Commit graph

740 commits

Author SHA1 Message Date
Arthur Schiwon
16d4ff4d39
parameter provided to L10N::n() could have been a string
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-05 14:50:28 +02:00
Arthur Schiwon
f1565336bd
DI for NC's user manager
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-05 12:46:24 +02:00
Arthur Schiwon
373a1d5391
more consistent naming
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-05 12:46:15 +02:00
Arthur Schiwon
8fe914f07e
LDAP backend to emit announce and revoke signals on mapping changes
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-05 12:38:39 +02:00
Roeland Jago Douma
f4fd0224db
Do not use \OCP\DB anymore
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-26 14:40:23 +02:00
Arthur Schiwon
cbf60f2e91
existence check works without attribute (like with users)
cn is not necessarily given everywhere

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-15 15:47:44 +01:00
Morris Jobke
8195b17ed7
Remove deprecated and unsused methods of OCP\DB
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-03-12 15:13:37 +01:00
Morris Jobke
cccf6f4d5f
Merge pull request #8221 from Cybso/8220_applyLdapUserFilter_on_members
Apply ldapUserFilter on members of group
2018-03-08 13:19:02 +01:00
Roland Tapken
2472b93fd9 dn2ocname: also apply group filter to readAttribute()
Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2018-03-07 12:18:46 +01:00
Roeland Jago Douma
c2320aea22
Merge pull request #8634 from nextcloud/ldap-no-empty-names
do not create empty userid when attribute does not have allowed chars
2018-03-05 19:37:17 +01:00
Arthur Schiwon
47a10bd25a
treat iconv issues
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-05 14:03:08 +01:00
Arthur Schiwon
4f8c724318
typo + phpdoc
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-05 13:30:28 +01:00
Arthur Schiwon
8607992e85
do not create empty userid when attribute does not have allowed chars
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-02 17:44:06 +01:00
Arthur Schiwon
04f7252fc4
use hash algo that's robust against collisions
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-03-02 16:26:36 +01:00
Arthur Schiwon
238c3a5201
fix retrieving group members with numerical uids from LDAP
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-02-23 12:05:50 +01:00
Arthur Schiwon
9bc75307e7
track the state of the bind result
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-02-22 13:05:33 +01:00
Morris Jobke
236086c457
Merge pull request #8335 from nextcloud/remove-unused-import
Remove unused import statements
2018-02-14 22:23:07 +01:00
Morris Jobke
d3d045dd5c
Remove unused import statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-14 16:55:43 +01:00
Morris Jobke
e2974f1133
Simplify return statement
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-13 21:55:24 +01:00
Roland Tapken
cf4ec7a4b6 Apply ldapUserFilter on members of group
Refers to issue #8220

user_ldap configured with custom filters for active directory access
(group-member-association is "member"). Then it can happen that the
members of a group contain members that don't belong to the users
available in Nextcloud (the most trivial reason is that the user filter
contains "(!(UserAccountControl:1.2.840.113556.1.4.803:=2))" to exclude
disabled users from being imported).

This can be fixed by applying the ldapUserFilter when resolving the UID
for a DN fetched from the group's member list.

Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2018-02-07 12:02:58 +01:00
blizzz
8f29f9a59b
typo
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-31 21:50:55 +01:00
Arthur Schiwon
8753a816d8
fixes reading the sysconfig value
settings without the entry in the translation array are computed

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-31 13:46:13 +01:00
Morris Jobke
eb51f06a3b
Use ::class statement instead of string
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-29 12:03:47 +01:00
Morris Jobke
a661f043e1
Remove unneeded semicolon and parentheses
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 23:46:40 +01:00
Morris Jobke
2ad2eb38e8
Use type casting instead of *val() method
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 15:01:27 +01:00
Morris Jobke
ca493ab5b1
Merge pull request #8069 from nextcloud/no-catch-serverdown
do not catch and ignore ServerNotAvailable in the wrong spot
2018-01-26 14:01:07 +01:00
Arthur Schiwon
b61b906abe
do not catch ServerNotAvailable
might cause the user to be unavailable (race condition).

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-26 12:47:19 +01:00
Morris Jobke
6bbea33133
Simplify ternary operator statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 12:36:25 +01:00
Morris Jobke
c1e4f9f305
Use type casting instead of *val() method
It should be up to 6x faster

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 11:35:42 +01:00
Morris Jobke
0a56d2185e
Return value immediately instead of assigning to a one-time variable
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 00:02:03 +01:00
Morris Jobke
2a38605545
Properly log the full exception instead of only the message
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-23 10:57:21 +01:00
Morris Jobke
55532f19d9
Cleanup OC_User and OCP\User
* mainly removes deprecated methods and old static code

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-16 18:39:11 +01:00
Roeland Jago Douma
8a41d05761
Remove deprecated \OCP\Config
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-13 14:25:04 +01:00
Arthur Schiwon
f84ec92563
revert resolving of recursion (3628d4d65d)
without recursion we have issues with internal states. paged search status
are set to false, cookies are not being set. In the end we have  endless
requests which pile up enormously with a high initial offset.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-11 15:17:18 +01:00
Arthur Schiwon
9031ae0281
fix return value when ldapPagingSize returns null
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-11 14:47:51 +01:00
Arthur Schiwon
15a3f4659f
enrich log message with backtrace, but level it down to DEBUG
The message is not helpful anyway for an admin, and oftentimes is just
valid (e.g. when searching with an offset beyond users in LDAP).

