Arthur Schiwon
5dd2207c95
fix nested group retrieval also for 2 other cases
...
and also consolidate logic in one method
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-03-05 11:07:40 +01:00
Roland Tapken
e7c506cff1
Reduce queries to LDAP by caching nested groups
...
Nested groups are now cached in a CappedMemoryCache object to reduce
queries to the LDAP backend.
Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:40 +01:00
Roland Tapken
afb182650e
user_ldap: really resolve nested groups
...
The previous patch fixed the problem only for one level of indirection
because groupsMatchFilter() had been applied on each recursive call (and
thus there would be no second level if the first level fails the check).
This new implementation replaces the recursive call with a stack that
iterates all nested groups before filtering with groupsMatchFilter().
Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:40 +01:00
Roland Tapken
c2d8a36d9a
user_ldap: Filter groups after nexted groups
...
Currently groupsMatchFilter is called before nested groups are resolved.
This basicly breaks this feature since it is not possible to inherit
membership in a group from another group.
Minimal example:
Group filter: (&(objectClass=group),(cn=nextcloud))
Nested groups: enabled
cn=nextcloud,ou=Nextcloud,ou=groups,dn=company,dn=local
objectClass: group
cn=IT,ou=groups,dn=company,dn=local
objectClass: group
memberOf: cn=nextcloud,ou=Nextcloud,ou=groups,dn=company,dn=local
cn=John Doe,ou=users,dn=company,dn=local
objectClass: person
memberOf: cn=IT,ou=groups,dn=company,dn=local
Since 'cn=IT,ou=groups,dn=company,dn=local' doesn't match the group
filter, John wouldn't be a member of group 'nextcloud'.
This patch fixes this by filtering the groups after all nested groups
have been collected. If nested groups is disabled the result will be the
same as without this patch.
Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:35 +01:00
Arthur Schiwon
792bcb82ae
add LDAP ConfigHandler for external storages and "$home" var
...
* handler registered upon OCA\\Files_External::loadAdditionalBackends
event as user_ldap is loaded before files_external
* new configuration field "ldapExtStorageHomeAttribute" (not in GUI yet)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-02-14 15:22:22 +01:00
Arthur Schiwon
5c10a46445
ensure attribute names are lower cased
...
otherwise they will be skipped when the results is being formatted and the
lower-cased result keys do not match.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-02-14 14:13:32 +01:00
Filis Futsarov
18ae9d267a
Comment fix.
2019-01-30 23:23:09 +01:00
Arthur Schiwon
c868892d2d
iterate over bases instead of doing parallel search
...
parallel search is not compatible with paged search, but the letter is
usually always applied.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-01-28 23:00:59 +01:00
Arthur Schiwon
85f14bc591
LDAP: extend remnants output with "detected on" field
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-12-21 17:24:28 +01:00
Arthur Schiwon
fbd4e9e651
add tests for the DUI
...
as they are interact with the DB they are more integraiton than unit tests
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-12-21 17:24:23 +01:00
Arthur Schiwon
8bacbffe28
do not forgot to store the second displayname portion
...
otherwise it causes a chain reaction of system addressbook updates
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-12-20 23:11:00 +01:00
Arthur Schiwon
feb5366a42
LDAP clear cache on config modification also when done via API or CLI
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-12-17 00:31:27 +01:00
Arthur Schiwon
c32cc4a194
cache users as existing after mapping
...
during login they might be cached as non-existing and cause an Exception
in the long run
reduces some duplication, too
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-11-27 17:07:59 +01:00
Daniel Kesselberg
6ce849f7b8
Add return type
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-11-25 12:30:54 +01:00
Daniel Kesselberg
d17b32afd7
Fix count on string
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-11-24 22:06:45 +01:00
Morris Jobke
159d75945a
Merge pull request #12292 from nextcloud/fix/2947/lapse-sizelimit-error
...
avoid logging of "Partial search results returned: Sizelimit exceeded…"
2018-11-15 10:48:57 +01:00
Joas Schilling
bb352fb667
Use the defined func()->count() instead of manual counting
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-11-08 15:44:45 +01:00
Arthur Schiwon
deec5a70a0
avoid logging of "Partial search results returned: Sizelimit exceeded at"
...
