summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2013-09-25 14:19:30 (GMT)
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2013-11-24 13:42:10 (GMT)
commita0dc9c8fcf9cfb1118f3b84043d708238b1c5b05 (patch)
tree79122567cba6e32970811f4f5d79e0ab65014ecd
parentc3c8270e16a9c09de9075a7a2f0aa145438d19b2 (diff)
downloadkolab-wap-a0dc9c8fcf9cfb1118f3b84043d708238b1c5b05.tar.gz
Fix completely broken group.member_list API action by fixing a mess in LDAP3
-rw-r--r--lib/Auth.php5
-rw-r--r--lib/Auth/LDAP.php13
-rw-r--r--lib/ext/Net/LDAP3.php145
3 files changed, 67 insertions, 96 deletions
diff --git a/lib/Auth.php b/lib/Auth.php
index 0c5ef5b..40f3049 100644
--- a/lib/Auth.php
+++ b/lib/Auth.php
@@ -367,11 +367,6 @@ class Auth {
return $this->auth_instance()->resource_info($resourcedata);
}
- public function resource_members_list($resourcedata, $recurse = true)
- {
- return $this->auth_instance()->resource_members_list($resourcedata, $recurse);
- }
-
public function role_add($role)
{
return $this->auth_instance()->role_add($role);
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index f2a0f3f..6d13a6c 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -681,7 +681,7 @@ class LDAP extends Net_LDAP3 {
return false;
}
- return $this->_list_group_members($group_dn, null, $recurse);
+ return $this->list_group_members($group_dn, null, $recurse);
}
public function list_domains($attributes = array(), $search = array(), $params = array())
@@ -825,17 +825,6 @@ class LDAP extends Net_LDAP3 {
return $this->_read($resource_dn, $attributes);
}
- public function resource_members_list($resource, $recurse = true)
- {
- $resource_dn = $this->entry_dn($resource);
-
- if (!$resource_dn) {
- return false;
- }
-
- return $this->_list_resource_members($resource_dn, null, $recurse);
- }
-
public function role_add($attrs)
{
$base_dn = $this->entry_base_dn('role', $typeid);
diff --git a/lib/ext/Net/LDAP3.php b/lib/ext/Net/LDAP3.php
index c81cf6f..344df44 100644
--- a/lib/ext/Net/LDAP3.php
+++ b/lib/ext/Net/LDAP3.php
@@ -930,17 +930,23 @@ class Net_LDAP3
/**
* Get a specific LDAP entry, identified by its DN
*
- * @param string $dn Record identifier
- * @return array Hash array
+ * @param string $dn Record identifier
+ * @param array $attributes Attributes to return
+ *
+ * @return array Hash array
*/
- public function get_entry($dn)
+ public function get_entry($dn, $attributes = array())
{
$rec = null;
if ($this->conn && $dn) {
$this->_debug("C: Read [dn: $dn] [(objectclass=*)]");
- if ($ldap_result = @ldap_read($this->conn, $dn, '(objectclass=*)', $this->return_attributes)) {
+ if (empty($attributes)) {
+ $attributes = $this->return_attributes;
+ }
+
+ if ($ldap_result = @ldap_read($this->conn, $dn, '(objectclass=*)', $attributes)) {
$this->_debug("S: OK");
if ($entry = ldap_first_entry($this->conn, $ldap_result)) {
@@ -1143,61 +1149,43 @@ class Net_LDAP3
return $entry_dn;
}
- public function list_entries($base_dn, $filter = '(objectclass=*)', $scope = 'sub', $sort = null)
- {
- $search = $this->search($base_dn, $filter, $scope, $sort);
-
- if (!$search) {
- $this->_debug("Net_LDAP3: Search did not succeed!");
- return false;
- }
-
- return $this->result;
-
- }
-
public function list_group_members($dn, $entry = null, $recurse = true)
{
- $group_members = array();
+ $this->_debug("Called list_group_members(" . $dn . ")");
if (is_array($entry) && in_array('objectclass', $entry)) {
if (!in_array(array('groupofnames', 'groupofuniquenames', 'groupofurls'), $entry['objectclass'])) {
- $this->_debug("Called _list_groups_members on a non-group!");
- }
- else {
- $this->_debug("Called list_group_members(" . $dn . ")");
+ $this->_debug("Called list_group_members on a non-group!");
+ return array();
}
}
+ else {
+ $entry = $this->get_entry($dn, array('member', 'uniquemember', 'memberurl', 'objectclass'));
- $entry = $this->search($dn);
-
- if (!$entry) {
- return array();
+ if (!$entry) {
+ return array();
+ }
}
- $this->_debug("ENTRIES for \$dn $dn", $entry);
+ $group_members = array();
- foreach ($entry[$dn] as $attribute => $value) {
- if ($attribute == "objectclass") {
- foreach ($value as $objectclass) {
- switch (strtolower($objectclass)) {
- case "groupofnames":
- case "kolabgroupofnames":
- $group_members = array_merge($group_members, $this->_list_group_member($dn, $entry[$dn]['member'], $recurse));
- break;
- case "groupofuniquenames":
- case "kolabgroupofuniquenames":
- $group_members = array_merge($group_members, $this->_list_group_uniquemember($dn, $entry[$dn]['uniquemember'], $recurse));
- break;
- case "groupofurls":
- $group_members = array_merge($group_members, $this->_list_group_memberurl($dn, $entry[$dn]['memberurl'], $recurse));
- break;
- }
- }
+ foreach ((array)$entry['objectclass'] as $objectclass) {
+ switch (strtolower($objectclass)) {
+ case "groupofnames":
