From 458b3c454fc7727ab392760a522acc0a9f611158 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Sat, 18 Aug 2018 10:48:44 +0200
Subject: [PATCH] check group of names before adding members

---
 lam/lib/modules/posixAccount.inc | 33 ++++++++++++++++++++++----------
 1 file changed, 23 insertions(+), 10 deletions(-)

diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc
index 8dd6af78..6af27bfa 100644
--- a/lam/lib/modules/posixAccount.inc
+++ b/lam/lib/modules/posixAccount.inc
@@ -2925,16 +2925,29 @@ class posixAccount extends baseModule implements passwordService {
 		// add users to group of names
 		elseif ($temp['counter'] < (sizeof($temp['groups']) + sizeof($temp['createHomes']) + sizeof($temp['dn_gon']))) {
 			$gonDn = $temp['dn_gon_keys'][$temp['counter'] - sizeof($temp['groups']) - sizeof($temp['createHomes'])];
-			$gonAttr = $temp['dn_gon'][$gonDn];
-			$success = @ldap_mod_add($_SESSION['ldap']->server(), $gonDn, $gonAttr);
-			$errors = array();
-			if (!$success) {
-				$errors[] = array(
-					"ERROR",
-					_("LAM was unable to modify group memberships for group: %s"),
-					getDefaultLDAPErrorString($_SESSION['ldap']->server()),
-					array($temp['groups'][$temp['counter']])
-				);
+			$gonAttrToAdd = $temp['dn_gon'][$gonDn];
+			$gonAttrNames = array_keys($gonAttrToAdd);
+			$gonAttrs = ldapGetDN($gonDn, $gonAttrNames);
+			foreach ($gonAttrNames as $gonAttrName) {
+				$gonAttrNameLower = strtolower($gonAttrName);
+				if (!empty($gonAttrs[$gonAttrNameLower])) {
+					$gonAttrToAdd[$gonAttrName] = array_delete($gonAttrs[$gonAttrNameLower], $gonAttrToAdd[$gonAttrName]);
+				}
+				if (empty($gonAttrToAdd[$gonAttrName])) {
+					unset($gonAttrToAdd[$gonAttrName]);
+				}
+			}
+			if (!empty($gonAttrToAdd)) {
+				$success = @ldap_mod_add($_SESSION['ldap']->server(), $gonDn, $gonAttrToAdd);
+				$errors = array();
+				if (!$success) {
+					$errors[] = array(
+						"ERROR",
+						_("LAM was unable to modify group memberships for group: %s"),
+						getDefaultLDAPErrorString($_SESSION['ldap']->server()),
+						array($temp['groups'][$temp['counter']])
+					);
+				}
 			}
 			$temp['counter']++;
 			return array (