fix(ldap): store last known user groups

- for LDAP user life cycle management

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php
index 6700890c8c7cf32f9e0ad6010b199860c797ba9c..243cca99841c87b3cc9077a47a0a33d1f8865a49 100644 (file)
--- a/apps/user_ldap/lib/Connection.php
+++ b/apps/user_ldap/lib/Connection.php
@@ -288,6 +288,10 @@ class Connection extends LDAPUtility {
                return json_decode(base64_decode($this->cache->get($key) ?? ''), true);
        }
 
+       public function getConfigPrefix(): string {
+               return $this->configPrefix;
+       }
+
        /**
         * @param string $key
         * @param mixed $value

diff --git a/apps/user_ldap/lib/Group_LDAP.php b/apps/user_ldap/lib/Group_LDAP.php
index b32e031175ff99994150ea767fa4efdfbda2fa3a..8d27eb1815d92d6e2420b255959477a33977c046 100644 (file)
--- a/apps/user_ldap/lib/Group_LDAP.php
+++ b/apps/user_ldap/lib/Group_LDAP.php
@@ -45,12 +45,16 @@
 namespace OCA\User_LDAP;
 
 use Exception;
+use OCA\User_LDAP\User\OfflineUser;
 use OCP\Cache\CappedMemoryCache;
 use OCP\GroupInterface;
 use OCP\Group\Backend\IDeleteGroupBackend;
 use OCP\Group\Backend\IGetDisplayNameBackend;
 use OC\ServerNotAvailableException;
+use OCP\IConfig;
+use OCP\Server;
 use Psr\Log\LoggerInterface;
+use function json_decode;
 
 class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, IGetDisplayNameBackend, IDeleteGroupBackend {
        protected bool $enabled = false;
@@ -81,7 +85,7 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I
                $this->cachedGroupsByMember = new CappedMemoryCache();
                $this->cachedNestedGroups = new CappedMemoryCache();
                $this->groupPluginManager = $groupPluginManager;
-               $this->logger = \OCP\Server::get(LoggerInterface::class);
+               $this->logger = Server::get(LoggerInterface::class);
                $this->ldapGroupMemberAssocAttr = strtolower((string)$gAssoc);
        }
 
@@ -661,15 +665,28 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I
         * @throws Exception
         * @throws ServerNotAvailableException
         */
-       public function getUserGroups($uid) {
+       public function getUserGroups($uid): array {
                if (!$this->enabled) {
                        return [];
                }
+               $ncUid = $uid;
+
                $cacheKey = 'getUserGroups' . $uid;
                $userGroups = $this->access->connection->getFromCache($cacheKey);
                if (!is_null($userGroups)) {
                        return $userGroups;
                }
+
+               $user = $this->access->userManager->get($uid);
+               if ($user instanceof OfflineUser) {
+                       // We load known group memberships from configuration for remnants,
+                       // because LDAP server does not contain them anymore
+                       /** @var IConfig $config */
+                       $config = Server::get(IConfig::class);
+                       $groupStr = $config->getUserValue($uid, 'user_ldap', 'cached-group-memberships-' . $this->access->connection->getConfigPrefix(), '[]');
+                       return json_decode($groupStr) ?? [];
+               }
+
                $userDN = $this->access->username2dn($uid);
                if (!$userDN) {
                        $this->access->connection->writeToCache($cacheKey, []);
@@ -783,6 +800,10 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I
 
                $groups = array_unique($groups, SORT_LOCALE_STRING);
                $this->access->connection->writeToCache($cacheKey, $groups);
+               /** @var IConfig $config */
+               $config = Server::get(IConfig::class);
+               $groupStr = \json_encode($groups);
+               $config->setUserValue($ncUid, 'user_ldap', 'cached-group-memberships-' . $this->access->connection->getConfigPrefix(), $groupStr);
 
                return $groups;
        }