-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
relax strict getHome behaviour for LDAP users in a shadow state #17717
Conversation
dc9ca91
to
84ed1ed
Compare
ca5d9ac
to
081ffab
Compare
@blizzz: Can you backport this patch for nc 16 and/or nc 17? Thanks & Greetings, |
@moodlebeuth Heyo Michael :) As it contains elementary and behavorial changes, I hesitate to pour this into a stable release. On the other hand, the changes made are done with patching older versions in mind, in favour of "better" changes (which still might come in as an additional, explicit commit). So at least it would be easy to apply it to an older series. It's not a definite no however. Did you try it on a test system yet? |
081ffab
to
d3fd735
Compare
@rullzer np, probably gonna backport it anyway |
Still a failure:
|
yep |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good otherwise 👍
okay, I know the reason, but have no good way around. yet. We know the user from the previous test scenario (mapped in DB), but the filter has changed. So we would need to check LDAP to see that the user has gone. Previously it would happen through userExists since it did a lookup in LDAP. Now we only report the local state (and a true is necessary to be able to delete a user locally...). Tricky. To be continued. |
d67ef95
to
2411b62
Compare
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2411b62
to
489ed87
Compare
Tests are passing now. When reading members of a group, and those were already mapped in Nextcloud, but now excluded by a filter, they would pass if not ensured that they are available for Nc. |
/backport to stable18 |
/backport to stable17 |
/backport to stable16 |
backport to stable18 in #18882 |
The backport to stable17 failed. Please do this backport manually. |
The backport to stable16 failed. Please do this backport manually. |
* simplifies deletion process * less strange behaviour when looking up home storage (as long as it is local) * thus could enable transfer ownerships after user went invisible on ldap backport of #17717 Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> decouple userExists from userExistsOnLDAP check allows to mark users as offline right away, avoids a gap of being not a user and causing weird side effects Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> adjust tests Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> remove superfluous tests - user_ldap is not exposed to public api, it is always behind ldap_proxy - this is too much for a unit test - integration tests cover userExists implicitly Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> ensure that only valid group members are returned Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* simplifies deletion process * less strange behaviour when looking up home storage (as long as it is local) * thus could enable transfer ownerships after user went invisible on ldap backport of #17717 Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> decouple userExists from userExistsOnLDAP check allows to mark users as offline right away, avoids a gap of being not a user and causing weird side effects Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> adjust tests Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> remove superfluous tests - user_ldap is not exposed to public api, it is always behind ldap_proxy - this is too much for a unit test - integration tests cover userExists implicitly Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> ensure that only valid group members are returned Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* simplifies deletion process * less strange behaviour when looking up home storage (as long as it is local) * thus could enable transfer ownerships after user went invisible on ldap backport of #17717 Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> decouple userExists from userExistsOnLDAP check allows to mark users as offline right away, avoids a gap of being not a user and causing weird side effects Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> adjust tests Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> remove superfluous tests - user_ldap is not exposed to public api, it is always behind ldap_proxy - this is too much for a unit test - integration tests cover userExists implicitly Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> ensure that only valid group members are returned Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* simplifies deletion process * less strange behaviour when looking up home storage (as long as it is local) * thus could enable transfer ownerships after user went invisible on ldap backport of #17717 Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> decouple userExists from userExistsOnLDAP check allows to mark users as offline right away, avoids a gap of being not a user and causing weird side effects Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> adjust tests Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> remove superfluous tests - user_ldap is not exposed to public api, it is always behind ldap_proxy - this is too much for a unit test - integration tests cover userExists implicitly Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> ensure that only valid group members are returned Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* simplifies deletion process * less strange behaviour when looking up home storage (as long as it is local) * thus could enable transfer ownerships after user went invisible on ldap backport of #17717 Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> decouple userExists from userExistsOnLDAP check allows to mark users as offline right away, avoids a gap of being not a user and causing weird side effects Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> adjust tests Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> remove superfluous tests - user_ldap is not exposed to public api, it is always behind ldap_proxy - this is too much for a unit test - integration tests cover userExists implicitly Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> ensure that only valid group members are returned Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> fixup! relax strict getHome behaviour for LDAP users in a shadow state fixup! relax strict getHome behaviour for LDAP users in a shadow state
* simplifies deletion process * less strange behaviour when looking up home storage (as long as it is local) * thus could enable transfer ownerships after user went invisible on ldap backport of #17717 Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> decouple userExists from userExistsOnLDAP check allows to mark users as offline right away, avoids a gap of being not a user and causing weird side effects Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> adjust tests Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> remove superfluous tests - user_ldap is not exposed to public api, it is always behind ldap_proxy - this is too much for a unit test - integration tests cover userExists implicitly Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> ensure that only valid group members are returned Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* simplifies deletion process * less strange behaviour when looking up home storage (as long as it is local) * thus could enable transfer ownerships after user went invisible on ldap backport of #17717 Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> decouple userExists from userExistsOnLDAP check allows to mark users as offline right away, avoids a gap of being not a user and causing weird side effects Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> adjust tests Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> remove superfluous tests - user_ldap is not exposed to public api, it is always behind ldap_proxy - this is too much for a unit test - integration tests cover userExists implicitly Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> ensure that only valid group members are returned Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
simplifies deletion process
less strange behaviour when looking up home storage (as long as it is local)
enables transfer ownerships after user went invisible on ldap (* not sure about behviour with external storages requiring auth)
storages of deleted ldap users can still be accessed, apart form potential external storages that require auth
decouples userExists from an LDAP check, allows for setting deleted state directly, solves some edge cases
adapt tests