Commit Graph

2558 Commits

Author SHA1 Message Date
Roland Tapken 459b8a4845
Fixed unit test: groupsMatchFilter will not be called multiple times anymore.
Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:40 +01:00
Roland Tapken e7c506cff1
Reduce queries to LDAP by caching nested groups
Nested groups are now cached in a CappedMemoryCache object to reduce
queries to the LDAP backend.

Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:40 +01:00
Roland Tapken afb182650e
user_ldap: really resolve nested groups
The previous patch fixed the problem only for one level of indirection
because groupsMatchFilter() had been applied on each recursive call (and
thus there would be no second level if the first level fails the check).

This new implementation replaces the recursive call with a stack that
iterates all nested groups before filtering with groupsMatchFilter().

Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:40 +01:00
Roland Tapken c2d8a36d9a
user_ldap: Filter groups after nexted groups
Currently groupsMatchFilter is called before nested groups are resolved.
This basicly breaks this feature since it is not possible to inherit
membership in a group from another group.

Minimal example:

  Group filter: (&(objectClass=group),(cn=nextcloud))
  Nested groups: enabled

  cn=nextcloud,ou=Nextcloud,ou=groups,dn=company,dn=local
    objectClass: group

  cn=IT,ou=groups,dn=company,dn=local
    objectClass: group
    memberOf: cn=nextcloud,ou=Nextcloud,ou=groups,dn=company,dn=local

  cn=John Doe,ou=users,dn=company,dn=local
    objectClass: person
    memberOf: cn=IT,ou=groups,dn=company,dn=local

Since 'cn=IT,ou=groups,dn=company,dn=local' doesn't match the group
filter, John wouldn't be a member of group 'nextcloud'.

This patch fixes this by filtering the groups after all nested groups
have been collected. If nested groups is disabled the result will be the
same as without this patch.

Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:35 +01:00
Julius Härtl 6ee7286b41
Fix tests
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-03-01 20:57:01 +01:00
Nextcloud bot 374f89aba1
[tx-robot] updated from transifex 2019-03-01 01:12:36 +00:00
Nextcloud bot 057e81a1e2
[tx-robot] updated from transifex 2019-02-28 01:12:39 +00:00
Nextcloud bot 36b01e3c2d
[tx-robot] updated from transifex 2019-02-27 01:12:05 +00:00
Nextcloud bot 876e2792d0
[tx-robot] updated from transifex 2019-02-26 01:12:12 +00:00
Nextcloud bot 5df6400e28
[tx-robot] updated from transifex 2019-02-25 01:12:18 +00:00
rakekniven 73473de5de
Fixed grammar
Reported at Transifex.

Signed-off-by: Mark Ziegler <mark.ziegler@rakekniven.de>
2019-02-22 19:49:36 +01:00
Nextcloud bot 10388eab34
[tx-robot] updated from transifex 2019-02-21 01:12:02 +00:00
Nextcloud bot ad0b67cbce
[tx-robot] updated from transifex 2019-02-19 01:12:10 +00:00
Nextcloud bot 0b7b938a60
[tx-robot] updated from transifex 2019-02-18 01:12:09 +00:00
Nextcloud bot 1374183f92
[tx-robot] updated from transifex 2019-02-17 01:13:29 +00:00
Arthur Schiwon 685c13e091
add GUI option to set the $home placeholder
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-02-14 15:22:22 +01:00
Arthur Schiwon 792bcb82ae
add LDAP ConfigHandler for external storages and "$home" var
* handler registered upon OCA\\Files_External::loadAdditionalBackends
  event as user_ldap is loaded before files_external
* new configuration field "ldapExtStorageHomeAttribute" (not in GUI yet)

