summaryrefslogtreecommitdiffstats
path: root/apps/user_ldap/lib
Commit message (Collapse)AuthorAgeFilesLines
* fixes possible override of uniqueMember by autodetectionArthur Schiwon2019-05-173-5/+5
| | | | | | | | | | | | | * uniqueMember was the default so we did not know whether this setting is desired or the initial value * autodetection of the user-group association attribute runs only when it was not set (as far as we knew) * the default is now empty * thus LDAPProvider might return this value as well (in exceptional cases) * if a group base is given (edge case), use this instead of general base * resolves #12682 Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Pass old value to user triggerChange hookMorris Jobke2019-04-111-1/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* set the loglevel in context, save the conditionArthur Schiwon2019-04-021-3/+1
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* LDAP plugin: force createUser to return new user's DNVinicius Cubas Brand2019-03-211-1/+2
| | | | | | | LDAP plugins must change the createUser method to return the DN, as we need this to update the cache. Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
* Cache cleaning when subadmin adds user to groupVinicius Cubas Brand2019-03-211-0/+2
| | | | | | | | | | | This commit fix an error happening when the subadmin tries to create an user, adding him/her to the group s/he is subadmin of, using a LDAP User/Group plugin. This just forces the cache to be reset after an user is added to a group. Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
* fix user creation using LDAP PluginVinicius Cubas Brand2019-03-212-3/+11
| | | | Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
* fix nested group retrieval also for 2 other casesArthur Schiwon2019-03-052-60/+79
| | | | | | and also consolidate logic in one method Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Reduce queries to LDAP by caching nested groupsRoland Tapken2019-03-051-6/+18
| | | | | | | Nested groups are now cached in a CappedMemoryCache object to reduce queries to the LDAP backend. Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
* user_ldap: really resolve nested groupsRoland Tapken2019-03-051-14/+19
| | | | | | | | | | | The previous patch fixed the problem only for one level of indirection because groupsMatchFilter() had been applied on each recursive call (and thus there would be no second level if the first level fails the check). This new implementation replaces the recursive call with a stack that iterates all nested groups before filtering with groupsMatchFilter(). Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
* user_ldap: Filter groups after nexted groupsRoland Tapken2019-03-051-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently groupsMatchFilter is called before nested groups are resolved. This basicly breaks this feature since it is not possible to inherit membership in a group from another group. Minimal example: Group filter: (&(objectClass=group),(cn=nextcloud)) Nested groups: enabled cn=nextcloud,ou=Nextcloud,ou=groups,dn=company,dn=local objectClass: group cn=IT,ou=groups,dn=company,dn=local objectClass: group memberOf: cn=nextcloud,ou=Nextcloud,ou=groups,dn=company,dn=local cn=John Doe,ou=users,dn=company,dn=local objectClass: person memberOf: cn=IT,ou=groups,dn=company,dn=local Since 'cn=IT,ou=groups,dn=company,dn=local' doesn't match the group filter, John wouldn't be a member of group 'nextcloud'. This patch fixes this by filtering the groups after all nested groups have been collected. If nested groups is disabled the result will be the same as without this patch. Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
* add LDAP ConfigHandler for external storages and "$home" varArthur Schiwon2019-02-147-0/+171
| | | | | | | | * handler registered upon OCA\\Files_External::loadAdditionalBackends event as user_ldap is loaded before files_external * new configuration field "ldapExtStorageHomeAttribute" (not in GUI yet) Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* ensure attribute names are lower casedArthur Schiwon2019-02-141-13/+13
| | | | | | | otherwise they will be skipped when the results is being formatted and the lower-cased result keys do not match. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Comment fix.Filis Futsarov2019-01-301-1/+1
|
* iterate over bases instead of doing parallel searchArthur Schiwon2019-01-281-5/+28
| | | | | | | parallel search is not compatible with paged search, but the letter is usually always applied. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* LDAP: extend remnants output with "detected on" fieldArthur Schiwon2018-12-213-26/+57
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* add tests for the DUIArthur Schiwon2018-12-211-6/+6
| | | | | | as they are interact with the DB they are more integraiton than unit tests Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* do not forgot to store the second displayname portionArthur Schiwon2018-12-201-1/+1
| | | | | | otherwise it causes a chain reaction of system addressbook updates Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* LDAP clear cache on config modification also when done via API or CLIArthur Schiwon2018-12-173-1/+19
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* cache users as existing after mappingArthur Schiwon2018-11-271-14/+30
