Commit Graph

891 Commits

Author SHA1 Message Date
Morris Jobke 38961a725f
Merge pull request #8833 from nextcloud/feature/noid/add_ldap_user_hooks
add anounce- and (pre/|post)RevokeUser signals for non-native backends
2018-04-11 00:44:39 +02:00
Arthur Schiwon 16d4ff4d39
parameter provided to L10N::n() could have been a string
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-05 14:50:28 +02:00
Arthur Schiwon f1565336bd
DI for NC's user manager
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-05 12:46:24 +02:00
Arthur Schiwon 373a1d5391
more consistent naming
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-05 12:46:15 +02:00
Arthur Schiwon 8fe914f07e
LDAP backend to emit announce and revoke signals on mapping changes
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-05 12:38:39 +02:00
Roeland Jago Douma f4fd0224db
Do not use \OCP\DB anymore
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-26 14:40:23 +02:00
Arthur Schiwon cbf60f2e91
existence check works without attribute (like with users)
cn is not necessarily given everywhere

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-15 15:47:44 +01:00
Morris Jobke 8195b17ed7
Remove deprecated and unsused methods of OCP\DB
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-03-12 15:13:37 +01:00
Morris Jobke cccf6f4d5f
Merge pull request #8221 from Cybso/8220_applyLdapUserFilter_on_members
Apply ldapUserFilter on members of group
2018-03-08 13:19:02 +01:00
Roland Tapken 2472b93fd9 dn2ocname: also apply group filter to readAttribute()
Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2018-03-07 12:18:46 +01:00
Roeland Jago Douma c2320aea22
Merge pull request #8634 from nextcloud/ldap-no-empty-names
do not create empty userid when attribute does not have allowed chars
2018-03-05 19:37:17 +01:00
Arthur Schiwon 47a10bd25a
treat iconv issues
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-05 14:03:08 +01:00
Arthur Schiwon 4f8c724318
typo + phpdoc
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-05 13:30:28 +01:00
Arthur Schiwon 8607992e85
do not create empty userid when attribute does not have allowed chars
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-02 17:44:06 +01:00
Arthur Schiwon 04f7252fc4
use hash algo that's robust against collisions
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-02 16:26:36 +01:00
Arthur Schiwon 238c3a5201
fix retrieving group members with numerical uids from LDAP
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-02-23 12:05:50 +01:00
Arthur Schiwon 9bc75307e7
track the state of the bind result
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-02-22 13:05:33 +01:00
Morris Jobke 236086c457
Merge pull request #8335 from nextcloud/remove-unused-import
Remove unused import statements
2018-02-14 22:23:07 +01:00
Morris Jobke d3d045dd5c
Remove unused import statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-14 16:55:43 +01:00
Morris Jobke e2974f1133
Simplify return statement
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-13 21:55:24 +01:00
Roland Tapken cf4ec7a4b6 Apply ldapUserFilter on members of group
Refers to issue #8220

user_ldap configured with custom filters for active directory access
(group-member-association is "member"). Then it can happen that the
members of a group contain members that don't belong to the users
available in Nextcloud (the most trivial reason is that the user filter
contains "(!(UserAccountControl:1.2.840.113556.1.4.803:=2))" to exclude
disabled users from being imported).

This can be fixed by applying the ldapUserFilter when resolving the UID
for a DN fetched from the group's member list.

Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2018-02-07 12:02:58 +01:00
blizzz 8f29f9a59b
typo
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-31 21:50:55 +01:00
Arthur Schiwon 8753a816d8
fixes reading the sysconfig value
settings without the entry in the translation array are computed

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-31 13:46:13 +01:00
Morris Jobke eb51f06a3b
Use ::class statement instead of string
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-29 12:03:47 +01:00
Morris Jobke a661f043e1
Remove unneeded semicolon and parentheses
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 23:46:40 +01:00
Morris Jobke 2ad2eb38e8
Use type casting instead of *val() method
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 15:01:27 +01:00
Morris Jobke ca493ab5b1
Merge pull request #8069 from nextcloud/no-catch-serverdown
do not catch and ignore ServerNotAvailable in the wrong spot
2018-01-26 14:01:07 +01:00
Arthur Schiwon b61b906abe
do not catch ServerNotAvailable
might cause the user to be unavailable (race condition).

