@@ -321,94 +321,105 @@ public function getUserGroups(string $userName): array
321321 return [];
322322 }
323323
324- $ userGroups$ this groupFilter ($ user
324+ $ userGroups$ this extractGroupsFromSearchResponseEntry ($ user
325325 $ allGroups$ this getGroupsRecursive ($ userGroups
326+ $ formattedGroups$ this extractGroupNamesFromLdapGroupDns ($ allGroups
326327
327328 if ($ this config ['dump_user_groups ' ]) {
328329 throw new JsonDebugException ([
329- 'details_from_ldap ' => $ user
330- 'parsed_direct_user_groups ' => $ userGroups
331- 'parsed_recursive_user_groups ' => $ allGroups
330+ 'details_from_ldap ' => $ user
331+ 'parsed_direct_user_groups ' => $ userGroups
332+ 'parsed_recursive_user_groups ' => $ allGroups
333+ 'parsed_resulting_group_names ' => $ formattedGroups
332334 ]);
333335 }
334336
335- return $ allGroups
337+ return $ formattedGroups
338+ }
339+
340+ protected function extractGroupNamesFromLdapGroupDns (array $ groupDNsarray
341+ {
342+ $ names
343+
344+ foreach ($ groupDNsas $ groupDN
345+ $ exploded$ this ldap ->explodeDn ($ groupDN1 );
346+ if ($ explodedfalse && count ($ exploded0 ) {
347+ $ names$ exploded0 ];
348+ }
349+ }
350+
351+ return array_unique ($ names
336352 }
337353
338354 /**
339- * Get the parent groups of an array of groups.
355+ * Build an array of all relevant groups DNs after recursively scanning
356+ * across parents of the groups given.
340357 *
341358 * @throws LdapException
342359 */
343- private function getGroupsRecursive (array $ groupsArray array $ checkedarray
360+ protected function getGroupsRecursive (array $ groupDNs array $ checkedarray
344361 {
345362 $ groupsToAdd
346- foreach ($ groupsArray as $ groupName
347- if (in_array ($ groupName $ checked
363+ foreach ($ groupDNs as $ groupDN
364+ if (in_array ($ groupDN $ checked
348365 continue ;
349366 }
350367
351- $ parentGroups$ this getGroupGroups ( $ groupName
368+ $ parentGroups$ this getParentsOfGroup ( $ groupDN
352369 $ groupsToAddarray_merge ($ groupsToAdd$ parentGroups
353- $ checked$ groupName
370+ $ checked$ groupDN
354371 }
355372
356- $ groupsArray array_unique (array_merge ($ groupsArray $ groupsToAddSORT_REGULAR );
373+ $ uniqueDNs array_unique (array_merge ($ groupDNs $ groupsToAddSORT_REGULAR );
357374
358375 if (empty ($ groupsToAdd
359- return $ groupsArray
376+ return $ uniqueDNs
360377 }
361378
362- return $ this getGroupsRecursive ($ groupsArray $ checked
379+ return $ this getGroupsRecursive ($ uniqueDNs $ checked
363380 }
364381
365382 /**
366- * Get the parent groups of a single group.
367- *
368383 * @throws LdapException
369384 */
370- private function getGroupGroups (string $ groupName array
385+ protected function getParentsOfGroup (string $ groupDN array
371386 {
387+ $ groupsAttrstrtolower ($ this config ['group_attribute ' ]);
372388 $ ldapConnection$ this getConnection ();
373389 $ this bindSystemUser ($ ldapConnection
374390
375391 $ followReferrals$ this config ['follow_referrals ' ] ? 1 : 0 ;
376392 $ this ldap ->setOption ($ ldapConnectionLDAP_OPT_REFERRALS , $ followReferrals
377-
378- $ baseDn$ this config ['base_dn ' ];
379- $ groupsAttrstrtolower ($ this config ['group_attribute ' ]);
380-
381- $ groupFilter'CN= ' . $ this ldap ->escape ($ groupName
382- $ groups$ this ldap ->searchAndGetEntries ($ ldapConnection$ baseDn$ groupFilter$ groupsAttr
383- if ($ groups'count ' ] === 0 ) {
393+ $ read$ this ldap ->read ($ ldapConnection$ groupDN'(objectClass=*) ' , [$ groupsAttr
394+ $ results$ this ldap ->getEntries ($ ldapConnection$ read
395+ if ($ results'count ' ] === 0 ) {
384396 return [];
385397 }
386398
387- return $ this groupFilter ( $ groups 0 ]);
399+ return $ this extractGroupsFromSearchResponseEntry ( $ results 0 ]);
388400 }
389401
390402 /**
391- * Filter out LDAP CN and DN language in a ldap search return.
392- * Gets the base CN (common name) of the string.
403+ * Extract an array of group DN values from the given LDAP search response entry
393404 */
394- protected function groupFilter (array $ userGroupSearchResponse array
405+ protected function extractGroupsFromSearchResponseEntry (array $ ldapEntry array
395406 {
396407 $ groupsAttrstrtolower ($ this config ['group_attribute ' ]);
397- $ ldapGroups
408+ $ groupDNs
398409 $ count0 ;
399410
400- if (isset ($ userGroupSearchResponse $ groupsAttr'count ' ])) {
401- $ countint ) $ userGroupSearchResponse $ groupsAttr'count ' ];
411+ if (isset ($ ldapEntry $ groupsAttr'count ' ])) {
412+ $ countint ) $ ldapEntry $ groupsAttr'count ' ];
402413 }
403414
404415 for ($ i0 ; $ i$ count$ i
405- $ dnComponents $ this -> ldap -> explodeDn ( $ userGroupSearchResponse $ groupsAttr$ i, 1 ) ;
406- if (!in_array ($ dnComponents [ 0 ] , $ ldapGroups
407- $ ldapGroups $ dnComponents [ 0 ] ;
416+ $ dn $ ldapEntry $ groupsAttr$ i
417+ if (!in_array ($ dn $ groupDNs
418+ $ groupDNs $ dn
408419 }
409420 }
410421
411- return $ ldapGroups
422+ return $ groupDNs
412423 }
413424
414425 /**
0 commit comments