| | | | | | | | | during login they might be cached as non-existing and cause an Exception in the long run reduces some duplication, too Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Add return typeDaniel Kesselberg2018-11-251-1/+1
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Fix count on stringDaniel Kesselberg2018-11-241-2/+15
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Merge pull request #12292 from nextcloud/fix/2947/lapse-sizelimit-errorMorris Jobke2018-11-151-1/+17
|\ | | | | avoid logging of "Partial search results returned: Sizelimit exceeded…"
| * avoid logging of "Partial search results returned: Sizelimit exceeded at"Arthur Schiwon2018-11-071-1/+17
| | | | | | | | | | | | | | LDAP servers respond with that even if a limit was passed with the request. Having this statement logged causes a lot of confusion. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | Use the defined func()->count() instead of manual countingJoas Schilling2018-11-081-1/+1
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* remove app specific IUserTools and consolidate testArthur Schiwon2018-10-304-53/+10
| | | | | | | Just some house keeping. IUserTools with used in even older days for easier creation of Access instances… Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Merge pull request #12054 from nextcloud/fix/5212/interact-with-userobjectRoeland Jago Douma2018-10-301-2/+11
|\ | | | | LDAP: announce display name changes so that addressbook picks it up
| * do not run into UniqueConstraintViolationExceptionArthur Schiwon2018-10-301-3/+5
| | | | | | | | | | | | | | … when an unmapped user logs in for the first time when background job mode is ajax and no memcache was configured. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
| * only write when the displayname differs, but then announce itArthur Schiwon2018-10-251-2/+9
| | | | | | | | | | | | refs #5212 and fixes #9112 Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | Merge pull request #12070 from nextcloud/fix/noid/announce-chosen-uidMorris Jobke2018-10-301-3/+3
|\ \ | | | | | | announce the chosen uid (fixes wrong variable usage)
| * | fixes wrong variable usageArthur Schiwon2018-10-261-3/+3
| | | | | | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | | remove unneeded empty search attribute values, fixes #12086Arthur Schiwon2018-10-291-0/+7
|/ / | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* / functions that were checked for are present since PHP 5.4, supported is >=/Arthur Schiwon2018-10-257-42/+10
|/ | | | | | | * so the check from older days is really not necessary anymore * resolves #10923 Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Properly escape column name in "createFunction" callMorris Jobke2018-10-161-1/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Check if user is null before getUsernameDaniel Kesselberg2018-09-161-5/+7
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* [LDAP] The WebUI Wizard also should not assign empty config IDsArthur Schiwon2018-08-231-1/+11
| | | | | | | | | | | | | With 689df9a843dd0505088143de039af775a3f92612 the behaviour to assign only non-empty config IDs was introduced. Only, this was only effective for CLI and OCS API. Related to #3270. The web UI creates now also a full configuration on first load. This fixes #5094. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Resolve all group memberships properlyMorris Jobke2018-08-211-1/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* don't force LDAP updates on userExists anymoreArthur Schiwon2018-08-141-9/+1
| | | | | | and remove some deprecated code Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* FIX: emit assignedUserId only for usersArthur Schiwon2018-08-091-5/+5
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Only bind if configuration for the first server is availableJulius Härtl2018-07-131-1/+1
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* adjust and add more unit testsArthur Schiwon2018-07-051-1/+1
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* allow admin to disable fetching of avatars as well as a specific attributeArthur Schiwon2018-07-055-11/+70
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* let user set avatar in nextcloud von LDAP provides invalid image dataArthur Schiwon2018-07-032-13/+19
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Merge pull request #10034 from nextcloud/fix/noid/ldap-silence-quota-logmsgsblizzz2018-06-282-29/+27
|\ | | | | lower log level for quota manipulation cases
| * lower log level for quota manipulation casesArthur Schiwon2018-06-282-29/+27
| | | | | | | | | | | | and simplify the forest of ifs a little bit Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | LDAP backup server should not be queried when auth failsArthur Schiwon2018-06-271-8/+4
|/ | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* check user state when fetching to avoid dealing with offline objectsArthur Schiwon2018-05-291-6/+19
| | | | | | fixes #9502 Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Fix "Invalid argument supplied for foreach()"Roger Szabo2018-05-021-2/+2
| | | | Signed-off-by: Roger Szabo <roger.szabo@web.de>
* unbound cloned connection fixRoger Szabo2018-04-271-0/+3
| | | | Signed-off-by: Roger Szabo <roger.szabo@web.de>
* move log constants to ILoggerArthur Schiwon2018-04-267-99/+121
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Access needs UserManager, missed to add in #8833Arthur Schiwon2018-04-231-1/+0
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-19 21:10:34 +0000