nextcloud / server

apps/user_ldap/lib/Mapping/UserMapping.php

Indentation +40 added lines, -40 removed lines

@@ -22,48 +22,48 @@
  */
 class UserMapping extends AbstractMapping {
 
-	protected const PROV_API_REGEX = '/\/ocs\/v[1-9].php\/cloud\/(groups|users)/';
+    protected const PROV_API_REGEX = '/\/ocs\/v[1-9].php\/cloud\/(groups|users)/';
 
-	public function __construct(
-		IDBConnection $dbc,
-		ICacheFactory $cacheFactory,
-		IAppConfig $config,
-		bool $isCLI,
-		private IAssertion $assertion,
-	) {
-		parent::__construct($dbc, $cacheFactory, $config, $isCLI);
-	}
+    public function __construct(
+        IDBConnection $dbc,
+        ICacheFactory $cacheFactory,
+        IAppConfig $config,
+        bool $isCLI,
+        private IAssertion $assertion,
+    ) {
+        parent::__construct($dbc, $cacheFactory, $config, $isCLI);
+    }
 
-	/**
-	 * @throws HintException
-	 */
-	public function map($fdn, $name, $uuid): bool {
-		try {
-			$this->assertion->createUserIsLegit();
-		} catch (HintException $e) {
-			static $isProvisioningApi = null;
+    /**
+     * @throws HintException
+     */
+    public function map($fdn, $name, $uuid): bool {
+        try {
+            $this->assertion->createUserIsLegit();
+        } catch (HintException $e) {
+            static $isProvisioningApi = null;
 
-			if ($isProvisioningApi === null) {
-				$request = Server::get(IRequest::class);
-				$isProvisioningApi = \preg_match(self::PROV_API_REGEX, $request->getRequestUri()) === 1;
-			}
-			if ($isProvisioningApi) {
-				// only throw when prov API is being used, since functionality
-				// should not break for end users (e.g. when sharing).
-				// On direct API usage, e.g. on users page, this is desired.
-				throw $e;
-			}
-			return false;
-		}
-		return parent::map($fdn, $name, $uuid);
-	}
+            if ($isProvisioningApi === null) {
+                $request = Server::get(IRequest::class);
+                $isProvisioningApi = \preg_match(self::PROV_API_REGEX, $request->getRequestUri()) === 1;
+            }
+            if ($isProvisioningApi) {
+                // only throw when prov API is being used, since functionality
+                // should not break for end users (e.g. when sharing).
+                // On direct API usage, e.g. on users page, this is desired.
+                throw $e;
+            }
+            return false;
+        }
+        return parent::map($fdn, $name, $uuid);
+    }
 
-	/**
-	 * returns the DB table name which holds the mappings
-	 * @return string
-	 */
-	protected function getTableName(bool $includePrefix = true) {
-		$p = $includePrefix ? '*PREFIX*' : '';
-		return $p . 'ldap_user_mapping';
-	}
+    /**
+     * returns the DB table name which holds the mappings
+     * @return string
+     */
+    protected function getTableName(bool $includePrefix = true) {
+        $p = $includePrefix ? '*PREFIX*' : '';
+        return $p . 'ldap_user_mapping';
+    }
 }

