Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[stable23] fix potential unwarranted memberships in nested groups from LDAP #30343

Merged
merged 1 commit into from Dec 30, 2021
Merged

[stable23] fix potential unwarranted memberships in nested groups from LDAP #30343

merged 1 commit into from Dec 30, 2021
+14 −2

Conversation

backportbot-nextcloud[bot]
Copy link

backport of #29329

@blizzz @backportbot
fix potential unwarranted memberships in nested groups from LDAP
bf81fa4 
- the issue was present only when using PHP based resolving of nested
  group members. Normally nested members are common in AD (and Samba4) and
  are resolved per LDAP_MATCHING_RULE_IN_CHAIN by default
- resolving nested members is recursive
- when the cache entry was created it happend for intermediate groups, too,
  containing members from the parent group
- the check was added to only cache the root group with its members
- a runtime cache stores intermediate ldap read results


Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
@backportbot-nextcloud backportbot-nextcloud bot added this to the Nextcloud 23.0.1 milestone Dec 20, 2021
@artonge
Copy link
Contributor

artonge commented Dec 30, 2021

CI failure is unrelated.

@artonge artonge merged commit 955cb63 into stable23 Dec 30, 2021
@artonge artonge deleted the backport/29329/stable23 branch December 30, 2021 10:04
@skjnldsv skjnldsv mentioned this pull request Jan 7, 2022
Merged
6 tasks
This was referenced Jan 20, 2022
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skjnldsv skjnldsv skjnldsv approved these changes

@artonge artonge Awaiting requested review from artonge

@blizzz blizzz Awaiting requested review from blizzz

@come-nc come-nc Awaiting requested review from come-nc

@juliushaertl juliushaertl Awaiting requested review from juliushaertl

@PVince81 PVince81 Awaiting requested review from PVince81

Assignees
No one assigned
Labels
bug feature: ldap
Projects
None yet
Milestone
Nextcloud 23.0.1
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@artonge @skjnldsv @blizzz