summaryrefslogtreecommitdiffstats
path: root/apps/user_ldap/lib
Commit message (Collapse)AuthorAgeFilesLines
* cache group existence early to save useless requests to LDAPArthur Schiwon2020-01-082-3/+20
| | | | | | we do it for users already Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Update license headersChristoph Wurst2019-12-0559-67/+91
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Mode to modern phpunitRoeland Jago Douma2019-11-271-3/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Some php-cs fixesRoeland Jago Douma2019-11-2214-32/+31
| | | | | | | | | | | * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #18016 from nextcloud/fix/noid/ldap-checkup-batchsizeblizzz2019-11-211-6/+9
|\ | | | | make chunksize (used to check for gone LDAP users) configurable
| * make chunksize (used to check for gone LDAP users) configurableArthur Schiwon2019-11-201-6/+9
| | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | uid can be false when the user record does not exitArthur Schiwon2019-11-201-8/+12
|/ | | | | | fixes not loading files app for users who got a share by the gone LDAP user Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* treat LDAP error 50 as auth issue, prevents lost server connection errorsArthur Schiwon2019-10-181-1/+2
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Merge pull request #17002 from nextcloud/fix/noid/ldap-dont-process-known-avasblizzz2019-10-021-2/+20
|\ | | | | Don't process known avatars from LDAP
| * Don't process known avatars from LDAPArthur Schiwon2019-09-041-2/+20
| | | | | | | | | | | | | | | | | | * avoids useless FS operation * avoids useless DB writes * avoids useless addressbook updates * addendum to #17001 Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | reduce adressbook change events and handlingArthur Schiwon2019-09-041-1/+1
|/ | | | | | ... from four to one on avatar updates Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* fix check for nullArthur Schiwon2019-08-021-1/+1
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* adjusts LDAP's home handler to use the correct user objectArthur Schiwon2019-08-021-2/+3
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* files_external: Make sure the correct user context is used in substitution ↵Julius Härtl2019-08-021-11/+4
| | | | | | of variables Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Merge pull request #14540 from army1349/masterMorris Jobke2019-07-192-1/+14
|\ | | | | LDAP Password Modify Extended Operation support
| * LDAP Password Modify Extended Operation supportPeter Kubica2019-03-192-1/+14
| | | | | | | | Signed-off-by: Peter Kubica <peter@kubica.ch>
* | adds an --update flag to check-user for manual sync of the ldap recordArthur Schiwon2019-07-181-8/+38
| | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | Update shipped implementations of the INotifierJoas Schilling2019-07-151-1/+21
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Merge pull request #15741 from mxss/fix/phpdoc-fixesMorris Jobke2019-07-021-0/+28
|\ \ | | | | | | misc phpdoc fixes
| * | misc phpdoc fixesMax Kovalenko2019-05-271-0/+28
| | | | | | | | | | | | Signed-off-by: Max Kovalenko <mxss1998@yandex.ru>
* | | Also invalidate groups after deletionArthur Schiwon2019-06-271-2/+11
| | | | | | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | | invalidates user when plugin reported deletion successArthur Schiwon2019-06-261-3/+6
| | | | | | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | | Merge pull request #15964 from nextcloud/enh/noid/user-creation-optionsblizzz2019-06-213-4/+22
|\ \ \ | | | | | | | | Opt-in for generation userid, requiring email addresses
| * | | ensures mapping of chosen useridArthur Schiwon2019-06-193-4/+22
| | | | | | | | | | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | | | fixes return type in php docArthur Schiwon2019-06-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | * the backend already expects and works with the string Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | | | fixes returning the base when multiple are specifiedArthur Schiwon2019-06-191-3/+21
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * reading the config directly will return the value with line breaks * using the proper accessor gives us all bases in an array * returns the first matching one * having user id provided for the group base is strange and does not let us operate like this. here we return the first one. might change in future, a backportable fix won't have an API change however. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | | caches the displayname after an LDAP plugin set itArthur Schiwon2019-06-181-1/+3
| | | | | | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | | fix inGroup check, thus make integration tests succeedArthur Schiwon2019-06-141-1/+0
| | | | | | | | | | | | | | | | | | | | | there is not such strange return mode. Having invalid user ids caused this check to fail, and as side effect share limitation to groups to not work. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | | group display name support (service level + ldap)Arthur Schiwon2019-05-274-2/+41
