From e178815b83aa5f05b2fee559499a82b00a4f3008 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Fri, 15 Sep 2023 18:49:30 +0200 Subject: fix(ldap): store last known user groups - for LDAP user life cycle management Signed-off-by: Arthur Schiwon --- apps/user_ldap/lib/Connection.php | 4 ++++ apps/user_ldap/lib/Group_LDAP.php | 25 +++++++++++++++++++++++-- 2 files changed, 27 insertions(+), 2 deletions(-) (limited to 'apps/user_ldap') diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php index d8d00dd4d27..f90add9ef9e 100644 --- a/apps/user_ldap/lib/Connection.php +++ b/apps/user_ldap/lib/Connection.php @@ -297,6 +297,10 @@ class Connection extends LDAPUtility { return json_decode(base64_decode($this->cache->get($key) ?? ''), true); } + public function getConfigPrefix(): string { + return $this->configPrefix; + } + /** * @param string $key * @param mixed $value diff --git a/apps/user_ldap/lib/Group_LDAP.php b/apps/user_ldap/lib/Group_LDAP.php index 84267171d37..1c3f8113beb 100644 --- a/apps/user_ldap/lib/Group_LDAP.php +++ b/apps/user_ldap/lib/Group_LDAP.php @@ -46,11 +46,15 @@ namespace OCA\User_LDAP; use Exception; use OC\ServerNotAvailableException; +use OCA\User_LDAP\User\OfflineUser; use OCP\Cache\CappedMemoryCache; use OCP\GroupInterface; use OCP\Group\Backend\IDeleteGroupBackend; use OCP\Group\Backend\IGetDisplayNameBackend; +use OCP\IConfig; +use OCP\Server; use Psr\Log\LoggerInterface; +use function json_decode; class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, IGetDisplayNameBackend, IDeleteGroupBackend { protected bool $enabled = false; @@ -81,7 +85,7 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I $this->cachedGroupsByMember = new CappedMemoryCache(); $this->cachedNestedGroups = new CappedMemoryCache(); $this->groupPluginManager = $groupPluginManager; - $this->logger = \OCP\Server::get(LoggerInterface::class); + $this->logger = Server::get(LoggerInterface::class); $this->ldapGroupMemberAssocAttr = strtolower((string)$gAssoc); } @@ -662,15 +666,28 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I * @throws Exception * @throws ServerNotAvailableException */ - public function getUserGroups($uid) { + public function getUserGroups($uid): array { if (!$this->enabled) { return []; } + $ncUid = $uid; + $cacheKey = 'getUserGroups' . $uid; $userGroups = $this->access->connection->getFromCache($cacheKey); if (!is_null($userGroups)) { return $userGroups; } + + $user = $this->access->userManager->get($uid); + if ($user instanceof OfflineUser) { + // We load known group memberships from configuration for remnants, + // because LDAP server does not contain them anymore + /** @var IConfig $config */ + $config = Server::get(IConfig::class); + $groupStr = $config->getUserValue($uid, 'user_ldap', 'cached-group-memberships-' . $this->access->connection->getConfigPrefix(), '[]'); + return json_decode($groupStr) ?? []; + } + $userDN = $this->access->username2dn($uid); if (!$userDN) { $this->access->connection->writeToCache($cacheKey, []); @@ -784,6 +801,10 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I $groups = array_unique($groups, SORT_LOCALE_STRING); $this->access->connection->writeToCache($cacheKey, $groups); + /** @var IConfig $config */ + $config = Server::get(IConfig::class); + $groupStr = \json_encode($groups); + $config->setUserValue($ncUid, 'user_ldap', 'cached-group-memberships-' . $this->access->connection->getConfigPrefix(), $groupStr); return $groups; } -- cgit v1.2.3