Apply ldapUserFilter on members of group
Refers to issue #8220 user_ldap configured with custom filters for active directory access (group-member-association is "member"). Then it can happen that the members of a group contain members that don't belong to the users available in Nextcloud (the most trivial reason is that the user filter contains "(!(UserAccountControl:1.2.840.113556.1.4.803:=2))" to exclude disabled users from being imported). This can be fixed by applying the ldapUserFilter when resolving the UID for a DN fetched from the group's member list. Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
This commit is contained in:
parent
c688da7195
commit
cf4ec7a4b6
|
@ -564,7 +564,11 @@ class Access extends LDAPUtility implements IUserTools {
|
||||||
}
|
}
|
||||||
|
|
||||||
if(is_null($ldapName)) {
|
if(is_null($ldapName)) {
|
||||||
$ldapName = $this->readAttribute($fdn, $nameAttribute);
|
if ($isUser) {
|
||||||
|
$ldapName = $this->readAttribute($fdn, $nameAttribute, $this->connection->ldapUserFilter);
|
||||||
|
} else {
|
||||||
|
$ldapName = $this->readAttribute($fdn, $nameAttribute);
|
||||||
|
}
|
||||||
if(!isset($ldapName[0]) && empty($ldapName[0])) {
|
if(!isset($ldapName[0]) && empty($ldapName[0])) {
|
||||||
\OCP\Util::writeLog('user_ldap', 'No or empty name for '.$fdn.'.', \OCP\Util::INFO);
|
\OCP\Util::writeLog('user_ldap', 'No or empty name for '.$fdn.'.', \OCP\Util::INFO);
|
||||||
return false;
|
return false;
|
||||||
|
|
Loading…
Reference in New Issue