Merge pull request #24950 from owncloud/stable9-fixdynamicldapgroupaccess

[stable9] Fixed dynamic group ldap access

2 files changed, 64 insertions, 9 deletions

diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index 891c807cd74..5d0fb4c5acf 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -473,16 +473,17 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
 					// apply filter via ldap search to see if this user is in this
 					// dynamic group
 					$userMatch = $this->access->readAttribute(
-						$uid,
+						$userDN,
 						$this->access->connection->ldapUserDisplayName,
 						$memberUrlFilter
 					);
 					if ($userMatch !== false) {
 						// match found so this user is in this group
-						$pos = strpos($dynamicGroup['dn'][0], ',');
-						if ($pos !== false) {
-							$membershipGroup = substr($dynamicGroup['dn'][0],3,$pos-3);
-							$groups[] = $membershipGroup;
+						$groupName = $this->access->dn2groupname($dynamicGroup['dn'][0]);
+						if(is_string($groupName)) {
+							// be sure to never return false if the dn could not be
+							// resolved to a name, for whatever reason.
+							$groups[] = $groupName;
 						}
 					}
 				} else {
@@ -534,11 +535,12 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
 		}
 
 		if(isset($this->cachedGroupsByMember[$uid])) {
-			$groups = $this->cachedGroupsByMember[$uid];
+			$groups = array_merge($groups, $this->cachedGroupsByMember[$uid]);
 		} else {
-			$groups = array_values($this->getGroupsByMember($uid));
-			$groups = $this->access->ownCloudGroupNames($groups);
-			$this->cachedGroupsByMember[$uid] = $groups;
+			$groupsByMember = array_values($this->getGroupsByMember($uid));
+			$groupsByMember = $this->access->ownCloudGroupNames($groupsByMember);
+			$this->cachedGroupsByMember[$uid] = $groupsByMember;
+			$groups = array_merge($groups, $groupsByMember);
 		}
 
 		if($primaryGroup !== false) {
diff --git a/apps/user_ldap/tests/group_ldap.php b/apps/user_ldap/tests/group_ldap.php
index 51bb1d84732..a81bf70f54a 100644
--- a/apps/user_ldap/tests/group_ldap.php
+++ b/apps/user_ldap/tests/group_ldap.php
@@ -455,4 +455,57 @@ class Test_Group_Ldap extends \Test\TestCase {
 		$groupBackend->getUserGroups('userX');
 	}
 
+	public function testGetGroupsByMember() {
+		$access = $this->getAccessMock();
+
+		$access->connection->expects($this->any())
+			->method('__get')
+			->will($this->returnCallback(function($name) {
+				if($name === 'useMemberOfToDetectMembership') {
+					return 0;
+				} else if($name === 'ldapDynamicGroupMemberURL') {
+					return '';
+				} else if($name === 'ldapNestedGroups') {
+					return false;
+				}
+				return 1;
+			}));
+
+		$dn = 'cn=userX,dc=foobar';
+
+		$access->connection->hasPrimaryGroups = false;
+
+		$access->expects($this->exactly(2))
+			->method('username2dn')
+			->will($this->returnValue($dn));
+
+		$access->expects($this->never())
+			->method('readAttribute')
+			->with($dn, 'memberOf');
+
+		$group1 = [
+			'cn' => 'group1',
+			'dn' => ['cn=group1,ou=groups,dc=domain,dc=com'],
+		];
+		$group2 = [
+			'cn' => 'group2',
+			'dn' => ['cn=group2,ou=groups,dc=domain,dc=com'],
+		];
+
+		$access->expects($this->once())
+			->method('ownCloudGroupNames')
+			->with([$group1, $group2])
+			->will($this->returnValue(['group1', 'group2']));
+
+		$access->expects($this->once())
+			->method('fetchListOfGroups')
+			->will($this->returnValue([$group1, $group2]));
+
+		$groupBackend = new GroupLDAP($access);
+		$groups = $groupBackend->getUserGroups('userX');
+		$this->assertEquals(['group1', 'group2'], $groups);
+
+		$groupsAgain = $groupBackend->getUserGroups('userX');
+		$this->assertEquals(['group1', 'group2'], $groupsAgain);
+	}
 }