+ case "kolabgroupofnames":
+ $group_members = array_merge($group_members, $this->list_group_member($dn, $entry['member'], $recurse));
+ break;
+ case "groupofuniquenames":
+ case "kolabgroupofuniquenames":
+ $group_members = array_merge($group_members, $this->list_group_uniquemember($dn, $entry['uniquemember'], $recurse));
+ break;
+ case "groupofurls":
+ $group_members = array_merge($group_members, $this->list_group_memberurl($dn, $entry['memberurl'], $recurse));
+ break;
}
}
- return array_filter($group_members);
+ return array_values(array_filter($group_members));
}
public function modify_entry($subject_dn, $old_attrs, $new_attrs)
@@ -2050,30 +2038,28 @@ class Net_LDAP3
private function list_group_member($dn, $members, $recurse = true)
{
- $this->_debug("Called _list_group_member(" . $dn . ")");
+ $this->_debug("Called list_group_member(" . $dn . ")");
+ $members = (array) $members;
$group_members = array();
- $members = (array)($members);
-
- if (empty($members)) {
- return $group_members;
- }
+ // remove possible 'count' item
+ unset($members['count']);
// Use the member attributes to return an array of member ldap objects
// NOTE that the member attribute is supposed to contain a DN
foreach ($members as $member) {
- $member_entry = $this->_read($member, '(objectclass=*)');
+ $member_entry = $this->get_entry($member, array('member', 'uniquemember', 'memberurl', 'objectclass'));
if (empty($member_entry)) {
continue;
}
- $group_members[$member] = array_pop($member_entry);
+ $group_members[$member] = $member;
if ($recurse) {
// Nested groups
- $group_group_members = $this->_list_group_members($member, $member_entry);
+ $group_group_members = $this->list_group_members($member, $member_entry);
if ($group_group_members) {
$group_members = array_merge($group_group_members, $group_members);
}
@@ -2085,34 +2071,26 @@ class Net_LDAP3
private function list_group_uniquemember($dn, $uniquemembers, $recurse = true)
{
- $this->_debug("Called _list_group_uniquemember(" . $dn . ")", $entry);
-
- // Use the member attributes to return an array of member ldap objects
- // NOTE that the member attribute is supposed to contain a DN
- $group_members = array();
- if (empty($uniquemembers)) {
- return $group_members;
- }
+ $this->_debug("Called list_group_uniquemember(" . $dn . ")", $entry);
$uniquemembers = (array)($uniquemembers);
+ $group_members = array();
- if (is_string($uniquemembers)) {
- $this->_debug("uniquemember for entry is not an array");
- $uniquemembers = (array)($uniquemembers);
- }
+ // remove possible 'count' item
+ unset($uniquemembers['count']);
foreach ($uniquemembers as $member) {
- $member_entry = $this->_read($member, '(objectclass=*)');
+ $member_entry = $this->get_entry($member, array('member', 'uniquemember', 'memberurl', 'objectclass'));
if (empty($member_entry)) {
continue;
}
- $group_members[$member] = array_pop($member_entry);
+ $group_members[$member] = $member;
if ($recurse) {
// Nested groups
- $group_group_members = $this->_list_group_members($member, $member_entry);
+ $group_group_members = $this->list_group_members($member, $member_entry);
if ($group_group_members) {
$group_members = array_merge($group_group_members, $group_members);
}
@@ -2124,25 +2102,32 @@ class Net_LDAP3
private function list_group_memberurl($dn, $memberurls, $recurse = true)
{
- $this->_debug("Called _list_group_memberurl(" . $dn . ")");
-
- // Use the member attributes to return an array of member ldap objects
- // NOTE that the member attribute is supposed to contain a DN
+ $this->_debug("Called list_group_memberurl(" . $dn . ")");
$group_members = array();
+ $memberurls = (array) $memberurls;
+
+ // remove possible 'count' item
+ unset($memberurls['count']);
- foreach ((array)($memberurls) as $url) {
- $ldap_uri_components = $this->_parse_memberurl($url);
+ $return_attributes = $this->return_attributes;
+ $this->return_attributes = array('member', 'uniquemember', 'memberurl', 'objectclass');
- $entries = $this->search($ldap_uri_components[3], $ldap_uri_components[6]);
+ foreach ($memberurls as $url) {
+ $ldap_uri = $this->parse_memberurl($url);
+ $result = $this->search($ldap_uri[3], $ldap_uri[6]);
- foreach ($entries as $entry_dn => $_entry) {
- $group_members[$entry_dn] = $_entry;
+ if (!$result) {
+ continue;
+ }
+
+ foreach ($result->entries(true) as $entry_dn => $_entry) {
+ $group_members[$entry_dn] = $entry_dn;
$this->_debug("Found " . $entry_dn);
if ($recurse) {
// Nested group
- $group_group_members = $this->_list_group_members($entry_dn, $_entry);
+ $group_group_members = $this->list_group_members($entry_dn, $_entry);
if ($group_group_members) {
$group_members = array_merge($group_members, $group_group_members);
}
@@ -2150,6 +2135,8 @@ class Net_LDAP3
}
}
+ $this->return_attributes = $return_attributes;
+
return array_filter($group_members);
}