This should avoid having to wait for background job to run after
deleting a user in LDAP before being able to delete it in Nextcloud.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
This avoids having to wait or reset the cache after deleting a user in
the LDAP.
This also fixes a PHP error when running ldap:check-ldap --update on a
deleted but cached user.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
Generators cannot be iterated with while or returned by an other
generator, using foreach instead.
And a few other problems.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
- in a proper setup there are no duplicated UUIDs
- not all setups are proper
- log warning to admin
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
The issue was that we were using psalm/phar instead of vimeo/psalm. This
caused issue with the custom psalm plugin in buildd/psalm.
This is using the opportunity to also update the psalm version from 3.8
to 3.17 and the php-cs-fixer too.
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
Use a backup table to copy the data, drop table and recreate it with
correct primary key, then copy the data back and drop the backup table.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
- the issue was present only when using PHP based resolving of nested
group members. Normally nested members are common in AD (and Samba4) and
are resolved per LDAP_MATCHING_RULE_IN_CHAIN by default
- resolving nested members is recursive
- when the cache entry was created it happend for intermediate groups, too,
containing members from the parent group
- the check was added to only cache the root group with its members
- a runtime cache stores intermediate ldap read results
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Using iconv for translit depends upon server configuration, locale, and
PHP version. Using htmlentities instead to have a consistent behavior
independent of configuration.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
Co-authored-by: MichaIng <micha@dietpi.com>
The documentation says it can return false, and even if that is highly
unlikely for sha256, better safe than sorry.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
We cannot set ldap_dn_hash column as notnull because it is empty for
existing users before postSchemaChange is called
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
Adds an ldap_full_dn column to store the dn, and only store a sha256
hash in the ldap_dn which is shorter and can be indexed without
trouble.
Migration still needs to be implemented.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* This adds support for the sharing, groupware, theming and user_ldap
app
* This adds some code who disapeared during a rebase in the initial
delegation PR (provisioning_api)
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
