diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index 96a7fe5068edab3d4e0af5346af07eb8e9649a50..591ba41253c7d5a4a3da941557b07bfdabbbac28 100755
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -24,9 +24,11 @@
class OC_GROUP_LDAP extends OC_Group_Backend {
// //group specific settings
protected $ldapGroupFilter;
+ protected $ldapGroupMemberAssocAttr;
public function __construct() {
- $this->ldapGroupFilter = OCP\Config::getAppValue('user_ldap', 'ldap_group_filter', '(objectClass=posixGroup)');
+ $this->ldapGroupFilter = OCP\Config::getAppValue('user_ldap', 'ldap_group_filter', '(objectClass=posixGroup)');
+ $this->ldapGroupMemberAssocAttr = OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember');
}
/**
@@ -44,7 +46,22 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
if(!$dn_group || !$dn_user) {
return false;
}
- $members = OC_LDAP::readAttribute($dn_group, LDAP_GROUP_MEMBER_ASSOC_ATTR);
+ $members = OC_LDAP::readAttribute($dn_group, $this->ldapGroupMemberAssocAttr);
+
+ //extra work if we don't get back user DNs
+ //TODO: this can be done with one LDAP query
+ if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') {
+ $dns = array();
+ foreach($members as $uid) {
+ $filter = str_replace('%uid', $uid, OC_LDAP::conf('ldapLoginFilter'));
+ $ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn');
+ if(count($ldap_users) < 1) {
+ continue;
+ }
+ $dns[] = $ldap_users[0];
+ }
+ $members = $dns;
+ }
return in_array($dn_user, $members);
}
@@ -63,9 +80,20 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
return array();
}
+ //uniqueMember takes DN, memberuid the uid, so we need to distinguish
+ if(strtolower($this->ldapGroupMemberAssocAttr) == 'uniquemember') {
+ $uid = $userDN;
+ } else if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') {
+ $result = OC_LDAP::readAttribute($userDN, 'uid');
+ $uid = $result[0];
+ } else {
+ // just in case
+ $uid = $userDN;
+ }
+
$filter = OC_LDAP::combineFilterWithAnd(array(
$this->ldapGroupFilter,
- LDAP_GROUP_MEMBER_ASSOC_ATTR.'='.$userDN
+ $this->ldapGroupMemberAssocAttr.'='.$uid
));
$groups = OC_LDAP::fetchListOfGroups($filter, array(OC_LDAP::conf('ldapGroupDisplayName'),'dn'));
$userGroups = OC_LDAP::ownCloudGroupNames($groups);
@@ -82,9 +110,19 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
if(!$groupDN) {
return array();
}
- $members = OC_LDAP::readAttribute($groupDN, LDAP_GROUP_MEMBER_ASSOC_ATTR);
+ $members = OC_LDAP::readAttribute($groupDN, $this->ldapGroupMemberAssocAttr);
$result = array();
foreach($members as $member) {
+ if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') {
+ $filter = str_replace('%uid', $member, OC_LDAP::conf('ldapLoginFilter'));
+ $ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn');
+ if(count($ldap_users) < 1) {
+ continue;
+ }
+ $result[] = OC_LDAP::dn2username($ldap_users[0]);
+ continue;
+ }
+ //de-facto else
$result[] = OC_LDAP::dn2username($member);
}
return array_unique($result, SORT_LOCALE_STRING);
diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php
index 9de03a07fefcb316ff31a8dc613b0dcb201e0938..30806a63b084d7479cc507ca987495370efcc017 100755
--- a/apps/user_ldap/lib_ldap.php
+++ b/apps/user_ldap/lib_ldap.php
@@ -49,6 +49,7 @@ class OC_LDAP {
static protected $ldapUserDisplayName;
static protected $ldapUserFilter;
static protected $ldapGroupDisplayName;
+ static protected $ldapLoginFilter;
static public function init() {
self::readConfiguration();
@@ -76,6 +77,7 @@ class OC_LDAP {
$availableProperties = array(
'ldapUserDisplayName',
'ldapGroupDisplayName',
+ 'ldapLoginFilter'
);
if(in_array($key, $availableProperties)) {
@@ -574,6 +576,7 @@ class OC_LDAP {
self::$ldapNoCase = OCP\Config::getAppValue('user_ldap', 'ldap_nocase', 0);
self::$ldapUserDisplayName = OCP\Config::getAppValue('user_ldap', 'ldap_display_name', OC_USER_BACKEND_LDAP_DEFAULT_DISPLAY_NAME);
self::$ldapUserFilter = OCP\Config::getAppValue('user_ldap', 'ldap_userlist_filter','objectClass=person');
+ self::$ldapLoginFilter = OCP\Config::getAppValue('user_ldap', 'ldap_login_filter', '(uid=%uid)');
self::$ldapGroupDisplayName = OCP\Config::getAppValue('user_ldap', 'ldap_group_display_name', LDAP_GROUP_DISPLAY_NAME_ATTR);
