Commit Graph

884 Commits

Author SHA1 Message Date
Arthur Schiwon 5257efc5f2
remove logging message carrying no valuable information
the exception caught is not an error, but due to valid configuration and
code flow is expecting this. For an admin it is confusing, and it carries
no information worth for debugging.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-08-12 09:10:23 +02:00
Arthur Schiwon 7eb6d8df0a
do not flip available state to unavailable, allow empty results
- the detection relies that the first, requested result is not empty
- it might be empty though – groups without members
- protect switching from available to unavailable
  - switching the other way around was also not envisaged either

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-08-11 19:03:27 +02:00
Arthur Schiwon 7ea262dba0
LDAP: shortcut in reading nested group members when IN_CHAIN is available
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-08-11 18:22:11 +02:00
Morris Jobke 548576ec10
Merge pull request #22176 from nextcloud/debt/noid/table-render-too-many-arguments
Remove unexpected argument
2020-08-11 09:44:28 +02:00
Daniel Kesselberg 7b68f0f326
Remove unexpected argument
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-08-10 22:36:30 +02:00
Arthur Schiwon 7c07f0c7f3
use break not continue in switch to avoid warning
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-08-10 17:34:11 +02:00
blizzz 579c7073f3
Merge pull request #16737 from tofuSCHNITZEL/feature-zimbraldap
new Group-Member association attribute (zimbraMailForwardingAddress)
2020-08-07 22:20:50 +00:00
Tobias Perschon 551d904bb0
added "zimbraMailForwardingAddress" as a Group-Member association attribute to enable the use of Zimbra Distribution Lists as groups in nextcloud when connecting to a zimbra LDAP
Signed-off-by: Tobias Perschon <tobias@perschon.at>

fix cs:check

Signed-off-by: Tobias Perschon <tobias@perschon.at>

Update apps/user_ldap/lib/Group_LDAP.php

Co-authored-by: blizzz <blizzz@arthur-schiwon.de>
Signed-off-by: Tobias Perschon <tobias@perschon.at>
2020-08-07 23:30:44 +02:00
Morris Jobke 54726d5934
Merge pull request #21738 from nextcloud/techdebt/14552/migrate-OC_Group-post_removeFromGroup
Migrate OC_Group post_removeFromGroup hook to actual event object
2020-08-07 17:46:00 +02:00
Morris Jobke 36ee37ec0a
Migrate OC_Group post_removeFromGroup hook to actual event object
Ref #14552

This adds a BeforeUserRemovedEvent to the LDAP backend because it was missing. It's not really before, but we don't have the before state.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-07-30 10:21:08 +02:00
Arthur Schiwon d3501be851
reset the cookie internally in new API when abandoning paged results op
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-07-29 17:48:56 +02:00
Morris Jobke 7870ca0663
Use the proper IAppContainer and IServerContainer type hints to know which code runs with which container
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-07-21 20:44:05 +02:00
Christoph Wurst 91e7f12088
Adjust apps' code to use the ContainerInterface
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-07-21 20:43:18 +02:00
Christoph Wurst 35e966c38d
Migrate LDAP to the PSR container
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-07-16 15:57:17 +02:00
Morris Jobke f42e557fa1
Use IBootstrap for the app user_ldap
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-07-14 04:47:54 +02:00
Morris Jobke 3203286f52
Do not use custom DI object names for user_ldap
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-07-13 17:22:19 +02:00
Morris Jobke 7ad0381e5c
Merge pull request #21639 from nextcloud/techdebt/noid/move-away-from-database-xml
Move away from database xml
2020-07-06 22:42:39 +02:00
Joas Schilling 556e23e681
Move user_ldap to migrations
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-07-06 16:42:14 +02:00
Morris Jobke d72d9ff1f4
Merge pull request #21171 from nextcloud/enh/noid/tidy-up-group-ldap
tidy up Group_LDAP
2020-07-06 14:00:27 +02:00
Joas Schilling d7c0b9cced
Also always return in app commands
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-26 15:12:11 +02:00
Arthur Schiwon b8bef4ded0
fix strings being passed where arrays where expected
also brought type hints up to internal API level

