Commit Graph

774 Commits

Author SHA1 Message Date
blizzz 950856d5bb
Merge pull request #17717 from nextcloud/fix/noid/ldap-relax-getHome
relax strict getHome behaviour for LDAP users in a shadow state
2020-01-14 09:57:24 +01:00
Arthur Schiwon 489ed878e1
ensure that only valid group members are returned
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-01-13 17:13:08 +01:00
Arthur Schiwon 79667b58a9
cache group existence early to save useless requests to LDAP
we do it for users already

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-01-08 11:02:37 +01:00
Arthur Schiwon 5cae135b94
decouple userExists from userExistsOnLDAP check
allows to mark users as offline right away, avoids a gap of being not a
user and causing weird side effects

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-01-08 09:21:22 +01:00
Arthur Schiwon 411a47cadb
relax strict getHome behaviour for LDAP users in a shadow state
* simplifies deletion process
* less strange behaviour when looking up home storage (as long as it is local)
* thus could enable transfer ownerships after user went invisible on ldap

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-01-08 09:21:21 +01:00
Christoph Wurst 5bf3d1bb38
Update license headers
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-05 15:38:45 +01:00
Roeland Jago Douma 3a7cf40aaa
Mode to modern phpunit
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 15:27:18 +01:00
Roeland Jago Douma 68748d4f85
Some php-cs fixes
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-22 20:52:10 +01:00
blizzz e7f225c013
Merge pull request #18016 from nextcloud/fix/noid/ldap-checkup-batchsize
make chunksize (used to check for gone LDAP users) configurable
2019-11-21 11:05:54 +01:00
Arthur Schiwon 213016f758
uid can be false when the user record does not exit
fixes not loading files app for users who got a share by the gone LDAP user

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-11-20 19:44:12 +01:00
Arthur Schiwon f990620e6b
make chunksize (used to check for gone LDAP users) configurable
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-11-20 19:43:53 +01:00
Arthur Schiwon 38a8306e32
treat LDAP error 50 as auth issue, prevents lost server connection errors
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-10-18 18:55:10 +02:00
blizzz e105d19585
Merge pull request #17002 from nextcloud/fix/noid/ldap-dont-process-known-avas
Don't process known avatars from LDAP
2019-10-02 16:32:52 +02:00
Arthur Schiwon 8d2f712420
Don't process known avatars from LDAP
* avoids useless FS operation
* avoids useless DB writes
* avoids useless addressbook updates
* addendum to #17001

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-09-04 14:44:48 +02:00
Arthur Schiwon 3ce5d4e545
reduce adressbook change events and handling
... from four to one on avatar updates

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-09-04 13:46:25 +02:00
Arthur Schiwon ef237f8e36
fix check for null
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-08-02 13:09:38 +02:00
Arthur Schiwon a2c5ab2f8b
adjusts LDAP's home handler to use the correct user object
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-08-02 08:39:39 +02:00
Julius Härtl 72aaf2e5fb
files_external: Make sure the correct user context is used in substitution of variables
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-08-02 08:39:24 +02:00
Morris Jobke c00d6f4eac
Merge pull request #14540 from army1349/master
LDAP Password Modify Extended Operation support
2019-07-19 17:29:24 +02:00
Arthur Schiwon 40c9a743fa
adds an --update flag to check-user for manual sync of the ldap record
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-07-18 14:30:43 +02:00
Joas Schilling 6d71e471e1
Update shipped implementations of the INotifier
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-15 15:15:00 +02:00
Morris Jobke 0d0850746e
Merge pull request #15741 from mxss/fix/phpdoc-fixes
misc phpdoc fixes
2019-07-02 22:25:41 +02:00
Arthur Schiwon d0f31c590d
Also invalidate groups after deletion
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-27 10:33:40 +02:00
Arthur Schiwon 108227ca6c
invalidates user when plugin reported deletion success
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-26 14:18:28 +02:00
blizzz c1eff72bdf
Merge pull request #15964 from nextcloud/enh/noid/user-creation-options
Opt-in for generation userid, requiring email addresses
2019-06-21 11:08:59 +02:00
Arthur Schiwon 660fbd64e3
ensures mapping of chosen userid
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-19 17:02:28 +02:00
Arthur Schiwon 0b34085f24
fixes return type in php doc
* the backend already expects and works with the string