LDAP servers respond with that even if a limit was passed with the
request. Having this statement logged causes a lot of confusion.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-11-07 13:15:55 +01:00
Arthur Schiwon
0c5d9127e8
remove app specific IUserTools and consolidate test
...
Just some house keeping. IUserTools with used in even older days for
easier creation of Access instances…
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-10-30 22:44:50 +01:00
Roeland Jago Douma
8b2b238d86
Merge pull request #12054 from nextcloud/fix/5212/interact-with-userobject
...
LDAP: announce display name changes so that addressbook picks it up
2018-10-30 13:38:16 +01:00
Arthur Schiwon
49456e42f9
do not run into UniqueConstraintViolationException
...
… when an unmapped user logs in for the first time when background job
mode is ajax and no memcache was configured.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-10-30 12:12:03 +01:00
Morris Jobke
31ccf8580a
Merge pull request #12070 from nextcloud/fix/noid/announce-chosen-uid
...
announce the chosen uid (fixes wrong variable usage)
2018-10-30 10:12:04 +01:00
Arthur Schiwon
d47e1513bc
remove unneeded empty search attribute values, fixes #12086
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-10-29 13:21:02 +01:00
Arthur Schiwon
05f909dcf3
fixes wrong variable usage
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-10-26 18:03:41 +02:00
Arthur Schiwon
bbe44108b5
only write when the displayname differs, but then announce it
...
refs #5212 and fixes #9112
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-10-25 23:41:12 +02:00
Arthur Schiwon
2048872f9e
functions that were checked for are present since PHP 5.4, supported is >=/
...
* so the check from older days is really not necessary anymore
* resolves #10923
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-10-25 22:50:42 +02:00
Morris Jobke
b458ed9c82
Properly escape column name in "createFunction" call
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-16 15:24:02 +02:00
Daniel Kesselberg
2d30511fa6
Check if user is null before getUsername
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-09-16 19:33:03 +02:00
Arthur Schiwon
7807add02d
[LDAP] The WebUI Wizard also should not assign empty config IDs
...
With 689df9a843
the behaviour to assign only
non-empty config IDs was introduced. Only, this was only effective for CLI
and OCS API.
Related to #3270 .
The web UI creates now also a full configuration on first load. This fixes
#5094 .
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-08-23 17:58:35 +02:00
Morris Jobke
3d8f174774
Resolve all group memberships properly
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-08-21 10:57:50 +02:00
Arthur Schiwon
b497b06867
don't force LDAP updates on userExists anymore
...
and remove some deprecated code
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-08-14 17:57:24 +02:00
Arthur Schiwon
a39c995083
FIX: emit assignedUserId only for users
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-08-09 23:45:11 +02:00
Julius Härtl
c2616df541
Only bind if configuration for the first server is available
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-07-13 08:25:10 +02:00
Arthur Schiwon
846ab25fc0
adjust and add more unit tests
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-07-05 11:50:49 +02:00
Arthur Schiwon
343036e55c
allow admin to disable fetching of avatars as well as a specific attribute
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-07-05 11:12:51 +02:00
Arthur Schiwon
a4dda465c2
let user set avatar in nextcloud von LDAP provides invalid image data
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-07-03 01:45:07 +02:00
blizzz
28e64afb8c
Merge pull request #10034 from nextcloud/fix/noid/ldap-silence-quota-logmsgs
...
lower log level for quota manipulation cases
2018-06-28 23:06:23 +02:00
Arthur Schiwon
cc51a00c93
lower log level for quota manipulation cases
...
and simplify the forest of ifs a little bit
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-06-28 21:10:07 +02:00
Arthur Schiwon
7a728f2154
LDAP backup server should not be queried when auth fails
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-06-27 23:12:07 +02:00
Arthur Schiwon
73cacb8896
check user state when fetching to avoid dealing with offline objects
...
fixes #9502
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-05-29 01:10:03 +02:00
Roger Szabo
856164e578
Fix "Invalid argument supplied for foreach()"
...
Signed-off-by: Roger Szabo <roger.szabo@web.de>
2018-05-02 18:17:21 +08:00
Roger Szabo
8637b90e15
unbound cloned connection fix
...