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-06-24 23:34:37 +02:00
Arthur Schiwon 3baa8d22a6
comment was wrong, block is needed nevertheless
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-06-24 17:51:11 +02:00
blizzz 0ab6ee40de
be more clear about the condition
Co-authored-by: Christoph Wurst <ChristophWurst@users.noreply.github.com>
2020-06-16 10:55:51 +02:00
Arthur Schiwon 0cf57d1ed4
getXbyY can still return false, e.g. when using ldap write support
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-06-15 21:48:27 +02:00
Arthur Schiwon 4edf8630c4
clear LDAP cache after user deletion
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-06-08 17:52:43 +02:00
Arthur Schiwon 64fe042b0d
tidy up Group_LDAP
* remove unused method
* resolve code duplication
* remove usage of deprectad Util::writeLog
* phpDoc updates
* signature updates

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-06-08 13:40:24 +02:00
Arthur Schiwon aed6f0f71e
simplify getGroups, fixing wrong chunking logic
pagination is taken care of properly in the search logic in Access class

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-05-27 14:41:10 +02:00
Arthur Schiwon 15008a1798
fixes infinitely repeating LDPA search results with PHP <= 7.2
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-05-26 00:37:46 +02:00
Christoph Wurst cb057829f7
Update license headers for 19
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-29 11:57:22 +02:00
Clement Wong 9f5f505acf Don't remove last user in ldap group when limit is -1
Signed-off-by: Clement Wong <git@clement.hk>
2020-04-27 02:33:00 +02:00
blizzz 212138daa1
Merge pull request #19919 from nextcloud/enh/noid/ldpa_group_perf
LDAP Group Backend optimizations
2020-04-24 12:27:27 +02:00
Arthur Schiwon 4babdc082b
formatting
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-04-23 21:34:05 +02:00
Arthur Schiwon 75c686d825
do not run paged results against ldap_read ops on PHP7.3+
- previously it was needed as the PHP LDAP handling of paged results was
strange
- but now the read operation would fail, e.g. with extra home dir attribute
set ("Home dir attribute can't be read from LDAP for uid: foobar"

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-04-21 15:47:49 +02:00
Arthur Schiwon ab550d682f
do not rerun expensive sanitizer against already processed DNs
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-04-17 12:49:47 +02:00
Arthur Schiwon 32000dd1af
read records from DB for lists at once, not one by one.
Keep a runtime cache of dn-id-mapping

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-04-17 12:39:54 +02:00
Arthur Schiwon cc31c38277
don't circulate with only one backend
- saves some overhead costs
- in some occasions saves LDAP requests

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-04-17 12:38:52 +02:00
Arthur Schiwon e8ddb4718c
consolidate groupsMatchFilter in groupsExist
- less duplication
- profiting of the same cache entry

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-04-17 12:38:07 +02:00
Roeland Jago Douma d9990b09b8
PHP-CS-Fixer green
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-04-16 09:25:17 +02:00
Arthur Schiwon 84619a5b9c
use serverControls directly with LDAP calls, fixes 19127
- adapters for PHP API version to Support PHP < 7.3
- switch to pass only one base per search
- cookie logic is moved from Access to API adapters

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-04-14 12:58:28 +02:00
Christoph Wurst 734c62bee0
Format code according to PSR2
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:56:50 +02:00
Christoph Wurst 28f8eb5dba
Add visibility to all constants
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:54:27 +02:00
Christoph Wurst 1584c9ae9c
Add visibility to all methods and position of static keyword
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:51:06 +02:00
Christoph Wurst a7c8d26d31
Add visibility to all properties and move static keyword
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:48:31 +02:00
Christoph Wurst caff1023ea
Format control structures, classes, methods and function
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 14:19:56 +02:00
Christoph Wurst 14c996d982
Use elseif instead of else if
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 10:35:09 +02:00
Christoph Wurst 008e6d7e84
Merge pull request #20391 from nextcloud/refactor/spaces-cleanup
Remove all extra whitespace PSR2 does not like
2020-04-09 20:39:37 +02:00
Christoph Wurst 64510932b8
Merge pull request #20384 from nextcloud/techdebt/lowercase-keywords
Use php keywords in lowercase
2020-04-09 16:25:14 +02:00
Christoph Wurst a8a06a82d2
Remove trailing whitespaces from comments
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 16:09:23 +02:00
Christoph Wurst 44577e4345
Remove trailing and in between spaces
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 16:07:47 +02:00
Christoph Wurst 36b3bc8148
Use php keywords in lowercase
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 14:04:56 +02:00
Christoph Wurst afbd9c4e6e
Unify function spacing to PSR2 recommendation
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 13:54:22 +02:00
Christoph Wurst 41b5e5923a
Use exactly one empty line after the namespace declaration
For PSR2

