From e7cf9ddae4ee69f7bdb6f657eb50a94e3f0a02e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come@opensides.be>
Date: Thu, 8 Jun 2017 11:30:24 +0200
Subject: [PATCH] Fixes #5395 Improved templates search to avoid mixing ogroup
 and posixGroup templates

---
 include/class_objects.inc | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/include/class_objects.inc b/include/class_objects.inc
index 9acf7d626..fe2483c73 100644
--- a/include/class_objects.inc
+++ b/include/class_objects.inc
@@ -125,7 +125,7 @@ class objects
     return $ldap->count();
   }
 
-  private static function search ($types, $search_attrs, $ou = NULL, $filter = '', $scope = 'subtree')
+  private static function search ($types, $search_attrs, $ou = NULL, $filter = '', $scope = 'subtree', $templateSearch = FALSE)
   {
     global $config;
 
@@ -162,6 +162,16 @@ class objects
       }
       $filter = '(&'.$filter.'(|'.implode($typeFilters).'))';
     }
+    if ($templateSearch) {
+      $templateFilterObject = new ldapFilter(
+        '&',
+        array(
+          new ldapFilterLeaf('objectClass', '=', 'fdTemplate'),
+          fdTemplateFilter(ldapFilter::parse($filter)),
+        )
+      );
+      $filter = "$templateFilterObject";
+    }
     $ldap->cd($ou);
     $ldap->search($filter, $search_attrs, $scope);
     if (!$ldap->success()) {
@@ -276,7 +286,7 @@ class objects
 
   /* !\brief  This method returns a list of all available templates for the given type
    */
-  static function getTemplates ($type, $requiredPermissions = 'r')
+  static function getTemplates ($type, $requiredPermissions = 'r', $filter = '')
   {
     global $config, $ui;
 
@@ -286,9 +296,11 @@ class objects
     $ldap = $config->get_ldap_link();
     foreach ($config->departments as $key => $value) {
       // Search all templates from the current dn.
-      $ldap->cd($infos['ou'].$value);
-      // We could also adapt object filter to match templates
-      $ldap->search('(objectClass=fdTemplate)', array('cn'));
+      try {
+        $ldap = static::search($type, array('cn'), $infos['ou'].$value, $filter, 'subtree', TRUE);
+      } catch (NonExistingBranchException $e) {
+        continue;
+      }
       if ($ldap->count() != 0) {
         while ($attrs = $ldap->fetch()) {
           $dn = $attrs['dn'];
-- 
GitLab