GET" to "/cloud/groups" And sending "GET" to "/cloud/groups"
@ -56,6 +57,7 @@ Feature: LDAP
Scenario: Test group filter with two specific groups Scenario: Test group filter with two specific groups
Given modify LDAP configuration Given modify LDAP configuration
| ldapGroupFilter | (\|(cn=RedGroup)(cn=GreenGroup)) | | ldapGroupFilter | (\|(cn=RedGroup)(cn=GreenGroup)) |
| ldapGroupMemberAssocAttr | member |
| ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci | | ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
And As an "admin" And As an "admin"
And sending "GET" to "/cloud/groups" And sending "GET" to "/cloud/groups"
@ -69,6 +71,7 @@ Feature: LDAP
Scenario: Test group filter ruling out a group from a different base Scenario: Test group filter ruling out a group from a different base
Given modify LDAP configuration Given modify LDAP configuration
| ldapGroupFilter | (objectClass=groupOfNames) | | ldapGroupFilter | (objectClass=groupOfNames) |
| ldapGroupMemberAssocAttr | member |
| ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci | | ldapBaseGroups | ou=Groups,ou=Ordinary,dc=nextcloud,dc=ci |
And As an "admin" And As an "admin"
And sending "GET" to "/cloud/groups" And sending "GET" to "/cloud/groups"

1
build/integration/ldap_features/openldap-numerical-id.feature
View File

@ -35,6 +35,7 @@ Scenario: Test LDAP group retrieval with numeric group ids and nesting
Given modify LDAP configuration Given modify LDAP configuration
| ldapBaseGroups | ou=NumericGroups,dc=nextcloud,dc=ci | | ldapBaseGroups | ou=NumericGroups,dc=nextcloud,dc=ci |
| ldapGroupFilter | (objectclass=groupOfNames) | | ldapGroupFilter | (objectclass=groupOfNames) |
| ldapGroupMemberAssocAttr | member |
| ldapNestedGroups | 1 | | ldapNestedGroups | 1 |
| useMemberOfToDetectMembership | 1 | | useMemberOfToDetectMembership | 1 |
And As an "admin" And As an "admin"

2
lib/public/LDAP/ILDAPProvider.php
View File

@ -151,7 +151,7 @@ interface ILDAPProvider {
/** /**
* Get the LDAP attribute name for the type of association betweeen users and groups * Get the LDAP attribute name for the type of association betweeen users and groups
* @param string $gid group id * @param string $gid group id
* @return string the configuration, one of: 'memberUid', 'uniqueMember', 'member', 'gidNumber' * @return string the configuration, one of: 'memberUid', 'uniqueMember', 'member', 'gidNumber', ''
* @throws \Exception if group id was not found in LDAP * @throws \Exception if group id was not found in LDAP
* @since 13.0.0 * @since 13.0.0
*/ */