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-11 14:17:14 +01:00
Arthur Schiwon
f292f98060
when paged results are turned off, all (max possible) users are returned
thus hasMoreResult should return false

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-11 13:20:17 +01:00
Arthur Schiwon
7c3db54ff6
fix changing to next cycle
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-08 13:45:06 +01:00
Arthur Schiwon
b17c5fec40
add unit test for qualifies to run
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-08 13:08:59 +01:00
Arthur Schiwon
a565bf0b9f
fix offset is never being reset
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-05 14:29:11 +01:00
Arthur Schiwon
82da4fde18
create failing test for this case
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-05 14:27:36 +01:00
Morris Jobke
4d0315ceae
Merge pull request #7599 from nextcloud/quieter-debug-log
don't show recurring log msg when paged result was turned off
2018-01-03 00:40:46 +01:00
Arthur Schiwon
c8851e24a8
throw ServerNotAvailableException when LDAP is caught shutting down
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-02 12:20:44 +01:00
Arthur Schiwon
82fd09c294
don't show recurring msg when pages result was turned off
and only as debug level otherwise.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-12-21 14:29:56 +01:00
Morris Jobke
d2d73f1ce8
Also replace all other occurences
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-12-18 20:57:11 +01:00
Arthur Schiwon
5ce943aa85
don't use deprecated method for requesting memcache
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-12-18 20:57:11 +01:00
Morris Jobke
defac0ff0d
Fixes hex2bin() in LDAP
Untangles the two if-else clauses into a more readable format.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-12-13 11:57:49 +01:00
Arthur Schiwon
27f14eee26
don't cache user, if no internal user id was retrieved/assigned
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-12-07 22:47:32 +01:00
Arthur Schiwon
991190b994
ensure that users are cached when they are retrieved
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-12-07 17:49:33 +01:00
sidey79
45dfc11137
tryfix needsRefresh unit tests
Forced updateAttributesInterval from getAppValue to int

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-10 17:07:41 +01:00
sidey79
039f6c9636
Fixed Typo in user.php
Fixed a typo for the app config prameter updateAttributesInterval

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-10 17:07:41 +01:00
sidey79
0b290c0904
Update User.php
Makes the time between needsRefresh configurable via app config option updateAttribuesInterval.
Default is still 86400 secons which is one day.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-10 17:07:36 +01:00
Arthur Schiwon
419759e68b
resolve DI
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-09 11:10:59 +01:00
Arthur Schiwon
8113f26eed
add Sync test
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-09 11:10:58 +01:00
Arthur Schiwon
59c05d5447
move LDAP user attributes "sync" to background (except for ajax jobs)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-09 11:10:56 +01:00
Arthur Schiwon
ef3cd32916
don't skip updating when ajax is set as background job mode
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-09 11:10:04 +01:00
Arthur Schiwon
c6f1af9896
move ldap user sync to background (WIP)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-09 11:09:59 +01:00
Lukas Reschke
2bfa1ce5c3
Merge pull request #5568 from nextcloud/ldap-agent-credentials-safe
Ldap agent credentials save
2017-11-09 09:26:51 +01:00
Morris Jobke
0eebff152a
Update license headers
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Vinicius Cubas Brand
fa565750d1 User_LDAP plugins: smaller fixes
Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
2017-11-03 11:42:59 -02:00
Vinicius Cubas Brand
10ca793452 Plugins infrastructure in User_LDAP
Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
2017-11-03 11:41:40 -02:00
Arthur Schiwon
7b0868ddac
fix saving changes…
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-27 14:25:19 +02:00
Arthur Schiwon
9a1f706ae4
fix creating an empty configuration
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-27 14:25:19 +02:00
Arthur Schiwon
52b1b97c58
Fix regression: undesired writes to the DB
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-27 14:25:19 +02:00
Arthur Schiwon
4eab39f133
LDAP: only write actually changes values to the DB
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-27 14:25:19 +02:00
Arthur Schiwon
3628d4d65d
avoid unnecessary recursion
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-25 17:23:42 +02:00
Lukas Reschke
9932b7498d Merge pull request #6873 from nextcloud/ldap_proxy_redix_fix
Ldap proxy Redis fix
2017-10-19 12:03:04 +02:00
Lukas Reschke
7de6f7cd07 Merge pull request #6677 from nextcloud/downstream-dont-reset-quota
don't reset quota
2017-10-19 11:42:37 +02:00
Roeland Jago Douma
4388ec2231
Little bit of code cleanup
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-19 11:05:24 +02:00
Roeland Jago Douma
a6760560c6
Do not check existance before fetch
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-19 11:03:31 +02:00
Arthur Schiwon
c9622ccb62
fix LDAP User deletion (cleanup)
discovered a bug in the integration test which lead to following a
different code path and giving a false-positive  success feedback.