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-02-14 15:22:22 +01:00
Arthur Schiwon 5c10a46445
ensure attribute names are lower cased
otherwise they will be skipped when the results is being formatted and the
lower-cased result keys do not match.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-02-14 14:13:32 +01:00
Nextcloud bot 4d8c42a4fb
[tx-robot] updated from transifex 2019-02-14 01:12:26 +00:00
Nextcloud bot 45777abce0
[tx-robot] updated from transifex 2019-02-08 01:12:39 +00:00
Nextcloud bot 0df5110127
[tx-robot] updated from transifex 2019-02-06 11:27:29 +00:00
Filis Futsarov 18ae9d267a
Comment fix. 2019-01-30 23:23:09 +01:00
Arthur Schiwon c868892d2d
iterate over bases instead of doing parallel search
parallel search is not compatible with paged search, but the letter is
usually always applied.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-01-28 23:00:59 +01:00
Nextcloud bot 4611ad5a9c
[tx-robot] updated from transifex 2019-01-26 01:12:19 +00:00
Nextcloud bot 2277c21f3e
[tx-robot] updated from transifex 2019-01-24 01:12:02 +00:00
Nextcloud bot 2ba75ac9b0
[tx-robot] updated from transifex 2019-01-23 01:12:05 +00:00
Nextcloud bot e35a5ef387
[tx-robot] updated from transifex 2019-01-16 01:12:34 +00:00
Nextcloud bot 56ad07b85e
[tx-robot] updated from transifex 2019-01-15 01:12:14 +00:00
Nextcloud bot 8edd9b0e33
[tx-robot] updated from transifex 2019-01-14 01:12:00 +00:00
Nextcloud bot 363c0c31f4
[tx-robot] updated from transifex 2019-01-13 01:12:53 +00:00
Christoph Wurst 208788173d
Npmize (vendor) scripts
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-01-09 15:01:59 +01:00
Nextcloud bot a1b6333712
[tx-robot] updated from transifex 2019-01-05 01:11:57 +00:00
Morris Jobke c1ddd2fec9
Merge pull request #13138 from nextcloud/enhancement/noid/ldap-remnants-detected-field
register and show when an LDAP user was detected as unavailable/deleted
2019-01-04 22:48:05 +01:00
Arthur Schiwon 925043c60c
ensure db is pristine before starting the tests
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-01-04 22:10:22 +01:00
Nextcloud bot a1f9ed1d7d
[tx-robot] updated from transifex 2019-01-04 01:12:28 +00:00
Nextcloud bot 8d5b74b6b6
[tx-robot] updated from transifex 2018-12-31 01:11:41 +00:00
Nextcloud bot 760c502f3c
[tx-robot] updated from transifex 2018-12-28 01:11:49 +00:00
Nextcloud bot 1c3f468d56
[tx-robot] updated from transifex 2018-12-27 01:11:41 +00:00
Nextcloud bot 9d5f7c7f62
[tx-robot] updated from transifex 2018-12-24 01:11:46 +00:00
Arthur Schiwon 85f14bc591
LDAP: extend remnants output with "detected on" field
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-12-21 17:24:28 +01:00
Arthur Schiwon fbd4e9e651
add tests for the DUI
as they are interact with the DB they are more integraiton than unit tests

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-12-21 17:24:23 +01:00
Arthur Schiwon 8bacbffe28
do not forgot to store the second displayname portion
otherwise it causes a chain reaction of system addressbook updates

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-12-20 23:11:00 +01:00
Nextcloud bot 3d53398d07
[tx-robot] updated from transifex 2018-12-19 01:11:46 +00:00
Nextcloud bot f36082838e
[tx-robot] updated from transifex 2018-12-18 01:11:34 +00:00
blizzz e7950a5bd6
Merge pull request #12693 from nextcloud/fix/11474/fix-first-ldap-login
fix exception on LDAP mapping during login
2018-12-17 13:07:21 +01:00
Arthur Schiwon feb5366a42
LDAP clear cache on config modification also when done via API or CLI
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-12-17 00:31:27 +01:00
Nextcloud bot 51f13a7e9c
[tx-robot] updated from transifex 2018-12-14 01:12:32 +00:00
Nextcloud bot 7034df7d77
[tx-robot] updated from transifex 2018-12-13 01:11:56 +00:00
Nextcloud bot 95d33cd889
[tx-robot] updated from transifex 2018-12-04 01:12:05 +00:00
Nextcloud bot 68f04686a0
[tx-robot] updated from transifex 2018-11-29 01:11:34 +00:00