relax strict getHome behaviour for LDAP users in a shadow state #17717
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
blizzz
force-pushed
the
fix/noid/ldap-relax-getHome
branch
2 times, most recently
from
dc9ca91
to
84ed1ed
Compare
blizzz
added
3. to review
blizzz
requested review from
juliusknorr,
kesselb,
skjnldsv,
rullzer and
icewind1991
blizzz
force-pushed
the
fix/noid/ldap-relax-getHome
branch
2 times, most recently
from
ca5d9ac
to
081ffab
Compare
blizzz
added
2. developing
skjnldsv
approved these changes
Nov 29, 2019
|
@blizzz: Can you backport this patch for nc 16 and/or nc 17? Thanks & Greetings, |
|
@moodlebeuth Heyo Michael :) As it contains elementary and behavorial changes, I hesitate to pour this into a stable release. On the other hand, the changes made are done with patching older versions in mind, in favour of "better" changes (which still might come in as an additional, explicit commit). So at least it would be easy to apply it to an older series. It's not a definite no however. Did you try it on a test system yet? |
blizzz
force-pushed
the
fix/noid/ldap-relax-getHome
branch
from
081ffab
to
d3fd735
Compare
blizzz
added
3. to review
|
@rullzer np, probably gonna backport it anyway |
|
Still a failure: |
|
yep |
|
okay, I know the reason, but have no good way around. yet. We know the user from the previous test scenario (mapped in DB), but the filter has changed. So we would need to check LDAP to see that the user has gone. Previously it would happen through userExists since it did a lookup in LDAP. Now we only report the local state (and a true is necessary to be able to delete a user locally...). Tricky. To be continued. |
blizzz
force-pushed
the
fix/noid/ldap-relax-getHome
branch
from
d67ef95
to
2411b62
Compare
Signed-off-by: Arthur Schiwon <[email protected]>
blizzz
force-pushed
the
fix/noid/ldap-relax-getHome
branch
from
2411b62
to
489ed87
Compare
|
Tests are passing now. When reading members of a group, and those were already mapped in Nextcloud, but now excluded by a filter, they would pass if not ensured that they are available for Nc. |
|
/backport to stable18 |
|
/backport to stable17 |
|
/backport to stable16 |
|
backport to stable18 in #18882 |
|
The backport to stable17 failed. Please do this backport manually. |
|
The backport to stable16 failed. Please do this backport manually. |
blizzz
added a commit
that referenced
this pull request
Jan 14, 2020
* simplifies deletion process * less strange behaviour when looking up home storage (as long as it is local) * thus could enable transfer ownerships after user went invisible on ldap backport of #17717 Signed-off-by: Arthur Schiwon <[email protected]> decouple userExists from userExistsOnLDAP check allows to mark users as offline right away, avoids a gap of being not a user and causing weird side effects Signed-off-by: Arthur Schiwon <[email protected]> adjust tests Signed-off-by: Arthur Schiwon <[email protected]> remove superfluous tests - user_ldap is not exposed to public api, it is always behind ldap_proxy - this is too much for a unit test - integration tests cover userExists implicitly Signed-off-by: Arthur Schiwon <[email protected]> ensure that only valid group members are returned Signed-off-by: Arthur Schiwon <[email protected]>
blizzz
added a commit
that referenced
this pull request
Jan 14, 2020
* simplifies deletion process * less strange behaviour when looking up home storage (as long as it is local) * thus could enable transfer ownerships after user went invisible on ldap backport of #17717 Signed-off-by: Arthur Schiwon <[email protected]> decouple userExists from userExistsOnLDAP check allows to mark users as offline right away, avoids a gap of being not a user and causing weird side effects Signed-off-by: Arthur Schiwon <[email protected]> adjust tests Signed-off-by: Arthur Schiwon <[email protected]> remove superfluous tests - user_ldap is not exposed to public api, it is always behind ldap_proxy - this is too much for a unit test - integration tests cover userExists implicitly Signed-off-by: Arthur Schiwon <[email protected]> ensure that only valid group members are returned Signed-off-by: Arthur Schiwon <[email protected]>
juliusknorr
pushed a commit
that referenced
this pull request
Jan 23, 2020
* simplifies deletion process * less strange behaviour when looking up home storage (as long as it is local) * thus could enable transfer ownerships after user went invisible on ldap backport of #17717 Signed-off-by: Arthur Schiwon <[email protected]> decouple userExists from userExistsOnLDAP check allows to mark users as offline right away, avoids a gap of being not a user and causing weird side effects Signed-off-by: Arthur Schiwon <[email protected]> adjust tests Signed-off-by: Arthur Schiwon <[email protected]> remove superfluous tests - user_ldap is not exposed to public api, it is always behind ldap_proxy - this is too much for a unit test - integration tests cover userExists implicitly Signed-off-by: Arthur Schiwon <[email protected]> ensure that only valid group members are returned Signed-off-by: Arthur Schiwon <[email protected]>
