wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

LDAP: usersInGroup now also does LDAP serverside search.

Browse source
This commit is contained in:
Arthur Schiwon 2012-10-27 19:42:50 +02:00
parent 3f85432df9
commit 58828d205f
1 changed files with 41 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
apps/user_ldap/group_ldap.php
View file

@ -139,61 +139,72 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
if(!$this->enabled) {
return array();
}
$this->groupSearch = $search;
if($this->connection->isCached('usersInGroup'.$gid)) {
$groupUsers = $this->connection->getFromCache('usersInGroup'.$gid);
if(!empty($this->groupSearch)) {
$groupUsers = array_filter($groupUsers, array($this, 'groupMatchesFilter'));
}
if($limit == -1) {
$limit = null;
}
return array_slice($groupUsers, $offset, $limit);
$cachekey = 'usersInGroup-'.$gid.'-'.$search.'-'.$limit.'-'.$offset;
// check for cache of the exact query
$groupUsers = $this->connection->getFromCache($cachekey);
if(!is_null($groupUsers)) {
return $groupUsers;
}
// check for cache of the query without limit and offset
$groupUsers = $this->connection->getFromCache('usersInGroup-'.$gid.'-'.$search);
if(!is_null($groupUsers)) {
$groupUsers = array_slice($groupUsers, $offset, $limit);
$this->connection->writeToCache($cachekey, $groupUsers);
return $groupUsers;
}
if($limit == -1) {
$limit = null;
}
$groupDN = $this->groupname2dn($gid);
if(!$groupDN) {
$this->connection->writeToCache('usersInGroup'.$gid, array());
// group couldn't be found, return empty resultset
$this->connection->writeToCache($cachekey, array());
return array();
}
$members = $this->readAttribute($groupDN, $this->connection->ldapGroupMemberAssocAttr);
if(!$members) {
$this->connection->writeToCache('usersInGroup'.$gid, array());
//in case users could not be retrieved, return empty resultset
$this->connection->writeToCache($cachekey, array());
return array();
}
$result = array();
$search = empty($search) ? '*' : '*'.$search.'*';
$groupUsers = array();
$isMemberUid = (strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid');
foreach($members as $member) {
if($isMemberUid) {
$filter = \OCP\Util::mb_str_replace('%uid', $member, $this->connection->ldapLoginFilter, 'UTF-8');
//we got uids, need to get their DNs to 'tranlsate' them to usernames
$filter = $this->combineFilterWithAnd(array(
\OCP\Util::mb_str_replace('%uid', $member, $this->connection>ldapLoginFilter, 'UTF-8'),
$this->connection->ldapUserDisplayName.'='.$search
));
$ldap_users = $this->fetchListOfUsers($filter, 'dn');
if(count($ldap_users) < 1) {
continue;
}
$result[] = $this->dn2username($ldap_users[0]);
continue;
$groupUsers[] = $this->dn2username($ldap_users[0]);
} else {
//we got DNs, check if we need to filter by search or we can give back all of them
if($search != '*') {
if(!$this->readAttribute($member, $this->connection->ldapUserDisplayName, $this->connection->ldapUserDisplayName.'='.$search)) {
continue;
}
}
// dn2username will also check if the users belong to the allowed base
if($ocname = $this->dn2username($member)) {
$result[] = $ocname;
$groupUsers[] = $ocname;
}
}
}
if(!$isMemberUid) {
$result = array_intersect($result, \OCP\User::getUsers());
}
$groupUsers = array_unique($result, SORT_LOCALE_STRING);
$this->connection->writeToCache('usersInGroup'.$gid, $groupUsers);
if(!empty($this->groupSearch)) {
$groupUsers = array_filter($groupUsers, array($this, 'groupMatchesFilter'));
}
if($limit == -1) {
$limit = null;
}
return array_slice($groupUsers, $offset, $limit);
natsort($groupUsers);
$this->connection->writeToCache('usersInGroup-'.$gid.'-'.$search, $groupUsers);
$groupUsers = array_slice($groupUsers, $offset, $limit);
$this->connection->writeToCache($cachekey, $groupUsers);
return $groupUsers;
}
/**