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-26 12:47:19 +01:00
Morris Jobke 6bbea33133
Simplify ternary operator statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 12:36:25 +01:00
Morris Jobke c1e4f9f305
Use type casting instead of *val() method
It should be up to 6x faster

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 11:35:42 +01:00
Morris Jobke 0a56d2185e
Return value immediately instead of assigning to a one-time variable
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 00:02:03 +01:00
Morris Jobke 2a38605545
Properly log the full exception instead of only the message
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-23 10:57:21 +01:00
Morris Jobke 55532f19d9
Cleanup OC_User and OCP\User
* mainly removes deprecated methods and old static code

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-16 18:39:11 +01:00
Roeland Jago Douma 8a41d05761
Remove deprecated \OCP\Config
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-13 14:25:04 +01:00
Arthur Schiwon f84ec92563
revert resolving of recursion (3628d4d65d)
without recursion we have issues with internal states. paged search status
are set to false, cookies are not being set. In the end we have  endless
requests which pile up enormously with a high initial offset.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-11 15:17:18 +01:00
Arthur Schiwon 9031ae0281
fix return value when ldapPagingSize returns null
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-11 14:47:51 +01:00
Arthur Schiwon 15a3f4659f
enrich log message with backtrace, but level it down to DEBUG
The message is not helpful anyway for an admin, and oftentimes is just
valid (e.g. when searching with an offset beyond users in LDAP).

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-11 14:17:14 +01:00
Arthur Schiwon f292f98060
when paged results are turned off, all (max possible) users are returned
thus hasMoreResult should return false

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-11 13:20:17 +01:00
Arthur Schiwon 7c3db54ff6
fix changing to next cycle
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-08 13:45:06 +01:00
Arthur Schiwon b17c5fec40
add unit test for qualifies to run
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-08 13:08:59 +01:00
Arthur Schiwon a565bf0b9f
fix offset is never being reset
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-05 14:29:11 +01:00
Arthur Schiwon 82da4fde18
create failing test for this case
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-05 14:27:36 +01:00
Morris Jobke 4d0315ceae
Merge pull request #7599 from nextcloud/quieter-debug-log
don't show recurring log msg when paged result was turned off
2018-01-03 00:40:46 +01:00
Arthur Schiwon c8851e24a8
throw ServerNotAvailableException when LDAP is caught shutting down
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-02 12:20:44 +01:00
Arthur Schiwon 82fd09c294
don't show recurring msg when pages result was turned off
and only as debug level otherwise.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-12-21 14:29:56 +01:00
Morris Jobke d2d73f1ce8
Also replace all other occurences
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-12-18 20:57:11 +01:00
Arthur Schiwon 5ce943aa85
don't use deprecated method for requesting memcache
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-12-18 20:57:11 +01:00
Morris Jobke defac0ff0d
Fixes hex2bin() in LDAP
Untangles the two if-else clauses into a more readable format.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-12-13 11:57:49 +01:00
Arthur Schiwon 27f14eee26
don't cache user, if no internal user id was retrieved/assigned
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-12-07 22:47:32 +01:00
Arthur Schiwon 991190b994
ensure that users are cached when they are retrieved
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-12-07 17:49:33 +01:00
sidey79 45dfc11137
tryfix needsRefresh unit tests
Forced updateAttributesInterval from getAppValue to int

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-10 17:07:41 +01:00
sidey79 039f6c9636
Fixed Typo in user.php
Fixed a typo for the app config prameter updateAttributesInterval

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-10 17:07:41 +01:00
sidey79 0b290c0904
Update User.php
Makes the time between needsRefresh configurable via app config option updateAttribuesInterval.
Default is still 86400 secons which is one day.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-10 17:07:36 +01:00
Arthur Schiwon 419759e68b
resolve DI
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-09 11:10:59 +01:00
Arthur Schiwon 8113f26eed
add Sync test
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-09 11:10:58 +01:00
Arthur Schiwon 59c05d5447
move LDAP user attributes "sync" to background (except for ajax jobs)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-09 11:10:56 +01:00
Arthur Schiwon ef3cd32916
don't skip updating when ajax is set as background job mode
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-09 11:10:04 +01:00
Arthur Schiwon c6f1af9896
move ldap user sync to background (WIP)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-09 11:09:59 +01:00
Lukas Reschke 2bfa1ce5c3
Merge pull request #5568 from nextcloud/ldap-agent-credentials-safe
Ldap agent credentials save
2017-11-09 09:26:51 +01:00
Morris Jobke 0eebff152a
Update license headers
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Vinicius Cubas Brand fa565750d1 User_LDAP plugins: smaller fixes
Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
2017-11-03 11:42:59 -02:00
Vinicius Cubas Brand 10ca793452 Plugins infrastructure in User_LDAP
Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
2017-11-03 11:41:40 -02:00
Arthur Schiwon 7b0868ddac
fix saving changes…
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-27 14:25:19 +02:00
Arthur Schiwon 9a1f706ae4
fix creating an empty configuration
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-27 14:25:19 +02:00
Arthur Schiwon 52b1b97c58
Fix regression: undesired writes to the DB
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-27 14:25:19 +02:00
Arthur Schiwon 4eab39f133
LDAP: only write actually changes values to the DB
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-27 14:25:19 +02:00
Arthur Schiwon 3628d4d65d
avoid unnecessary recursion
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-25 17:23:42 +02:00
Lukas Reschke 9932b7498d Merge pull request #6873 from nextcloud/ldap_proxy_redix_fix
Ldap proxy Redis fix
2017-10-19 12:03:04 +02:00
Lukas Reschke 7de6f7cd07 Merge pull request #6677 from nextcloud/downstream-dont-reset-quota
don't reset quota
2017-10-19 11:42:37 +02:00
Roeland Jago Douma 4388ec2231
Little bit of code cleanup
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-19 11:05:24 +02:00
Roeland Jago Douma a6760560c6
Do not check existance before fetch
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-19 11:03:31 +02:00
Arthur Schiwon c9622ccb62
fix LDAP User deletion (cleanup)
discovered a bug in the integration test which lead to following a
different code path and giving a false-positive  success feedback.