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-19 13:40:07 +02:00
Arthur Schiwon 8a7b0a68a5
fixes returning the base when multiple are specified
* reading the config directly will return the value with line breaks
* using the proper accessor gives us all bases in an array
* returns the first matching one
* having user id provided for the group base is strange and does not let
  us operate like this. here we return the first one. might change in
  future, a backportable fix won't have an API change however.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-19 13:39:15 +02:00
Arthur Schiwon a1f2dbe29c
caches the displayname after an LDAP plugin set it
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-18 12:42:03 +02:00
Arthur Schiwon 1d48c0313c
fix inGroup check, thus make integration tests succeed
there is not such strange return mode. Having invalid user ids caused this
check to fail, and as side effect share limitation to groups to not work.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-14 06:23:58 +02:00
Arthur Schiwon c6c8a41d2f
group display name support (service level + ldap)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-05-27 12:03:05 +02:00
Max Kovalenko a83b79c5f8
misc phpdoc fixes
Signed-off-by: Max Kovalenko <mxss1998@yandex.ru>
2019-05-27 09:04:05 +03:00
Arthur Schiwon 3372bcc7fc
fixes possible override of uniqueMember by autodetection
* uniqueMember was the default so we did not know whether this setting is
  desired or the initial value
* autodetection of the user-group association attribute runs only when it
  was not set (as far as we knew)
* the default is now empty
* thus LDAPProvider might return this value as well (in exceptional cases)
* if a group base is given (edge case), use this instead of general base
* resolves #12682

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-05-17 16:19:23 +02:00
Morris Jobke 36618b111f
Pass old value to user triggerChange hook
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-04-11 10:03:38 +02:00
Arthur Schiwon 518998093f
set the loglevel in context, save the condition
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-04-02 22:52:12 +02:00
Vinicius Cubas Brand 61572a5b2e
LDAP plugin: force createUser to return new user's DN
LDAP plugins must change the createUser method to return the DN, as we
need this to update the cache.

Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
2019-03-21 10:20:46 +01:00
Vinicius Cubas Brand a2c38148e7
Cache cleaning when subadmin adds user to group
This commit fix an error happening when the subadmin tries to create an
user, adding him/her to the group s/he is subadmin of, using a LDAP
User/Group plugin.

This just forces the cache to be reset after an user is added to a
group.

Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
2019-03-21 10:20:46 +01:00
Vinicius Cubas Brand c4dbc428f9
fix user creation using LDAP Plugin
Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
2019-03-21 10:20:46 +01:00
Peter Kubica 3ed1d158bc LDAP Password Modify Extended Operation support
Signed-off-by: Peter Kubica <peter@kubica.ch>
2019-03-19 01:58:46 +01:00
Arthur Schiwon 5dd2207c95
fix nested group retrieval also for 2 other cases
and also consolidate logic in one method

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-03-05 11:07:40 +01:00
Roland Tapken e7c506cff1
Reduce queries to LDAP by caching nested groups
Nested groups are now cached in a CappedMemoryCache object to reduce
queries to the LDAP backend.

Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:40 +01:00
Roland Tapken afb182650e
user_ldap: really resolve nested groups
The previous patch fixed the problem only for one level of indirection
because groupsMatchFilter() had been applied on each recursive call (and
thus there would be no second level if the first level fails the check).

This new implementation replaces the recursive call with a stack that
iterates all nested groups before filtering with groupsMatchFilter().

Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:40 +01:00
Roland Tapken c2d8a36d9a
user_ldap: Filter groups after nexted groups
Currently groupsMatchFilter is called before nested groups are resolved.
This basicly breaks this feature since it is not possible to inherit
membership in a group from another group.

Minimal example:

  Group filter: (&(objectClass=group),(cn=nextcloud))
  Nested groups: enabled

  cn=nextcloud,ou=Nextcloud,ou=groups,dn=company,dn=local
    objectClass: group

  cn=IT,ou=groups,dn=company,dn=local
    objectClass: group
    memberOf: cn=nextcloud,ou=Nextcloud,ou=groups,dn=company,dn=local

  cn=John Doe,ou=users,dn=company,dn=local
    objectClass: person
    memberOf: cn=IT,ou=groups,dn=company,dn=local

Since 'cn=IT,ou=groups,dn=company,dn=local' doesn't match the group
filter, John wouldn't be a member of group 'nextcloud'.

This patch fixes this by filtering the groups after all nested groups
have been collected. If nested groups is disabled the result will be the
same as without this patch.

Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:35 +01:00
Arthur Schiwon 792bcb82ae
add LDAP ConfigHandler for external storages and "$home" var
* handler registered upon OCA\\Files_External::loadAdditionalBackends
  event as user_ldap is loaded before files_external
* new configuration field "ldapExtStorageHomeAttribute" (not in GUI yet)

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-02-14 15:22:22 +01:00
Arthur Schiwon 5c10a46445
ensure attribute names are lower cased
otherwise they will be skipped when the results is being formatted and the
lower-cased result keys do not match.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-02-14 14:13:32 +01:00
Filis Futsarov 18ae9d267a
Comment fix. 2019-01-30 23:23:09 +01:00
Arthur Schiwon c868892d2d
iterate over bases instead of doing parallel search
parallel search is not compatible with paged search, but the letter is
usually always applied.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-01-28 23:00:59 +01:00
Arthur Schiwon 85f14bc591
LDAP: extend remnants output with "detected on" field
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-12-21 17:24:28 +01:00
Arthur Schiwon fbd4e9e651
add tests for the DUI
as they are interact with the DB they are more integraiton than unit tests

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-12-21 17:24:23 +01:00
Arthur Schiwon 8bacbffe28
do not forgot to store the second displayname portion
otherwise it causes a chain reaction of system addressbook updates

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-12-20 23:11:00 +01:00