From 7c1af1e062c6765308a87e0cae93c2ae41e26922 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Mon, 3 Apr 2023 17:58:23 +0200 Subject: [PATCH] ldap: Fix binary UUID handling in GetUserGroups The LDAP backend for the users service didn't correctly decode binary UUIDs when looking up a user's group memberships. --- .../unreleased/fix-ldap-usergroups-binary-uuid.md | 6 ++++++ pkg/utils/ldap/identity.go | 14 +++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 changelog/unreleased/fix-ldap-usergroups-binary-uuid.md diff --git a/changelog/unreleased/fix-ldap-usergroups-binary-uuid.md b/changelog/unreleased/fix-ldap-usergroups-binary-uuid.md new file mode 100644 index 0000000000..f3ce630b46 --- /dev/null +++ b/changelog/unreleased/fix-ldap-usergroups-binary-uuid.md @@ -0,0 +1,6 @@ +Bugfix: decode binary UUID when looking up a users group memberships + +The LDAP backend for the users service didn't correctly decode binary UUIDs +when looking up a user's group memberships. + +https://github.com/cs3org/reva/pull/3767 diff --git a/pkg/utils/ldap/identity.go b/pkg/utils/ldap/identity.go index 83a66739a9..3f3c4a8a5e 100644 --- a/pkg/utils/ldap/identity.go +++ b/pkg/utils/ldap/identity.go @@ -358,7 +358,19 @@ func (i *Identity) GetLDAPUserGroups(log *zerolog.Logger, lc ldap.Client, userEn // FIXME this makes the users groups use the cn, not an immutable id // FIXME 1. use the memberof or members attribute of a user to get the groups // FIXME 2. ook up the id for each group - groups = append(groups, entry.GetEqualFoldAttributeValue(i.Group.Schema.ID)) + var groupID string + if i.Group.Schema.IDIsOctetString { + raw := entry.GetEqualFoldRawAttributeValue(i.Group.Schema.ID) + value, err := uuid.FromBytes(raw) + if err != nil { + return nil, err + } + groupID = value.String() + } else { + groupID = entry.GetEqualFoldAttributeValue(i.Group.Schema.ID) + } + + groups = append(groups, groupID) } return groups, nil }