Also listens now to the evendispatcher instead of old hook system

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-09-29 11:44:04 +02:00
Arthur Schiwon 3e2015a24c
and add missing whitespaces to log outout
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-09-28 01:16:57 +02:00
Juan Pablo Villafáñez d6d895dd74
Keep the current quota if no suitable quota is found
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-09-28 01:13:48 +02:00
Arthur Schiwon 5e74affea4
fix counting found results in search op
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-09-14 13:20:51 +02:00
Arthur Schiwon 34f9590169
replace hard-coded attribute with the corresponding settings option
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-09-14 13:20:51 +02:00
Arthur Schiwon 89f4e16cdb
fix limit-flaw in search on paged results
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-09-14 13:20:51 +02:00
Morris Jobke ba2e1c5db9 Merge pull request #5689 from nextcloud/fix-4117
LDAP: simplify returning the homePath and fixing #4117
2017-09-14 00:23:01 +02:00
Morris Jobke cebbb1633a Merge pull request #5642 from tobru/fix/groupOfUniqueNames_in_Wizard
recognize groupOfUniqueNames as valid LDAP group object
2017-09-05 13:33:15 +02:00
Morris Jobke ff93dd7eb1 Merge pull request #5466 from jlehtoranta/ldap-connectivity-fixes
LDAP Connectivity Fixes
2017-09-04 18:31:32 +02:00
Arthur Schiwon ab92e2ee14
listen to deletion hooks for proper handling, adjust and add tests
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-08-31 23:03:21 +02:00
Arthur Schiwon efedc81c0a
simplify returning the homePath and fixing #4117
homesToKill was not set in runtime since some changes some place else. It
required deleteUser() to be called first. The method acts independent of it
now.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-08-31 23:03:16 +02:00
Morris Jobke 43facdb95f Merge pull request #5616 from nextcloud/ldap-wizard-remove-LDAPTLS_REQCERT-attempt
LDAP Wizard: do not attempt to recognise cert issue by using LDAPTLS_REQCERT
2017-08-10 21:06:14 +02:00
Joas Schilling 45e2c415d4 Fix comparison in the ldap app
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-01 13:56:12 +02:00
Roeland Jago Douma ede15f0988
Fix L10N::t
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-01 08:20:17 +02:00
Morris Jobke c27498db71 Use IConfig instead of static OCP\Config
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-07-27 13:43:18 +02:00
Morris Jobke 89a7b007f2 Fix comments
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-07-25 08:57:58 +02:00
Jarkko Lehtoranta 69f6d42b17 LDAP: Simplify conditions in establishConnection
Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
2017-07-23 14:50:01 +03:00
Jarkko Lehtoranta 6103677a91 LDAP: Use imported exception in Connection class
Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
2017-07-23 14:50:01 +03:00
Jarkko Lehtoranta 79fbed4064 LDAP: Clean-up doConnect
Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
2017-07-23 14:50:01 +03:00
Jarkko Lehtoranta d87375cbaa LDAP: Throw an exception if disabling LDAP referrals fails
Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
2017-07-23 14:50:01 +03:00
Jarkko Lehtoranta de9a9bc004 LDAP: Throw an exception if Start TLS fails
This ensures that only a secure connection to the LDAP server will be used,
if Start TLS has been enabled.

Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
2017-07-23 14:50:01 +03:00
Jarkko Lehtoranta ee2c6e8215 LDAP: Remove unnecessary "recursion" fix
This reverts commit 86d72b9a61
"LDAP: fix possible recursion".

Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
2017-07-23 14:50:01 +03:00
Jarkko Lehtoranta 039a836d4a LDAP: Don't handle invalid credentials as a connection error
Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
2017-07-23 14:50:01 +03:00
Jarkko Lehtoranta 4e2e592635 LDAP: Connect to backup server only if it exists + handle errors
Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
2017-07-23 14:50:01 +03:00
Arthur Schiwon 25439919f8
fix phpdoc return types (no code change)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-07-21 14:55:12 +02:00
Arthur Schiwon 9b2f171cbd
do not attempt to recognise cert issue by using LDAPTLS_REQCERT
first, it does not work (at least not everywhere/reliably), second if it
did it was not reset properly. Removes a bit of complexity.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-07-21 14:55:11 +02:00
Allan Nordhøy ddc804aa32 : Bigversal and LDAP 2017-07-14 15:46:05 +02:00
Roger Szabo 0ebec6f9a4 Rectify variable $uid->$user
Signed-off-by: Roger Szabo <roger.szabo@web.de>
2017-07-10 18:46:39 +08:00
Tobias Brunner f8735a3205 recognize groupOfUniqueNames as valid LDAP group object
This was already partly done in f88109b but was missed in the
fetchGroups function.
2017-07-07 08:29:58 +02:00
Roger Szabo 51ecc7ce11 suppress superflous php error on rejected password change
Signed-off-by: Roger Szabo <roger.szabo@web.de>
2017-06-30 18:36:33 +08:00
Roger Szabo bf9412df63 set needsPasswordReset flag correctly
Signed-off-by: Roger Szabo <roger.szabo@web.de>
2017-06-22 15:58:30 +08:00
Roger Szabo 0fcbc0954c pass missing function parameter
Signed-off-by: Roger Szabo <roger.szabo@web.de>
2017-06-21 14:40:44 +08:00
Arthur Schiwon b79f9cadc2
fix paging
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-05-26 13:44:43 +02:00
Arthur Schiwon bd5d12528f
make sure used ldap connection resource is always up to date
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-05-25 00:45:48 +02:00
bline 8c89bf7c59
moved to something a little less invasive. back to passing CR around.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-05-25 00:36:51 +02:00
bline 8829d84949
special case for controlPagedResultResponse. It would be nice if there was a generic way to pass by reference with call_user_func_array..
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-05-25 00:34:52 +02:00
Morris Jobke ba43a09380 Merge pull request #4512 from nextcloud/fix-translations-2
Fix translations
2017-04-26 08:57:08 -03:00
Joas Schilling 6c28c4ac8b
Use correct plural form and add special strings for tomorrow and today
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-26 09:34:59 +02:00
Arthur Schiwon 43f451e9e0
Fix usersInGroup retrieval
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-25 15:07:05 +02:00
Arthur Schiwon 685faad5ca
fix method name due to changes in master
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-25 13:03:08 +02:00
Arthur Schiwon b1d646640a
Merge branch 'master' of https://github.com/Xuanwo/server into Xuanwo-master2 2017-04-25 12:42:17 +02:00
Xuanwo 8db21ad8c8 user_ldap: Add support for gidNumber
This patch is based on the work of @dleeuw (https://github.com/dleeuw)
(See https://github.com/nextcloud/server/issues/2640#issuecomment-269615883 for more details).
The difference is user & group data will be written into cache to have
better performance, and functions splited from primaryGroupID series to
make them more readable.

Fixed https://github.com/nextcloud/server/issues/2640

Signed-off-by: Xuanwo <xuanwo@yunify.com>
2017-04-25 10:06:47 +08:00
blizzz 42e805f057 Merge pull request #1023 from GitHubUser4234/ldap_password_renew_pr
Handle password expiry in user_ldap
2017-04-24 12:17:04 +02:00
Lukas Reschke 727688ebd9
Adjust existing bruteforce protection code
- Moves code to annotation
- Adds the `throttle()` call on the responses on existing annotations

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-14 13:42:40 +02:00
Morris Jobke 229d17e13b
Change LDAP method names
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 10:10:07 -05:00
Morris Jobke 1729e4471f
Update comments to Nextcloud
* based on PR by @Ardinis
* see #4311

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-11 23:16:27 -05:00
Roger Szabo 5fa218051b unit test adjustment
Signed-off-by: Roger Szabo <roger.szabo@web.de>
2017-04-07 18:06:50 +08:00
Roger Szabo f49ff74943 blizzz comments 03.04.2017 with caching
Signed-off-by: Roger Szabo <roger.szabo@web.de>
2017-04-06 16:57:07 +08:00
Roger Szabo 33c8bf1857 blizzz comments 03.04.2017
Signed-off-by: Roger Szabo <roger.szabo@web.de>
2017-04-06 16:26:41 +08:00
Roger Szabo 1853c1ade2 remove redundant tabs
Signed-off-by: Roger Szabo <roger.szabo@web.de>
2017-03-31 15:27:50 +08:00
Roger Szabo 5e7723f15c restore ldap_password_renew_pr
Signed-off-by: Roger Szabo <roger.szabo@web.de>
2017-03-31 15:16:22 +08:00
Roeland Jago Douma 70f93bf53a Merge pull request #4143 from nextcloud/ldap-downstream-64
Correctly apply quota
2017-03-30 14:10:21 +02:00
Morris Jobke d17678b5b2 Merge pull request #4141 from nextcloud/ldap-downstream-9
Convert the group limit to match the same behaviour as the user search
2017-03-29 15:47:28 -06:00
Roeland Jago Douma 636575e3de Merge pull request #3329 from andreas-p/ldap_no-memberof-with-memberuid
Ldap no memberof with memberuid
2017-03-29 19:12:51 +02:00
Juan Pablo Villafáñez 3676189e05
Add comments in the updateQuota method to explain the behavior
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-03-29 13:32:16 +02:00
Juan Pablo Villafáñez f9832ff347
Check if the user exists before trying to set the quota
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-03-29 13:32:16 +02:00
Juan Pablo Villafáñez 3345a72e7e
Correctly apply quota
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-03-29 13:32:11 +02:00
Juan Pablo Villafáñez 9e2e0c4c30
Convert the group limit to match the same behaviour as the user search
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-03-29 12:49:08 +02:00
Morris Jobke a5ba1f7803
Remove legacy class OC_Group and OC_User
* basically a straight replacement of the wrapped code at the calling code parts

