Sync ldap group membership, filter groups from group DN

c12simple · c12simple · commit 688ce9138d03 · 2015-08-24T10:38:04.000+02:00
diff --git a/core/src/plugins/auth.ldap/class.ldapAuthDriver.php b/core/src/plugins/auth.ldap/class.ldapAuthDriver.php
@@ -250,13 +250,13 @@ public function getUserEntries($login = null, $countOnly = false, $offset = -1,
             }
 
             if(isset($searchAttrArray)){
-               if(count($searchAttrArray) > 1){
-                   $searchAttrFilter = "(|";
-                   foreach($searchAttrArray as $attr){
-                       $searchAttrFilter .= "(". $attr . "=" . $login . ")";
+                if(count($searchAttrArray) > 1){
+                    $searchAttrFilter = "(|";
+                    foreach($searchAttrArray as $attr){
+                        $searchAttrFilter .= "(". $attr . "=" . $login . ")";
                     }
-                   $searchAttrFilter .= ")";
-               }
+                    $searchAttrFilter .= ")";
+                }
                 else{
                     $searchAttrFilter = "(" . $searchAttrArray[0] . "=" . $login . ")";
                 }
@@ -748,14 +748,15 @@ public function updateUserObject(&$userObject)
                                     $valueFilters = array_map("trim", explode(",", $filter));
                                 }
                                 if ($key == "memberof") {
-
+                                    if (empty($valueFilters)) {
+                                        $valueFilters = $this->getLdapGroupListFromDN();
+                                    }
                                     if ($this->mappedRolePrefix) {
                                         $rolePrefix = $this->mappedRolePrefix;
                                     } else {
                                         $rolePrefix = "";
                                     }
 
-                                    /*
                                     $userroles = $userObject->getRoles();
                                     //remove all mapped roles before
 
@@ -767,7 +768,6 @@ public function updateUserObject(&$userObject)
                                         }
                                     }
                                     $userObject->recomputeMergedRole();
-                                    */
 
                                     foreach ($memberValues as $uniqValue => $fullDN) {
                                         $uniqValueWithPrefix = $rolePrefix . $uniqValue;
@@ -914,4 +914,35 @@ public function saveCountToCache($fileContent)
             file_put_contents($this->getPluginCacheDir() . DIRECTORY_SEPARATOR . $fileName, serialize($fileContent));
         }
     }
-}
+
+    public function getLdapGroupListFromDN()
+    {
+        $origUsersDN = $this->ldapDN;
+        $origUsersFilter = $this->ldapFilter;
+        $origUsersAttr = $this->ldapUserAttr;
+        $this->ldapDN = $this->ldapGDN;
+        $this->ldapFilter = $this->ldapGFilter;
+        $this->ldapUserAttr = $this->ldapGroupAttr;
+
+        $entries = $this->getUserEntries();
+        $returnArray = array();
+        if (is_array($entries) && $entries["count"] > 0) {
+            unset($entries["count"]);
+            foreach ($entries as $key => $entry) {
+                if(isset($this->mappedRolePrefix)){
+                    $returnArray[$this->mappedRolePrefix . $entry[$this->ldapGroupAttr][0]] = $this->mappedRolePrefix . $entry[$this->ldapGroupAttr][0];
+                }
+                else{
+                    $returnArray[$entry[$this->ldapGroupAttr][0]] = $entry[$this->ldapGroupAttr][0];
+                }
+            }
+        }
+
+        $this->dynamicFilter = null;
+        $this->ldapDN = $origUsersDN;
+        $this->ldapFilter = $origUsersFilter;
+        $this->ldapUserAttr = $origUsersAttr;
+
+        return $returnArray;
+    }
+}
