diff --git a/framework/Group/lib/Horde/Group/Ldap.php b/framework/Group/lib/Horde/Group/Ldap.php
index 63d51ec..a605af8 100644
--- a/framework/Group/lib/Horde/Group/Ldap.php
+++ b/framework/Group/lib/Horde/Group/Ldap.php
@@ -341,15 +341,47 @@ class Horde_Group_Ldap extends Horde_Group_Base
*/
public function listUsers($gid)
{
+ if ($this->_params['posix']) {
+ $attr = $this->_params['posixgidnumber'];
+ $gidNumber = $this->_ldap->getEntry($gid, array($attr));
+ $gidNumber = $gidNumber->getValue($attr, 'all');
+ try {
+ $filter = Horde_Ldap_Filter::create($attr, 'equals',
+ $gidNumber[0]);
+ $filter = Horde_Ldap_Filter::combine('and', array($this->_params['posixfilter'], $filter));
+ $posixbasedn = $GLOBALS['conf']['auth']['params']['basedn'];
+ $posixuid = $GLOBALS['conf']['auth']['params']['uid'];
+ $search = $this->_ldap->search($posixbasedn, $filter,
+ $posixuid);
+ } catch (Horde_Ldap_Exception $e) {
+ throw new Horde_Group_Exception($e);
+ }
+ $entries = array();
+ foreach ($search->sortedAsArray(array($posixuid)) as $entry) {
+ $entries[] = $entry[$posixuid][0];
+ }
+ }
+
$attr = $this->_params['memberuid'];
try {
$entry = $this->_ldap->getEntry($gid, array($attr));
if (!$entry->exists($attr)) {
- return array();
+ if ($this->_params['posix']) {
+ return $entries;
+ } else {
+ return array();
+ }
}
if (empty($this->_params['attrisdn'])) {
- return $entry->getValue($attr, 'all');
+ if ($this->_params['posix']) {
+ $result = array_merge($entry->getValue($attr, 'all'),
+ $entries);
+ sort($result);
+ return $result;
+ } else {
+ return $entry->getValue($attr, 'all');
+ }
}
$users = array();
@@ -398,7 +430,44 @@ class Horde_Group_Ldap extends Horde_Group_Base
foreach ($search->sortedAsArray(array($attr)) as $entry) {
$entries[$entry['dn']] = $entry[$attr][0];
}
- return $entries;
+ if ($this->_params['posix']) {
+ try {
+ $attr = $this->_params['posixgidnumber'];
+ $posixbasedn = $GLOBALS['conf']['auth']['params']['basedn'];
+ $posixuid = $GLOBALS['conf']['auth']['params']['uid'];
+ $filter = Horde_Ldap_Filter::create($posixuid, 'equals', $user);
+ $filter = Horde_Ldap_Filter::combine('and', array($this->_params['posixfilter'], $filter));
+ $search = $this->_ldap->search($posixbasedn, $filter, $attr);
+ } catch (Horde_Ldap_Exception $e) {
+ throw new Horde_Group_Exception($e);
+ }
+ $gidNumber = array();
+ foreach ($search->sortedAsArray(array($attr)) as $entry) {
+ $gidNumber[] = $entry[$attr][0];
+ }
+ try {
+ $attr = $this->_params['gid'];
+ $posixgidnumber = $this->_params['posixgidnumber'];
+ $posixbasedn = $GLOBALS['conf']['auth']['params']['basedn'];
+ $posixuid = $GLOBALS['conf']['auth']['params']['uid'];
+ $filter = Horde_Ldap_Filter::create($posixgidnumber, 'equals',
+ $gidNumber[0]);
+ $filter = Horde_Ldap_Filter::combine('and', array($this->_filter, $filter));
+ $search = $this->_ldap->search($this->_params['basedn'],
+ $filter, $attr);
+ } catch (Horde_Ldap_Exception $e) {
+ throw new Horde_Group_Exception($e);
+ }
+ $results = array();
+ foreach ($search->sortedAsArray(array($attr)) as $entry) {
+ $results[$entry['dn']] = $entry[$attr][0];
+ }
+ $results = array_merge($entries, $results);
+ asort($results);
+ return $results;
+ } else {
+ return $entries;
+ }
}
/**
diff --git a/horde/config/conf.xml b/horde/config/conf.xml
index f9b6b86..46ba8e7 100644
--- a/horde/config/conf.xml
+++ b/horde/config/conf.xml
@@ -940,6 +940,17 @@
</case>
</configswitch>
</configsection>
+ <configswitch name="posix" required="false"
+ desc="Use the POSIX primary group attribute returned from LDAP
+ to determine group membership">false
+ <case name="false" desc="No" />
+ <case name="true" desc="Yes">
+ <configstring name="posixgidnumber" desc="The group ID number search key">gidNumber</configstring>
+ <configstring name="posixfilter" desc="The LDAP RFC formatted filter used
+ to search for users.">(objectclass=posixAccount)
+ </configstring>
+ </case>
+ </configswitch>
</configldap>
</configsection>
</case>