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-09 17:35:09 -06:00
Arthur Schiwon 42ddb12fd9
Background jobs can take 4k of characters only. We find a good batch size.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-02-17 20:06:25 +01:00
Arthur Schiwon 497ee3e3e6
Add repair steps
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-02-17 18:45:33 +01:00
Arthur Schiwon 45615cc940
add integration test for uuid attr detection
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-02-17 12:05:51 +01:00
Arthur Schiwon f87812fdd6
Fix determining the UUID attribute, default of the override is null
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-02-17 02:06:10 +01:00
Morris Jobke 52ef851da3 Merge pull request #3421 from espro/freeipa-uuid-fix
Update uuidAttributes list to include FreeIPA's ipauniqueid
2017-02-15 08:07:58 -06:00
Brent Bloxam f7b8a31d63 Update uuidAttributes list to include FreeIPA's ipauniqueid
Signed-off-by: Brent Bloxam <brent.bloxam@gmail.com>
2017-02-10 10:23:13 -05:00
Andreas Pflug b64e48335f Don't try to use memberof on posixgroups, since it doesn't support
memberUid attributes.

Signed-off-by: Andreas Pflug <dev@admin4.org>
2017-01-31 01:40:09 +01:00
Arthur Schiwon 9983e05121
LDAP's checkPassword should only catch when a user was not found, fixes #2431
Also fixes error processing after ldap_search, due to different return format

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-01-30 17:06:51 +01:00
Morris Jobke 3a603ab8b4 Merge pull request #3264 from nextcloud/ldap-deny-long-dns
Gracefully deny users or groups with too long DNs
2017-01-26 01:15:43 -06:00
Morris Jobke feab1e5b94 Merge pull request #3162 from nextcloud/ldap-ocs
Part 1 of LDAP Backend OCS Api
2017-01-25 22:45:34 -06:00
Arthur Schiwon 03ae7b654f
Gracefully deny users or groups with too long DNs
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-01-25 17:10:51 +01:00
Morris Jobke e46410e856
Add icon to admin page sidebar for LDAP
* follow up to nextcloud/server#3151

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-01-24 12:54:32 -06:00
Arthur Schiwon 91ed70f094
fix deletion for configIDs < s10
Also move ensureConfigIDExists checks into try, it might throw DB
related exceptions

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-01-20 23:01:46 +01:00
Arthur Schiwon 9ca4065ef5
LDAP PUT command now supports setting multiple keys at once
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-01-20 22:01:08 +01:00
Arthur Schiwon 1f7b08bd19
LDAP OCS Api for show config
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-01-19 15:19:20 +01:00
Arthur Schiwon f2c9d04eac
test against OCS v2 instead
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-01-19 12:48:50 +01:00
Arthur Schiwon 01d469dfea
add LDAP OCS Api for modifying a configuration
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-01-19 11:09:04 +01:00
Joas Schilling 17a7eaabcd
Add the icons for shipped apps
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-19 10:42:22 +01:00
Arthur Schiwon 18a75bec0d
fix and extend behat tests
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-01-19 10:04:15 +01:00
Arthur Schiwon a515de54e7
LDAP OCS Api for delete config
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-01-18 23:17:58 +01:00
Arthur Schiwon 689df9a843
LDAP OCS Api for create config
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-01-18 21:13:23 +01:00
Arthur Schiwon 7887566cff
remove frequent, unimportant log message
Fixes #2585

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-12-19 23:36:11 +01:00
Arthur Schiwon 0c8e4b91d3
adjust: sanitizeDN resides in Helper
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-12-05 11:36:20 +01:00
Juan Pablo Villafáñez efa1077872
Extract lowercase conversion out of the loop
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-12-05 11:29:47 +01:00
Arthur Schiwon 6496b95564
range support for LDAP read operations
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-12-05 11:29:16 +01:00
Arthur Schiwon 1e5344ffe9
log exception about user not present on LDAP on login only if loglevel is set to debug
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-11-29 17:05:55 +01:00
Lukas Reschke 4c5e7d270a
Add tests
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-23 19:58:43 +01:00
root 861c8572c0
restore ldap_password_pr
Signed-off-by: Roger Szabo <roger.szabo@web.de>

