fix(ldap): allow nested groups filter in ldap configuration (#6128)

Refs: #6127
centreon · Mar 20, 2018 · e03db3c · e03db3c
1 parent 636ffd1
commit e03db3c
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 9 deletions.
diff --git a/www/class/centreonLDAP.class.php b/www/class/centreonLDAP.class.php
@@ -475,18 +475,27 @@ public function listGroupsForUser($userdn)
      */
     public function listUserForGroup($groupdn)
     {
-        if (trim($this->groupSearchInfo['member']) == '') {
+        $this->setErrorHandler();
+        if (trim($this->userSearchInfo['filter']) == '') {
+            restore_error_handler();
+            return array();
+        }
+        $groupdn = str_replace('\\', '\\\\', $groupdn);
+        $filter = '(&' . preg_replace('/%s/', '*', $this->userSearchInfo['filter']) .
+            '(' . $this->userSearchInfo['group'] . '=' . $this->replaceFilter($groupdn) . '))';
+        $result = @ldap_search($this->ds, $this->userSearchInfo['base_search'], $filter);
+        if (false === $result) {
+            restore_error_handler();
             return array();
         }
-        $group = $this->getEntry($groupdn, $this->groupSearchInfo['member']);
+        $entries = ldap_get_entries($this->ds, $result);
+        $nbEntries = $entries["count"];
         $list = array();
-        if (!isset($group[$this->groupSearchInfo['member']])) {
-            return $list;
-        } elseif (is_array($group[$this->groupSearchInfo['member']])) {
-            return $group[$this->groupSearchInfo['member']];
-        } else {
-            return array($group[$this->groupSearchInfo['member']]);
+        for ($i = 0; $i < $nbEntries; $i++) {
+            $list[] = $entries[$i]['dn'];
         }
+        restore_error_handler();
+        return $list;
     }
 
     /**

diff --git a/www/include/configuration/configObject/contact/DB-Func.php b/www/include/configuration/configObject/contact/DB-Func.php
@@ -919,7 +919,10 @@ function insertLdapContactInDB($tmpContacts = array())
             }
             $pearDB->query(sprintf($sqlUpdate, $tmplSql));
         }
-        $listGroup = $ldap->listGroupsForUser($tmpContacts["dn"][$select_key]);
+        $listGroup = array();
+        if (false !== $ldap->connect()) {
+            $listGroup = $ldap->listGroupsForUser($tmpContacts["dn"][$select_key]);
+        }
         if (count($listGroup) > 0) {
             $query = "SELECT cg_id FROM contactgroup WHERE cg_name IN ('" . join("','", $listGroup) . "')";
             $res = $pearDB->query($query);