When GRAPH_LDAP_SERVER_WRITE_ENABLED=false still allow updates of groups
if a distinct GRAPH_LDAP_GROUP_CREATE_BASE_DN is configured.
Partial-Fix: #6219
When GRAPH_LDAP_SERVER_WRITE_ENABLED is set to false we still allow updates
of the accountEnabled property when OCIS_LDAP_DISABLE_USER_MECHANISM is set
to "group"
Partial-Fix: #6219
As the standard LDAP groups (groupOfNames) require at least one "member"
value to be present in a group, we have workarounds in place that add an
empty member ("") when creating a new group or when removing the last
member from the group. This can cause a race condition when e.g. multiple
request to remove members from a group an running in parallel, as we need
to read the group before we can construct the modification request. If
some other request modified the group (e.g. deleted the 2nd last member)
after we read it, we create non-working modification request.
These changes try to catch those errors and retry the modification
request once.
Fixes: #6170
In Active Directories UUID attributes such as "objectGUID" use a binary
syntax (oposed to the standard UUID syntax defined in RFC4530). This
introduces a flag to enable support for binary UUIDs as the id for users
and groups (similar to what the "users" and "groups" services already
support)
Fixes: #5815
* Streamline the store implementation with and into reva
* Adapt to the cache/store refactoring in reva
* Streamline config options and their env vars
* Apply suggestions from code review
Co-authored-by: Martin <github@diemattels.at>
* Use the same database for all stores
* Bump reva
* Configure stat and filemetadata cache separately
* Fix default config
---------
Co-authored-by: Martin <github@diemattels.at>
* api test to get personal drive information of other users
* fix the broken personal drive listing
* removed scenario from expected failure after issue fixed
---------
Co-authored-by: Michael Barz <mbarz@owncloud.com>
Use access token to lookup session id. The userinfo endpoint does
not return the session id. Also add some debug logging.
Co-authored-by: Christian Richter <crichter@owncloud.com>
Co-authored-by: Michael Barz <mbarz@owncloud.com>
Referencing: https://github.com/owncloud/docs-ocis/pull/457 (Add user triggered GDPR Report)
Linking to the ocis admin documentation because we have more explainaition, images and an example json.
As some setups don't have email addresses setup or reuse email
addresses, the keycloak search has to be done by username as that
is guaranteed to always be unique and defined.
This PR changes that.
Roman Perekhod