From 316ed2d0a8287f7f9c02e628aff4c674609b3ccd Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Sat, 18 Aug 2018 10:32:39 +0200 Subject: [PATCH] check Unix membership before LDAP add --- lam/lib/modules/posixAccount.inc | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc index 48cd6801..8dd6af78 100644 --- a/lam/lib/modules/posixAccount.inc +++ b/lam/lib/modules/posixAccount.inc @@ -2848,15 +2848,25 @@ class posixAccount extends baseModule implements passwordService { // add users to groups elseif ($temp['counter'] < sizeof($temp['groups'])) { if (isset($temp['dn'][$temp['groups'][$temp['counter']]])) { - $success = @ldap_mod_add($_SESSION['ldap']->server(), $temp['dn'][$temp['groups'][$temp['counter']]], array('memberUID' => $temp['members'][$temp['groups'][$temp['counter']]])); - $errors = array(); - if (!$success) { - $errors[] = array( - "ERROR", - _("LAM was unable to modify group memberships for group: %s"), - getDefaultLDAPErrorString($_SESSION['ldap']->server()), - array($temp['groups'][$temp['counter']]) - ); + $memberUid = $temp['members'][$temp['groups'][$temp['counter']]]; + $dnToUpdate = $temp['dn'][$temp['groups'][$temp['counter']]]; + $groupAttrs = ldapGetDN($dnToUpdate, array('memberUID')); + if (!empty($groupAttrs['memberuid'])) { + // skip members that are already set + $memberUid = array_delete($groupAttrs['memberuid'], $memberUid); + } + if (!empty($memberUid)) { + $toAdd = array('memberUID' => $memberUid); + $success = @ldap_mod_add($_SESSION['ldap']->server(), $dnToUpdate, $toAdd); + $errors = array(); + if (!$success) { + $errors[] = array( + "ERROR", + _("LAM was unable to modify group memberships for group: %s"), + getDefaultLDAPErrorString($_SESSION['ldap']->server()), + array($temp['groups'][$temp['counter']]) + ); + } } $temp['counter']++; return array (