LDAP plugins must change the createUser method to return the DN, as we
need this to update the cache.
Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
This commit fix an error happening when the subadmin tries to create an
user, adding him/her to the group s/he is subadmin of, using a LDAP
User/Group plugin.
This just forces the cache to be reset after an user is added to a
group.
Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
This fixes collisions that were causing uploads to break in a very
terrible way.
Kudos to @kesselb for finding the problematic place and to
@hottwister for the proposed solution.
Fixes#10527.
Don't try to connect to the lookup server if the lookup server was disabled
by the admin or an empty lookup server URL was given
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
Fails with:
There was 1 failure:
1) TrashbinTest::testExpireOldFiles
Failed asserting that null is identical to 'file2.txt'.
/drone/src/github.com/nextcloud/server/apps/files_trashbin/tests/TrashbinTest.php:186
OR
1) TrashbinTest::testExpireOldFiles
Failed asserting that null is identical to 'file2.txt'.
/drone/src/github.com/nextcloud/server/apps/files_trashbin/tests/TrashbinTest.php:193
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Nested groups are now cached in a CappedMemoryCache object to reduce
queries to the LDAP backend.
Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
The previous patch fixed the problem only for one level of indirection
because groupsMatchFilter() had been applied on each recursive call (and
thus there would be no second level if the first level fails the check).
This new implementation replaces the recursive call with a stack that
iterates all nested groups before filtering with groupsMatchFilter().
Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
Currently groupsMatchFilter is called before nested groups are resolved.
This basicly breaks this feature since it is not possible to inherit
membership in a group from another group.
Minimal example:
Group filter: (&(objectClass=group),(cn=nextcloud))
Nested groups: enabled
cn=nextcloud,ou=Nextcloud,ou=groups,dn=company,dn=local
objectClass: group
cn=IT,ou=groups,dn=company,dn=local
objectClass: group
memberOf: cn=nextcloud,ou=Nextcloud,ou=groups,dn=company,dn=local
cn=John Doe,ou=users,dn=company,dn=local
objectClass: person
memberOf: cn=IT,ou=groups,dn=company,dn=local
Since 'cn=IT,ou=groups,dn=company,dn=local' doesn't match the group
filter, John wouldn't be a member of group 'nextcloud'.
This patch fixes this by filtering the groups after all nested groups
have been collected. If nested groups is disabled the result will be the
same as without this patch.
Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
If the job is still present we should also not fire it off if there is
not a single active 2FA provider.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Fixes#14125
Listen to 2FA disable event. If a provider is disabled for a user. We
check if there are no more providers. If there are no more providers we
Remove the backupcode reminder notification (if still present).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>