fix(ldap): store last known user groups

- for LDAP user life cycle management

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

2 files changed, 27 insertions, 2 deletions

diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php
index d8d00dd4d27..f90add9ef9e 100644
--- a/apps/user_ldap/lib/Connection.php
+++ b/apps/user_ldap/lib/Connection.php
@@ -297,6 +297,10 @@ class Connection extends LDAPUtility {
 		return json_decode(base64_decode($this->cache->get($key) ?? ''), true);
 	}
 
+	public function getConfigPrefix(): string {
+		return $this->configPrefix;
+	}
+
 	/**
 	 * @param string $key
 	 * @param mixed $value
diff --git a/apps/user_ldap/lib/Group_LDAP.php b/apps/user_ldap/lib/Group_LDAP.php
index 84267171d37..1c3f8113beb 100644
--- a/apps/user_ldap/lib/Group_LDAP.php
+++ b/apps/user_ldap/lib/Group_LDAP.php
@@ -46,11 +46,15 @@ namespace OCA\User_LDAP;
 
 use Exception;
 use OC\ServerNotAvailableException;
+use OCA\User_LDAP\User\OfflineUser;
 use OCP\Cache\CappedMemoryCache;
 use OCP\GroupInterface;
 use OCP\Group\Backend\IDeleteGroupBackend;
 use OCP\Group\Backend\IGetDisplayNameBackend;
+use OCP\IConfig;
+use OCP\Server;
 use Psr\Log\LoggerInterface;
+use function json_decode;
 
 class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, IGetDisplayNameBackend, IDeleteGroupBackend {
 	protected bool $enabled = false;
@@ -81,7 +85,7 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I
 		$this->cachedGroupsByMember = new CappedMemoryCache();
 		$this->cachedNestedGroups = new CappedMemoryCache();
 		$this->groupPluginManager = $groupPluginManager;
-		$this->logger = \OCP\Server::get(LoggerInterface::class);
+		$this->logger = Server::get(LoggerInterface::class);
 		$this->ldapGroupMemberAssocAttr = strtolower((string)$gAssoc);
 	}
 
@@ -662,15 +666,28 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I
 	 * @throws Exception
 	 * @throws ServerNotAvailableException
 	 */
-	public function getUserGroups($uid) {
+	public function getUserGroups($uid): array {
 		if (!$this->enabled) {
 			return [];
 		}
+		$ncUid = $uid;
+
 		$cacheKey = 'getUserGroups' . $uid;
 		$userGroups = $this->access->connection->getFromCache($cacheKey);
 		if (!is_null($userGroups)) {
 			return $userGroups;
 		}
+
+		$user = $this->access->userManager->get($uid);
+		if ($user instanceof OfflineUser) {
+			// We load known group memberships from configuration for remnants,
+			// because LDAP server does not contain them anymore
+			/** @var IConfig $config */
+			$config = Server::get(IConfig::class);
+			$groupStr = $config->getUserValue($uid, 'user_ldap', 'cached-group-memberships-' . $this->access->connection->getConfigPrefix(), '[]');
+			return json_decode($groupStr) ?? [];
+		}
+
 		$userDN = $this->access->username2dn($uid);
 		if (!$userDN) {
 			$this->access->connection->writeToCache($cacheKey, []);
@@ -784,6 +801,10 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I
 
 		$groups = array_unique($groups, SORT_LOCALE_STRING);
 		$this->access->connection->writeToCache($cacheKey, $groups);
+		/** @var IConfig $config */
+		$config = Server::get(IConfig::class);
+		$groupStr = \json_encode($groups);
+		$config->setUserValue($ncUid, 'user_ldap', 'cached-group-memberships-' . $this->access->connection->getConfigPrefix(), $groupStr);
 
 		return $groups;
 	}