remove notification part

Signed-off-by: Roger Szabo <roger.szabo@web.de>

blizzz comments

Signed-off-by: Roger Szabo <roger.szabo@web.de>

morris comment

Signed-off-by: Roger Szabo <roger.szabo@web.de>

improved error message for changing password

Signed-off-by: Roger Szabo <roger.szabo@web.de>

blizz comments 20161013

Signed-off-by: Roger Szabo <roger.szabo@web.de>

Signed-off-by: Roger Szabo <roger.szabo@web.de>

Adjust HintException usage

Signed-off-by: Roger Szabo <roger.szabo@web.de>

Signed-off-by: Roger Szabo <roger.szabo@web.de>
2016-11-23 19:02:48 +01:00
Arthur Schiwon dade28cadd
Merge branch 'master' into downstream-ldap-3
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-16 14:42:16 +02:00
Victor Dubiniuk 011d5f554c
Harden empty
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-13 00:53:34 +02:00
Arthur Schiwon 9e817e9e0b
symfony replaced table helper by class, fixes two broken LDAP occ commands
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-12 23:47:07 +02:00
Roeland Jago Douma 7d2f70ef72
Use more IConfig and add unit tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-10 10:51:13 +02:00
Roeland Jago Douma bdf4bf4669
DI IConfig into ldap helper
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-10 10:18:18 +02:00
Roeland Jago Douma 1ba2b7e5d4
Do not query data that is already in the appconfig
This is already available. We better use a simple regex.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-10 09:39:20 +02:00
Arthur Schiwon a30341823e
cache loginName2UserName and cover the method with unit tests
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-07 01:39:57 +02:00
Joas Schilling 82c29e1204
Log the error with display name
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-06 11:21:43 +02:00
Jörn Friedrich Dreyer 0ae9a2c9fe
Prevent user with empty uid
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-04 12:26:06 +02:00
Joas Schilling 01cf85e4e5
Fix the User_LDAP app 2016-09-12 16:48:11 +02:00
Roeland Jago Douma 013f691fe9
Fix phpdoc 2016-08-29 20:20:17 +02:00
Jörn Friedrich Dreyer 4d31caa6f8
fix a few minor code smells 2016-08-29 14:34:37 +02:00
Lukas Reschke 8a7a0f3287
Add unit tests 2016-08-15 16:25:34 +02:00
Arthur Schiwon 7a2b96c7e6
change casing in section display names 2016-08-13 00:06:10 +02:00
Arthur Schiwon 14ddf9d923
rename IAdmin to ISettings, the interface is not bound to a specific settings scope 2016-08-11 14:48:21 +02:00
Arthur Schiwon 1eb8b951c2
more admin page splitup improvements
* bump version to ensure tables are created
* make updatenotification app use settings api
* change IAdmin::render() to getForm() and change return type from Template to TemplateResponse
* adjust User_LDAP accordingly, as well as built-in forms
* add IDateTimeFormatter to AppFramework/DependencyInjection/DIContainer.php. This is important so that \OC::$server->query() is able to resolve the
constructor parameters. We should ensure that all OCP/* stuff that is available from \OC::$server is available here. Kudos to @LukasReschke
* make sure apps that have settings info in their info.xml are loaded before triggering adding the settings setup method
2016-08-10 15:21:25 +02:00
Arthur Schiwon ceeb44bd04
Initial work on Apps page split:
* interfaces for the Admin settings (IAdmin) and section (ISection)
* SettingsManager service
* example setup with LDAP app
2016-08-09 18:05:09 +02:00
Morris Jobke 83c64f3485 Merge pull request #590 from nextcloud/fixing-undefined-OfflineUser-composeAndStoreDisplayName
Fix undefined OfflineUser::composeAndStoreDisplayName()
2016-07-28 17:41:02 +02:00
Lukas Reschke bf7afcdace Merge pull request #592 from nextcloud/ldap-avoidneedlesssetemailonlogin
Prevent setting email and triggering events at login time (#25553)
2016-07-28 17:09:59 +02:00
root bd65a17203 Nextcloud license header for new files 2016-07-28 15:13:00 +08:00
Vincent Petry 77df09d58a
Prevent setting email and triggering events at login time (#25553)
Whenever an LDAP user also has an email address defined in LDAP, the
LDAP code will try and update the email address of the locally known
user. This happens at login time or every time the user's LDAP
attributes are processed.

There is code listening to the email setting hook which updates the
system address book, which also will trigger FS setup due to avatars
and other things.

