Commit graph

2588 commits

Author SHA1 Message Date
Arthur Schiwon
8a7b0a68a5
fixes returning the base when multiple are specified
* reading the config directly will return the value with line breaks
* using the proper accessor gives us all bases in an array
* returns the first matching one
* having user id provided for the group base is strange and does not let
  us operate like this. here we return the first one. might change in
  future, a backportable fix won't have an API change however.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-19 13:39:15 +02:00
Arthur Schiwon
a1f2dbe29c
caches the displayname after an LDAP plugin set it
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-18 12:42:03 +02:00
Arthur Schiwon
1d48c0313c
fix inGroup check, thus make integration tests succeed
there is not such strange return mode. Having invalid user ids caused this
check to fail, and as side effect share limitation to groups to not work.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-06-14 06:23:58 +02:00
Nextcloud bot
85767660ba
[tx-robot] updated from transifex 2019-06-14 02:14:26 +00:00
Nextcloud bot
b32ee3a0bb
[tx-robot] updated from transifex 2019-05-29 02:13:44 +00:00
Nextcloud bot
c3f779b97d
[tx-robot] updated from transifex 2019-05-28 02:13:42 +00:00
Arthur Schiwon
c6c8a41d2f
group display name support (service level + ldap)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-05-27 12:03:05 +02:00
blizzz
755611866e
Merge pull request #15604 from nextcloud/fix/12682/fix-possible-override-of-uniquemember
fixes possible override of uniqueMember by autodetection
2019-05-22 19:09:28 +02:00
Nextcloud bot
af680f285e
[tx-robot] updated from transifex 2019-05-21 02:13:28 +00:00
Arthur Schiwon
3372bcc7fc
fixes possible override of uniqueMember by autodetection
* uniqueMember was the default so we did not know whether this setting is
  desired or the initial value
* autodetection of the user-group association attribute runs only when it
  was not set (as far as we knew)
* the default is now empty
* thus LDAPProvider might return this value as well (in exceptional cases)
* if a group base is given (edge case), use this instead of general base
* resolves #12682

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-05-17 16:19:23 +02:00
Nextcloud bot
c60f6716b4
[tx-robot] updated from transifex 2019-05-07 00:12:58 +00:00
Nextcloud bot
5e8cedab9f
[tx-robot] updated from transifex 2019-05-01 00:12:41 +00:00
Nextcloud bot
01410491b9
[tx-robot] updated from transifex 2019-04-29 00:12:39 +00:00
Nextcloud bot
16b8017fc9
[tx-robot] updated from transifex 2019-04-18 00:12:48 +00:00
Nextcloud bot
9302e1b8dd
[tx-robot] updated from transifex 2019-04-16 00:17:30 +00:00
Joas Schilling
4c19b3b2c6
Bump versions of server and the requirements of apps
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-04-11 14:02:23 +02:00
Morris Jobke
36618b111f
Pass old value to user triggerChange hook
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-04-11 10:03:38 +02:00
Nextcloud bot
7641a1589f
[tx-robot] updated from transifex 2019-04-11 00:12:59 +00:00
Nextcloud bot
9c9c410094
[tx-robot] updated from transifex 2019-04-06 00:13:10 +00:00
Arthur Schiwon
518998093f
set the loglevel in context, save the condition
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-04-02 22:52:12 +02:00
Nextcloud bot
a541443be7
[tx-robot] updated from transifex 2019-03-26 10:41:31 +00:00
Vinicius Cubas Brand
61572a5b2e
LDAP plugin: force createUser to return new user's DN
LDAP plugins must change the createUser method to return the DN, as we
need this to update the cache.

Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
2019-03-21 10:20:46 +01:00
Vinicius Cubas Brand
a2c38148e7
Cache cleaning when subadmin adds user to group
This commit fix an error happening when the subadmin tries to create an
user, adding him/her to the group s/he is subadmin of, using a LDAP
User/Group plugin.

This just forces the cache to be reset after an user is added to a
group.

Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
2019-03-21 10:20:46 +01:00
Vinicius Cubas Brand
c4dbc428f9
fix user creation using LDAP Plugin
Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
2019-03-21 10:20:46 +01:00
Nextcloud bot
6ea5beccd7
[tx-robot] updated from transifex 2019-03-21 01:13:49 +00:00
Roeland Jago Douma
219fb1a855
Fix showpassword loads
This is bundled by default. So trying to load it throws a warning in the
logs.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-03-18 14:38:44 +01:00
Nextcloud bot
f8988c257c
[tx-robot] updated from transifex 2019-03-16 01:12:34 +00:00
Nextcloud bot
6fcf729545
[tx-robot] updated from transifex 2019-03-14 16:08:31 +00:00
Arthur Schiwon
e36cede994
remove unused use statement
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-03-06 00:34:29 +01:00
Arthur Schiwon
5dd2207c95
fix nested group retrieval also for 2 other cases
and also consolidate logic in one method

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-03-05 11:07:40 +01:00
Roland Tapken
459b8a4845
Fixed unit test: groupsMatchFilter will not be called multiple times anymore.
Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:40 +01:00
Roland Tapken
e7c506cff1
Reduce queries to LDAP by caching nested groups
Nested groups are now cached in a CappedMemoryCache object to reduce
queries to the LDAP backend.

Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:40 +01:00
Roland Tapken
afb182650e
user_ldap: really resolve nested groups
The previous patch fixed the problem only for one level of indirection
because groupsMatchFilter() had been applied on each recursive call (and
thus there would be no second level if the first level fails the check).

This new implementation replaces the recursive call with a stack that
iterates all nested groups before filtering with groupsMatchFilter().

Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:40 +01:00
Roland Tapken
c2d8a36d9a
user_ldap: Filter groups after nexted groups
Currently groupsMatchFilter is called before nested groups are resolved.
This basicly breaks this feature since it is not possible to inherit
membership in a group from another group.

Minimal example:

  Group filter: (&(objectClass=group),(cn=nextcloud))
  Nested groups: enabled

  cn=nextcloud,ou=Nextcloud,ou=groups,dn=company,dn=local
    objectClass: group

  cn=IT,ou=groups,dn=company,dn=local
    objectClass: group
    memberOf: cn=nextcloud,ou=Nextcloud,ou=groups,dn=company,dn=local

  cn=John Doe,ou=users,dn=company,dn=local
    objectClass: person
    memberOf: cn=IT,ou=groups,dn=company,dn=local

Since 'cn=IT,ou=groups,dn=company,dn=local' doesn't match the group
filter, John wouldn't be a member of group 'nextcloud'.

This patch fixes this by filtering the groups after all nested groups
have been collected. If nested groups is disabled the result will be the
same as without this patch.

Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2019-03-05 11:07:35 +01:00
Julius Härtl
6ee7286b41
Fix tests
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-03-01 20:57:01 +01:00
Nextcloud bot
374f89aba1
[tx-robot] updated from transifex 2019-03-01 01:12:36 +00:00
Nextcloud bot
057e81a1e2
[tx-robot] updated from transifex 2019-02-28 01:12:39 +00:00
Nextcloud bot
36b01e3c2d
[tx-robot] updated from transifex 2019-02-27 01:12:05 +00:00
Nextcloud bot
876e2792d0
[tx-robot] updated from transifex 2019-02-26 01:12:12 +00:00
Nextcloud bot
5df6400e28
[tx-robot] updated from transifex 2019-02-25 01:12:18 +00:00
rakekniven
73473de5de
Fixed grammar
Reported at Transifex.

Signed-off-by: Mark Ziegler <mark.ziegler@rakekniven.de>
2019-02-22 19:49:36 +01:00
Nextcloud bot
10388eab34
[tx-robot] updated from transifex 2019-02-21 01:12:02 +00:00
Nextcloud bot
ad0b67cbce
[tx-robot] updated from transifex 2019-02-19 01:12:10 +00:00
Nextcloud bot
0b7b938a60
[tx-robot] updated from transifex 2019-02-18 01:12:09 +00:00
Nextcloud bot
1374183f92
[tx-robot] updated from transifex 2019-02-17 01:13:29 +00:00
Arthur Schiwon
685c13e091
add GUI option to set the $home placeholder
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-02-14 15:22:22 +01:00
Arthur Schiwon
792bcb82ae
add LDAP ConfigHandler for external storages and "$home" var
* handler registered upon OCA\\Files_External::loadAdditionalBackends
  event as user_ldap is loaded before files_external
* new configuration field "ldapExtStorageHomeAttribute" (not in GUI yet)

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-02-14 15:22:22 +01:00
Arthur Schiwon
5c10a46445
ensure attribute names are lower cased
otherwise they will be skipped when the results is being formatted and the
lower-cased result keys do not match.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-02-14 14:13:32 +01:00
Nextcloud bot
4d8c42a4fb
[tx-robot] updated from transifex 2019-02-14 01:12:26 +00:00
Nextcloud bot
45777abce0
[tx-robot] updated from transifex 2019-02-08 01:12:39 +00:00