diff --git a/Classes/Library/Ldap.php b/Classes/Library/Ldap.php index 3ed5cca5..8740bcc2 100755 --- a/Classes/Library/Ldap.php +++ b/Classes/Library/Ldap.php @@ -189,6 +189,7 @@ public function validateUser( * @param bool $firstEntry * @param int $limit * @param bool $continueLastSearch + * @param bool $usePagination * @return array */ public function search( @@ -197,7 +198,8 @@ public function search( array $attributes = [], bool $firstEntry = false, int $limit = 0, - bool $continueLastSearch = false + bool $continueLastSearch = false, + bool $usePagination = true ): array { $result = []; @@ -212,7 +214,8 @@ public function search( $firstEntry ? 1 : $limit, $timeLimit, $dereferenceAliases, - $continueLastSearch + $continueLastSearch, + $usePagination )) { if ($firstEntry) { $result = $this->ldapUtility->getFirstEntry(); diff --git a/Classes/Library/LdapGroup.php b/Classes/Library/LdapGroup.php index 4892c0bb..277a1491 100755 --- a/Classes/Library/LdapGroup.php +++ b/Classes/Library/LdapGroup.php @@ -60,7 +60,7 @@ public static function selectFromMembership( continue; } if ($extendedCheck) { - $ldapGroup = $ldapInstance->search($groupDn, $filter, $attributes); + $ldapGroup = $ldapInstance->search($groupDn, $filter, $attributes, false, 0, false, false); } else { $parts = explode(',', $groupDn); list($firstAttribute, $value) = explode('=', $parts[0]); @@ -115,7 +115,8 @@ public static function selectFromUser( $filter = str_replace('{USERDN}', $ldapInstance->escapeDnForFilter($userDn), $filter); $filter = str_replace('{USERUID}', $ldapInstance->escapeDnForFilter($userUid), $filter); - $groups = $ldapInstance->search($baseDn, $filter, $attributes); + // Known limitation: we support up to 500 (\Causal\IgLdapSsoAuth\Utility\LdapUtility::MAX_ENTRIES) groups per user + $groups = $ldapInstance->search($baseDn, $filter, $attributes, false, 0, false, false); return $groups; } diff --git a/Classes/Utility/LdapUtility.php b/Classes/Utility/LdapUtility.php index b7cddd85..2df36c14 100644 --- a/Classes/Utility/LdapUtility.php +++ b/Classes/Utility/LdapUtility.php @@ -337,7 +337,8 @@ public function search( int $sizeLimit = 0, int $timeLimit = 0, int $dereferenceAliases = LDAP_DEREF_NEVER, - bool $continueLastSearch = false + bool $continueLastSearch = false, + bool $usePagination = true ): bool { if (!$baseDn) { @@ -350,18 +351,22 @@ public function search( } if ($this->connection) { - if (!$continueLastSearch) { - // Reset the pagination cookie - $this->paginationCookie = null; - } + $controls = null; + if ($usePagination) { + if (!$continueLastSearch) { + // Reset the pagination cookie + $this->paginationCookie = null; + } + + $ldapControls = ldap_read($this->connection, '', '(objectClass=*)', ['supportedControl']); + $ldapEntries = ldap_get_entries($this->connection, $ldapControls); + if (isset($ldapEntries[0]['supportedcontrol']) && in_array(LDAP_CONTROL_PAGEDRESULTS, $ldapEntries[0]['supportedcontrol'])) { + $this->hasPagination = true; + } - $ldapControls = ldap_read($this->connection, '', '(objectClass=*)', ['supportedControl']); - $ldapEntries = ldap_get_entries($this->connection, $ldapControls); - if (isset($ldapEntries[0]['supportedcontrol']) && in_array(LDAP_CONTROL_PAGEDRESULTS, $ldapEntries[0]['supportedcontrol'])) { - $this->hasPagination = true; + $controls = [['oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => ['size' => static::MAX_ENTRIES, 'cookie' => $this->paginationCookie]]]; } - $controls = [['oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => ['size' => static::MAX_ENTRIES, 'cookie' => $this->paginationCookie]]]; $this->searchResult = @ldap_search( $this->connection, $baseDn,