The current implementation does not support POSIX-style groups. This can easily be fixed by adding the following code to the bottom of the ldap_members() function (in functions_ldap_groups.php).
This leaves the existing group evaluation as is, which does not make sense in a POSIX-only group scheme, but at least it shouldn't break anything:
Here's the code:
// The above code does not work with POSIX-style groups. Let's do it here.
if \(\!array\_key\_exists \('uid', $ldapResults\[0\]\)\)
return; // not a POSIX-style account
$uid = $ldapResults\[0\]\['uid'\]\[0\];
// First, retrieve the \(numeric\) primary GID
if \(array\_key\_exists \('gidNumber', $ldapResults\[0\]\)\) \{
$gid = $ldapResults\[0\]\['gidNumber'\]\[0\];
// get group name
$ldapSearch = ldap\_search\($this->ldapConn, $board\_config\['ldap\_dn'\], "\(&\(objectclass=posixGroup\)\(gidNumber=$gid\)\)", array\('cn'\) \);
$ldapResults = ldap\_get\_entries\($this->ldapConn, $ldapSearch\);
if \($ldapResults\['count'\] == 1 && array\_key\_exists \('cn', $ldapResults\[0\]\)\) \{ // is this a valid entry?
$group = $ldapResults\[0\]\['cn'\]\[0\];
// Add the current CN to the list
// and check for duplicits
if \(\!in\_array\($group ,$this->ldapMembers\)\)\{
$this->ldapMembers\[\] = $group;
\}
\}
ldap\_free\_result\($ldapSearch\);
\}
// Additional group entries:
// Find all posixGroup-Entries which have a memberUid of $uid.
$ldapSearch = ldap\_search\($this->ldapConn, $board\_config\['ldap\_dn'\], "\(&\(objectclass=posixGroup\)\(memberUid=$uid\)\)", array\('cn'\) \);
$ldapResults = ldap\_get\_entries\($this->ldapConn, $ldapSearch\);
for \($i = 0; $i < $ldapResults\['count'\]; $i++\)
\{
$group = $ldapResults\[$i\]\['cn'\]\[0\];
// Add the current CN to the list
// and check for duplicits
if \(\!in\_array\($group ,$this->ldapMembers\)\)\{
$this->ldapMembers\[\] = $group;
\}
\}
ldap\_free\_result\($ldapSearch\);
Complete diff against unmodified phpbb2-2.0.21-6 in Debian "Etch"