From afe9f024f262f12b91faba4e16dbbe5504fa6082 Mon Sep 17 00:00:00 2001
From: felixboehm <felix@webhippie.de>
Date: Mon, 4 Jul 2016 14:16:13 +0200
Subject: [PATCH 1/3] [stable8.1] check if renamed user is still valid by
 reapplying the ldap filter (#25338)

---
 apps/user_ldap/user_ldap.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index 096d3686afed..89c7368d1f5f 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -202,6 +202,11 @@ public function userExistsOnLDAP($user) {
 					return false;
 				}
 				$newDn = $this->access->getUserDnByUuid($uuid);
+				//check if renamed user is still valid by reapplying the ldap filter
+				if(!is_array($this->access->readAttribute($newDn, '', $this->access->connection->ldapUserFilter))) {
+					return false;
+				}
+
 				$this->access->getUserMapper()->setDNbyUUID($newDn, $uuid);
 				return true;
 			} catch (\Exception $e) {

From 101902abbfdcc7e2e7ba6664f54b30b129f20ebc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20Pablo=20Villaf=C3=A1=C3=B1ez?=
 <jvillafanez@solidgear.es>
Date: Mon, 18 Jul 2016 14:27:46 +0200
Subject: [PATCH 2/3] Add missing filter during cleanup

---
 apps/user_ldap/user_ldap.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index 89c7368d1f5f..499ef77e06c3 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -190,7 +190,7 @@ public function userExistsOnLDAP($user) {
 
 		$dn = $user->getDN();
 		//check if user really still exists by reading its entry
-		if(!is_array($this->access->readAttribute($dn, ''))) {
+		if(!is_array($this->access->readAttribute($dn, '', $this->access->connection->ldapUserFilter))) {
 			$lcr = $this->access->connection->getConnectionResource();
 			if(is_null($lcr)) {
 				throw new \Exception('No LDAP Connection to server ' . $this->access->connection->ldapHost);

From 81d0273cb4b69b5e8e9bababab89d96ea4ff318b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20Pablo=20Villaf=C3=A1=C3=B1ez?=
 <jvillafanez@solidgear.es>
Date: Wed, 20 Jul 2016 14:15:04 +0200
Subject: [PATCH 3/3] Fix another missing check

---
 apps/user_ldap/lib/access.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index 9fb14d205451..91ce0102642c 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -176,7 +176,7 @@ public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
 			//in case an error occurs , e.g. object does not exist
 			return false;
 		}
-		if (empty($attr)) {
+		if (empty($attr) && ($filter === 'objectclass=*' || $this->ldap->countEntries($cr, $rr) === 1)) {
 			\OCP\Util::writeLog('user_ldap', 'readAttribute: '.$dn.' found', \OCP\Util::DEBUG);
 			return array();
 		}