Commit Graph

70 Commits

Author SHA1 Message Date
Arthur Schiwon ce6d64b122 fix detecting cyclic group memberships
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-03-01 11:13:14 +00:00
Arthur Schiwon 71a762b3a7 fix parameter provided as string not array
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-01-28 19:40:13 +00:00
Arthur Schiwon cca1fb792b check number of members after potential resolving of rdns
- the type check is not necessary anymore for the return type of
  _groupMembers()

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-12-15 21:37:54 +00:00
Arthur Schiwon 213464afca use faster and less hungry foreach
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-12-15 21:37:51 +00:00
Tobias Perschon 250c7535cd moved the array_reduce to fix large search case
also added some additional comments and renamed some vars to make it intuitive whats in them

Signed-off-by: Tobias Perschon <tobias@perschon.at>
2020-12-15 21:37:49 +00:00
Arthur Schiwon d818975d84 flatten result array as expected by following code
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-12-15 21:37:47 +00:00
Arthur Schiwon fbfac673c9 when nesting is not enabled, the group filter can be applied right away
- helps performance, but skipping unnecessary entries
- reduces reoccuring info-level log output against groups that do not
  qualify ("no or empty name")

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-10-19 13:37:22 +00:00
Christoph Wurst 2a054e6c04
Update the license headers for Nextcloud 20
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-08-24 14:54:25 +02:00
Arthur Schiwon 7eb6d8df0a
do not flip available state to unavailable, allow empty results
- the detection relies that the first, requested result is not empty
- it might be empty though – groups without members
- protect switching from available to unavailable
  - switching the other way around was also not envisaged either

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-08-11 19:03:27 +02:00
Arthur Schiwon 7ea262dba0
LDAP: shortcut in reading nested group members when IN_CHAIN is available
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-08-11 18:22:11 +02:00
Arthur Schiwon 7c07f0c7f3
use break not continue in switch to avoid warning
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-08-10 17:34:11 +02:00
Tobias Perschon 551d904bb0
added "zimbraMailForwardingAddress" as a Group-Member association attribute to enable the use of Zimbra Distribution Lists as groups in nextcloud when connecting to a zimbra LDAP
Signed-off-by: Tobias Perschon <tobias@perschon.at>

fix cs:check

Signed-off-by: Tobias Perschon <tobias@perschon.at>

Update apps/user_ldap/lib/Group_LDAP.php

Co-authored-by: blizzz <blizzz@arthur-schiwon.de>
Signed-off-by: Tobias Perschon <tobias@perschon.at>
2020-08-07 23:30:44 +02:00
Morris Jobke d72d9ff1f4
Merge pull request #21171 from nextcloud/enh/noid/tidy-up-group-ldap
tidy up Group_LDAP
2020-07-06 14:00:27 +02:00
Arthur Schiwon b8bef4ded0
fix strings being passed where arrays where expected
also brought type hints up to internal API level

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-06-24 23:34:37 +02:00
Arthur Schiwon 64fe042b0d
tidy up Group_LDAP
* remove unused method
* resolve code duplication
* remove usage of deprectad Util::writeLog
* phpDoc updates
* signature updates

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-06-08 13:40:24 +02:00
Arthur Schiwon aed6f0f71e
simplify getGroups, fixing wrong chunking logic
pagination is taken care of properly in the search logic in Access class

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-05-27 14:41:10 +02:00
Christoph Wurst cb057829f7
Update license headers for 19
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-29 11:57:22 +02:00
Clement Wong 9f5f505acf Don't remove last user in ldap group when limit is -1
Signed-off-by: Clement Wong <git@clement.hk>
2020-04-27 02:33:00 +02:00
Arthur Schiwon 4babdc082b
formatting
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-04-23 21:34:05 +02:00
Arthur Schiwon e8ddb4718c
consolidate groupsMatchFilter in groupsExist
- less duplication
- profiting of the same cache entry

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-04-17 12:38:07 +02:00
Christoph Wurst caff1023ea
Format control structures, classes, methods and function
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 14:19:56 +02:00
Christoph Wurst 14c996d982
Use elseif instead of else if
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 10:35:09 +02:00
Christoph Wurst afbd9c4e6e
Unify function spacing to PSR2 recommendation
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 13:54:22 +02:00
Christoph Wurst 2fbad1ed72
Fix (array) indent style to always use one tab
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 10:16:08 +02:00
Christoph Wurst 85e369cddb
Fix multiline comments
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-08 22:24:54 +02:00
Christoph Wurst 1a9330cd69
Update the license headers for Nextcloud 19
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-31 14:52:54 +02:00
Christoph Wurst b80ebc9674
Use the short array syntax, everywhere
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-26 16:34:56 +01:00
blizzz 950856d5bb
Merge pull request #17717 from nextcloud/fix/noid/ldap-relax-getHome
relax strict getHome behaviour for LDAP users in a shadow state
2020-01-14 09:57:24 +01:00
Arthur Schiwon 489ed878e1
ensure that only valid group members are returned
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-01-13 17:13:08 +01:00
Arthur Schiwon 79667b58a9
cache group existence early to save useless requests to LDAP
we do it for users already

