extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-22 07:53:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

* ActiveDirectory: fix import was not detecting members removed from groups

Browse Source 
as for AD always the full import is used for groups and setting/removing members was skipped for the full/initial import
This commit is contained in:
ralf 2024-02-28 16:30:42 +02:00
parent e42716dd37
commit 1709bcf40c
2 changed files with 28 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
api/src/Accounts/Ads.php
View File

@ -597,18 +597,35 @@ class Ads
{ {
if (!($data = $this->filter(array('objectsid' => $this->get_sid($account_id)), 'g', self::$group_attributes))) if (!($data = $this->filter(array('objectsid' => $this->get_sid($account_id)), 'g', self::$group_attributes)))
{ {
return false; // group not found return false; // group not found
} }
$group = $this->_ldap2group(array_shift($data)); $group = $this->_ldap2group(array_shift($data));
// for memberships we have to query primaryGroupId and memberOf of users $group['members'] = $this->getMembers($group);
$group['members'] = $this->filter(array('memberOf' => $group['account_dn']), 'u');
// primary group is not stored in memberOf attribute, need to add them too
$group['members'] = $this->filter(array('primaryGroupId' => abs($account_id)), 'u', null, $group['members']);
return $group; return $group;
} }
/**
* Query members of group
*
* @param array $group with values for keys account_id and account_dn
* @return array
*/
public function getMembers(array $group)
{
if (empty($group['account_dn']) || empty($group['account_id']))
{
throw new \InvalidArgumentException(__METHOD__.'('.json_encode($group).') missing account_id and/or account_dn attribute');
}
// for memberships, we have to query primaryGroupId and memberOf of users
$members = $this->filter(array('memberOf' => $group['account_dn']), 'u');
// primary group is not stored in memberOf attribute, need to add them too
$members = $this->filter(array('primaryGroupId' => abs($group['account_id'])), 'u', null, $members);
return $members;
}
/** /**
* Convert ldap data of a user * Convert ldap data of a user
* *

8
api/src/Accounts/Import.php
View File

@ -825,8 +825,12 @@ class Import
$groups[$sql_id] = self::strtolower($group['account_lid']); $groups[$sql_id] = self::strtolower($group['account_lid']);
// we need to record and return the id's to update members, AFTER users are created/updated // we need to record and return the id's to update members, AFTER users are created/updated
// only for incremental run, initial run set's memberships with the user anyway (more efficient for LDAP!) if (is_a($this->accounts, Ads::class))
if (!empty($modified)) {
// ADS::members() calls the frontend, have to use ADS::getMembers() instead
$set_members[$sql_id] = $this->accounts->getMembers($group);
}
else
{ {
$set_members[$sql_id] = $this->accounts->members($group['account_id']); $set_members[$sql_id] = $this->accounts->members($group['account_id']);
} }