The current implementation does not support POSIX-style groups. This can easily be fixed by adding the following code to the bottom of the ldap_members() function (in functions_ldap_groups.php).
This leaves the existing group evaluation as is, which does not make sense in a POSIX-only group scheme, but at least it shouldn't break anything:
Here's the code:
// The above code does not work with POSIX-style groups. Let's do it here. if \(\!array\_key\_exists \('uid', $ldapResults\[0\]\)\) return; // not a POSIX-style account $uid = $ldapResults\[0\]\['uid'\]\[0\]; // First, retrieve the \(numeric\) primary GID if \(array\_key\_exists \('gidNumber', $ldapResults\[0\]\)\) \{ $gid = $ldapResults\[0\]\['gidNumber'\]\[0\]; // get group name $ldapSearch = ldap\_search\($this->ldapConn, $board\_config\['ldap\_dn'\], "\(&\(objectclass=posixGroup\)\(gidNumber=$gid\)\)", array\('cn'\) \); $ldapResults = ldap\_get\_entries\($this->ldapConn, $ldapSearch\); if \($ldapResults\['count'\] == 1 && array\_key\_exists \('cn', $ldapResults\[0\]\)\) \{ // is this a valid entry? $group = $ldapResults\[0\]\['cn'\]\[0\]; // Add the current CN to the list // and check for duplicits if \(\!in\_array\($group ,$this->ldapMembers\)\)\{ $this->ldapMembers\[\] = $group; \} \} ldap\_free\_result\($ldapSearch\); \} // Additional group entries: // Find all posixGroup-Entries which have a memberUid of $uid. $ldapSearch = ldap\_search\($this->ldapConn, $board\_config\['ldap\_dn'\], "\(&\(objectclass=posixGroup\)\(memberUid=$uid\)\)", array\('cn'\) \); $ldapResults = ldap\_get\_entries\($this->ldapConn, $ldapSearch\); for \($i = 0; $i < $ldapResults\['count'\]; $i++\) \{ $group = $ldapResults\[$i\]\['cn'\]\[0\]; // Add the current CN to the list // and check for duplicits if \(\!in\_array\($group ,$this->ldapMembers\)\)\{ $this->ldapMembers\[\] = $group; \} \} ldap\_free\_result\($ldapSearch\);
Complete diff against unmodified phpbb2-2.0.21-6 in Debian "Etch"