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 11:48:10 +02:00
Christoph Wurst 2fbad1ed72
Fix (array) indent style to always use one tab
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 10:16:08 +02:00
Christoph Wurst 85e369cddb
Fix multiline comments
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-08 22:24:54 +02:00
Christoph Wurst 1a9330cd69
Update the license headers for Nextcloud 19
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-31 14:52:54 +02:00
Christoph Wurst b80ebc9674
Use the short array syntax, everywhere
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-26 16:34:56 +01:00
Philipp Staiger 8769d97f62 single squashed commit for bug fix
Signed-off-by: Philipp Staiger <philipp@staiger.it>
2020-03-26 09:01:35 +01:00
Arthur Schiwon 77c63e3b24
fixes auto-detecting UUID attributes
the continue (and later the early return) avoided proper looping over the
attribute candidates.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-03-19 19:42:46 +01:00
Arthur Schiwon 407b8fddfc
remove noise from detectUuid and cache results
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-02-19 16:42:36 +01:00
Arthur Schiwon a0e57ea6d3
sort prefixes for deterministic LDAP query behaviour
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-02-07 18:10:31 +01:00
blizzz 950856d5bb
Merge pull request #17717 from nextcloud/fix/noid/ldap-relax-getHome
relax strict getHome behaviour for LDAP users in a shadow state
2020-01-14 09:57:24 +01:00
Arthur Schiwon 489ed878e1
ensure that only valid group members are returned
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-01-13 17:13:08 +01:00
Arthur Schiwon 79667b58a9
cache group existence early to save useless requests to LDAP
we do it for users already

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-01-08 11:02:37 +01:00
Arthur Schiwon 5cae135b94
decouple userExists from userExistsOnLDAP check
allows to mark users as offline right away, avoids a gap of being not a
user and causing weird side effects

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-01-08 09:21:22 +01:00
Arthur Schiwon 411a47cadb
relax strict getHome behaviour for LDAP users in a shadow state
* simplifies deletion process
* less strange behaviour when looking up home storage (as long as it is local)
* thus could enable transfer ownerships after user went invisible on ldap

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-01-08 09:21:21 +01:00
Christoph Wurst 5bf3d1bb38
Update license headers
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-05 15:38:45 +01:00
Roeland Jago Douma 3a7cf40aaa
Mode to modern phpunit
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 15:27:18 +01:00
Roeland Jago Douma 68748d4f85
Some php-cs fixes
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-22 20:52:10 +01:00
blizzz e7f225c013
Merge pull request #18016 from nextcloud/fix/noid/ldap-checkup-batchsize
make chunksize (used to check for gone LDAP users) configurable
2019-11-21 11:05:54 +01:00
Arthur Schiwon 213016f758
uid can be false when the user record does not exit
fixes not loading files app for users who got a share by the gone LDAP user

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-11-20 19:44:12 +01:00
Arthur Schiwon f990620e6b
make chunksize (used to check for gone LDAP users) configurable
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-11-20 19:43:53 +01:00
Arthur Schiwon 38a8306e32
treat LDAP error 50 as auth issue, prevents lost server connection errors
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-10-18 18:55:10 +02:00
blizzz e105d19585
Merge pull request #17002 from nextcloud/fix/noid/ldap-dont-process-known-avas
Don't process known avatars from LDAP
2019-10-02 16:32:52 +02:00
Arthur Schiwon 8d2f712420
Don't process known avatars from LDAP
* avoids useless FS operation
* avoids useless DB writes
* avoids useless addressbook updates
* addendum to #17001

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-09-04 14:44:48 +02:00
Arthur Schiwon 3ce5d4e545
reduce adressbook change events and handling
... from four to one on avatar updates

