Morris Jobke
cccf6f4d5f
Merge pull request #8221 from Cybso/8220_applyLdapUserFilter_on_members
...
Apply ldapUserFilter on members of group
2018-03-08 13:19:02 +01:00
Roland Tapken
2472b93fd9
dn2ocname: also apply group filter to readAttribute()
...
Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2018-03-07 12:18:46 +01:00
Arthur Schiwon
47a10bd25a
treat iconv issues
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-05 14:03:08 +01:00
Arthur Schiwon
4f8c724318
typo + phpdoc
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-05 13:30:28 +01:00
Arthur Schiwon
8607992e85
do not create empty userid when attribute does not have allowed chars
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-02 17:44:06 +01:00
Morris Jobke
e2974f1133
Simplify return statement
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-13 21:55:24 +01:00
Roland Tapken
cf4ec7a4b6
Apply ldapUserFilter on members of group
...
Refers to issue #8220
user_ldap configured with custom filters for active directory access
(group-member-association is "member"). Then it can happen that the
members of a group contain members that don't belong to the users
available in Nextcloud (the most trivial reason is that the user filter
contains "(!(UserAccountControl:1.2.840.113556.1.4.803:=2))" to exclude
disabled users from being imported).
This can be fixed by applying the ldapUserFilter when resolving the UID
for a DN fetched from the group's member list.
Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2018-02-07 12:02:58 +01:00
Morris Jobke
a661f043e1
Remove unneeded semicolon and parentheses
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 23:46:40 +01:00
Morris Jobke
2ad2eb38e8
Use type casting instead of *val() method
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 15:01:27 +01:00
Arthur Schiwon
b61b906abe
do not catch ServerNotAvailable
...
might cause the user to be unavailable (race condition).
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-26 12:47:19 +01:00
Morris Jobke
55532f19d9
Cleanup OC_User and OCP\User
...
* mainly removes deprecated methods and old static code
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-16 18:39:11 +01:00
Arthur Schiwon
f84ec92563
revert resolving of recursion ( 3628d4d65d
)
...
without recursion we have issues with internal states. paged search status
are set to false, cookies are not being set. In the end we have endless
requests which pile up enormously with a high initial offset.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-11 15:17:18 +01:00
Arthur Schiwon
15a3f4659f
enrich log message with backtrace, but level it down to DEBUG
...
The message is not helpful anyway for an admin, and oftentimes is just
valid (e.g. when searching with an offset beyond users in LDAP).
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-11 14:17:14 +01:00
Arthur Schiwon
82fd09c294
don't show recurring msg when pages result was turned off
...
and only as debug level otherwise.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-12-21 14:29:56 +01:00
Morris Jobke
defac0ff0d
Fixes hex2bin() in LDAP
...
Untangles the two if-else clauses into a more readable format.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-12-13 11:57:49 +01:00
Arthur Schiwon
27f14eee26
don't cache user, if no internal user id was retrieved/assigned
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-12-07 22:47:32 +01:00
Arthur Schiwon
991190b994
ensure that users are cached when they are retrieved
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-12-07 17:49:33 +01:00
Arthur Schiwon
419759e68b
resolve DI
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-09 11:10:59 +01:00
Arthur Schiwon
59c05d5447
move LDAP user attributes "sync" to background (except for ajax jobs)
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-09 11:10:56 +01:00
Arthur Schiwon
ef3cd32916
don't skip updating when ajax is set as background job mode
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-09 11:10:04 +01:00
Arthur Schiwon
c6f1af9896
move ldap user sync to background (WIP)
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-09 11:09:59 +01:00
Morris Jobke
0eebff152a
Update license headers
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Arthur Schiwon
3628d4d65d
avoid unnecessary recursion
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-25 17:23:42 +02:00
Arthur Schiwon
5e74affea4
fix counting found results in search op
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-09-14 13:20:51 +02:00
Arthur Schiwon
89f4e16cdb
fix limit-flaw in search on paged results
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-09-14 13:20:51 +02:00
Roger Szabo
51ecc7ce11
suppress superflous php error on rejected password change
...
