From 71f332603589da100475ca39dc2ad1ab725faa4a Mon Sep 17 00:00:00 2001 From: Jean-Louis Dupond Date: Thu, 24 Jul 2014 14:18:41 +0200 Subject: [PATCH 1/3] Fix memberOf detection. Fixes: #9835 --- apps/user_ldap/lib/wizard.php | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/apps/user_ldap/lib/wizard.php b/apps/user_ldap/lib/wizard.php index 42d612fa73..86d9f55074 100644 --- a/apps/user_ldap/lib/wizard.php +++ b/apps/user_ldap/lib/wizard.php @@ -268,10 +268,10 @@ class Wizard extends LDAPUtility { throw new \Exception('Could not connect to LDAP'); } - $this->fetchGroups($dbKey, $confKey); + $groups = $this->fetchGroups($dbKey, $confKey); if($testMemberOf) { - $this->configuration->hasMemberOfFilterSupport = $this->testMemberOf(); + $this->configuration->hasMemberOfFilterSupport = $this->testMemberOf($groups); $this->result->markChange(); if(!$this->configuration->hasMemberOfFilterSupport) { throw new \Exception('memberOf is not supported by the server'); @@ -300,12 +300,14 @@ class Wizard extends LDAPUtility { $filter = $ldapAccess->combineFilterWithOr($filterParts); $filter = $ldapAccess->combineFilterWithAnd(array($filter, 'cn=*')); + $groupdns = array(); $limit = 400; $offset = 0; do { - $result = $ldapAccess->searchGroups($filter, array('cn'), $limit, $offset); + $result = $ldapAccess->searchGroups($filter, array('cn','dn'), $limit, $offset); foreach($result as $item) { - $groups[] = $item[0]; + $groups[] = $item['cn']; + $groupdns[] = $item; } $offset += $limit; } while (count($groups) > 0 && count($groups) % $limit === 0); @@ -322,6 +324,7 @@ class Wizard extends LDAPUtility { //something is already configured? pre-select it. $this->result->addChange($dbKey, $setFeatures); } + return $groupdns; } public function determineGroupMemberAssoc() { @@ -656,7 +659,7 @@ class Wizard extends LDAPUtility { * @return bool true if it does, false otherwise * @throws \Exception */ - private function testMemberOf() { + private function testMemberOf($groups) { $cr = $this->getConnection(); if(!$cr) { throw new \Exception('Could not connect to LDAP'); @@ -669,12 +672,12 @@ class Wizard extends LDAPUtility { $filterPrefix = '(&(objectclass=*)(memberOf='; $filterSuffix = '))'; - foreach($this->resultCache as $dn => $properties) { + foreach($groups as $properties) { if(!isset($properties['cn'])) { //assuming only groups have their cn cached :) continue; } - $filter = strtolower($filterPrefix . $dn . $filterSuffix); + $filter = strtolower($filterPrefix . $properties['dn'] . $filterSuffix); $rr = $this->ldap->search($cr, $base, $filter, array('dn')); if(!$this->ldap->isResource($rr)) { continue; From fc662917e73f334d21eab4771fa2c869a0c14eec Mon Sep 17 00:00:00 2001 From: Jean-Louis Dupond Date: Mon, 11 Aug 2014 09:15:56 +0200 Subject: [PATCH 2/3] Fix remarks in #9848 --- apps/user_ldap/lib/wizard.php | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/apps/user_ldap/lib/wizard.php b/apps/user_ldap/lib/wizard.php index 86d9f55074..0139393c49 100644 --- a/apps/user_ldap/lib/wizard.php +++ b/apps/user_ldap/lib/wizard.php @@ -285,6 +285,7 @@ class Wizard extends LDAPUtility { * fetches all groups from LDAP * @param string $dbKey * @param string $confKey + * @return array $groupEntries */ public function fetchGroups($dbKey, $confKey) { $obclasses = array('posixGroup', 'group', 'zimbraDistributionList', 'groupOfNames'); @@ -300,21 +301,21 @@ class Wizard extends LDAPUtility { $filter = $ldapAccess->combineFilterWithOr($filterParts); $filter = $ldapAccess->combineFilterWithAnd(array($filter, 'cn=*')); - $groupdns = array(); + $groupEntries = array(); $limit = 400; $offset = 0; do { $result = $ldapAccess->searchGroups($filter, array('cn','dn'), $limit, $offset); foreach($result as $item) { - $groups[] = $item['cn']; - $groupdns[] = $item; + $groupNames[] = $item['cn']; + $groupEntries[] = $item; } $offset += $limit; - } while (count($groups) > 0 && count($groups) % $limit === 0); + } while (count($groupNames) > 0 && count($groupNames) % $limit === 0); - if(count($groups) > 0) { - natsort($groups); - $this->result->addOptions($dbKey, array_values($groups)); + if(count($groupNames) > 0) { + natsort($groupNames); + $this->result->addOptions($dbKey, array_values($groupNames)); } else { throw new \Exception(self::$l->t('Could not find the desired feature')); } @@ -324,7 +325,7 @@ class Wizard extends LDAPUtility { //something is already configured? pre-select it. $this->result->addChange($dbKey, $setFeatures); } - return $groupdns; + return $groupEntries; } public function determineGroupMemberAssoc() { @@ -656,6 +657,7 @@ class Wizard extends LDAPUtility { * Checks whether the server supports memberOf in LDAP Filter. * Requires that groups are determined, thus internally called from within * determineGroups() + * @param array $groups * @return bool true if it does, false otherwise * @throws \Exception */ @@ -672,12 +674,12 @@ class Wizard extends LDAPUtility { $filterPrefix = '(&(objectclass=*)(memberOf='; $filterSuffix = '))'; - foreach($groups as $properties) { - if(!isset($properties['cn'])) { + foreach($groups as $groupProperties) { + if(!isset($groupProperties['cn'])) { //assuming only groups have their cn cached :) continue; } - $filter = strtolower($filterPrefix . $properties['dn'] . $filterSuffix); + $filter = strtolower($filterPrefix . $groupProperties['dn'] . $filterSuffix); $rr = $this->ldap->search($cr, $base, $filter, array('dn')); if(!$this->ldap->isResource($rr)) { continue; From e46fc7a18ade450a05718532e8f66b9e021e8624 Mon Sep 17 00:00:00 2001 From: Jean-Louis Dupond Date: Mon, 11 Aug 2014 13:50:13 +0200 Subject: [PATCH 3/3] Fix initializing in #9848 --- apps/user_ldap/lib/wizard.php | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/user_ldap/lib/wizard.php b/apps/user_ldap/lib/wizard.php index 0139393c49..eb2a1ab02d 100644 --- a/apps/user_ldap/lib/wizard.php +++ b/apps/user_ldap/lib/wizard.php @@ -301,6 +301,7 @@ class Wizard extends LDAPUtility { $filter = $ldapAccess->combineFilterWithOr($filterParts); $filter = $ldapAccess->combineFilterWithAnd(array($filter, 'cn=*')); + $groupNames = array(); $groupEntries = array(); $limit = 400; $offset = 0;