Signed-off-by: Roger Szabo <roger.szabo@web.de>
2018-04-27 17:29:15 +08:00
Arthur Schiwon
38a90130ce
move log constants to ILogger
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-26 10:45:52 +02:00
Arthur Schiwon
ed5f53bd49
Access needs UserManager, missed to add in #8833
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-23 15:58:50 +02:00
Morris Jobke
38961a725f
Merge pull request #8833 from nextcloud/feature/noid/add_ldap_user_hooks
...
add anounce- and (pre/|post)RevokeUser signals for non-native backends
2018-04-11 00:44:39 +02:00
Arthur Schiwon
16d4ff4d39
parameter provided to L10N::n() could have been a string
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-05 14:50:28 +02:00
Arthur Schiwon
f1565336bd
DI for NC's user manager
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-05 12:46:24 +02:00
Arthur Schiwon
373a1d5391
more consistent naming
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-05 12:46:15 +02:00
Arthur Schiwon
8fe914f07e
LDAP backend to emit announce and revoke signals on mapping changes
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-05 12:38:39 +02:00
Roeland Jago Douma
f4fd0224db
Do not use \OCP\DB anymore
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-26 14:40:23 +02:00
Arthur Schiwon
cbf60f2e91
existence check works without attribute (like with users)
...
cn is not necessarily given everywhere
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-15 15:47:44 +01:00
Morris Jobke
8195b17ed7
Remove deprecated and unsused methods of OCP\DB
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-03-12 15:13:37 +01:00
Morris Jobke
cccf6f4d5f
Merge pull request #8221 from Cybso/8220_applyLdapUserFilter_on_members
...
Apply ldapUserFilter on members of group
2018-03-08 13:19:02 +01:00
Roland Tapken
2472b93fd9
dn2ocname: also apply group filter to readAttribute()
...
Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2018-03-07 12:18:46 +01:00
Roeland Jago Douma
c2320aea22
Merge pull request #8634 from nextcloud/ldap-no-empty-names
...
do not create empty userid when attribute does not have allowed chars
2018-03-05 19:37:17 +01:00
Arthur Schiwon
47a10bd25a
treat iconv issues
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-05 14:03:08 +01:00
Arthur Schiwon
4f8c724318
typo + phpdoc
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-05 13:30:28 +01:00
Arthur Schiwon
8607992e85
do not create empty userid when attribute does not have allowed chars
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-02 17:44:06 +01:00
Arthur Schiwon
04f7252fc4
use hash algo that's robust against collisions
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-02 16:26:36 +01:00
Arthur Schiwon
238c3a5201
fix retrieving group members with numerical uids from LDAP
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-02-23 12:05:50 +01:00
Arthur Schiwon
9bc75307e7
track the state of the bind result
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-02-22 13:05:33 +01:00
Morris Jobke
236086c457
Merge pull request #8335 from nextcloud/remove-unused-import
...
Remove unused import statements
2018-02-14 22:23:07 +01:00
Morris Jobke
d3d045dd5c
Remove unused import statements
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-14 16:55:43 +01:00
Morris Jobke
e2974f1133
Simplify return statement
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-13 21:55:24 +01:00
Roland Tapken
cf4ec7a4b6
Apply ldapUserFilter on members of group
...
Refers to issue #8220
user_ldap configured with custom filters for active directory access
(group-member-association is "member"). Then it can happen that the
members of a group contain members that don't belong to the users
available in Nextcloud (the most trivial reason is that the user filter
contains "(!(UserAccountControl:1.2.840.113556.1.4.803:=2))" to exclude
disabled users from being imported).
This can be fixed by applying the ldapUserFilter when resolving the UID
for a DN fetched from the group's member list.
Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2018-02-07 12:02:58 +01:00
blizzz
8f29f9a59b
typo
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-31 21:50:55 +01:00
Arthur Schiwon
8753a816d8
fixes reading the sysconfig value
...
settings without the entry in the translation array are computed
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-31 13:46:13 +01:00
Morris Jobke
eb51f06a3b
Use ::class statement instead of string
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-29 12:03:47 +01:00
Morris Jobke
a661f043e1
Remove unneeded semicolon and parentheses
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 23:46:40 +01:00
Morris Jobke
2ad2eb38e8
Use type casting instead of *val() method
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 15:01:27 +01:00
Morris Jobke
ca493ab5b1
Merge pull request #8069 from nextcloud/no-catch-serverdown
...
do not catch and ignore ServerNotAvailable in the wrong spot
2018-01-26 14:01:07 +01:00
Arthur Schiwon
b61b906abe
do not catch ServerNotAvailable
...
might cause the user to be unavailable (race condition).
