Merge pull request #535 from nextcloud/enh/noid/better-ldap-user-sync…

…-non-auto-provisioning Sync LDAP user with non-auto provisioning
nextcloud · Nov 18, 2022 · 75f4044 · 75f4044
2 parents f98cde9 + 2d3a455
commit 75f4044
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/lib/Controller/LoginController.php b/lib/Controller/LoginController.php
@@ -461,6 +461,7 @@ private function provisionUser(string $userId, int $providerId, object $idTokenP
 			// in case user is provisioned by user_ldap, userManager->search() triggers an ldap search which syncs the results
 			// so new users will be directly available even if they were not synced before this login attempt
 			$this->userManager->search($userId);
+			$this->ldapService->syncUser($userId);
 			// when auto provision is disabled, we assume the user has been created by another user backend (or manually)
 			$user = $this->userManager->get($userId);
 			if ($this->ldapService->isLdapDeletedUser($user)) {

diff --git a/lib/Service/LdapService.php b/lib/Service/LdapService.php
@@ -72,4 +72,20 @@ public function isLdapDeletedUser(IUser $user): bool {
 		// did we find the user in the LDAP deleted user list?
 		return $searchDisabledUser !== false;
 	}
+
+	/**
+	 * This triggers User_LDAP::getLDAPUserByLoginName which does a LDAP query with the login filter
+	 * so the user ID we got from the OIDC IdP should work as a login in LDAP (the login filter should use a matching attribute)
+	 * @param string $userId
+	 * @return void
+	 */
+	public function syncUser(string $userId): void {
+		try {
+			/** @var \OCA\User_LDAP\User_Proxy */
+			$ldapUserProxy = \OC::$server->get(\OCA\User_LDAP\User_Proxy::class);
+			$ldapUserProxy->loginName2UserName($userId);
+		} catch (QueryException $e) {
+			$this->logger->debug('\OCA\User_LDAP\User_Proxy class not found');
+		}
+	}
 }