extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-22 07:53:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

* ActiveDirectory: fix import was not detecting members removed from groups

Browse Source 
as for AD always the full import is used for groups and setting/removing members was skipped for the full/initial import
This commit is contained in:
ralf 2024-02-28 16:30:42 +02:00
parent e42716dd37
commit 1709bcf40c
2 changed files with 28 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
api/src/Accounts/Ads.php
View File

@ -601,14 +601,31 @@ class Ads
}
$group = $this->_ldap2group(array_shift($data));
// for memberships we have to query primaryGroupId and memberOf of users
$group['members'] = $this->filter(array('memberOf' => $group['account_dn']), 'u');
// primary group is not stored in memberOf attribute, need to add them too
$group['members'] = $this->filter(array('primaryGroupId' => abs($account_id)), 'u', null, $group['members']);
$group['members'] = $this->getMembers($group);
return $group;
}
/**
* Query members of group
*
* @param array $group with values for keys account_id and account_dn
* @return array
*/
public function getMembers(array $group)
{
if (empty($group['account_dn']) || empty($group['account_id']))
{
throw new \InvalidArgumentException(__METHOD__.'('.json_encode($group).') missing account_id and/or account_dn attribute');
}
// for memberships, we have to query primaryGroupId and memberOf of users
$members = $this->filter(array('memberOf' => $group['account_dn']), 'u');
// primary group is not stored in memberOf attribute, need to add them too
$members = $this->filter(array('primaryGroupId' => abs($group['account_id'])), 'u', null, $members);
return $members;
}
/**
* Convert ldap data of a user
*

8
api/src/Accounts/Import.php
View File

@ -825,8 +825,12 @@ class Import
$groups[$sql_id] = self::strtolower($group['account_lid']);
// we need to record and return the id's to update members, AFTER users are created/updated
// only for incremental run, initial run set's memberships with the user anyway (more efficient for LDAP!)
if (!empty($modified))
if (is_a($this->accounts, Ads::class))
{
// ADS::members() calls the frontend, have to use ADS::getMembers() instead
$set_members[$sql_id] = $this->accounts->getMembers($group);
}
else
{
$set_members[$sql_id] = $this->accounts->members($group['account_id']);
}