Generators cannot be iterated with while or returned by an other
generator, using foreach instead.
And a few other problems.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
- in a proper setup there are no duplicated UUIDs
- not all setups are proper
- log warning to admin
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
This should avoid some PHP warning using PHP 8.1
and help detecting type trouble early in the future.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
Use a backup table to copy the data, drop table and recreate it with
correct primary key, then copy the data back and drop the backup table.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
Test a search on the base, as the settings wizard is doing.
This is to avoid the wizard saying the base is wrong and the command
saying everything is fine.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
This should avoid having to wait for background job to run after
deleting a user in LDAP before being able to delete it in Nextcloud.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
The documentation says it can return false, and even if that is highly
unlikely for sha256, better safe than sorry.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
We cannot set ldap_dn_hash column as notnull because it is empty for
existing users before postSchemaChange is called
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
Adds an ldap_full_dn column to store the dn, and only store a sha256
hash in the ldap_dn which is shorter and can be indexed without
trouble.
Migration still needs to be implemented.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
I did not find any test data that would fail with the previous regex,
but still added data with uppercase to at least test that.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
This avoids having to wait or reset the cache after deleting a user in
the LDAP.
This also fixes a PHP error when running ldap:check-ldap --update on a
deleted but cached user.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
- the issue was present only when using PHP based resolving of nested
group members. Normally nested members are common in AD (and Samba4) and
are resolved per LDAP_MATCHING_RULE_IN_CHAIN by default
- resolving nested members is recursive
- when the cache entry was created it happend for intermediate groups, too,
containing members from the parent group
- the check was added to only cache the root group with its members
- a runtime cache stores intermediate ldap read results
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Using iconv for translit depends upon server configuration, locale, and
PHP version. Using htmlentities instead to have a consistent behavior
independent of configuration.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
Côme Chilliet
Côme Chilliet
Vincent Petry
Arthur Schiwon
Carl Schwan
John Molakvoæ
Joas Schilling
Julius Härtl