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-09-04 13:46:25 +02:00
Arthur Schiwon ef237f8e36
fix check for null
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-08-02 13:09:38 +02:00
Arthur Schiwon a2c5ab2f8b
adjusts LDAP's home handler to use the correct user object
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-08-02 08:39:39 +02:00
Julius Härtl 72aaf2e5fb
files_external: Make sure the correct user context is used in substitution of variables
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-08-02 08:39:24 +02:00
Morris Jobke c00d6f4eac
Merge pull request #14540 from army1349/master
LDAP Password Modify Extended Operation support
2019-07-19 17:29:24 +02:00
Arthur Schiwon 40c9a743fa
adds an --update flag to check-user for manual sync of the ldap record
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-07-18 14:30:43 +02:00
Joas Schilling 6d71e471e1
Update shipped implementations of the INotifier
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-15 15:15:00 +02:00
Morris Jobke 0d0850746e
Merge pull request #15741 from mxss/fix/phpdoc-fixes
misc phpdoc fixes
2019-07-02 22:25:41 +02:00
Arthur Schiwon d0f31c590d
Also invalidate groups after deletion
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-27 10:33:40 +02:00
Arthur Schiwon 108227ca6c
invalidates user when plugin reported deletion success
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-26 14:18:28 +02:00
blizzz c1eff72bdf
Merge pull request #15964 from nextcloud/enh/noid/user-creation-options
Opt-in for generation userid, requiring email addresses
2019-06-21 11:08:59 +02:00
Arthur Schiwon 660fbd64e3
ensures mapping of chosen userid
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-19 17:02:28 +02:00
Arthur Schiwon 0b34085f24
fixes return type in php doc
* the backend already expects and works with the string

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-19 13:40:07 +02:00
Arthur Schiwon 8a7b0a68a5
fixes returning the base when multiple are specified
* reading the config directly will return the value with line breaks
* using the proper accessor gives us all bases in an array
* returns the first matching one
* having user id provided for the group base is strange and does not let
  us operate like this. here we return the first one. might change in
  future, a backportable fix won't have an API change however.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-19 13:39:15 +02:00
Arthur Schiwon a1f2dbe29c
caches the displayname after an LDAP plugin set it
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-18 12:42:03 +02:00
Arthur Schiwon 1d48c0313c
fix inGroup check, thus make integration tests succeed
there is not such strange return mode. Having invalid user ids caused this
check to fail, and as side effect share limitation to groups to not work.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-14 06:23:58 +02:00
Arthur Schiwon c6c8a41d2f
group display name support (service level + ldap)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-05-27 12:03:05 +02:00
Max Kovalenko a83b79c5f8
misc phpdoc fixes
Signed-off-by: Max Kovalenko <mxss1998@yandex.ru>
2019-05-27 09:04:05 +03:00
Arthur Schiwon 3372bcc7fc
fixes possible override of uniqueMember by autodetection
* uniqueMember was the default so we did not know whether this setting is
  desired or the initial value
* autodetection of the user-group association attribute runs only when it
  was not set (as far as we knew)
* the default is now empty
* thus LDAPProvider might return this value as well (in exceptional cases)
* if a group base is given (edge case), use this instead of general base
* resolves #12682

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-05-17 16:19:23 +02:00
Morris Jobke 36618b111f
Pass old value to user triggerChange hook
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-04-11 10:03:38 +02:00
Arthur Schiwon 518998093f
set the loglevel in context, save the condition
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-04-02 22:52:12 +02:00
Vinicius Cubas Brand 61572a5b2e
LDAP plugin: force createUser to return new user's DN
LDAP plugins must change the createUser method to return the DN, as we
need this to update the cache.

Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
2019-03-21 10:20:46 +01:00
Vinicius Cubas Brand a2c38148e7
Cache cleaning when subadmin adds user to group
This commit fix an error happening when the subadmin tries to create an
user, adding him/her to the group s/he is subadmin of, using a LDAP
User/Group plugin.

This just forces the cache to be reset after an user is added to a
group.

Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
2019-03-21 10:20:46 +01:00
Vinicius Cubas Brand c4dbc428f9
fix user creation using LDAP Plugin
Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
2019-03-21 10:20:46 +01:00
Peter Kubica 3ed1d158bc LDAP Password Modify Extended Operation support
Signed-off-by: Peter Kubica <peter@kubica.ch>
2019-03-19 01:58:46 +01:00
Arthur Schiwon 5dd2207c95
fix nested group retrieval also for 2 other cases
and also consolidate logic in one method

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-03-05 11:07:40 +01:00