From 238b45ae328bc6da8474c7e3ca09e880ed8f52f6 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhaferkamp@owncloud.com>
Date: Tue, 15 Mar 2022 15:13:59 +0100
Subject: [PATCH] Allow to switch Group Schema for LDAP Groups

This allows to switch between different types of LDAP Groups. The
default behaviour (REVA_LDAP_GROUP_SCHEMA="rfc2307") is to use the
"posixGroup" objectclass with "memberUID" attribute. Any other value for
REVA_LDAP_GROUP_SCHEMA will switch the behaviour to objectclass
"groupOfNames" and the "member" Attribute.
---
 tests/TestHelpers/OcisHelper.php              |  7 +++
 .../features/bootstrap/FeatureContext.php     |  4 ++
 .../features/bootstrap/Provisioning.php       | 44 ++++++++++++++++---
 3 files changed, 49 insertions(+), 6 deletions(-)

diff --git a/tests/TestHelpers/OcisHelper.php b/tests/TestHelpers/OcisHelper.php
index 1831c439921b..d4b3ce0d7bf3 100644
--- a/tests/TestHelpers/OcisHelper.php
+++ b/tests/TestHelpers/OcisHelper.php
@@ -264,6 +264,13 @@ public static function getUsersOU():string {
 		return $ou ? $ou : "TestUsers";
 	}
 
+	/**
+	 * @return string
+	 */
+	public static function getGroupSchema():string {
+		$schema = \getenv("REVA_LDAP_GROUP_SCHEMA");
+		return $schema ? $schema : "rfc2307";
+	}
 	/**
 	 * @return string
 	 */
diff --git a/tests/acceptance/features/bootstrap/FeatureContext.php b/tests/acceptance/features/bootstrap/FeatureContext.php
index 345269cb9215..29717e870f86 100644
--- a/tests/acceptance/features/bootstrap/FeatureContext.php
+++ b/tests/acceptance/features/bootstrap/FeatureContext.php
@@ -449,6 +449,10 @@ public function pushToLastStatusCodesArrays():void {
 	 * @var string
 	 */
 	private $ldapGroupsOU;
+	/**
+	 * @var string
+	 */
+	private $ldapGroupSchema;
 	/**
 	 * @var bool
 	 */
diff --git a/tests/acceptance/features/bootstrap/Provisioning.php b/tests/acceptance/features/bootstrap/Provisioning.php
index ac112ec1154e..3bfa8a162fdf 100644
--- a/tests/acceptance/features/bootstrap/Provisioning.php
+++ b/tests/acceptance/features/bootstrap/Provisioning.php
@@ -536,6 +536,7 @@ public function connectToLdap(array $suiteParameters):void {
 			$this->ldapBaseDN = OcisHelper::getBaseDN();
 			$this->ldapUsersOU = OcisHelper::getGroupsOU();
 			$this->ldapGroupsOU = OcisHelper::getUsersOU();
+			$this->ldapGroupSchema = OcisHelper::getGroupSchema();
 			$this->ldapHost = OcisHelper::getHostname();
 			$this->ldapPort = OcisHelper::getLdapPort();
 			$useSsl = OcisHelper::useSsl();
@@ -572,6 +573,7 @@ public function connectToLdap(array $suiteParameters):void {
 			$this->ldapHost = (string)$ldapConfig['ldapHost'];
 			$this->ldapPort = (int)$ldapConfig['ldapPort'];
 			$this->ldapAdminUser = (string)$ldapConfig['ldapAgentName'];
+			$this->ldapGroupSchema = "rfc2307";
 			$this->ldapUsersOU = (string)$suiteParameters['ldapUsersOU'];
 			$this->ldapGroupsOU = (string)$suiteParameters['ldapGroupsOU'];
 		}
@@ -767,9 +769,19 @@ public function createLdapGroup(string $group):void {
 		$newDN = 'cn=' . $group . ',ou=' . $this->ldapGroupsOU . ',' . $baseDN;
 		$entry = [];
 		$entry['cn'] = $group;
-		$entry['objectclass'][] = 'posixGroup';
 		$entry['objectclass'][] = 'top';
-		$entry['gidNumber'] = 5000;
+
+		if ($this->ldapGroupSchema == "rfc2307") {
+			$entry['objectclass'][] = 'posixGroup';
+			$entry['gidNumber'] = 5000;
+		} else {
+			$entry['objectclass'][] = 'groupOfNames';
+			$entry['member'] = "";
+		}
+		if (OcisHelper::isTestingOnOcis()) {
+			$entry['objectclass'][] = 'ownCloud';
+			$entry['ownCloudUUID'] = $this->generateUUIDv4();
+		}
 		$this->ldap->add($newDN, $entry);
 		\array_push($this->ldapCreatedGroups, $group);
 		// For syncing the ldap groups
@@ -3847,10 +3859,20 @@ public function addUserToLdapGroup(string $user, string $group, ?string $ou = nu
 		if ($ou === null) {
 			$ou = $this->getLdapGroupsOU();
 		}
+		$memberAttr = "";
+		$memberValue = "";
+		if ($this->ldapGroupSchema == "rfc2307") {
+			$memberAttr = "memberUID";
+			$memberValue = "$user";
+		} else {
+			$memberAttr = "member";
+			$userbase = "ou=" . $this->getLdapUsersOU() . "," . $this->ldapBaseDN;
+			$memberValue = "uid=$user" . "," . "$userbase";
+		}
 		$this->setTheLdapAttributeOfTheEntryTo(
-			"memberUid",
+			$memberAttr,
 			"cn=$group,ou=$ou",
-			$user,
+			$memberValue,
 			true
 		);
 	}
@@ -3881,9 +3903,19 @@ public function removeUserFromLdapGroup(string $user, string $group, ?string $ou
 		if ($ou === null) {
 			$ou = $this->getLdapGroupsOU();
 		}
+		$memberAttr = "";
+		$memberValue = "";
+		if ($this->ldapGroupSchema == "rfc2307") {
+			$memberAttr = "memberUID";
+			$memberValue = "$user";
+		} else {
+			$memberAttr = "member";
+			$userbase = "ou=" . $this->getLdapUsersOU() . "," . $this->ldapBaseDN;
+			$memberValue = "uid=$user" . "," . "$userbase";
+		}
 		$this->deleteValueFromLdapAttribute(
-			$user,
-			"memberUid",
+			$memberValue,
+			$memberAttr,
 			"cn=$group,ou=$ou"
 		);
 		$this->theLdapUsersHaveBeenReSynced();