|/ / | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | fixes possible override of uniqueMember by autodetectionArthur Schiwon2019-05-173-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | * uniqueMember was the default so we did not know whether this setting is desired or the initial value * autodetection of the user-group association attribute runs only when it was not set (as far as we knew) * the default is now empty * thus LDAPProvider might return this value as well (in exceptional cases) * if a group base is given (edge case), use this instead of general base * resolves #12682 Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | Pass old value to user triggerChange hookMorris Jobke2019-04-111-1/+1
| | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | set the loglevel in context, save the conditionArthur Schiwon2019-04-021-3/+1
| | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | LDAP plugin: force createUser to return new user's DNVinicius Cubas Brand2019-03-211-1/+2
| | | | | | | | | | | | | | LDAP plugins must change the createUser method to return the DN, as we need this to update the cache. Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
* | Cache cleaning when subadmin adds user to groupVinicius Cubas Brand2019-03-211-0/+2
| | | | | | | | | | | | | | | | | | | | | | This commit fix an error happening when the subadmin tries to create an user, adding him/her to the group s/he is subadmin of, using a LDAP User/Group plugin. This just forces the cache to be reset after an user is added to a group. Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
* | fix user creation using LDAP PluginVinicius Cubas Brand2019-03-212-3/+11
|/ | | | Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
* fix nested group retrieval also for 2 other casesArthur Schiwon2019-03-052-60/+79
| | | | | | and also consolidate logic in one method Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Reduce queries to LDAP by caching nested groupsRoland Tapken2019-03-051-6/+18
| | | | | | | Nested groups are now cached in a CappedMemoryCache object to reduce queries to the LDAP backend. Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
* user_ldap: really resolve nested groupsRoland Tapken2019-03-051-14/+19
| | | | | | | | | | | The previous patch fixed the problem only for one level of indirection because groupsMatchFilter() had been applied on each recursive call (and thus there would be no second level if the first level fails the check). This new implementation replaces the recursive call with a stack that iterates all nested groups before filtering with groupsMatchFilter(). Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
* user_ldap: Filter groups after nexted groupsRoland Tapken2019-03-051-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently groupsMatchFilter is called before nested groups are resolved. This basicly breaks this feature since it is not possible to inherit membership in a group from another group. Minimal example: Group filter: (&(objectClass=group),(cn=nextcloud)) Nested groups: enabled cn=nextcloud,ou=Nextcloud,ou=groups,dn=company,dn=local objectClass: group cn=IT,ou=groups,dn=company,dn=local objectClass: group memberOf: cn=nextcloud,ou=Nextcloud,ou=groups,dn=company,dn=local cn=John Doe,ou=users,dn=company,dn=local objectClass: person memberOf: cn=IT,ou=groups,dn=company,dn=local Since 'cn=IT,ou=groups,dn=company,dn=local' doesn't match the group filter, John wouldn't be a member of group 'nextcloud'. This patch fixes this by filtering the groups after all nested groups have been collected. If nested groups is disabled the result will be the same as without this patch. Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
* add LDAP ConfigHandler for external storages and "$home" varArthur Schiwon2019-02-147-0/+171
| | | | | | | | * handler registered upon OCA\\Files_External::loadAdditionalBackends event as user_ldap is loaded before files_external * new configuration field "ldapExtStorageHomeAttribute" (not in GUI yet) Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* ensure attribute names are lower casedArthur Schiwon2019-02-141-13/+13
| | | | | | | otherwise they will be skipped when the results is being formatted and the lower-cased result keys do not match. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Comment fix.Filis Futsarov2019-01-301-1/+1
|
* iterate over bases instead of doing parallel searchArthur Schiwon2019-01-281-5/+28
| | | | | | | parallel search is not compatible with paged search, but the letter is usually always applied. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* LDAP: extend remnants output with "detected on" fieldArthur Schiwon2018-12-213-26/+57
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* add tests for the DUIArthur Schiwon2018-12-211-6/+6
| | | | | | as they are interact with the DB they are more integraiton than unit tests Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* do not forgot to store the second displayname portionArthur Schiwon2018-12-201-1/+1
| | | | | | otherwise it causes a chain reaction of system addressbook updates Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* LDAP clear cache on config modification also when done via API or CLIArthur Schiwon2018-12-173-1/+19
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* cache users as existing after mappingArthur Schiwon2018-11-271-14/+30
| | | | | | | | | during login they might be cached as non-existing and cause an Exception in the long run reduces some duplication, too Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Add return typeDaniel Kesselberg2018-11-251-1/+1
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Fix count on stringDaniel Kesselberg2018-11-241-2/+15
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-25 05:22:39 +0000