Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/server.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/apps/user_ldap
diff options
context:
space:
mode:
authorArthur Schiwon <blizzz@arthur-schiwon.de>2020-06-24 14:09:15 +0300
committerArthur Schiwon <blizzz@arthur-schiwon.de>2020-08-11 19:22:11 +0300
commit7ea262dba03cceefe0646f2216b506d66c3dcbc9 (patch)
tree42ac612ef82528b7707a718099ac09016438d751 /apps/user_ldap
parenta7875c24315ea4dee0bc164835418091229ae7f0 (diff)
LDAP: shortcut in reading nested group members when IN_CHAIN is available
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Diffstat (limited to 'apps/user_ldap')
-rw-r--r--apps/user_ldap/lib/Configuration.php7
-rw-r--r--apps/user_ldap/lib/Group_LDAP.php29
-rw-r--r--apps/user_ldap/tests/Group_LDAPTest.php2
3 files changed, 38 insertions, 0 deletions
diff --git a/apps/user_ldap/lib/Configuration.php b/apps/user_ldap/lib/Configuration.php
index 81e33e6244f..5a7c732ab7b 100644
--- a/apps/user_ldap/lib/Configuration.php
+++ b/apps/user_ldap/lib/Configuration.php
@@ -45,6 +45,10 @@ class Configuration {
public const AVATAR_PREFIX_NONE = 'none';
public const AVATAR_PREFIX_DATA_ATTRIBUTE = 'data:';
+ public const LDAP_SERVER_FEATURE_UNKNOWN = 'unknown';
+ public const LDAP_SERVER_FEATURE_AVAILABLE = 'available';
+ public const LDAP_SERVER_FEATURE_UNAVAILABLE = 'unavailable';
+
protected $configPrefix = null;
protected $configRead = false;
/**
@@ -110,6 +114,7 @@ class Configuration {
'ldapDynamicGroupMemberURL' => null,
'ldapDefaultPPolicyDN' => null,
'ldapExtStorageHomeAttribute' => null,
+ 'ldapMatchingRuleInChainState' => self::LDAP_SERVER_FEATURE_UNKNOWN,
];
/**
@@ -482,6 +487,7 @@ class Configuration {
'ldap_default_ppolicy_dn' => '',
'ldap_user_avatar_rule' => 'default',
'ldap_ext_storage_home_attribute' => '',
+ 'ldap_matching_rule_in_chain_state' => self::LDAP_SERVER_FEATURE_UNKNOWN,
];
}
@@ -543,6 +549,7 @@ class Configuration {
'ldap_dynamic_group_member_url' => 'ldapDynamicGroupMemberURL',
'ldap_default_ppolicy_dn' => 'ldapDefaultPPolicyDN',
'ldap_ext_storage_home_attribute' => 'ldapExtStorageHomeAttribute',
+ 'ldap_matching_rule_in_chain_state' => 'ldapMatchingRuleInChainState',
'ldapIgnoreNamingRules' => 'ldapIgnoreNamingRules', // sysconfig
];
return $array;
diff --git a/apps/user_ldap/lib/Group_LDAP.php b/apps/user_ldap/lib/Group_LDAP.php
index 6bf1bd31ba0..617b9f498ef 100644
--- a/apps/user_ldap/lib/Group_LDAP.php
+++ b/apps/user_ldap/lib/Group_LDAP.php
@@ -246,6 +246,31 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I
if ($groupMembers !== null) {
return $groupMembers;
}
+
+ if ($this->access->connection->ldapNestedGroups
+ && $this->access->connection->useMemberOfToDetectMembership
+ && $this->access->connection->hasMemberOfFilterSupport
+ && $this->access->connection->ldapMatchingRuleInChainState !== Configuration::LDAP_SERVER_FEATURE_UNAVAILABLE
+ ) {
+ $attemptedLdapMatchingRuleInChain = true;
+ // compatibility hack with servers supporting :1.2.840.113556.1.4.1941:, and others)
+ $filter = $this->access->combineFilterWithAnd([$this->access->connection->ldapUserFilter, 'memberof:1.2.840.113556.1.4.1941:=' . $dnGroup]);
+ $memberRecords = $this->access->fetchListOfUsers(
+ $filter,
+ $this->access->userManager->getAttributes(true)
+ );
+ if (!empty($memberRecords)) {
+ if ($this->access->connection->ldapMatchingRuleInChainState === Configuration::LDAP_SERVER_FEATURE_UNKNOWN) {
+ $this->access->connection->ldapMatchingRuleInChainState = Configuration::LDAP_SERVER_FEATURE_AVAILABLE;
+ $this->access->connection->saveConfiguration();
+ }
+ return array_reduce($memberRecords, function ($carry, $record) {
+ $carry[] = $record['dn'][0];
+ return $carry;
+ }, []);
+ }
+ }
+
$seen[$dnGroup] = 1;
$members = $this->access->readAttribute($dnGroup, $this->access->connection->ldapGroupMemberAssocAttr);
if (is_array($members)) {
@@ -258,6 +283,10 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I
$allMembers += $this->getDynamicGroupMembers($dnGroup);
$this->access->connection->writeToCache($cacheKey, $allMembers);
+ if (isset($attemptedLdapMatchingRuleInChain) && !empty($allMembers)) {
+ $this->access->connection->ldapMatchingRuleInChainState = Configuration::LDAP_SERVER_FEATURE_UNAVAILABLE;
+ $this->access->connection->saveConfiguration();
+ }
return $allMembers;
}
diff --git a/apps/user_ldap/tests/Group_LDAPTest.php b/apps/user_ldap/tests/Group_LDAPTest.php
index f8dd5af167f..3143054940d 100644
--- a/apps/user_ldap/tests/Group_LDAPTest.php
+++ b/apps/user_ldap/tests/Group_LDAPTest.php
@@ -73,6 +73,8 @@ class Group_LDAPTest extends TestCase {
->method('getConnection')
->willReturn($connector);
+ $access->userManager = $this->createMock(Manager::class);
+
return $access;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-23 22:26:56 +0300