Merge branch 'bugfix/ldap-group-to-roles-assignment-not-working-9950'

fixes #9950
Icinga · Sep 22, 2015 · 30fa554 · 30fa554
2 parents 8bfc7b8 + 42fb1a1
commit 30fa554
Showing 1 changed file with 22 additions and 13 deletions.
diff --git a/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php b/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
@@ -12,6 +12,7 @@
 use Icinga\Repository\LdapRepository;
 use Icinga\Repository\RepositoryQuery;
 use Icinga\User;
+use Icinga\Application\Logger;
 
 class LdapUserGroupBackend /*extends LdapRepository*/ implements UserGroupBackendInterface
 {
@@ -532,19 +533,25 @@ public function requireTable($table, RepositoryQuery $query = null)
      */
     public function getMemberships(User $user)
     {
-        if (($userDn = $user->getAdditional('ldap_dn')) === null) {
-            $userQuery = $this->ds
-                ->select()
-                ->from($this->userClass)
-                ->where($this->userNameAttribute, $user->getUsername())
-                ->setBase($this->userBaseDn)
-                ->setUsePagedResults(false);
-            if ($this->userFilter) {
-                $userQuery->where(new Expression($this->userFilter));
-            }
-
-            if (($userDn = $userQuery->fetchDn()) === null) {
-                return array();
+        if ($this->groupClass === 'posixGroup') {
+            # Posix group only uses simple user name
+            $userDn = $user->getUsername();
+        } else {
+            # LDAP groups use the complete DN
+            if (($userDn = $user->getAdditional('ldap_dn')) === null) {
+                $userQuery = $this->ds
+                    ->select()
+                    ->from($this->userClass)
+                    ->where($this->userNameAttribute, $user->getUsername())
+                    ->setBase($this->userBaseDn)
+                    ->setUsePagedResults(false);
+                if ($this->userFilter) {
+                    $userQuery->where(new Expression($this->userFilter));
+                }
+
+                if (($userDn = $userQuery->fetchDn()) === null) {
+                    return array();
+                }
             }
         }
 
@@ -557,10 +564,12 @@ public function getMemberships(User $user)
             $groupQuery->where(new Expression($this->groupFilter));
         }
 
+        Logger::debug('Fetching groups for user %s using filter %s.', $user->getUsername(), $groupQuery->__toString());
         $groups = array();
         foreach ($groupQuery as $row) {
             $groups[] = $row->{$this->groupNameAttribute};
         }
+        Logger::debug('Fetched %d groups: %s.', count($groups), join(', ', $groups));
 
         return $groups;
     }