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-01-08 11:02:37 +01:00
Christoph Wurst 5bf3d1bb38
Update license headers
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-05 15:38:45 +01:00
Arthur Schiwon 213016f758
uid can be false when the user record does not exit
fixes not loading files app for users who got a share by the gone LDAP user

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-11-20 19:44:12 +01:00
Arthur Schiwon d0f31c590d
Also invalidate groups after deletion
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-27 10:33:40 +02:00
Arthur Schiwon 660fbd64e3
ensures mapping of chosen userid
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-19 17:02:28 +02:00
Arthur Schiwon 1d48c0313c
fix inGroup check, thus make integration tests succeed
there is not such strange return mode. Having invalid user ids caused this
check to fail, and as side effect share limitation to groups to not work.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-14 06:23:58 +02:00
Arthur Schiwon c6c8a41d2f
group display name support (service level + ldap)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-05-27 12:03:05 +02:00
Vinicius Cubas Brand a2c38148e7
Cache cleaning when subadmin adds user to group
This commit fix an error happening when the subadmin tries to create an
user, adding him/her to the group s/he is subadmin of, using a LDAP
User/Group plugin.

This just forces the cache to be reset after an user is added to a
group.

Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
2019-03-21 10:20:46 +01:00
Arthur Schiwon 5dd2207c95
fix nested group retrieval also for 2 other cases
and also consolidate logic in one method

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-03-05 11:07:40 +01:00
Roland Tapken e7c506cff1
Reduce queries to LDAP by caching nested groups
Nested groups are now cached in a CappedMemoryCache object to reduce
queries to the LDAP backend.

Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:40 +01:00
Roland Tapken afb182650e
user_ldap: really resolve nested groups
The previous patch fixed the problem only for one level of indirection
because groupsMatchFilter() had been applied on each recursive call (and
thus there would be no second level if the first level fails the check).

This new implementation replaces the recursive call with a stack that
iterates all nested groups before filtering with groupsMatchFilter().

Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:40 +01:00
Roland Tapken c2d8a36d9a
user_ldap: Filter groups after nexted groups
Currently groupsMatchFilter is called before nested groups are resolved.
This basicly breaks this feature since it is not possible to inherit
membership in a group from another group.

Minimal example:

  Group filter: (&(objectClass=group),(cn=nextcloud))
  Nested groups: enabled

  cn=nextcloud,ou=Nextcloud,ou=groups,dn=company,dn=local
    objectClass: group

  cn=IT,ou=groups,dn=company,dn=local
    objectClass: group
    memberOf: cn=nextcloud,ou=Nextcloud,ou=groups,dn=company,dn=local

  cn=John Doe,ou=users,dn=company,dn=local
    objectClass: person
    memberOf: cn=IT,ou=groups,dn=company,dn=local

Since 'cn=IT,ou=groups,dn=company,dn=local' doesn't match the group
filter, John wouldn't be a member of group 'nextcloud'.

This patch fixes this by filtering the groups after all nested groups
have been collected. If nested groups is disabled the result will be the
same as without this patch.

Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:35 +01:00
Arthur Schiwon 2048872f9e
functions that were checked for are present since PHP 5.4, supported is >=/
* so the check from older days is really not necessary anymore
* resolves #10923

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-10-25 22:50:42 +02:00
Morris Jobke 3d8f174774
Resolve all group memberships properly
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-08-21 10:57:50 +02:00
Arthur Schiwon 38a90130ce
move log constants to ILogger
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-26 10:45:52 +02:00
Arthur Schiwon 238c3a5201
fix retrieving group members with numerical uids from LDAP
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-02-23 12:05:50 +01:00
Morris Jobke e2974f1133
Simplify return statement
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-13 21:55:24 +01:00
Morris Jobke 2ad2eb38e8
Use type casting instead of *val() method
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 15:01:27 +01:00
Morris Jobke c1e4f9f305
Use type casting instead of *val() method
It should be up to 6x faster

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 11:35:42 +01:00
Morris Jobke 0eebff152a
Update license headers
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Vinicius Cubas Brand fa565750d1 User_LDAP plugins: smaller fixes
Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
2017-11-03 11:42:59 -02:00