Signed-off-by: Roger Szabo <roger.szabo@web.de>
2017-06-30 18:36:33 +08:00
Arthur Schiwon
b79f9cadc2
fix paging
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-05-26 13:44:43 +02:00
Arthur Schiwon
bd5d12528f
make sure used ldap connection resource is always up to date
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-05-25 00:45:48 +02:00
bline
8c89bf7c59
moved to something a little less invasive. back to passing CR around.
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-05-25 00:36:51 +02:00
bline
8829d84949
special case for controlPagedResultResponse. It would be nice if there was a generic way to pass by reference with call_user_func_array..
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-05-25 00:34:52 +02:00
blizzz
42e805f057
Merge pull request #1023 from GitHubUser4234/ldap_password_renew_pr
...
Handle password expiry in user_ldap
2017-04-24 12:17:04 +02:00
Morris Jobke
229d17e13b
Change LDAP method names
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 10:10:07 -05:00
Morris Jobke
1729e4471f
Update comments to Nextcloud
...
* based on PR by @Ardinis
* see #4311
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-11 23:16:27 -05:00
Roger Szabo
33c8bf1857
blizzz comments 03.04.2017
...
Signed-off-by: Roger Szabo <roger.szabo@web.de>
2017-04-06 16:26:41 +08:00
Morris Jobke
a5ba1f7803
Remove legacy class OC_Group and OC_User
...
* basically a straight replacement of the wrapped code at the calling code parts
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-09 17:35:09 -06:00
Arthur Schiwon
f87812fdd6
Fix determining the UUID attribute, default of the override is null
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-02-17 02:06:10 +01:00
Arthur Schiwon
9983e05121
LDAP's checkPassword should only catch when a user was not found, fixes #2431
...
Also fixes error processing after ldap_search, due to different return format
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-01-30 17:06:51 +01:00
Arthur Schiwon
03ae7b654f
Gracefully deny users or groups with too long DNs
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-01-25 17:10:51 +01:00
Arthur Schiwon
0c8e4b91d3
adjust: sanitizeDN resides in Helper
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-12-05 11:36:20 +01:00
Juan Pablo Villafáñez
efa1077872
Extract lowercase conversion out of the loop
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-12-05 11:29:47 +01:00
Arthur Schiwon
6496b95564
range support for LDAP read operations
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-12-05 11:29:16 +01:00
Lukas Reschke
4c5e7d270a
Add tests
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-23 19:58:43 +01:00
root
861c8572c0
restore ldap_password_pr
...
Signed-off-by: Roger Szabo <roger.szabo@web.de>
remove notification part
Signed-off-by: Roger Szabo <roger.szabo@web.de>
blizzz comments
Signed-off-by: Roger Szabo <roger.szabo@web.de>
morris comment
Signed-off-by: Roger Szabo <roger.szabo@web.de>
improved error message for changing password
Signed-off-by: Roger Szabo <roger.szabo@web.de>
blizz comments 20161013
Signed-off-by: Roger Szabo <roger.szabo@web.de>
Signed-off-by: Roger Szabo <roger.szabo@web.de>
Adjust HintException usage
Signed-off-by: Roger Szabo <roger.szabo@web.de>
Signed-off-by: Roger Szabo <roger.szabo@web.de>
2016-11-23 19:02:48 +01:00
Arthur Schiwon
dade28cadd
Merge branch 'master' into downstream-ldap-3
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-16 14:42:16 +02:00
Victor Dubiniuk
011d5f554c
Harden empty
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-13 00:53:34 +02:00
Arthur Schiwon
9e817e9e0b
symfony replaced table helper by class, fixes two broken LDAP occ commands
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-12 23:47:07 +02:00
Arthur Schiwon
a30341823e
cache loginName2UserName and cover the method with unit tests
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-07 01:39:57 +02:00
Jörn Friedrich Dreyer
4d31caa6f8
fix a few minor code smells
2016-08-29 14:34:37 +02:00
root
02ec8b1726
New LDAPProvider for user_ldap
2016-07-22 16:46:29 +08:00
Joas Schilling
813f0a0f40
Fix apps/
2016-07-21 18:13:57 +02:00