This changes 48c6512a70740c403027b66e9d609e9b871d29c0, in Eric's commit it
needs a flag to go fetch the record and apply the mapping to find the
username field. This approach looks for a telltale that this is DN (naively
an "=") and then either grabs the first element from the DN if the username
attr matches or fetches the entry from LDAP.
There have also been attempts in the past to special case uniqueMember and
to add a group_member_dnfix config option.
This should handle the cases where people use uid/cn/whatever for the
username.
The logic actually handled updated group details, but only new groups were
being passed in. This will cause changes to what is being used for the
fullname to flow through.
This is to be consistent with group_mapping_field. The code is backwards
compatible with mapping_field.
In sync_LDAP_groups assign user_mapping once, not for every group.
Usinger "username" for the group name is confusing and misleading. Just
use name, but support our users who still have username.
We don't use fullname, drop it from the example.
Deprecated: Required parameter $username follows optional parameter $attributes in inc/drivers_ldap.php on line 190
Deprecated: Required parameter $passwd follows optional parameter $attributes in inc/drivers_ldap.php on line 190
Deprecated: Required parameter $ua_string follows optional parameter $min_age in inc/external-fetch.php on line 42
As explained in https://www.php.net/manual/en/migration80.deprecated.php,
If a parameter with a default value is followed by a required
parameter, the default value has no effect. This is deprecated as of
PHP 8.0.0 and can generally be resolved by dropping the default
value, without a change in functionality
despite its name, $c->do_not_sync_from_ldap did not stop accounts in
LDAP from being created in Davical, it only stopped accounts not in LDAP
from being deactived in Davical (like a local admin account)
The checks to test if a "modified" attribute was found in the
$valid array used in_array, which fails.
Replace this with array_key_exists calls.
This fixes https://gitlab.com/davical-project/davical/issues/108
[ $mapping['modified'] is a key in $valid, not a value. This is a
regression introduced in 970b61ac, for 1.1.5 ]
If the ldap driver is not valid, the error messages were not printed.
There was just "Couldn't contact LDAP server for authentication" - But
why?
This commit adds a print loop for all messages from the global
$c->messages message array.
As I could see at other locations in the code, the ldap driver instance
can be invalid. And if the instance is invalid, the getStaticLdap()
function gets called again. Caching would prevent the function from
retrying to initiate the ldapDrivers object.
This commit adds conditional caching: only if the ldap driver instance is
valid, the object gets cached. This ensures that a retry with this function
would really try to create a new ldapDrivers object and not simply
return the (invalid) cached one.