Implement soft auto provisioning #730

julien-nc · 2023-12-08T12:21:48Z

Problem: When auto provisioning is enabled, if a user with the same ID exists in another backend (Db, LDAP...), we create a second user in the user_oidc backend which leads to issues and confusion.

Here is a partial solution to this problem:
New config soft_auto_provision flag (enabled by default).

When enabled
- If the user already exists in another backend, we don't create a new one in our backend. We update the information (mapped attributes) of the existing user.
- If the user does not exist in another backend, we create it in ours
When disabled
- We refuse login of users that already exist in other backends

This does not migrate existing users to the user_oidc backend but allows them to log in without creating a duplicate user.

Nothing was changed when auto provisioning is disabled.

Extra change: In the user backend, the ldap sync was not triggered when looking for an existing user.

nc-fkl · 2023-12-08T13:40:34Z

lib/Service/ProvisioningService.php

+					$this->eventDispatcher->dispatchTyped(new UserChangedEvent($user, 'displayName', $newDisplayName, $oldDisplayName));
+				}
+			} else {
+				$user->setDisplayName($newDisplayName);


Not sure here if the $newDisplayName in L112 is always set as its only set once when the if condition in L101 was triggered

Nice catch! Thanks

nc-fkl

Please check my comment regarding $newDisplayName in ProvisioningService.php

nc-fkl

Nice! :)

github-actions · 2023-12-23T02:03:59Z

Hello there,
Thank you so much for taking the time and effort to create a pull request to our Nextcloud project.

We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process.

Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6

Thank you for contributing to Nextcloud and we hope to hear from you soon!

julien-nc · 2024-01-23T09:34:30Z

@juliushaertl Could you check if this PR makes sense? 😁

juliushaertl

The approach looks good to me, haven't tested though 👍

…login, update their info Signed-off-by: Julien Veyssier <julien-nc@posteo.net>

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>

…isioning Signed-off-by: Julien Veyssier <julien-nc@posteo.net>

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>

brtptrs · 2024-02-28T16:04:11Z

Would it be possible to catch this Problem during while this provisioning?
#656
Maybe with a config flag to enable a lowercase - uppercase verification

julien-nc added the enhancement New feature or request label Dec 8, 2023

julien-nc requested review from juliushaertl and nc-fkl December 8, 2023 12:21

julien-nc force-pushed the enh/660/soft-auto-provisioning branch from 654b0a2 to 679c111 Compare December 8, 2023 12:36

nc-fkl reviewed Dec 8, 2023

View reviewed changes

nc-fkl suggested changes Dec 8, 2023

View reviewed changes

julien-nc requested a review from nc-fkl December 8, 2023 14:27

nc-fkl approved these changes Dec 8, 2023

View reviewed changes

github-actions bot added the feedback-requested label Dec 23, 2023

julien-nc force-pushed the enh/660/soft-auto-provisioning branch from 8f28992 to a1a85a4 Compare January 12, 2024 12:11

julien-nc force-pushed the enh/660/soft-auto-provisioning branch from 3b584ed to c48a5f5 Compare January 19, 2024 14:01

julien-nc force-pushed the enh/660/soft-auto-provisioning branch from c48a5f5 to cb658a2 Compare January 23, 2024 15:33

juliushaertl approved these changes Jan 31, 2024

View reviewed changes

julien-nc added 5 commits February 23, 2024 10:35

implement soft auto provisioning: allow users from other backends to …

e31ff84

…login, update their info Signed-off-by: Julien Veyssier <julien-nc@posteo.net>

fix isLdapDeletedUser calls with null user

ee1259c

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>

fix setting display name

3e80a08

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>

do not throttle when there is a user conflict with non-soft auto prov…

01c8098

…isioning Signed-off-by: Julien Veyssier <julien-nc@posteo.net>

cs:fix

d52b05b

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>

julien-nc force-pushed the enh/660/soft-auto-provisioning branch from cb658a2 to d52b05b Compare February 23, 2024 09:36

document soft auto provisioning in README

22a4cb6

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>

julien-nc merged commit 84f46e1 into main Feb 23, 2024
40 checks passed

julien-nc deleted the enh/660/soft-auto-provisioning branch February 23, 2024 10:15

julien-nc mentioned this pull request Feb 28, 2024

Prepare v5.0.0 #801

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Implement soft auto provisioning #730

Implement soft auto provisioning #730

julien-nc commented Dec 8, 2023

nc-fkl Dec 8, 2023 •

edited

julien-nc Dec 8, 2023

nc-fkl left a comment

nc-fkl left a comment

github-actions bot commented Dec 23, 2023

julien-nc commented Jan 23, 2024

juliushaertl left a comment

brtptrs commented Feb 28, 2024 •

edited

Implement soft auto provisioning #730

Implement soft auto provisioning #730

Conversation

julien-nc commented Dec 8, 2023

nc-fkl Dec 8, 2023 • edited

Choose a reason for hiding this comment

julien-nc Dec 8, 2023

Choose a reason for hiding this comment

nc-fkl left a comment

Choose a reason for hiding this comment

nc-fkl left a comment

Choose a reason for hiding this comment

github-actions bot commented Dec 23, 2023

julien-nc commented Jan 23, 2024

juliushaertl left a comment

Choose a reason for hiding this comment

brtptrs commented Feb 28, 2024 • edited

nc-fkl Dec 8, 2023 •

edited

brtptrs commented Feb 28, 2024 •

edited