Also listens now to the evendispatcher instead of old hook system

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-09-29 11:44:04 +02:00
Arthur Schiwon
3e2015a24c
and add missing whitespaces to log outout
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-09-28 01:16:57 +02:00
Juan Pablo Villafáñez
d6d895dd74
Keep the current quota if no suitable quota is found
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-09-28 01:13:48 +02:00
Arthur Schiwon
5e74affea4
fix counting found results in search op
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-09-14 13:20:51 +02:00
Arthur Schiwon
34f9590169
replace hard-coded attribute with the corresponding settings option
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-09-14 13:20:51 +02:00
Arthur Schiwon
89f4e16cdb
fix limit-flaw in search on paged results
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-09-14 13:20:51 +02:00
Morris Jobke
ba2e1c5db9 Merge pull request #5689 from nextcloud/fix-4117
LDAP: simplify returning the homePath and fixing #4117
2017-09-14 00:23:01 +02:00
Morris Jobke
cebbb1633a Merge pull request #5642 from tobru/fix/groupOfUniqueNames_in_Wizard
recognize groupOfUniqueNames as valid LDAP group object
2017-09-05 13:33:15 +02:00
Morris Jobke
ff93dd7eb1 Merge pull request #5466 from jlehtoranta/ldap-connectivity-fixes
LDAP Connectivity Fixes
2017-09-04 18:31:32 +02:00
Arthur Schiwon
ab92e2ee14
listen to deletion hooks for proper handling, adjust and add tests
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-08-31 23:03:21 +02:00
Arthur Schiwon
efedc81c0a
simplify returning the homePath and fixing #4117
homesToKill was not set in runtime since some changes some place else. It
required deleteUser() to be called first. The method acts independent of it
now.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-08-31 23:03:16 +02:00
Morris Jobke
43facdb95f Merge pull request #5616 from nextcloud/ldap-wizard-remove-LDAPTLS_REQCERT-attempt
LDAP Wizard: do not attempt to recognise cert issue by using LDAPTLS_REQCERT
2017-08-10 21:06:14 +02:00
Joas Schilling
45e2c415d4 Fix comparison in the ldap app
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-01 13:56:12 +02:00
Roeland Jago Douma
ede15f0988
Fix L10N::t
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-01 08:20:17 +02:00
Morris Jobke
c27498db71 Use IConfig instead of static OCP\Config
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-07-27 13:43:18 +02:00
Morris Jobke
89a7b007f2 Fix comments
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-07-25 08:57:58 +02:00
Jarkko Lehtoranta
69f6d42b17 LDAP: Simplify conditions in establishConnection
Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
2017-07-23 14:50:01 +03:00
Jarkko Lehtoranta
6103677a91 LDAP: Use imported exception in Connection class
Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
2017-07-23 14:50:01 +03:00
Jarkko Lehtoranta
79fbed4064 LDAP: Clean-up doConnect
Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
2017-07-23 14:50:01 +03:00
Jarkko Lehtoranta
d87375cbaa LDAP: Throw an exception if disabling LDAP referrals fails
Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
2017-07-23 14:50:01 +03:00
Jarkko Lehtoranta
de9a9bc004 LDAP: Throw an exception if Start TLS fails
This ensures that only a secure connection to the LDAP server will be used,
if Start TLS has been enabled.

Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
2017-07-23 14:50:01 +03:00
Jarkko Lehtoranta
ee2c6e8215 LDAP: Remove unnecessary "recursion" fix
This reverts commit 86d72b9a61
"LDAP: fix possible recursion".

Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
2017-07-23 14:50:01 +03:00
Jarkko Lehtoranta
039a836d4a LDAP: Don't handle invalid credentials as a connection error
Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
2017-07-23 14:50:01 +03:00
Jarkko Lehtoranta
4e2e592635 LDAP: Connect to backup server only if it exists + handle errors
Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
2017-07-23 14:50:01 +03:00
Arthur Schiwon
25439919f8
fix phpdoc return types (no code change)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-07-21 14:55:12 +02:00
Arthur Schiwon
9b2f171cbd
do not attempt to recognise cert issue by using LDAPTLS_REQCERT
first, it does not work (at least not everywhere/reliably), second if it
did it was not reset properly. Removes a bit of complexity.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-07-21 14:55:11 +02:00
Allan Nordhøy
ddc804aa32 : Bigversal and LDAP 2017-07-14 15:46:05 +02:00
Roger Szabo
0ebec6f9a4 Rectify variable $uid->$user
Signed-off-by: Roger Szabo <roger.szabo@web.de>
2017-07-10 18:46:39 +08:00
Tobias Brunner
f8735a3205 recognize groupOfUniqueNames as valid LDAP group object
This was already partly done in f88109b but was missed in the
fetchGroups function.
2017-07-07 08:29:58 +02:00
Roger Szabo
51ecc7ce11 suppress superflous php error on rejected password change
Signed-off-by: Roger Szabo <roger.szabo@web.de>
2017-06-30 18:36:33 +08:00