From 50ccfb4f5bd200c2b12b737c3c7ba8c0e4eb1302 Mon Sep 17 00:00:00 2001 From: =?utf8?q?C=C3=B4me=20Chilliet?= Date: Tue, 23 May 2023 16:03:17 +0200 Subject: [PATCH] [user_ldap] Add per-connection setting for marking remnants as disabled MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Côme Chilliet --- apps/user_ldap/js/wizard/wizardTabAdvanced.js | 13 ++++++++++ apps/user_ldap/lib/Configuration.php | 3 +++ apps/user_ldap/lib/Connection.php | 1 + apps/user_ldap/lib/User_LDAP.php | 4 +-- apps/user_ldap/templates/settings.php | 25 ++++++++++--------- 5 files changed, 32 insertions(+), 14 deletions(-) diff --git a/apps/user_ldap/js/wizard/wizardTabAdvanced.js b/apps/user_ldap/js/wizard/wizardTabAdvanced.js index a438b847401..3b251897968 100644 --- a/apps/user_ldap/js/wizard/wizardTabAdvanced.js +++ b/apps/user_ldap/js/wizard/wizardTabAdvanced.js @@ -67,6 +67,10 @@ OCA = OCA || {}; $element: $('#ldap_attributes_for_user_search'), setMethod: 'setSearchAttributesUsers' }, + ldap_mark_remnants_as_disabled: { + $element: $('#ldap_mark_remnants_as_disabled'), + setMethod: 'setMarkRemnantsAsDisabled' + }, ldap_group_display_name: { $element: $('#ldap_group_display_name'), setMethod: 'setGroupDisplayName' @@ -275,6 +279,15 @@ OCA = OCA || {}; this.setElementValue(this.managedItems.ldap_attributes_for_user_search.$element, attributes); }, + /** + * enables or disables marking remnants as disabled + * + * @param {string} markRemnantsAsDisabled contains an int + */ + setMarkRemnantsAsDisabled: function(markRemnantsAsDisabled) { + this.setElementValue(this.managedItems.ldap_mark_remnants_as_disabled.$element, markRemnantsAsDisabled); + }, + /** * sets the display name attribute for groups * diff --git a/apps/user_ldap/lib/Configuration.php b/apps/user_ldap/lib/Configuration.php index ef64f75a9ef..abdb174c882 100644 --- a/apps/user_ldap/lib/Configuration.php +++ b/apps/user_ldap/lib/Configuration.php @@ -115,6 +115,7 @@ class Configuration { 'ldapExpertUsernameAttr' => null, 'ldapExpertUUIDUserAttr' => null, 'ldapExpertUUIDGroupAttr' => null, + 'markRemnantsAsDisabled' => false, 'lastJpegPhotoLookup' => null, 'ldapNestedGroups' => false, 'ldapPagingSize' => null, @@ -468,6 +469,7 @@ class Configuration { 'ldap_expert_uuid_group_attr' => '', 'has_memberof_filter_support' => 0, 'use_memberof_to_detect_membership' => 1, + 'ldap_mark_remnants_as_disabled' => 0, 'last_jpegPhoto_lookup' => 0, 'ldap_nested_groups' => 0, 'ldap_paging_size' => 500, @@ -543,6 +545,7 @@ class Configuration { 'ldap_expert_uuid_group_attr' => 'ldapExpertUUIDGroupAttr', 'has_memberof_filter_support' => 'hasMemberOfFilterSupport', 'use_memberof_to_detect_membership' => 'useMemberOfToDetectMembership', + 'ldap_mark_remnants_as_disabled' => 'markRemnantsAsDisabled', 'last_jpegPhoto_lookup' => 'lastJpegPhotoLookup', 'ldap_nested_groups' => 'ldapNestedGroups', 'ldap_paging_size' => 'ldapPagingSize', diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php index d8d00dd4d27..76a80583029 100644 --- a/apps/user_ldap/lib/Connection.php +++ b/apps/user_ldap/lib/Connection.php @@ -63,6 +63,7 @@ use Psr\Log\LoggerInterface; * @property string ldapEmailAttribute * @property string ldapExtStorageHomeAttribute * @property string homeFolderNamingRule + * @property bool|string markRemnantsAsDisabled * @property bool|string ldapNestedGroups * @property string[] ldapBaseGroups * @property string ldapGroupFilter diff --git a/apps/user_ldap/lib/User_LDAP.php b/apps/user_ldap/lib/User_LDAP.php index bf317f1b95b..61abb1627f9 100644 --- a/apps/user_ldap/lib/User_LDAP.php +++ b/apps/user_ldap/lib/User_LDAP.php @@ -676,8 +676,8 @@ class User_LDAP extends BackendUtility implements IUserBackend, UserInterface, I } public function isUserEnabled(string $uid, callable $queryDatabaseValue): bool { - if ($this->deletedUsersIndex->isUserMarked($uid) && ($this->ocConfig->getAppValue('user_ldap', 'markRemnantsAsDisabled', '0') === '1')) { - return true; + if ($this->deletedUsersIndex->isUserMarked($uid) && ((int)$this->access->connection->markRemnantsAsDisabled === 1)) { + return false; } else { return $queryDatabaseValue(); } diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php index 916ff84b82a..ae4091288b5 100644 --- a/apps/user_ldap/templates/settings.php +++ b/apps/user_ldap/templates/settings.php @@ -1,6 +1,6 @@ '.$l->t('Warning: The PHP LDAP module is not installed, the backend will not work. Please ask your system administrator to install it.').'

'); } - ?> +?> @@ -91,20 +91,21 @@ style('user_ldap', 'settings');

t('Optional. An LDAP attribute to be added to the display name in brackets. Results in e.g. »John Doe (john.doe@example.org)«.'));?>

t('Base User Tree'));?>

t('User Search Attributes'));?>

+

t('When switched on, users imported from LDAP which are then missing will be disabled'));?>

t('The LDAP attribute to use to generate the groups\'s display name.'));?>

t('Base Group Tree'));?>

t('Group Search Attributes'));?>

+ p(' selected'); + } ?>>uniqueMember

t('The LDAP attribute that on group objects contains an LDAP search URL that determines what objects belong to the group. (An empty setting disables dynamic group membership functionality.)'));?>

t('When switched on, groups that contain groups are supported. (Only works if the group member attribute contains DNs.)'));?>

t('Chunksize used for paged LDAP searches that may return bulky results like user or group enumeration. (Setting it 0 disables paged LDAP searches in those situations.)'));?>

-- 2.39.5