This fix only sets the email address when really necessary.
2016-07-27 11:28:33 +02:00
Thomas Müller 1177c70b9d
[stable9.1] Fix undefined OfflineUser::composeAndStoreDisplayName() - fixes #23248 2016-07-27 11:17:53 +02:00
root 2719dcabed Merge branch 'master' of https://github.com/nextcloud/server 2016-07-27 15:17:29 +08:00
root 1c64ee67af comments amended 2016-07-27 15:16:57 +08:00
root 32fb6beac3 final changes 2016-07-27 15:10:35 +08:00
blizzz f88109be75 Merge pull request #349 from nextcloud/ldab-groupOfUniqueNames
add groupOfUniqueNames as valid group object class
2016-07-26 23:32:47 +02:00
root 02ec8b1726 New LDAPProvider for user_ldap 2016-07-22 16:46:29 +08:00
Joas Schilling 0215b004da
Update with robin 2016-07-21 18:13:58 +02:00
Joas Schilling 813f0a0f40
Fix apps/ 2016-07-21 18:13:57 +02:00
Aaron Wood 7c0de08cc4
Escape special characters (#25429)
* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Use correct method in the AbstractMapping class

* Change the getNamesBySearch method so that input can be properly escaped while still supporting matches

* Don't escape hardcoded wildcard
2016-07-20 14:46:47 +02:00
Robin Appelman 81d4d85803 add groupOfUniqueNames as valid group object class 2016-07-08 18:13:22 +02:00
Vincent Petry b77fcc19d4 Merge pull request #25344 from owncloud/fix-ldap-check-user
check if renamed user is still valid by reapplying the ldap filter
2016-07-05 11:29:55 +02:00
felixboehm e901ec4941 check if renamed user is still valid by reapplying the ldap filter (#25338) 2016-07-04 14:20:08 +02:00
Jörn Friedrich Dreyer d2d2a75529 Cap LDAP user cache (#25323) 2016-07-04 13:57:15 +02:00
Jörn Friedrich Dreyer 704a993e37 Fix null pointer exception in user_ldap (#25062) 2016-06-21 16:30:48 +02:00
Thomas Müller 990ac34aaa Use proper namespaces - fixes #25078 (#25079) 2016-06-13 19:32:54 +02:00
Vincent Petry c5a6c8b70b
Use array_merge when reading cached groups members 2016-06-08 11:22:01 +02:00
Roeland Jago Douma dc4fd43f39
Use a capped memory cache for the user/group cache
For #24403
When upgrading huge installations this can lead to memory problems as
the cache will only grow and grow.

Capping this memory will make sure we don't run out while during normal
operation still basically cache everything.
2016-05-30 10:57:14 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Joas Schilling a4980a3de4
Last instances of lowercase user_ldap 2016-05-25 16:06:09 +02:00
Joas Schilling b616318327
Fix several minor issues 2016-05-25 16:06:08 +02:00
Joas Schilling db2e9df5f0
Move Job to a better class name 2016-05-25 16:06:06 +02:00
Joas Schilling c807a26bd8
Move Access to PSR-4 2016-05-25 16:04:59 +02:00
Joas Schilling 02d5b75fb4
Move BackendUtility to PSR-4 2016-05-25 16:04:59 +02:00
Joas Schilling aa7b600383
Move Configuration to PSR-4 2016-05-25 16:04:59 +02:00
Joas Schilling af0a6961b1
Move Connection to PSR-4 2016-05-25 16:04:59 +02:00
Joas Schilling 387019a212
Move FilesystemHelper to PSR-4 2016-05-25 16:04:58 +02:00
Joas Schilling 7db6b487f5
Move Helper to PSR-4 2016-05-25 16:04:58 +02:00
Joas Schilling 391531851c
Move interface to PSR-4 2016-05-25 16:04:58 +02:00
Joas Schilling 3690ce1b36
Move LDAP to PSR-4 2016-05-25 16:04:58 +02:00
Joas Schilling 5b3087d375
Move LDAP Utility to PSR-4 2016-05-25 16:04:57 +02:00
Joas Schilling 6feccccbd5
Move LogWrapper to PSR-4 2016-05-25 16:04:57 +02:00
Joas Schilling e73d811425
Move Proxy to PSR-4 2016-05-25 16:04:57 +02:00
Joas Schilling d16a97a273
lib/user 2016-05-25 16:04:57 +02:00
Joas Schilling d4e828f39e
Move wizard 2016-05-25 16:04:57 +02:00
Joas Schilling 3f5e76162d
Move lib\user to PSR-4 2016-05-25 16:04:56 +02:00
Joas Schilling b7fa527791
Move User_LDAP and User_Proxy to PSR-4 2016-05-25 16:04:56 +02:00
Joas Schilling cbba55a26c
Move Group_LDAP and Group_Proxy to PSR-4 2016-05-25 16:04:56 +02:00
Joas Schilling 4ac283ecd3
Move Command namespace to PSR-4 2016-05-25 16:04:56 +02:00
Joas Schilling 9d61acb27d
Move User_LDAP to PSR-4 2016-05-25 16:04:55 +02:00
Thomas Müller 6321596134 Merge pull request #24052 from owncloud/fix-ldap-cache-race-conditions
Fix LDAP race conditions
2016-04-25 14:55:20 +02:00
Arthur Schiwon 203b0e9cba
on clone Connection, do not take over the existing LDAP resource
For one, it solves potential conflicts when using the resource. For the
other, one on the login check (the only place where a clone happens
currently) we do not need to rebind after confirming the user's login
was successful.
2016-04-22 21:43:41 +02:00
Morris Jobke 62a59854f0
Fix LDAP race conditions
* getFromCache is wrapped in isCached
* inbetween the two calls the cache entry hits it's TTL
* getFromCache returns null
* this fix only checkes if the returned value is null and
  return only non-null values
2016-04-20 21:50:28 +02:00
C. Montero Luque 5911ce530b Merge pull request #23527 from owncloud/fix-21136
disable Paged Search when chunksize is set to 0, fixes #21136
2016-04-14 11:14:19 -04:00
Stefan Weil 16df1c5188 apps: Fix typos (found by codespell) (#23862)
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-04-12 12:52:51 +02:00
Thomas Müller f6b846584b Handle case where the user is not known - fixes #23759 2016-04-04 16:56:59 +02:00
Arthur Schiwon c9587cea76 disable Paged Search when chunksize is set to 0, fixes #21136 2016-03-23 19:47:31 +01:00
Thomas Müller 8442516e10 Merge pull request #23329 from owncloud/fix-21555
Avatar must be saved after login is done and external storages set up…
2016-03-21 09:47:50 +01:00
Arthur Schiwon d8621c78ed Avatar must be saved after login is done and external storages set up properly, fixes #21555 2016-03-16 20:51:03 +01:00
Arthur Schiwon 8e0bd5630c fix writing to cache when fallback server should be used immediately 2016-03-16 14:44:18 +01:00
Arthur Schiwon fe2a506e56 remove deprecated ldap_sort 2016-03-10 13:13:38 +01:00
Arthur Schiwon 5d3183afcd improve log output when no LDAP user was found on login attempt 2016-03-05 00:18:34 +01:00
Arthur Schiwon 82b55c4db9 untangle different user manager instances, fixes #22770 2016-03-02 13:02:43 +01:00
Lukas Reschke c353d51810 Remove Scrutinizer Auto Fixer 2016-03-01 17:48:23 +01:00
Lukas Reschke 933f60e314 Update author information
Probably nice for the people that contributed to 9.0 to see themselves in the AUTHORS file :)
2016-03-01 17:25:15 +01:00
Arthur Schiwon b9b85e32be take the first result of that array, if present. Fixes 2nd display name to be 'Array', if cache is configured and enabled. 2016-02-24 21:32:03 +01:00
Arthur Schiwon 3a796d1e15 Consolidate getQuota and setQuota methods in User instance 2016-02-09 17:16:43 +01:00
Thomas Müller 69a4cd2898 Merge pull request #22102 from owncloud/ldap_2nddispname-master
[LDAP] add second field for additional/optional display name attribute
2016-02-06 13:27:01 +01:00
Alex Weirig 0d797637f3 code changes for user_ldap Dynamic Group Membership
Added new setting of “Dynamic Group Member URL”
(ldapDynamicGroupMemberURL) - see LDAP settings advanced tab.

