From 244920aeb01c8668df5e069732eabb16f1e10c33 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Tue, 19 Jun 2012 01:15:58 +0200
Subject: [PATCH] LDAP: only map users within the User Base Tree

---
 apps/user_ldap/group_ldap.php |  4 +++-
 apps/user_ldap/lib_ldap.php   | 10 ++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index 78bc5b4656..a3117b5a41 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -166,7 +166,9 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
 				$result[] = OC_LDAP::dn2username($ldap_users[0]);
 				continue;
 			} else {
-				$result[] = OC_LDAP::dn2username($member);
+				if($ocname = OC_LDAP::dn2username($member)){
+					$result[] = $ocname;
+				}
 			}
 		}
 		if(!$isMemberUid) {
diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php
index 45be86aff8..4adb70cfa0 100644
--- a/apps/user_ldap/lib_ldap.php
+++ b/apps/user_ldap/lib_ldap.php
@@ -166,11 +166,14 @@ class OC_LDAP {
 	 * @brief returns the internal ownCloud name for the given LDAP DN of the group
 	 * @param $dn the dn of the group object
 	 * @param $ldapname optional, the display name of the object
-	 * @returns string with with the name to use in ownCloud
+	 * @returns string with with the name to use in ownCloud, false on DN outside of search DN
 	 *
 	 * returns the internal ownCloud name for the given LDAP DN of the group
 	 */
 	static public function dn2groupname($dn, $ldapname = null) {
+		if(strrpos($dn, self::ldapBaseGroups) !== (strlen($dn)-strlen(self::ldapBaseGroups)-1)) {
+			return false;
+		}
 		return self::dn2ocname($dn, $ldapname, false);
 	}
 
@@ -180,9 +183,12 @@ class OC_LDAP {
 	 * @param $ldapname optional, the display name of the object
 	 * @returns string with with the name to use in ownCloud
 	 *
-	 * returns the internal ownCloud name for the given LDAP DN of the user
+	 * returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN
 	 */
 	static public function dn2username($dn, $ldapname = null) {
+		if(strrpos($dn, self::ldapBaseUsers) !== (strlen($dn)-strlen(self::ldapBaseUsers)-1)) {
+			return false;
+		}
 		return self::dn2ocname($dn, $ldapname, true);
 	}
 
-- 
GitLab