Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[stable23] fix potential unwarranted memberships in nested groups from LDAP #30343

Merged
merged 1 commit into from
Dec 30, 2021

Conversation

backportbot-nextcloud[bot]
Copy link

backport of #29329

- the issue was present only when using PHP based resolving of nested
  group members. Normally nested members are common in AD (and Samba4) and
  are resolved per LDAP_MATCHING_RULE_IN_CHAIN by default
- resolving nested members is recursive
- when the cache entry was created it happend for intermediate groups, too,
  containing members from the parent group
- the check was added to only cache the root group with its members
- a runtime cache stores intermediate ldap read results


Signed-off-by: Arthur Schiwon <[email protected]>
@artonge
Copy link
Contributor

artonge commented Dec 30, 2021

CI failure is unrelated.

@artonge artonge merged commit 955cb63 into stable23 Dec 30, 2021
@artonge artonge deleted the backport/29329/stable23 branch December 30, 2021 10:04
@skjnldsv skjnldsv mentioned this pull request Jan 7, 2022
6 tasks
This was referenced Jan 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants