- as used in LDAP's AbstractMapping::clear() method
- and in Comment's ManagerTest::setUp()
- fixes a DB Exception with Oracle
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Generators cannot be iterated with while or returned by an other
generator, using foreach instead.
And a few other problems.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
- in a proper setup there are no duplicated UUIDs
- not all setups are proper
- log warning to admin
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Use a backup table to copy the data, drop table and recreate it with
correct primary key, then copy the data back and drop the backup table.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
- the issue was present only when using PHP based resolving of nested
group members. Normally nested members are common in AD (and Samba4) and
are resolved per LDAP_MATCHING_RULE_IN_CHAIN by default
- resolving nested members is recursive
- when the cache entry was created it happend for intermediate groups, too,
containing members from the parent group
- the check was added to only cache the root group with its members
- a runtime cache stores intermediate ldap read results
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
The documentation says it can return false, and even if that is highly
unlikely for sha256, better safe than sorry.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
We cannot set ldap_dn_hash column as notnull because it is empty for
existing users before postSchemaChange is called
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
Adds an ldap_full_dn column to store the dn, and only store a sha256
hash in the ldap_dn which is shorter and can be indexed without
trouble.
Migration still needs to be implemented.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
- limitation by core tables (e.g. sharing), IDs are always 64chars
- when longer group IDs were requested they are hashed (does not affect
displaynames)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
- store result when no name could be retrieved, too
- cached value is not an array, was treated wrongly
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
- saves an LDAP requests in these cases
- prevents a Protocol Error logged on < 7.3 API (for backports)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
- allows to delete data of existing LDAP users, which otherwise is safe
guarded
- ensures that the user is not being deleted on LDAP through a plugin
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
- this appears too often (in some configurations) when qualifying group
members which do not meet the criteria
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
