LDAP: follow user- and groupname char limitations for LDAP display names
WARNING: may affect existing installations if display names included unallowed characters. Allowed are only a-zA-Z0-9._-@ This fix is however needed, because names with unallowed characters may cause conflicts
This commit is contained in:
parent
57cf0ae3d1
commit
7a7c301d7d
|
@ -198,6 +198,7 @@ class OC_LDAP {
|
|||
$ldapname = self::readAttribute($dn, $nameAttribute);
|
||||
$ldapname = $ldapname[0];
|
||||
}
|
||||
$ldapname = self::sanitizeUsername($ldapname);
|
||||
|
||||
//a new user/group! Then let's try to add it. We're shooting into the blue with the user/group name, assuming that in most cases there will not be a conflict. Otherwise an error will occur and we will continue with our second shot.
|
||||
if(self::mapComponent($dn, $ldapname, $isUser)) {
|
||||
|
@ -255,16 +256,17 @@ class OC_LDAP {
|
|||
continue;
|
||||
}
|
||||
|
||||
//a new group! Then let's try to add it. We're shooting into the blue with the group name, assuming that in most cases there will not be a conflict
|
||||
if(self::mapComponent($ldapObject['dn'], $ldapObject[$nameAttribute], $isUsers)) {
|
||||
$ownCloudNames[] = $ldapObject[$nameAttribute];
|
||||
//a new group! Then let's try to add it. We're shooting into the blue with the group name, assuming that in most cases there will not be a conflict. But first make sure, that the display name contains only allowed characters.
|
||||
$ocname = self::sanitizeUsername($ldapObject[$nameAttribute]);
|
||||
if(self::mapComponent($ldapObject['dn'], $ocname, $isUsers)) {
|
||||
$ownCloudNames[] = $ocname;
|
||||
continue;
|
||||
}
|
||||
|
||||
//doh! There is a conflict. We need to distinguish between groups. Adding indexes is an idea, but not much of a help for the user. The DN is ugly, but for now the only reasonable way. But we transform it to a readable format and remove the first part to only give the path where this entry is located.
|
||||
$oc_name = self::alternateOwnCloudName($ldapObject[$nameAttribute], $ldapObject['dn']);
|
||||
if(self::mapComponent($ldapObject['dn'], $oc_name, $isUsers)) {
|
||||
$ownCloudNames[] = $oc_name;
|
||||
$ocname = self::alternateOwnCloudName($ocname, $ldapObject['dn']);
|
||||
if(self::mapComponent($ldapObject['dn'], $ocname, $isUsers)) {
|
||||
$ownCloudNames[] = $ocname;
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -284,7 +286,9 @@ class OC_LDAP {
|
|||
*/
|
||||
static private function alternateOwnCloudName($name, $dn) {
|
||||
$ufn = ldap_dn2ufn($dn);
|
||||
return $name . ' (' . trim(substr_replace($ufn, '', 0, strpos($ufn, ','))) . ')';
|
||||
$name = $name . '@' . trim(substr_replace($ufn, '', 0, strpos($ufn, ',')));
|
||||
$name = self::sanitizeUsername($name);
|
||||
return $name;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -522,6 +526,16 @@ class OC_LDAP {
|
|||
return $dn;
|
||||
}
|
||||
|
||||
static private function sanitizeUsername($name) {
|
||||
//REPLACEMENTS
|
||||
$name = str_replace(' ', '_', $name);
|
||||
|
||||
//every remaining unallowed characters will be removed
|
||||
$name = preg_replace('/[^a-zA-Z0-9_.@-]/', '', $name);
|
||||
|
||||
return $name;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief combines the input filters with AND
|
||||
* @param $filters array, the filters to connect
|
||||
|
|
Loading…
Reference in New Issue