apps/user_ldap/lib/Mapping/AbstractMapping.php

Indentation +485 added lines, -485 removed lines

@@ -23,507 +23,507 @@
  * @package OCA\User_LDAP\Mapping
  */
 abstract class AbstractMapping {
-	/**
-	 * returns the DB table name which holds the mappings
-	 *
-	 * @return string
-	 */
-	abstract protected function getTableName(bool $includePrefix = true);
-
-	/**
-	 * A month worth of cache time for as good as never changing mapping data.
-	 * Implemented when it was found that name-to-DN lookups are quite frequent.
-	 */
-	protected const LOCAL_CACHE_TTL = 2592000;
-
-	/**
-	 * A week worth of cache time for rarely changing user count data.
-	 */
-	protected const LOCAL_USER_COUNT_TTL = 604800;
-
-	/**
-	 * By default, the local cache is only used up to a certain amount of objects.
-	 * This constant holds this number. The amount of entries would amount up to
-	 * 1 MiB (worst case) per mappings table.
-	 * Setting `use_local_mapping_cache` for `user_ldap` to `yes` or `no`
-	 * deliberately enables or disables this mechanism.
-	 */
-	protected const LOCAL_CACHE_OBJECT_THRESHOLD = 2000;
-
-	protected ?ICache $localNameToDnCache = null;
-
-	/** @var array caches Names (value) by DN (key) */
-	protected array $cache = [];
-
-	/**
-	 * @param IDBConnection $dbc
-	 */
-	public function __construct(
-		protected IDBConnection $dbc,
-		protected ICacheFactory $cacheFactory,
-		protected IAppConfig $config,
-		protected bool $isCLI,
-	) {
-		$this->initLocalCache();
-	}
-
-	protected function initLocalCache(): void {
-		if ($this->isCLI || !$this->cacheFactory->isLocalCacheAvailable()) {
-			return;
-		}
-
-		$useLocalCache = $this->config->getValueString('user_ldap', 'use_local_mapping_cache', 'auto', false);
-		if ($useLocalCache !== 'yes' && $useLocalCache !== 'auto') {
-			return;
-		}
-
-		$section = \str_contains($this->getTableName(), 'user') ? 'u/' : 'g/';
-		$this->localNameToDnCache = $this->cacheFactory->createLocal('ldap/map/' . $section);
-
-		// We use the cache as well to store whether it shall be used. If the
-		// answer was no, we unset it again.
-		if ($useLocalCache === 'auto' && !$this->useCacheByUserCount()) {
-			$this->localNameToDnCache = null;
-		}
-	}
-
-	protected function useCacheByUserCount(): bool {
-		$use = $this->localNameToDnCache->get('use');
-		if ($use !== null) {
-			return $use;
-		}
-
-		$qb = $this->dbc->getQueryBuilder();
-		$q = $qb->selectAlias($qb->createFunction('COUNT(owncloud_name)'), 'count')
-			->from($this->getTableName());
-		$q->setMaxResults(self::LOCAL_CACHE_OBJECT_THRESHOLD + 1);
-		$result = $q->executeQuery();
-		$row = $result->fetch();
-		$result->closeCursor();
-
-		$use = (int)$row['count'] <= self::LOCAL_CACHE_OBJECT_THRESHOLD;
-		$this->localNameToDnCache->set('use', $use, self::LOCAL_USER_COUNT_TTL);
-		return $use;
-	}
-
-	/**
-	 * checks whether a provided string represents an existing table col
-	 *
-	 * @param string $col
-	 * @return bool
-	 */
-	public function isColNameValid($col) {
-		switch ($col) {
-			case 'ldap_dn':
-			case 'ldap_dn_hash':
-			case 'owncloud_name':
-			case 'directory_uuid':
-				return true;
-			default:
-				return false;
-		}
-	}
-
-	/**
-	 * Gets the value of one column based on a provided value of another column
-	 *
-	 * @param string $fetchCol
-	 * @param string $compareCol
-	 * @param string $search
-	 * @return string|false
-	 * @throws \Exception
-	 */
-	protected function getXbyY($fetchCol, $compareCol, $search) {
-		if (!$this->isColNameValid($fetchCol)) {
-			//this is used internally only, but we don't want to risk
-			//having SQL injection at all.
-			throw new \Exception('Invalid Column Name');
-		}
-		$qb = $this->dbc->getQueryBuilder();
-		$qb->select($fetchCol)
-			->from($this->getTableName())
