Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow LDAP search users with *term* #45555

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

smarinier
Copy link

Fix #11540 and #14153

  • Resolves: #

Fix #11540 and #14153
This issues were close, but because the user "didn't use NextCloud anymore"

Summary

In Database User Backend, search is based on "term". But in LDAP, it's only "term*". This is confusing for user experience.

TODO

Checklist

  • Code is properly formatted

  • Sign-off message is added to all commits

  • [ X] Tests (unit, integration, api and/or acceptance) are included

  • [0] Screenshots before/after for front-end changes
    No front change

  • [0] Documentation (manuals or wiki) has been updated or is not required
    This behaviour is not described in documentation

  • [0] Backports requested where applicable (ex: critical bugfixes)

@smarinier
Copy link
Author

My commit is not in the context of Arawa company. How can i have two different sign-offs ?

Copy link
Contributor

Hello there,
Thank you so much for taking the time and effort to create a pull request to our Nextcloud project.

We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process.

Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6

Thank you for contributing to Nextcloud and we hope to hear from you soon!

(If you believe you should not receive this message, you can add yourself to the blocklist.)

@@ -1564,7 +1564,7 @@ private function prepareSearchTerm(string $term): string {
if ($term === '') {
$result = '*';
} elseif ($allowEnum !== 'no') {
$result = $term . '*';
$result = '*' . $term . '*';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the limitation was on purpose. @come-nc and @blizzz?

Copy link
Member

@blizzz blizzz Jun 12, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is on purpose, yes. There should be a related issue and PR in this repo, too.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I read some supposed performance limitations on big LDAP organisations. But:

  • all i read on LDAP documentation never mention "don't do term" as it is even described in the main documentation.
  • this might be based on old benchmarks on bad LDAP system
  • why is the "*" allowed that will send "all users" in that case ?
  • the SQL part does the term and nobody asked to remove this for performance reason
  • this is very very confusing for the user experience (i thought this was a bug and i lost hours searching what was wrong with my LDAP until i debug in PHP)

In conclusion, at least, why presuming all ldap are made with millions of users ? Why not let users have the same behaviour between LDAP and NextCloud ? And maybe bring an LDAP option "don't allow term because my ldap is too slow" if someone complain for it ?

@artonge

This comment was marked as resolved.

@smarinier

This comment was marked as resolved.

@artonge

This comment was marked as resolved.

Fix nextcloud#11540 and nextcloud#14153

Signed-off-by: Sebastien Marinier <seb@smarinier.net>
@smarinier smarinier force-pushed the fix/11540/user_ldap_search_partial_not_efficient branch from 08fe4e2 to 8621eba Compare June 12, 2024 14:29
@smarinier

This comment was marked as resolved.

Copy link
Contributor

@come-nc come-nc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you make it a config option, maybe, but we cannot merge this as-is.
I do not have the details about when the decision was first taken, and I agree that with a good LDAP setup wildcard search is not an issue, but there is a lot of code in Nextcloud which is made to account for badly configured LDAP server, this is not the only place.

@solracsf solracsf added this to the Nextcloud 30 milestone Jun 18, 2024
This was referenced Jul 30, 2024
This was referenced Aug 5, 2024
@skjnldsv skjnldsv mentioned this pull request Aug 13, 2024
@skjnldsv skjnldsv modified the milestones: Nextcloud 30, Nextcloud 31 Aug 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

User search not efficient, returns partial matches
6 participants