From 50ccfb4f5bd200c2b12b737c3c7ba8c0e4eb1302 Mon Sep 17 00:00:00 2001
From: =?utf8?q?C=C3=B4me=20Chilliet?=
Date: Tue, 23 May 2023 16:03:17 +0200
Subject: [PATCH] [user_ldap] Add per-connection setting for marking remnants
as disabled
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit
Signed-off-by: Côme Chilliet
---
apps/user_ldap/js/wizard/wizardTabAdvanced.js | 13 ++++++++++
apps/user_ldap/lib/Configuration.php | 3 +++
apps/user_ldap/lib/Connection.php | 1 +
apps/user_ldap/lib/User_LDAP.php | 4 +--
apps/user_ldap/templates/settings.php | 25 ++++++++++---------
5 files changed, 32 insertions(+), 14 deletions(-)
diff --git a/apps/user_ldap/js/wizard/wizardTabAdvanced.js b/apps/user_ldap/js/wizard/wizardTabAdvanced.js
index a438b847401..3b251897968 100644
--- a/apps/user_ldap/js/wizard/wizardTabAdvanced.js
+++ b/apps/user_ldap/js/wizard/wizardTabAdvanced.js
@@ -67,6 +67,10 @@ OCA = OCA || {};
$element: $('#ldap_attributes_for_user_search'),
setMethod: 'setSearchAttributesUsers'
},
+ ldap_mark_remnants_as_disabled: {
+ $element: $('#ldap_mark_remnants_as_disabled'),
+ setMethod: 'setMarkRemnantsAsDisabled'
+ },
ldap_group_display_name: {
$element: $('#ldap_group_display_name'),
setMethod: 'setGroupDisplayName'
@@ -275,6 +279,15 @@ OCA = OCA || {};
this.setElementValue(this.managedItems.ldap_attributes_for_user_search.$element, attributes);
},
+ /**
+ * enables or disables marking remnants as disabled
+ *
+ * @param {string} markRemnantsAsDisabled contains an int
+ */
+ setMarkRemnantsAsDisabled: function(markRemnantsAsDisabled) {
+ this.setElementValue(this.managedItems.ldap_mark_remnants_as_disabled.$element, markRemnantsAsDisabled);
+ },
+
/**
* sets the display name attribute for groups
*
diff --git a/apps/user_ldap/lib/Configuration.php b/apps/user_ldap/lib/Configuration.php
index ef64f75a9ef..abdb174c882 100644
--- a/apps/user_ldap/lib/Configuration.php
+++ b/apps/user_ldap/lib/Configuration.php
@@ -115,6 +115,7 @@ class Configuration {
'ldapExpertUsernameAttr' => null,
'ldapExpertUUIDUserAttr' => null,
'ldapExpertUUIDGroupAttr' => null,
+ 'markRemnantsAsDisabled' => false,
'lastJpegPhotoLookup' => null,
'ldapNestedGroups' => false,
'ldapPagingSize' => null,
@@ -468,6 +469,7 @@ class Configuration {
'ldap_expert_uuid_group_attr' => '',
'has_memberof_filter_support' => 0,
'use_memberof_to_detect_membership' => 1,
+ 'ldap_mark_remnants_as_disabled' => 0,
'last_jpegPhoto_lookup' => 0,
'ldap_nested_groups' => 0,
'ldap_paging_size' => 500,
@@ -543,6 +545,7 @@ class Configuration {
'ldap_expert_uuid_group_attr' => 'ldapExpertUUIDGroupAttr',
'has_memberof_filter_support' => 'hasMemberOfFilterSupport',
'use_memberof_to_detect_membership' => 'useMemberOfToDetectMembership',
+ 'ldap_mark_remnants_as_disabled' => 'markRemnantsAsDisabled',
'last_jpegPhoto_lookup' => 'lastJpegPhotoLookup',
'ldap_nested_groups' => 'ldapNestedGroups',
'ldap_paging_size' => 'ldapPagingSize',
diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php
index d8d00dd4d27..76a80583029 100644
--- a/apps/user_ldap/lib/Connection.php
+++ b/apps/user_ldap/lib/Connection.php
@@ -63,6 +63,7 @@ use Psr\Log\LoggerInterface;
* @property string ldapEmailAttribute
* @property string ldapExtStorageHomeAttribute
* @property string homeFolderNamingRule
+ * @property bool|string markRemnantsAsDisabled
* @property bool|string ldapNestedGroups
* @property string[] ldapBaseGroups
* @property string ldapGroupFilter
diff --git a/apps/user_ldap/lib/User_LDAP.php b/apps/user_ldap/lib/User_LDAP.php
index bf317f1b95b..61abb1627f9 100644
--- a/apps/user_ldap/lib/User_LDAP.php
+++ b/apps/user_ldap/lib/User_LDAP.php
@@ -676,8 +676,8 @@ class User_LDAP extends BackendUtility implements IUserBackend, UserInterface, I
}
public function isUserEnabled(string $uid, callable $queryDatabaseValue): bool {
- if ($this->deletedUsersIndex->isUserMarked($uid) && ($this->ocConfig->getAppValue('user_ldap', 'markRemnantsAsDisabled', '0') === '1')) {
- return true;
+ if ($this->deletedUsersIndex->isUserMarked($uid) && ((int)$this->access->connection->markRemnantsAsDisabled === 1)) {
+ return false;
} else {
return $queryDatabaseValue();
}
diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index 916ff84b82a..ae4091288b5 100644
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -1,6 +1,6 @@
'.$l->t('Warning: The PHP LDAP module is not installed, the backend will not work. Please ask your system administrator to install it.').'
');
}
- ?>
+?>
@@ -91,20 +91,21 @@ style('user_ldap', 'settings');
t('2nd User Display Name Field'));?>
t('Optional. An LDAP attribute to be added to the display name in brackets. Results in e.g. »John Doe (john.doe@example.org)«.'));?>
t('Base User Tree'));?>
t('Base User Tree'));?>
t('User Search Attributes'));?>
t('User Search Attributes'));?>
+ t('Disable users missing from LDAP'));?>
t('When switched on, users imported from LDAP which are then missing will be disabled'));?>
t('Group Display Name Field'));?>
t('The LDAP attribute to use to generate the groups\'s display name.'));?>
t('Base Group Tree'));?>
t('Base Group Tree'));?>
t('Group Search Attributes'));?>
t('Group Search Attributes'));?>
t('Group-Member association'));?> >uniqueMember >memberUid >member (AD) >gidNumber >zimbraMailForwardingAddress
+ p(' selected');
+ } ?>>uniqueMember>memberUid >member (AD) >gidNumber >zimbraMailForwardingAddress
t('Dynamic Group Member URL'));?>
t('The LDAP attribute that on group objects contains an LDAP search URL that determines what objects belong to the group. (An empty setting disables dynamic group membership functionality.)'));?>
t('Nested Groups'));?>
t('When switched on, groups that contain groups are supported. (Only works if the group member attribute contains DNs.)'));?>
t('Paging chunksize'));?>
t('Chunksize used for paged LDAP searches that may return bulky results like user or group enumeration. (Setting it 0 disables paged LDAP searches in those situations.)'));?>
--
2.39.5