From 17e8f01d248ddae45910de8c3015b03588e7675a Mon Sep 17 00:00:00 2001
From: "Alexander A. Klimov" <alexander.klimov@netways.de>
Date: Fri, 18 Sep 2015 15:34:12 +0200
Subject: [PATCH] Use the DN to fetch group memberships from LDAP

fixes #9901
---
 .../Authentication/User/LdapUserBackend.php   |  7 +++++-
 .../UserGroup/LdapUserGroupBackend.php        | 24 ++++++++++---------
 2 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/library/Icinga/Authentication/User/LdapUserBackend.php b/library/Icinga/Authentication/User/LdapUserBackend.php
index a33c23691..d8ea19ca2 100644
--- a/library/Icinga/Authentication/User/LdapUserBackend.php
+++ b/library/Icinga/Authentication/User/LdapUserBackend.php
@@ -364,7 +364,12 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
                 return false;
             }
 
-            return $this->ds->testCredentials($userDn, $password);
+            $testCredentialsResult = $this->ds->testCredentials($userDn, $password);
+            if ($testCredentialsResult) {
+                $user->setAdditional('ldap_dn', $userDn);
+            }
+
+            return $testCredentialsResult;
         } catch (LdapException $e) {
             throw new AuthenticationException(
                 'Failed to authenticate user "%s" against backend "%s". An exception was thrown:',
diff --git a/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php b/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
index 25fc27fb9..035005937 100644
--- a/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
+++ b/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
@@ -532,18 +532,20 @@ class LdapUserGroupBackend /*extends LdapRepository*/ implements UserGroupBacken
      */
     public function getMemberships(User $user)
     {
-        $userQuery = $this->ds
-            ->select()
-            ->from($this->userClass)
-            ->where($this->userNameAttribute, $user->getUsername())
-            ->setBase($this->userBaseDn)
-            ->setUsePagedResults(false);
-        if ($this->userFilter) {
-            $userQuery->where(new Expression($this->userFilter));
-        }
+        if (($userDn = $user->getAdditional('ldap_dn')) === null) {
+            $userQuery = $this->ds
+                ->select()
+                ->from($this->userClass)
+                ->where($this->userNameAttribute, $user->getUsername())
+                ->setBase($this->userBaseDn)
+                ->setUsePagedResults(false);
+            if ($this->userFilter) {
+                $userQuery->where(new Expression($this->userFilter));
+            }
 
-        if (($userDn = $userQuery->fetchDn()) === null) {
-            return array();
+            if (($userDn = $userQuery->fetchDn()) === null) {
+                return array();
+            }
         }
 
         $groupQuery = $this->ds