Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(user_ldap): Do not map groups we do not know if they match filter #45364

Merged
merged 1 commit into from
Jan 27, 2025
Merged

fix(user_ldap): Do not map groups we do not know if they match filter #45364

merged 1 commit into from
Jan 27, 2025

Conversation

come-nc
Copy link
Contributor

@come-nc come-nc commented May 16, 2024
edited
Loading

Summary

When nesting is enabled, filterValidGroups is supposed to check for each groups if it actually exist, because it may not be visible to Nextcloud. So in this codepath we disable automapping of groups.

That may mean in some cases we do not map a valid group, but it should get mapped sooner or later anyway.
I’m still pondering if this is the best solution.

  • Maybe only do that if nesting is enabled? Not clear to me yet if this is the only possible problematic case
  • Maybe only do that if $name is not null, as when it is null a search will be used to validate existence anyway.
  • If this last point is true, maybe we simply always pass null for $name? Or pass null for $name when nesting is enabled?

Checklist

@come-nc come-nc added this to the Nextcloud 30 milestone May 16, 2024
@come-nc come-nc requested a review from blizzz May 16, 2024 12:43
@come-nc come-nc self-assigned this May 16, 2024
@come-nc come-nc marked this pull request as draft May 16, 2024 12:43
@skjnldsv skjnldsv modified the milestones: Nextcloud 30, Nextcloud 31 Aug 14, 2024
@come-nc come-nc mentioned this pull request Sep 13, 2024
Merged
6 tasks
@come-nc come-nc force-pushed the fix/ldap-avoid-false-positive-mapping branch from 64c97b4 to 647a79a Compare January 27, 2025 11:39
@come-nc
fix(user_ldap): Do not map groups we do not know if they match filter
de77415 
When nesting is enabled, filterValidGroups is supposed to check for each
 groups if it actually exist, because it may not be visible to
 Nextcloud. So in this codepath we disable automapping of groups.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
@come-nc come-nc force-pushed the fix/ldap-avoid-false-positive-mapping branch from 647a79a to de77415 Compare January 27, 2025 13:51
@come-nc come-nc marked this pull request as ready for review January 27, 2025 13:52
@come-nc come-nc added 3. to review Waiting for reviews and removed 2. developing Work in progress labels Jan 27, 2025
@come-nc
Copy link
Contributor Author

come-nc commented Jan 27, 2025

/backport to stable31

@come-nc
Copy link
Contributor Author

come-nc commented Jan 27, 2025

/backport to stable30

@come-nc
Copy link
Contributor Author

come-nc commented Jan 27, 2025

/backport to stable29

@come-nc come-nc requested a review from artonge January 27, 2025 15:11
@kesselb kesselb merged commit 4561b4e into master Jan 27, 2025
191 of 193 checks passed
@kesselb kesselb deleted the fix/ldap-avoid-false-positive-mapping branch January 27, 2025 16:28
This was referenced Jan 27, 2025
Closed
Merged
Merged
@come-nc come-nc mentioned this pull request Jan 28, 2025
Merged
This was referenced Mar 4, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@artonge artonge artonge approved these changes

@provokateurin provokateurin provokateurin approved these changes

@blizzz blizzz Awaiting requested review from blizzz

@kesselb kesselb Awaiting requested review from kesselb

Assignees

@come-nc come-nc

Labels
3. to review Waiting for reviews feature: ldap
Projects
None yet
Milestone
Nextcloud 31
Development

Successfully merging this pull request may close these issues.
5 participants
@come-nc @artonge @provokateurin @kesselb @skjnldsv