LDAP alias provisioning #5198
LDAP alias provisioning #5198
Conversation
kesselb
force-pushed
the
enh/5173/ldap-aliases-provisioning
branch
3 times, most recently
from
7a87327 to
e6c824d
Compare
| return $provisioning; | ||
| } | ||
|
|
||
| if ($this->ldapProviderFactory->isAvailable() === false) { |
There was a problem hiding this comment.
Snap! isAvailable is new in 21 🤷♂️
There was a problem hiding this comment.
Do an additional server version comparison here and don't offer the feature for Nextcloud 20 or older. It's a fair tradeoff IMO.
There was a problem hiding this comment.
Thanks! I added @psalm-suppress UndefinedInterfaceMethod to make Psalm on Nextcloud 20 happy. The check for the right Nextcloud version is already done some lines earlier: https://github.com/nextcloud/mail/pull/5198/files#diff-fe646e6e2f7561cf6a8731328355c7432be7647f7114e1619fe2bf5ff2638c42R205. If getMultiValueUserAttribute exist isAvailable also exist.
kesselb
force-pushed
the
enh/5173/ldap-aliases-provisioning
branch
from
4226ec5 to
0ee5cc6
Compare
Signed-off-by: Daniel Kesselberg <[email protected]>
kesselb
force-pushed
the
enh/5173/ldap-aliases-provisioning
branch
from
0ee5cc6 to
8fb14b5
Compare
ChristophWurst
left a comment
ChristophWurst
left a comment
There was a problem hiding this comment.
Code looks good otherwise :)
| $this->provisioningManager->newProvisioning($data); | ||
| } catch (ValidationException $e) { | ||
| return HttpJsonResponse::fail([$e->getFields()]); | ||
| } catch (\Exception $e) { |
There was a problem hiding this comment.
could you elaborate why this was widened?
| $this->provisioningManager->updateProvisioning(array_merge($data, ['id' => $id])); | ||
| } catch (ValidationException $e) { | ||
| return HttpJsonResponse::fail([$e->getFields()]); | ||
| } catch (\Exception $e) { |
There was a problem hiding this comment.
same. Could this possibly be a ClientException? \Error will throw almost anything. That anything could also be from unexpected service errors, then the HTTP4xx isn't appropriate IMO
There was a problem hiding this comment.
$this->provisioningManager->newProvisioning($data); throws a validation exception if input data is invalid or a exception related to the database. I guess we can migrate this to Throwable and HttpJsonResponse.errorFromThrowable.
| * Exception for Nextcloud 20: \Doctrine\DBAL\DBALException | ||
| * Exception for Nextcloud 21 and newer: \OCP\DB\Exception | ||
| * | ||
| * @TODO: Change throws to \OCP\DB\Exception once Mail does not support Nextcloud 20. |
There was a problem hiding this comment.
FYI I think we do this soon-ish so we only have to support two major versions
|
|
||
| $ldapProvider = $this->ldapProviderFactory->getLDAPProvider(); | ||
| /** @psalm-suppress UndefinedInterfaceMethod */ | ||
| $provisioning->setAliases($ldapProvider->getMultiValueUserAttribute($user->getUID(), $provisioning->getLdapAliasesAttribute())); |
There was a problem hiding this comment.
Setup a test environment using your guide and tested it locally with multiple aliases. Works fine.
The only issue I noticed it that once an account has been provisioned, changes of the aliases in LDAP won't be forwarded to the mail alias settings.
E.g. If I remove one of multiple aliases from LDAP and then run the provisioning again, all aliases are still configured in mail.
That should work. |
The provisioning run with every http request in mail. To reduce the load to the ldap server the response for getMultiValueUserAttribute is cached (in server). If a distributed cache is configured the value is cached. You may set ldapCacheTTL to 0 for testing. |
That has been the issue. My dev setup has a distributed cache setup. Thanks for clarifying :) |
Fix #5173
Todo
Add option to filter aliases by regexAdd unique constraint to mail_aliases account_id and alias.