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-26 12:47:19 +01:00
Morris Jobke
6bbea33133
Simplify ternary operator statements
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 12:36:25 +01:00
Morris Jobke
c1e4f9f305
Use type casting instead of *val() method
...
It should be up to 6x faster
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 11:35:42 +01:00
Morris Jobke
0a56d2185e
Return value immediately instead of assigning to a one-time variable
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 00:02:03 +01:00
Morris Jobke
2a38605545
Properly log the full exception instead of only the message
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-23 10:57:21 +01:00
Morris Jobke
55532f19d9
Cleanup OC_User and OCP\User
...
* mainly removes deprecated methods and old static code
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-16 18:39:11 +01:00
Roeland Jago Douma
8a41d05761
Remove deprecated \OCP\Config
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-13 14:25:04 +01:00
Arthur Schiwon
f84ec92563
revert resolving of recursion ( 3628d4d65d
)
...
without recursion we have issues with internal states. paged search status
are set to false, cookies are not being set. In the end we have endless
requests which pile up enormously with a high initial offset.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-11 15:17:18 +01:00
Arthur Schiwon
9031ae0281
fix return value when ldapPagingSize returns null
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-11 14:47:51 +01:00
Arthur Schiwon
15a3f4659f
enrich log message with backtrace, but level it down to DEBUG
...
The message is not helpful anyway for an admin, and oftentimes is just
valid (e.g. when searching with an offset beyond users in LDAP).
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-11 14:17:14 +01:00
Arthur Schiwon
f292f98060
when paged results are turned off, all (max possible) users are returned
...
thus hasMoreResult should return false
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-11 13:20:17 +01:00
Arthur Schiwon
7c3db54ff6
fix changing to next cycle
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-08 13:45:06 +01:00
Arthur Schiwon
b17c5fec40
add unit test for qualifies to run
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-08 13:08:59 +01:00
Arthur Schiwon
a565bf0b9f
fix offset is never being reset
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-05 14:29:11 +01:00
Arthur Schiwon
82da4fde18
create failing test for this case
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-05 14:27:36 +01:00
Morris Jobke
4d0315ceae
Merge pull request #7599 from nextcloud/quieter-debug-log
...
don't show recurring log msg when paged result was turned off
2018-01-03 00:40:46 +01:00
Arthur Schiwon
c8851e24a8
throw ServerNotAvailableException when LDAP is caught shutting down
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-02 12:20:44 +01:00
Arthur Schiwon
82fd09c294
don't show recurring msg when pages result was turned off
...
and only as debug level otherwise.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-12-21 14:29:56 +01:00
Morris Jobke
d2d73f1ce8
Also replace all other occurences
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-12-18 20:57:11 +01:00
Arthur Schiwon
5ce943aa85
don't use deprecated method for requesting memcache
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-12-18 20:57:11 +01:00
Morris Jobke
defac0ff0d
Fixes hex2bin() in LDAP
...
Untangles the two if-else clauses into a more readable format.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-12-13 11:57:49 +01:00
Arthur Schiwon
27f14eee26
don't cache user, if no internal user id was retrieved/assigned
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-12-07 22:47:32 +01:00
Arthur Schiwon
991190b994
ensure that users are cached when they are retrieved
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-12-07 17:49:33 +01:00
sidey79
45dfc11137
tryfix needsRefresh unit tests
...
Forced updateAttributesInterval from getAppValue to int
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-10 17:07:41 +01:00
sidey79
039f6c9636
Fixed Typo in user.php
...
Fixed a typo for the app config prameter updateAttributesInterval
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-10 17:07:41 +01:00
sidey79
0b290c0904
Update User.php
...
Makes the time between needsRefresh configurable via app config option updateAttribuesInterval.
Default is still 86400 secons which is one day.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-10 17:07:36 +01:00
Arthur Schiwon
419759e68b
resolve DI
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-09 11:10:59 +01:00
Arthur Schiwon
8113f26eed
add Sync test
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-09 11:10:58 +01:00
Arthur Schiwon
59c05d5447
move LDAP user attributes "sync" to background (except for ajax jobs)
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-09 11:10:56 +01:00