LDAP: don't die on unexpected collisions, handle empty display-name attributes properly

2 files changed, 28 insertions, 11 deletions

diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php
index 39992e81e05..4bd0ff4bbfa 100644
--- a/apps/user_ldap/lib_ldap.php
+++ b/apps/user_ldap/lib_ldap.php
@@ -168,7 +168,7 @@ class OC_LDAP {
 	 * @param $ldapname optional, the display name of the object
 	 * @returns string with with the name to use in ownCloud, false on DN outside of search DN
 	 *
-	 * returns the internal ownCloud name for the given LDAP DN of the group
+	 * returns the internal ownCloud name for the given LDAP DN of the group, false on DN outside of search DN or failure
 	 */
 	static public function dn2groupname($dn, $ldapname = null) {
 		if(strripos($dn, self::$ldapBaseGroups) !== (strlen($dn)-strlen(self::$ldapBaseGroups))) {
@@ -183,7 +183,7 @@ class OC_LDAP {
 	 * @param $ldapname optional, the display name of the object
 	 * @returns string with with the name to use in ownCloud
 	 *
-	 * returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN
+	 * returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN or failure
 	 */
 	static public function dn2username($dn, $ldapname = null) {
 		if(strripos($dn, self::$ldapBaseUsers) !== (strlen($dn)-strlen(self::$ldapBaseUsers))) {
@@ -214,6 +214,11 @@ class OC_LDAP {
 
 		if(is_null($ldapname)) {
 			$ldapname = self::readAttribute($dn, $nameAttribute);
+			//we do not accept empty usernames
+			if(!isset($ldapname[0]) && empty($ldapname[0])) {
+				OCP\Util::writeLog('user_ldap', 'No or empty name for '.$dn.'.', OCP\Util::INFO);
+				return false;
+			}
 			$ldapname = $ldapname[0];
 		}
 		$ldapname = self::sanitizeUsername($ldapname);
@@ -229,8 +234,8 @@ class OC_LDAP {
 			return $oc_name;
 		}
 
-		//and this of course should never been thrown :)
-		throw new Exception('LDAP backend: unexpected collision of DN and ownCloud Name.');
+		//if everything else did not help..
+		OCP\Util::writeLog('user_ldap', 'Could not create unique ownCloud name for '.$dn.'.', OCP\Util::INFO);
 	}
 
 	/**
@@ -274,6 +279,12 @@ class OC_LDAP {
 				continue;
 			}
 
+			//we do not take empty usernames
+			if(!isset($ldapObject[$nameAttribute]) || empty($ldapObject[$nameAttribute])) {
+				OCP\Util::writeLog('user_ldap', 'No or empty name for '.$ldapObject['dn'].', skipping.', OCP\Util::INFO);
+				continue;
+			}
+
 			//a new group! Then let's try to add it. We're shooting into the blue with the group name, assuming that in most cases there will not be a conflict. But first make sure, that the display name contains only allowed characters.
 			$ocname = self::sanitizeUsername($ldapObject[$nameAttribute]);
 			if(self::mapComponent($ldapObject['dn'], $ocname, $isUsers)) {
@@ -288,8 +299,8 @@ class OC_LDAP {
 				continue;
 			}
 
-			//and this of course should never been thrown :)
-			throw new Exception('LDAP backend: unexpected collision of DN and ownCloud Name.');
+			//if everything else did not help..
+			OCP\Util::writeLog('user_ldap', 'Could not create unique ownCloud name for '.$ldapObject['dn'].', skipping.', OCP\Util::INFO);
 		}
 		return $ownCloudNames;
 	}
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index 85b3d88973c..da99e167fd1 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -96,12 +96,18 @@ class OC_USER_LDAP extends OC_User_Backend {
 			return false;
 		}
 
-		//update some settings, if necessary
-		$this->updateQuota($dn);
-		$this->updateEmail($dn);
+		//do we have a username for him/her?
+		$ocname = OC_LDAP::dn2username($dn);
 
-		//give back the display name
-		return OC_LDAP::dn2username($dn);
+		if($ocname){
+			//update some settings, if necessary
+			$this->updateQuota($dn);
+			$this->updateEmail($dn);
+
+			return $ocname;
+		}
+
+		return false;
 	}
 
 	/**