-			->where($qb->expr()->eq($compareCol, $qb->createNamedParameter($search)));
-
-		try {
-			$res = $qb->executeQuery();
-			$data = $res->fetchOne();
-			$res->closeCursor();
-			return $data;
-		} catch (Exception $e) {
-			return false;
-		}
-	}
-
-	/**
-	 * Performs a DELETE or UPDATE query to the database.
-	 *
-	 * @param IPreparedStatement $statement
-	 * @param array $parameters
-	 * @return bool true if at least one row was modified, false otherwise
-	 */
-	protected function modify(IPreparedStatement $statement, $parameters) {
-		try {
-			$result = $statement->execute($parameters);
-			$updated = $result->rowCount() > 0;
-			$result->closeCursor();
-			return $updated;
-		} catch (Exception $e) {
-			return false;
-		}
-	}
-
-	/**
-	 * Gets the LDAP DN based on the provided name.
-	 */
-	public function getDNByName(string $name): string|false {
-		$dn = array_search($name, $this->cache, true);
-		if ($dn === false) {
-			$dn = $this->localNameToDnCache?->get($name);
-			if ($dn === null) {
-				$dn = $this->getXbyY('ldap_dn', 'owncloud_name', $name);
-				if ($dn !== false) {
-					$this->cache[$dn] = $name;
-				}
-				$this->localNameToDnCache?->set($name, $dn, self::LOCAL_CACHE_TTL);
-			}
-		}
-		return $dn ?? false;
-	}
-
-	/**
-	 * Updates the DN based on the given UUID
-	 *
-	 * @param string $fdn
-	 * @param string $uuid
-	 * @return bool
-	 */
-	public function setDNbyUUID($fdn, $uuid) {
-		$oldDn = $this->getDnByUUID($uuid);
-		$statement = $this->dbc->prepare('
+    /**
+     * returns the DB table name which holds the mappings
+     *
+     * @return string
+     */
+    abstract protected function getTableName(bool $includePrefix = true);
+
+    /**
+     * A month worth of cache time for as good as never changing mapping data.
+     * Implemented when it was found that name-to-DN lookups are quite frequent.
+     */
+    protected const LOCAL_CACHE_TTL = 2592000;
+
+    /**
+     * A week worth of cache time for rarely changing user count data.
+     */
+    protected const LOCAL_USER_COUNT_TTL = 604800;
+
+    /**
+     * By default, the local cache is only used up to a certain amount of objects.
+     * This constant holds this number. The amount of entries would amount up to
+     * 1 MiB (worst case) per mappings table.
+     * Setting `use_local_mapping_cache` for `user_ldap` to `yes` or `no`
+     * deliberately enables or disables this mechanism.
+     */
+    protected const LOCAL_CACHE_OBJECT_THRESHOLD = 2000;
+
+    protected ?ICache $localNameToDnCache = null;
+
+    /** @var array caches Names (value) by DN (key) */
+    protected array $cache = [];
+
+    /**
+     * @param IDBConnection $dbc
+     */
+    public function __construct(
+        protected IDBConnection $dbc,
+        protected ICacheFactory $cacheFactory,
+        protected IAppConfig $config,
+        protected bool $isCLI,
+    ) {
+        $this->initLocalCache();
+    }
+
+    protected function initLocalCache(): void {
+        if ($this->isCLI || !$this->cacheFactory->isLocalCacheAvailable()) {
+            return;
+        }
+
+        $useLocalCache = $this->config->getValueString('user_ldap', 'use_local_mapping_cache', 'auto', false);
+        if ($useLocalCache !== 'yes' && $useLocalCache !== 'auto') {
+            return;
+        }
+
+        $section = \str_contains($this->getTableName(), 'user') ? 'u/' : 'g/';
+        $this->localNameToDnCache = $this->cacheFactory->createLocal('ldap/map/' . $section);
+
+        // We use the cache as well to store whether it shall be used. If the
+        // answer was no, we unset it again.
+        if ($useLocalCache === 'auto' && !$this->useCacheByUserCount()) {
+            $this->localNameToDnCache = null;
+        }
+    }
+
+    protected function useCacheByUserCount(): bool {