blizzz
added a commit
that referenced
this pull request
Feb 27, 2020
* simplifies deletion process * less strange behaviour when looking up home storage (as long as it is local) * thus could enable transfer ownerships after user went invisible on ldap backport of #17717 Signed-off-by: Arthur Schiwon <[email protected]> decouple userExists from userExistsOnLDAP check allows to mark users as offline right away, avoids a gap of being not a user and causing weird side effects Signed-off-by: Arthur Schiwon <[email protected]> adjust tests Signed-off-by: Arthur Schiwon <[email protected]> remove superfluous tests - user_ldap is not exposed to public api, it is always behind ldap_proxy - this is too much for a unit test - integration tests cover userExists implicitly Signed-off-by: Arthur Schiwon <[email protected]> ensure that only valid group members are returned Signed-off-by: Arthur Schiwon <[email protected]>
blizzz
added a commit
that referenced
this pull request
Feb 27, 2020
* simplifies deletion process * less strange behaviour when looking up home storage (as long as it is local) * thus could enable transfer ownerships after user went invisible on ldap backport of #17717 Signed-off-by: Arthur Schiwon <[email protected]> decouple userExists from userExistsOnLDAP check allows to mark users as offline right away, avoids a gap of being not a user and causing weird side effects Signed-off-by: Arthur Schiwon <[email protected]> adjust tests Signed-off-by: Arthur Schiwon <[email protected]> remove superfluous tests - user_ldap is not exposed to public api, it is always behind ldap_proxy - this is too much for a unit test - integration tests cover userExists implicitly Signed-off-by: Arthur Schiwon <[email protected]> ensure that only valid group members are returned Signed-off-by: Arthur Schiwon <[email protected]> fixup! relax strict getHome behaviour for LDAP users in a shadow state fixup! relax strict getHome behaviour for LDAP users in a shadow state
blizzz
added a commit
that referenced
this pull request
Feb 28, 2020
* simplifies deletion process * less strange behaviour when looking up home storage (as long as it is local) * thus could enable transfer ownerships after user went invisible on ldap backport of #17717 Signed-off-by: Arthur Schiwon <[email protected]> decouple userExists from userExistsOnLDAP check allows to mark users as offline right away, avoids a gap of being not a user and causing weird side effects Signed-off-by: Arthur Schiwon <[email protected]> adjust tests Signed-off-by: Arthur Schiwon <[email protected]> remove superfluous tests - user_ldap is not exposed to public api, it is always behind ldap_proxy - this is too much for a unit test - integration tests cover userExists implicitly Signed-off-by: Arthur Schiwon <[email protected]> ensure that only valid group members are returned Signed-off-by: Arthur Schiwon <[email protected]>
blizzz
added a commit
that referenced
this pull request
Feb 28, 2020
* simplifies deletion process * less strange behaviour when looking up home storage (as long as it is local) * thus could enable transfer ownerships after user went invisible on ldap backport of #17717 Signed-off-by: Arthur Schiwon <[email protected]> decouple userExists from userExistsOnLDAP check allows to mark users as offline right away, avoids a gap of being not a user and causing weird side effects Signed-off-by: Arthur Schiwon <[email protected]> adjust tests Signed-off-by: Arthur Schiwon <[email protected]> remove superfluous tests - user_ldap is not exposed to public api, it is always behind ldap_proxy - this is too much for a unit test - integration tests cover userExists implicitly Signed-off-by: Arthur Schiwon <[email protected]> ensure that only valid group members are returned Signed-off-by: Arthur Schiwon <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
simplifies deletion process
less strange behaviour when looking up home storage (as long as it is local)
enables transfer ownerships after user went invisible on ldap (* not sure about behviour with external storages requiring auth)
storages of deleted ldap users can still be accessed, apart form potential external storages that require auth
decouples userExists from an LDAP check, allows for setting deleted state directly, solves some edge cases
adapt tests