From de54c70a9f2206056accc6536cd911d52e46ad99 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Mon, 3 Apr 2023 17:58:23 +0200 Subject: [PATCH] ldap: Fix binary UUID handling in GetUserGroups The LDAP backend for the users service didn't correctly decode binary UUIDs when looking up a user's group memberships. --- .../unreleased/fix-ldap-usergroups-binary-uuid.md | 6 ++++++ pkg/utils/ldap/identity.go | 14 +++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 changelog/unreleased/fix-ldap-usergroups-binary-uuid.md diff --git a/changelog/unreleased/fix-ldap-usergroups-binary-uuid.md b/changelog/unreleased/fix-ldap-usergroups-binary-uuid.md new file mode 100644 index 00000000000..f3ce630b46e --- /dev/null +++ b/changelog/unreleased/fix-ldap-usergroups-binary-uuid.md @@ -0,0 +1,6 @@ +Bugfix: decode binary UUID when looking up a users group memberships + +The LDAP backend for the users service didn't correctly decode binary UUIDs +when looking up a user's group memberships. + +https://github.com/cs3org/reva/pull/3767 diff --git a/pkg/utils/ldap/identity.go b/pkg/utils/ldap/identity.go index 83a66739a92..ffcba03a087 100644 --- a/pkg/utils/ldap/identity.go +++ b/pkg/utils/ldap/identity.go @@ -358,7 +358,19 @@ func (i *Identity) GetLDAPUserGroups(log *zerolog.Logger, lc ldap.Client, userEn // FIXME this makes the users groups use the cn, not an immutable id // FIXME 1. use the memberof or members attribute of a user to get the groups // FIXME 2. ook up the id for each group - groups = append(groups, entry.GetEqualFoldAttributeValue(i.Group.Schema.ID)) + var groupID string + if i.Group.Schema.IDIsOctetString { + raw := entry.GetEqualFoldRawAttributeValue(i.Group.Schema.ID) + if value, err := uuid.FromBytes(raw); err == nil { + groupID = value.String() + } else { + return nil, err + } + } else { + groupID = entry.GetEqualFoldAttributeValue(i.Group.Schema.ID) + } + + groups = append(groups, groupID) } return groups, nil }