From 6a5e12af04f21a3d08d436f2455a6ddfb1de97e7 Mon Sep 17 00:00:00 2001 From: Johannes Meyer Date: Mon, 16 Nov 2020 16:14:47 +0100 Subject: [PATCH 1/2] LdapUserGroupBackend: Properly handle multi-valued names --- .../Authentication/UserGroup/LdapUserGroupBackend.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php b/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php index 14a9dea67..925062aec 100644 --- a/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php +++ b/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php @@ -654,6 +654,7 @@ class LdapUserGroupBackend extends LdapRepository implements Inspectable, UserGr return $this->ds ->select() ->from('*', array($this->userNameAttribute)) + ->setUnfoldAttribute($this->userNameAttribute) ->setBase($dn) ->fetchOne(); } @@ -694,8 +695,8 @@ class LdapUserGroupBackend extends LdapRepository implements Inspectable, UserGr public function requireQueryColumn($table, $name, RepositoryQuery $query = null) { $column = parent::requireQueryColumn($table, $name, $query); - if ($name === 'user_name' && $query !== null) { - $query->getQuery()->setUnfoldAttribute('user_name'); + if (($name === 'user_name' || $name === 'group_name') && $query !== null) { + $query->getQuery()->setUnfoldAttribute($name); } return $column; @@ -749,6 +750,7 @@ class LdapUserGroupBackend extends LdapRepository implements Inspectable, UserGr $groupQuery = $this->ds ->select() ->from($this->groupClass, array($this->groupNameAttribute)) + ->setUnfoldAttribute($this->groupNameAttribute) ->where($groupMemberAttribute, $queryValue) ->setBase($this->groupBaseDn); if ($this->groupFilter) { From d6722c77727d82405d3a8d00507478a36dc3ced9 Mon Sep 17 00:00:00 2001 From: Johannes Meyer Date: Mon, 16 Nov 2020 16:25:30 +0100 Subject: [PATCH 2/2] LdapQuery: Compare multi-valued attributes as rfc2891 suggests --- library/Icinga/Protocol/Ldap/LdapQuery.php | 35 ++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/library/Icinga/Protocol/Ldap/LdapQuery.php b/library/Icinga/Protocol/Ldap/LdapQuery.php index dc413bc97..42a236fbd 100644 --- a/library/Icinga/Protocol/Ldap/LdapQuery.php +++ b/library/Icinga/Protocol/Ldap/LdapQuery.php @@ -215,6 +215,41 @@ class LdapQuery extends SimpleQuery } } + public function compare($a, $b, $orderIndex = 0) + { + if (array_key_exists($orderIndex, $this->order)) { + $column = $this->order[$orderIndex][0]; + $direction = $this->order[$orderIndex][1]; + + $flippedColumns = $this->flippedColumns ?: array_flip($this->columns); + if (array_key_exists($column, $flippedColumns) && is_string($flippedColumns[$column])) { + $column = $flippedColumns[$column]; + } + + if (is_array($a->$column)) { + // rfc2891 states: If a sort key is a multi-valued attribute, and an entry happens to + // have multiple values for that attribute and no other controls are + // present that affect the sorting order, then the server SHOULD use the + // least value (according to the ORDERING rule for that attribute). + $a = clone $a; + $a->$column = array_reduce($a->$column, function ($carry, $item) use ($direction) { + $result = $carry === null ? 0 : strcmp($item, $carry); + return ($direction === self::SORT_ASC ? $result : $result * -1) < 1 ? $item : $carry; + }); + } + + if (is_array($b->$column)) { + $b = clone $b; + $b->$column = array_reduce($b->$column, function ($carry, $item) use ($direction) { + $result = $carry === null ? 0 : strcmp($item, $carry); + return ($direction === self::SORT_ASC ? $result : $result * -1) < 1 ? $item : $carry; + }); + } + } + + return parent::compare($a, $b, $orderIndex); + } + /** * Fetch result as tree *