+        $use = $this->localNameToDnCache->get('use');
+        if ($use !== null) {
+            return $use;
+        }
+
+        $qb = $this->dbc->getQueryBuilder();
+        $q = $qb->selectAlias($qb->createFunction('COUNT(owncloud_name)'), 'count')
+            ->from($this->getTableName());
+        $q->setMaxResults(self::LOCAL_CACHE_OBJECT_THRESHOLD + 1);
+        $result = $q->executeQuery();
+        $row = $result->fetch();
+        $result->closeCursor();
+
+        $use = (int)$row['count'] <= self::LOCAL_CACHE_OBJECT_THRESHOLD;
+        $this->localNameToDnCache->set('use', $use, self::LOCAL_USER_COUNT_TTL);
+        return $use;
+    }
+
+    /**
+     * checks whether a provided string represents an existing table col
+     *
+     * @param string $col
+     * @return bool
+     */
+    public function isColNameValid($col) {
+        switch ($col) {
+            case 'ldap_dn':
+            case 'ldap_dn_hash':
+            case 'owncloud_name':
+            case 'directory_uuid':
+                return true;
+            default:
+                return false;
+        }
+    }
+
+    /**
+     * Gets the value of one column based on a provided value of another column
+     *
+     * @param string $fetchCol
+     * @param string $compareCol
+     * @param string $search
+     * @return string|false
+     * @throws \Exception
+     */
+    protected function getXbyY($fetchCol, $compareCol, $search) {
+        if (!$this->isColNameValid($fetchCol)) {
+            //this is used internally only, but we don't want to risk
+            //having SQL injection at all.
+            throw new \Exception('Invalid Column Name');
+        }
+        $qb = $this->dbc->getQueryBuilder();
+        $qb->select($fetchCol)
+            ->from($this->getTableName())
+            ->where($qb->expr()->eq($compareCol, $qb->createNamedParameter($search)));
+
+        try {
+            $res = $qb->executeQuery();
+            $data = $res->fetchOne();
+            $res->closeCursor();
+            return $data;
+        } catch (Exception $e) {
+            return false;
+        }
+    }
+
+    /**
+     * Performs a DELETE or UPDATE query to the database.
+     *
+     * @param IPreparedStatement $statement
+     * @param array $parameters
+     * @return bool true if at least one row was modified, false otherwise
+     */
+    protected function modify(IPreparedStatement $statement, $parameters) {
+        try {
+            $result = $statement->execute($parameters);
+            $updated = $result->rowCount() > 0;
+            $result->closeCursor();
+            return $updated;
+        } catch (Exception $e) {
+            return false;
+        }
+    }
+
+    /**
+     * Gets the LDAP DN based on the provided name.
+     */
+    public function getDNByName(string $name): string|false {
+        $dn = array_search($name, $this->cache, true);
+        if ($dn === false) {
+            $dn = $this->localNameToDnCache?->get($name);
+            if ($dn === null) {
+                $dn = $this->getXbyY('ldap_dn', 'owncloud_name', $name);
+                if ($dn !== false) {
+                    $this->cache[$dn] = $name;
+                }
+                $this->localNameToDnCache?->set($name, $dn, self::LOCAL_CACHE_TTL);
+            }
+        }
+        return $dn ?? false;
+    }
+
+    /**
+     * Updates the DN based on the given UUID
+     *
+     * @param string $fdn
+     * @param string $uuid
+     * @return bool
+     */
+    public function setDNbyUUID($fdn, $uuid) {
+        $oldDn = $this->getDnByUUID($uuid);
+        $statement = $this->dbc->prepare('
 			UPDATE `' . $this->getTableName() . '`
 			SET `ldap_dn_hash` = ?, `ldap_dn` = ?
 			WHERE `directory_uuid` = ?
 		');
 
