From c54e48615bfcc33950fe40401c88d68f8dd90a78 Mon Sep 17 00:00:00 2001
From: Kevin Duret <duret.kevin@gmail.com>
Date: Thu, 15 Mar 2018 15:35:21 +0100
Subject: [PATCH] fix(ldap): allow nested groups filter in ldap configuration
 (#6128)

Refs: #6127
---
 www/class/centreonLDAP.class.php              | 25 +++++++++++++------
 .../configObject/contact/DB-Func.php          |  5 +++-
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/www/class/centreonLDAP.class.php b/www/class/centreonLDAP.class.php
index 693e25c55f..8b9924dd29 100644
--- a/www/class/centreonLDAP.class.php
+++ b/www/class/centreonLDAP.class.php
@@ -475,18 +475,27 @@ class CentreonLDAP
      */
     public function listUserForGroup($groupdn)
     {
-        if (trim($this->groupSearchInfo['member']) == '') {
+        $this->setErrorHandler();
+        if (trim($this->userSearchInfo['filter']) == '') {
+            restore_error_handler();
+            return array();
+        }
+        $groupdn = str_replace('\\', '\\\\', $groupdn);
+        $filter = '(&' . preg_replace('/%s/', '*', $this->userSearchInfo['filter']) .
+            '(' . $this->userSearchInfo['group'] . '=' . $this->replaceFilter($groupdn) . '))';
+        $result = @ldap_search($this->ds, $this->userSearchInfo['base_search'], $filter);
+        if (false === $result) {
+            restore_error_handler();
             return array();
         }
-        $group = $this->getEntry($groupdn, $this->groupSearchInfo['member']);
+        $entries = ldap_get_entries($this->ds, $result);
+        $nbEntries = $entries["count"];
         $list = array();
-        if (!isset($group[$this->groupSearchInfo['member']])) {
-            return $list;
-        } elseif (is_array($group[$this->groupSearchInfo['member']])) {
-            return $group[$this->groupSearchInfo['member']];
-        } else {
-            return array($group[$this->groupSearchInfo['member']]);
+        for ($i = 0; $i < $nbEntries; $i++) {
+            $list[] = $entries[$i]['dn'];
         }
+        restore_error_handler();
+        return $list;
     }
 
     /**
diff --git a/www/include/configuration/configObject/contact/DB-Func.php b/www/include/configuration/configObject/contact/DB-Func.php
index a9f359b77f..9d059544b3 100644
--- a/www/include/configuration/configObject/contact/DB-Func.php
+++ b/www/include/configuration/configObject/contact/DB-Func.php
@@ -919,7 +919,10 @@ function insertLdapContactInDB($tmpContacts = array())
             }
             $pearDB->query(sprintf($sqlUpdate, $tmplSql));
         }
-        $listGroup = $ldap->listGroupsForUser($tmpContacts["dn"][$select_key]);
+        $listGroup = array();
+        if (false !== $ldap->connect()) {
+            $listGroup = $ldap->listGroupsForUser($tmpContacts["dn"][$select_key]);
+        }
         if (count($listGroup) > 0) {
             $query = "SELECT cg_id FROM contactgroup WHERE cg_name IN ('" . join("','", $listGroup) . "')";
             $res = $pearDB->query($query);
-- 
GitLab