if(empty(self::$ldapBaseUsers)) {
diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index 343a659ea26eb8515046cd32bc8892007fbe74d9..de7110fe9a849bc7fc3e02a7ba574fae686cd434 100755
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -20,7 +20,7 @@
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
-$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr');
+$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute');
OCP\Util::addscript('user_ldap', 'settings');
@@ -50,5 +50,6 @@ foreach($params as $param){
// settings with default values
$tmpl->assign( 'ldap_port', OCP\Config::getAppValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT));
$tmpl->assign( 'ldap_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_display_name', OC_USER_BACKEND_LDAP_DEFAULT_DISPLAY_NAME));
+$tmpl->assign( 'ldap_group_member_assoc_attribute', OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember'));
return $tmpl->fetchPage();
diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index cb3beac979783b631e16931021f948eccbfc56a4..48e136668d1620d4f84d57b02436e1b688d00236 100644
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -17,6 +17,7 @@
<p><label for="ldap_port"><?php echo $l->t('Port');?></label><input type="text" id="ldap_port" name="ldap_port" value="<?php echo $_['ldap_port']; ?>" /></p>
<p><label for="ldap_base_users"><?php echo $l->t('Base User Tree');?></label><input type="text" id="ldap_base_users" name="ldap_base_users" value="<?php echo $_['ldap_base_users']; ?>" /></p>
<p><label for="ldap_base_groups"><?php echo $l->t('Base Group Tree');?></label><input type="text" id="ldap_base_groups" name="ldap_base_groups" value="<?php echo $_['ldap_base_groups']; ?>" /></p>
+ <p><label for="ldap_group_member_assoc_attribute"><?php echo $l->t('Group-Member association');?></label><select id="ldap_group_member_assoc_attribute" name="ldap_group_member_assoc_attribute"><option value="uniqueMember"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'uniqueMember')) echo ' selected'; ?>>uniqueMember</option><option value="memberUid"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'memberUid')) echo ' selected'; ?>>memberUid</option></select></p>
<p><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1"<?php if ($_['ldap_tls']) echo ' checked'; ?>><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label></p>
<p><input type="checkbox" id="ldap_nocase" name="ldap_nocase" value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) echo ' checked'; ?>><label for="ldap_nocase"><?php echo $l->t('Case insensitve LDAP server (Windows)');?></label></p>
<p><label for="ldap_display_name"><?php echo $l->t('Display Name Field');?></label><input type="text" id="ldap_display_name" name="ldap_display_name" value="<?php echo $_['ldap_display_name']; ?>" />
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index e40d06d3d550413d63ee4ceccb745fbf1a676aa8..ba66c7a9ca8443147a3943aaec9f821f0de962da 100755
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -27,7 +27,6 @@ class OC_USER_LDAP extends OC_User_Backend {
// cached settings
protected $ldapUserFilter;
- protected $ldapLoginFilter;
protected $ldapQuotaAttribute;
protected $ldapQuotaDefault;
protected $ldapEmailAttribute;
@@ -37,7 +36,6 @@ class OC_USER_LDAP extends OC_User_Backend {
public function __construct() {
$this->ldapUserFilter = OCP\Config::getAppValue('user_ldap', 'ldap_userlist_filter', '(objectClass=posixAccount)');
- $this->ldapLoginFilter = OCP\Config::getAppValue('user_ldap', 'ldap_login_filter', '(uid=%uid)');
$this->ldapQuotaAttribute = OCP\Config::getAppValue('user_ldap', 'ldap_quota_attr', '');
$this->ldapQuotaDefault = OCP\Config::getAppValue('user_ldap', 'ldap_quota_def', '');
$this->ldapEmailAttribute = OCP\Config::getAppValue('user_ldap', 'ldap_email_attr', '');
@@ -83,7 +81,7 @@ class OC_USER_LDAP extends OC_User_Backend {
*/
public function checkPassword($uid, $password){
//find out dn of the user name
- $filter = str_replace('%uid', $uid, $this->ldapLoginFilter);
+ $filter = str_replace('%uid', $uid, OC_LDAP::conf('ldapLoginFilter'));
$ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn');
if(count($ldap_users) < 1) {
return false;