LDAP: wrong assumptions for case (in)sensitivity, implement far better solution
This commit is contained in:
Arthur Schiwon
parent
3fd2e0d2ce
commit
7efa7171e3
|
|
@ -47,9 +47,8 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
//usually, LDAP attributes are said to be case insensitive. But there are exceptions of course.
|
//usually, LDAP attributes are said to be case insensitive. But there are exceptions of course.
|
||||||
$read = ($members = OC_LDAP::readAttribute($dn_group, $this->ldapGroupMemberAssocAttr))
|
$members = OC_LDAP::readAttribute($dn_group, $this->ldapGroupMemberAssocAttr);
|
||||||
|| ($members = OC_LDAP::readAttribute($dn_group, strtolower($this->ldapGroupMemberAssocAttr)));
|
if(!$members) {
|
||||||
if(!$read) {
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -101,11 +100,6 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
|
||||||
$this->ldapGroupMemberAssocAttr.'='.$uid
|
$this->ldapGroupMemberAssocAttr.'='.$uid
|
||||||
));
|
));
|
||||||
$groups = OC_LDAP::fetchListOfGroups($filter, array(OC_LDAP::conf('ldapGroupDisplayName'),'dn'));
|
$groups = OC_LDAP::fetchListOfGroups($filter, array(OC_LDAP::conf('ldapGroupDisplayName'),'dn'));
|
||||||
if(count($groups) == 0) {
|
|
||||||
//usually, LDAP attributes are said to be case insensitive. But there are exceptions... So we try it once more
|
|
||||||
$filter = str_replace($this->ldapGroupMemberAssocAttr, strtolower($this->ldapGroupMemberAssocAttr), $filter);
|
|
||||||
$groups = OC_LDAP::fetchListOfGroups($filter, array(OC_LDAP::conf('ldapGroupDisplayName'),'dn'));
|
|
||||||
}
|
|
||||||
$userGroups = OC_LDAP::ownCloudGroupNames($groups);
|
$userGroups = OC_LDAP::ownCloudGroupNames($groups);
|
||||||
|
|
||||||
return array_unique($userGroups, SORT_LOCALE_STRING);
|
return array_unique($userGroups, SORT_LOCALE_STRING);
|
||||||
|
|
@ -121,10 +115,8 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
|
||||||
return array();
|
return array();
|
||||||
}
|
}
|
||||||
|
|
||||||
//usually, LDAP attributes are said to be case insensitive. But there are exceptions of course.
|
$members = OC_LDAP::readAttribute($groupDN, $this->ldapGroupMemberAssocAttr);
|
||||||
$read = ($members = OC_LDAP::readAttribute($groupDN, $this->ldapGroupMemberAssocAttr))
|
if(!$members) {
|
||||||
|| ($members = OC_LDAP::readAttribute($groupDN, strtolower($this->ldapGroupMemberAssocAttr)));
|
|
||||||
if(!$read) {
|
|
||||||
return array();
|
return array();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -413,7 +413,9 @@ class OC_LDAP {
|
||||||
$cr = self::getConnectionResource();
|
$cr = self::getConnectionResource();
|
||||||
$rr = ldap_read($cr, $dn, 'objectClass=*', array($attr));
|
$rr = ldap_read($cr, $dn, 'objectClass=*', array($attr));
|
||||||
$er = ldap_first_entry($cr, $rr);
|
$er = ldap_first_entry($cr, $rr);
|
||||||
$result = ldap_get_attributes($cr, $er);
|
//LDAP attributes are not case sensitive
|
||||||
|
$result = array_change_key_case(ldap_get_attributes($cr, $er));
|
||||||
|
$attr = strtolower($attr);
|
||||||
|
|
||||||
if(isset($result[$attr]) && $result[$attr]['count'] > 0){
|
if(isset($result[$attr]) && $result[$attr]['count'] > 0){
|
||||||
$values = array();
|
$values = array();
|
||||||
|
|
@ -493,8 +495,15 @@ class OC_LDAP {
|
||||||
}
|
}
|
||||||
$i++;
|
$i++;
|
||||||
} else {
|
} else {
|
||||||
if(isset($item[$attr[0]])) {
|
//tribute to case insensitivity
|
||||||
$selection[] = $item[$attr[0]];
|
if(!is_array($item)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
$item = array_change_key_case($item);
|
||||||
|
$key = strtolower($attr[0]);
|
||||||
|
|
||||||
|
if(isset($item[$key])) {
|
||||||
|
$selection[] = $item[$key];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue