Commit Graph

746 Commits

Author SHA1 Message Date
Arthur Schiwon 41e94f2f1f Also invalidate groups after deletion
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-27 10:22:12 +00:00
Arthur Schiwon 9f48090545 invalidates user when plugin reported deletion success
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-27 10:22:11 +00:00
Arthur Schiwon 15c77deeef fixes return type in php doc
* the backend already expects and works with the string

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-19 15:20:14 +00:00
Arthur Schiwon bca48e088b fixes returning the base when multiple are specified
* reading the config directly will return the value with line breaks
* using the proper accessor gives us all bases in an array
* returns the first matching one
* having user id provided for the group base is strange and does not let
  us operate like this. here we return the first one. might change in
  future, a backportable fix won't have an API change however.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-19 15:20:13 +00:00
Arthur Schiwon c95da45e48 caches the displayname after an LDAP plugin set it
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-18 21:21:49 +00:00
Arthur Schiwon 17bc99743b fix inGroup check, thus make integration tests succeed
there is not such strange return mode. Having invalid user ids caused this
check to fail, and as side effect share limitation to groups to not work.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-17 13:34:55 +00:00
Morris Jobke 36618b111f
Pass old value to user triggerChange hook
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-04-11 10:03:38 +02:00
Arthur Schiwon 518998093f
set the loglevel in context, save the condition
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-04-02 22:52:12 +02:00
Vinicius Cubas Brand 61572a5b2e
LDAP plugin: force createUser to return new user's DN
LDAP plugins must change the createUser method to return the DN, as we
need this to update the cache.

Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
2019-03-21 10:20:46 +01:00
Vinicius Cubas Brand a2c38148e7
Cache cleaning when subadmin adds user to group
This commit fix an error happening when the subadmin tries to create an
user, adding him/her to the group s/he is subadmin of, using a LDAP
User/Group plugin.

This just forces the cache to be reset after an user is added to a
group.

Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
2019-03-21 10:20:46 +01:00
Vinicius Cubas Brand c4dbc428f9
fix user creation using LDAP Plugin
Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
2019-03-21 10:20:46 +01:00
Arthur Schiwon 5dd2207c95
fix nested group retrieval also for 2 other cases
and also consolidate logic in one method

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-03-05 11:07:40 +01:00
Roland Tapken e7c506cff1
Reduce queries to LDAP by caching nested groups
Nested groups are now cached in a CappedMemoryCache object to reduce
queries to the LDAP backend.

Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:40 +01:00
Roland Tapken afb182650e
user_ldap: really resolve nested groups
The previous patch fixed the problem only for one level of indirection
because groupsMatchFilter() had been applied on each recursive call (and
thus there would be no second level if the first level fails the check).

This new implementation replaces the recursive call with a stack that
iterates all nested groups before filtering with groupsMatchFilter().

Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:40 +01:00
Roland Tapken c2d8a36d9a
user_ldap: Filter groups after nexted groups
Currently groupsMatchFilter is called before nested groups are resolved.
This basicly breaks this feature since it is not possible to inherit
membership in a group from another group.

Minimal example:

  Group filter: (&(objectClass=group),(cn=nextcloud))
  Nested groups: enabled

  cn=nextcloud,ou=Nextcloud,ou=groups,dn=company,dn=local
    objectClass: group

  cn=IT,ou=groups,dn=company,dn=local
    objectClass: group
    memberOf: cn=nextcloud,ou=Nextcloud,ou=groups,dn=company,dn=local

  cn=John Doe,ou=users,dn=company,dn=local
    objectClass: person
    memberOf: cn=IT,ou=groups,dn=company,dn=local

Since 'cn=IT,ou=groups,dn=company,dn=local' doesn't match the group
filter, John wouldn't be a member of group 'nextcloud'.

This patch fixes this by filtering the groups after all nested groups
have been collected. If nested groups is disabled the result will be the
same as without this patch.

Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:35 +01:00
Arthur Schiwon 792bcb82ae
add LDAP ConfigHandler for external storages and "$home" var
* handler registered upon OCA\\Files_External::loadAdditionalBackends
  event as user_ldap is loaded before files_external
* new configuration field "ldapExtStorageHomeAttribute" (not in GUI yet)

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-02-14 15:22:22 +01:00
Arthur Schiwon 5c10a46445
ensure attribute names are lower cased
otherwise they will be skipped when the results is being formatted and the
lower-cased result keys do not match.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-02-14 14:13:32 +01:00
Filis Futsarov 18ae9d267a
Comment fix. 2019-01-30 23:23:09 +01:00
Arthur Schiwon c868892d2d
iterate over bases instead of doing parallel search
parallel search is not compatible with paged search, but the letter is
usually always applied.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-01-28 23:00:59 +01:00
Arthur Schiwon 85f14bc591
LDAP: extend remnants output with "detected on" field
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-12-21 17:24:28 +01:00
Arthur Schiwon fbd4e9e651
add tests for the DUI
as they are interact with the DB they are more integraiton than unit tests

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-12-21 17:24:23 +01:00
Arthur Schiwon 8bacbffe28
do not forgot to store the second displayname portion
otherwise it causes a chain reaction of system addressbook updates

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-12-20 23:11:00 +01:00
Arthur Schiwon feb5366a42
LDAP clear cache on config modification also when done via API or CLI
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-12-17 00:31:27 +01:00
Arthur Schiwon c32cc4a194
cache users as existing after mapping
during login they might be cached as non-existing and cause an Exception
in the long run

reduces some duplication, too

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-11-27 17:07:59 +01:00
Daniel Kesselberg 6ce849f7b8
Add return type
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-11-25 12:30:54 +01:00
Daniel Kesselberg d17b32afd7
Fix count on string
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-11-24 22:06:45 +01:00
Morris Jobke 159d75945a
Merge pull request #12292 from nextcloud/fix/2947/lapse-sizelimit-error
avoid logging of "Partial search results returned: Sizelimit exceeded…"
2018-11-15 10:48:57 +01:00
Joas Schilling bb352fb667
Use the defined func()->count() instead of manual counting
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-11-08 15:44:45 +01:00
Arthur Schiwon deec5a70a0
avoid logging of "Partial search results returned: Sizelimit exceeded at"
LDAP servers respond with that even if a limit was passed with the
request. Having this statement logged causes a lot of confusion.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-11-07 13:15:55 +01:00
Arthur Schiwon 0c5d9127e8
remove app specific IUserTools and consolidate test
Just some house keeping. IUserTools with used in even older days for
easier creation of Access instances…

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-10-30 22:44:50 +01:00
Roeland Jago Douma 8b2b238d86
Merge pull request #12054 from nextcloud/fix/5212/interact-with-userobject
LDAP: announce display name changes so that addressbook picks it up
2018-10-30 13:38:16 +01:00
Arthur Schiwon 49456e42f9
do not run into UniqueConstraintViolationException
… when an unmapped user logs in for the first time when background job
mode is ajax and no memcache was configured.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-10-30 12:12:03 +01:00
Morris Jobke 31ccf8580a
Merge pull request #12070 from nextcloud/fix/noid/announce-chosen-uid
announce the chosen uid (fixes wrong variable usage)
2018-10-30 10:12:04 +01:00
Arthur Schiwon d47e1513bc
remove unneeded empty search attribute values, fixes #12086
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-10-29 13:21:02 +01:00
Arthur Schiwon 05f909dcf3
fixes wrong variable usage
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-10-26 18:03:41 +02:00
Arthur Schiwon bbe44108b5
only write when the displayname differs, but then announce it
refs #5212 and fixes #9112

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-10-25 23:41:12 +02:00
Arthur Schiwon 2048872f9e
functions that were checked for are present since PHP 5.4, supported is >=/
* so the check from older days is really not necessary anymore
* resolves #10923

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-10-25 22:50:42 +02:00
Morris Jobke b458ed9c82
Properly escape column name in "createFunction" call
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-16 15:24:02 +02:00
Daniel Kesselberg 2d30511fa6
Check if user is null before getUsername
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-09-16 19:33:03 +02:00
Arthur Schiwon 7807add02d
[LDAP] The WebUI Wizard also should not assign empty config IDs
With 689df9a843 the behaviour to assign only
non-empty config IDs was introduced. Only, this was only effective for CLI
and OCS API.

Related to #3270.

The web UI creates now also a full configuration on first load. This fixes
#5094.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-08-23 17:58:35 +02:00
Morris Jobke 3d8f174774
Resolve all group memberships properly
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-08-21 10:57:50 +02:00
Arthur Schiwon b497b06867
don't force LDAP updates on userExists anymore
and remove some deprecated code

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-08-14 17:57:24 +02:00
Arthur Schiwon a39c995083
FIX: emit assignedUserId only for users
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-08-09 23:45:11 +02:00
Julius Härtl c2616df541
Only bind if configuration for the first server is available
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-07-13 08:25:10 +02:00
Arthur Schiwon 846ab25fc0
adjust and add more unit tests
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-07-05 11:50:49 +02:00
Arthur Schiwon 343036e55c
allow admin to disable fetching of avatars as well as a specific attribute
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-07-05 11:12:51 +02:00
Arthur Schiwon a4dda465c2
let user set avatar in nextcloud von LDAP provides invalid image data
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-07-03 01:45:07 +02:00
blizzz 28e64afb8c
Merge pull request #10034 from nextcloud/fix/noid/ldap-silence-quota-logmsgs
lower log level for quota manipulation cases
2018-06-28 23:06:23 +02:00
Arthur Schiwon cc51a00c93
lower log level for quota manipulation cases
and simplify the forest of ifs a little bit

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-06-28 21:10:07 +02:00
Arthur Schiwon 7a728f2154
LDAP backup server should not be queried when auth fails
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-06-27 23:12:07 +02:00