Added public function getDynamicGroupMembers.

Updated function _groupMembers.

Updated function getUserGroups.
2016-02-03 21:50:27 +01:00
Arthur Schiwon c1871f5787 Port of test_ldap_2nddispname to master 2016-02-03 13:55:39 +01:00
Morris Jobke e4ad4c7e98 [user_ldap] properly decode cached objects
* fixes #21896
2016-01-29 07:51:16 +01:00
Thomas Müller 77069f5582 Use IUser::setEMailAddress in ldap as well 2016-01-20 15:21:33 +01:00
Thomas Müller aeb89947a2 Introduce IUser::setEMailAddress and add hook mechanism 2016-01-20 14:57:20 +01:00
Thomas Müller dd733d8925 Merge pull request #20804 from owncloud/fix-ldap-process-user-wo-displayname
LDAP: do not attempt to process user records without display name, fi…
2016-01-20 11:33:26 +01:00
Scrutinizer Auto-Fixer 83a8e75614 Scrutinizer Auto-Fixes
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
2016-01-15 12:54:26 +00:00
Thomas Müller 682821c71e Happy new year! 2016-01-12 15:02:18 +01:00
Arthur Schiwon 1ed6132899 LDAP: do not attempt to process user records without display name, fixes fatal error 2016-01-11 11:21:02 +01:00
Ralph Krimmel 26d0f42dac Respect user enumeration
Respect shareapi_allow_share_dialog_user_enumeration in user_ldap filter
generation function to increase search performance in sharing dialog.
2016-01-08 15:32:31 +01:00
Thomas Müller 70b58cf367 Merge pull request #17924 from owncloud/ldap-fix-appending-port
ensure an LDAP URL is used, append the port to the host URL when necessary, and just in one place
2016-01-08 12:34:15 +01:00
Morris Jobke 553a981980 Make LDAP more robust to exceptions and log them properly 2016-01-06 13:46:55 +01:00
Arthur Schiwon e39415c946 fix find DN by UUID for AD 2015-12-14 22:42:27 +01:00
Arthur Schiwon 4020d5b77a look for DN changes before marking a user as deleted 2015-12-11 01:56:53 +01:00