-		$r = $this->modify($statement, [$this->getDNHash($fdn), $fdn, $uuid]);
-		if ($r) {
-			if (is_string($oldDn) && isset($this->cache[$oldDn])) {
-				$userId = $this->cache[$oldDn];
-			}
-			$userId = $userId ?? $this->getNameByUUID($uuid);
-			if ($userId) {
-				$this->cache[$fdn] = $userId;
-				$this->localNameToDnCache?->set($userId, $fdn, self::LOCAL_CACHE_TTL);
-			}
-			unset($this->cache[$oldDn]);
-		}
-
-		return $r;
-	}
-
-	/**
-	 * Updates the UUID based on the given DN
-	 *
-	 * required by Migration/UUIDFix
-	 *
-	 * @param $uuid
-	 * @param $fdn
-	 * @return bool
-	 */
-	public function setUUIDbyDN($uuid, $fdn): bool {
-		$statement = $this->dbc->prepare('
+        $r = $this->modify($statement, [$this->getDNHash($fdn), $fdn, $uuid]);
+        if ($r) {
+            if (is_string($oldDn) && isset($this->cache[$oldDn])) {
+                $userId = $this->cache[$oldDn];
+            }
+            $userId = $userId ?? $this->getNameByUUID($uuid);
+            if ($userId) {
+                $this->cache[$fdn] = $userId;
+                $this->localNameToDnCache?->set($userId, $fdn, self::LOCAL_CACHE_TTL);
+            }
+            unset($this->cache[$oldDn]);
+        }
+
+        return $r;
+    }
+
+    /**
+     * Updates the UUID based on the given DN
+     *
+     * required by Migration/UUIDFix
+     *
+     * @param $uuid
+     * @param $fdn
+     * @return bool
+     */
+    public function setUUIDbyDN($uuid, $fdn): bool {
+        $statement = $this->dbc->prepare('
 			UPDATE `' . $this->getTableName() . '`
 			SET `directory_uuid` = ?
 			WHERE `ldap_dn_hash` = ?
 		');
 
