the DN has to be escaped differently when used as a base and we were
missing it here in the search method call in the check-user command.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
This avoids user_ldap logging about an invalid configuration with an
empty password when the empty password actually comes from a login
attempt.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
With array_unique it is possible that the keys are not in sequential order
but have gaps. json_encode then would store them as associative array,
which later on json_decode would result in a stdClass by default. This is
unexpected and would also contradict the return type hint.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
- add configuration to specify one LDAP group acting as admin group (CLI)
- implement `isAdmin()` method, basically relying on inGroup against the
configured group
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
This is recurrent scenario that we are searching for users and then for
each users we fetch the displayName. This is inefficient, so instead try
to do one query to fetch everything (e.g. Database backend) or use the
already existing DisplayNameCache helper.
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
It must not reuse the same OCA\User_LDAP\User\Manager instance for
several Access instances.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
If attribute mapping is configured and no value present in LDAP, the
according profile field is emptied. Removing an attribute e.g. phone
from LDAP will cause the phone number being removed from profile.
Signed-off-by: Marc Hefter <marchefter@gmail.com>
Check profile data checksum before updating user profile, to ensure
data has changed. Write checksum to user settings and cache.
Signed-off-by: Marc Hefter <marchefter@gmail.com>
replace '$' with ', ' delimiter for address property
reformatted some code to 80 column
early check and return, if wasRefreshed('profile')
removed FIXMEs after digging and double checking
Signed-off-by: Marc Hefter <marchefter@gmail.com>
merging defaultScopes from DEFAULT_SCOPES and account_manager.default_property_scope
removing unneccessary profileScope setting (using config.php instead)
honoring admin choice 'profile.enabled'=>false in config.php
moved checking for empty array to updateProfile function
corrected some typos and cleaned some comments
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Marc Hefter <marchefter@gmail.com>
rework updateProfile in user_ldap/lib/User/User.php
some cleanup at processAttributes in user_ldap/lib/User/User.php
rearranged Fediverse attribute, to match profile layout
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Marc Hefter <marchefter@gmail.com>
using an array to buffer profile updates, like suggested by @come-nc
clean some code and remove unneccessary redundancy
added the Fediverse profile property
Co-Authored-By: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Marc Hefter <marchefter@gmail.com>
