The "calling function XYZ" log messages should only appear at debug level.
Message indicating client errors when creating a user (e.g. invalid characters
in username or missing attributes) are logged at info level (instead of debug)
now.
The old default ttl of 30 minutes for the caches seems way too long. It
could cause outdated information users or groups to be returned for
quite a while. Especially since the TTL was reset every time an entry was
fetched from the cache. This is disabled now as well.
Fixes: #6320
When GRAPH_LDAP_SERVER_WRITE_ENABLED=false still allow updates of groups
if a distinct GRAPH_LDAP_GROUP_CREATE_BASE_DN is configured.
Partial-Fix: #6219
When GRAPH_LDAP_SERVER_WRITE_ENABLED is set to false we still allow updates
of the accountEnabled property when OCIS_LDAP_DISABLE_USER_MECHANISM is set
to "group"
Partial-Fix: #6219
As the standard LDAP groups (groupOfNames) require at least one "member"
value to be present in a group, we have workarounds in place that add an
empty member ("") when creating a new group or when removing the last
member from the group. This can cause a race condition when e.g. multiple
request to remove members from a group an running in parallel, as we need
to read the group before we can construct the modification request. If
some other request modified the group (e.g. deleted the 2nd last member)
after we read it, we create non-working modification request.
These changes try to catch those errors and retry the modification
request once.
Fixes: #6170
In Active Directories UUID attributes such as "objectGUID" use a binary
syntax (oposed to the standard UUID syntax defined in RFC4530). This
introduces a flag to enable support for binary UUIDs as the id for users
and groups (similar to what the "users" and "groups" services already
support)
Fixes: #5815
* Streamline the store implementation with and into reva
* Adapt to the cache/store refactoring in reva
* Streamline config options and their env vars
* Apply suggestions from code review
Co-authored-by: Martin <github@diemattels.at>
* Use the same database for all stores
* Bump reva
* Configure stat and filemetadata cache separately
* Fix default config
---------
Co-authored-by: Martin <github@diemattels.at>
* api test to get personal drive information of other users
* fix the broken personal drive listing
* removed scenario from expected failure after issue fixed
---------
Co-authored-by: Michael Barz <mbarz@owncloud.com>
Use access token to lookup session id. The userinfo endpoint does
not return the session id. Also add some debug logging.
Co-authored-by: Christian Richter <crichter@owncloud.com>
Co-authored-by: Michael Barz <mbarz@owncloud.com>
As some setups don't have email addresses setup or reuse email
addresses, the keycloak search has to be done by username as that
is guaranteed to always be unique and defined.
This PR changes that.
