ensure groups match filter when using memberOf to read users group, refs #17119
This commit is contained in:
parent
58439c337c
commit
8625a8cf23
|
@ -378,9 +378,11 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
|
|||
&& intval($this->access->connection->useMemberOfToDetectMembership) === 1
|
||||
) {
|
||||
$groupDNs = $this->access->readAttribute($userDN, 'memberOf');
|
||||
|
||||
if (is_array($groupDNs)) {
|
||||
$groupDNs = $this->access->groupsMatchFilter($groupDNs);
|
||||
foreach ($groupDNs as $dn) {
|
||||
$groups[] = $this->access->dn2groupname($dn);;
|
||||
$groups[] = $this->access->dn2groupname($dn);
|
||||
}
|
||||
}
|
||||
if($primaryGroup !== false) {
|
||||
|
|
|
@ -346,6 +346,33 @@ class Access extends LDAPUtility implements user\IUserTools {
|
|||
return $this->dn2ocname($fdn, $ldapName, false);
|
||||
}
|
||||
|
||||
/**
|
||||
* accepts an array of group DNs and tests whether they match the user
|
||||
* filter by doing read operations against the group entries. Returns an
|
||||
* array of DNs that match the filter.
|
||||
*
|
||||
* @param string[] $groupDNs
|
||||
* @return string[]
|
||||
*/
|
||||
public function groupsMatchFilter($groupDNs) {
|
||||
$validGroupDNs = [];
|
||||
foreach($groupDNs as $dn) {
|
||||
$cacheKey = 'groupsMatchFilter-'.$dn;
|
||||
if($this->connection->isCached($cacheKey)) {
|
||||
if($this->connection->getFromCache($cacheKey)) {
|
||||
$validGroupDNs[] = $dn;
|
||||
}
|
||||
continue;
|
||||
}
|
||||
|
||||
$result = $this->readAttribute($dn, 'cn', $this->connection->ldapGroupFilter);
|
||||
if(is_array($result)) {
|
||||
$validGroupDNs[] = $dn;
|
||||
}
|
||||
}
|
||||
return $validGroupDNs;
|
||||
}
|
||||
|
||||
/**
|
||||
* returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN or failure
|
||||
* @param string $dn the dn of the user object
|
||||
|
|
Loading…
Reference in New Issue