-		unset($this->cache[$fdn]);
-
-		return $this->modify($statement, [$uuid, $this->getDNHash($fdn)]);
-	}
-
-	/**
-	 * Get the hash to store in database column ldap_dn_hash for a given dn
-	 */
-	protected function getDNHash(string $fdn): string {
-		return hash('sha256', $fdn, false);
-	}
-
-	/**
-	 * Gets the name based on the provided LDAP DN.
-	 *
-	 * @param string $fdn
-	 * @return string|false
-	 */
-	public function getNameByDN($fdn) {
-		if (!isset($this->cache[$fdn])) {
-			$this->cache[$fdn] = $this->getXbyY('owncloud_name', 'ldap_dn_hash', $this->getDNHash($fdn));
-		}
-		return $this->cache[$fdn];
-	}
-
-	/**
-	 * @param array<string> $hashList
-	 */
-	protected function prepareListOfIdsQuery(array $hashList): IQueryBuilder {
-		$qb = $this->dbc->getQueryBuilder();
-		$qb->select('owncloud_name', 'ldap_dn_hash', 'ldap_dn')
-			->from($this->getTableName(false))
-			->where($qb->expr()->in('ldap_dn_hash', $qb->createNamedParameter($hashList, IQueryBuilder::PARAM_STR_ARRAY)));
-		return $qb;
-	}
-
-	protected function collectResultsFromListOfIdsQuery(IQueryBuilder $qb, array &$results): void {
-		$stmt = $qb->executeQuery();
-		while ($entry = $stmt->fetch(\Doctrine\DBAL\FetchMode::ASSOCIATIVE)) {
-			$results[$entry['ldap_dn']] = $entry['owncloud_name'];
-			$this->cache[$entry['ldap_dn']] = $entry['owncloud_name'];
-		}
-		$stmt->closeCursor();
-	}
-
-	/**
-	 * @param array<string> $fdns
-	 * @return array<string,string>
-	 */
-	public function getListOfIdsByDn(array $fdns): array {
-		$totalDBParamLimit = 65000;
-		$sliceSize = 1000;
-		$maxSlices = $this->dbc->getDatabaseProvider() === IDBConnection::PLATFORM_SQLITE ? 9 : $totalDBParamLimit / $sliceSize;
-		$results = [];
-
-		$slice = 1;
-		$fdns = array_map([$this, 'getDNHash'], $fdns);
-		$fdnsSlice = count($fdns) > $sliceSize ? array_slice($fdns, 0, $sliceSize) : $fdns;
-		$qb = $this->prepareListOfIdsQuery($fdnsSlice);
-
-		while (isset($fdnsSlice[999])) {
-			// Oracle does not allow more than 1000 values in the IN list,
-			// but allows slicing
-			$slice++;
-			$fdnsSlice = array_slice($fdns, $sliceSize * ($slice - 1), $sliceSize);
-
-			/** @see https://github.com/vimeo/psalm/issues/4995 */
-			/** @psalm-suppress TypeDoesNotContainType */
-			if (!isset($qb)) {
-				$qb = $this->prepareListOfIdsQuery($fdnsSlice);
-				continue;
-			}
-
-			if (!empty($fdnsSlice)) {
-				$qb->orWhere($qb->expr()->in('ldap_dn_hash', $qb->createNamedParameter($fdnsSlice, IQueryBuilder::PARAM_STR_ARRAY)));
-			}
-
-			if ($slice % $maxSlices === 0) {
-				$this->collectResultsFromListOfIdsQuery($qb, $results);
-				unset($qb);
-			}
-		}
-
-		if (isset($qb)) {
-			$this->collectResultsFromListOfIdsQuery($qb, $results);
-		}
-
-		return $results;
-	}
-
-	/**
-	 * Searches mapped names by the giving string in the name column
-	 *
-	 * @return string[]
-	 */
-	public function getNamesBySearch(string $search, string $prefixMatch = '', string $postfixMatch = ''): array {
-		$statement = $this->dbc->prepare('
+        unset($this->cache[$fdn]);
+
+        return $this->modify($statement, [$uuid, $this->getDNHash($fdn)]);
+    }
+
+    /**
+     * Get the hash to store in database column ldap_dn_hash for a given dn
+     */
+    protected function getDNHash(string $fdn): string {
+        return hash('sha256', $fdn, false);
+    }
+
+    /**
+     * Gets the name based on the provided LDAP DN.
+     *
+     * @param string $fdn
+     * @return string|false
+     */
+    public function getNameByDN($fdn) {
+        if (!isset($this->cache[$fdn])) {
+            $this->cache[$fdn] = $this->getXbyY('owncloud_name', 'ldap_dn_hash', $this->getDNHash($fdn));
+        }
+        return $this->cache[$fdn];
+    }
+
+    /**
+     * @param array<string> $hashList
+     */
+    protected function prepareListOfIdsQuery(array $hashList): IQueryBuilder {
+        $qb = $this->dbc->getQueryBuilder();
+        $qb->select('owncloud_name', 'ldap_dn_hash', 'ldap_dn')
+            ->from($this->getTableName(false))
+            ->where($qb->expr()->in('ldap_dn_hash', $qb->createNamedParameter($hashList, IQueryBuilder::PARAM_STR_ARRAY)));
+        return $qb;
+    }
+
+    protected function collectResultsFromListOfIdsQuery(IQueryBuilder $qb, array &$results): void {
+        $stmt = $qb->executeQuery();
+        while ($entry = $stmt->fetch(\Doctrine\DBAL\FetchMode::ASSOCIATIVE)) {
+            $results[$entry['ldap_dn']] = $entry['owncloud_name'];
+            $this->cache[$entry['ldap_dn']] = $entry['owncloud_name'];
+        }
+        $stmt->closeCursor();
+    }
+
+    /**
+     * @param array<string> $fdns
+     * @return array<string,string>
+     */
+    public function getListOfIdsByDn(array $fdns): array {
+        $totalDBParamLimit = 65000;
+        $sliceSize = 1000;
+        $maxSlices = $this->dbc->getDatabaseProvider() === IDBConnection::PLATFORM_SQLITE ? 9 : $totalDBParamLimit / $sliceSize;
+        $results = [];
+
+        $slice = 1;
+        $fdns = array_map([$this, 'getDNHash'], $fdns);
+        $fdnsSlice = count($fdns) > $sliceSize ? array_slice($fdns, 0, $sliceSize) : $fdns;
+        $qb = $this->prepareListOfIdsQuery($fdnsSlice);
+
+        while (isset($fdnsSlice[999])) {
+            // Oracle does not allow more than 1000 values in the IN list,
+            // but allows slicing
+            $slice++;
+            $fdnsSlice = array_slice($fdns, $sliceSize * ($slice - 1), $sliceSize);
+
+            /** @see https://github.com/vimeo/psalm/issues/4995 */
+            /** @psalm-suppress TypeDoesNotContainType */
+            if (!isset($qb)) {
+                $qb = $this->prepareListOfIdsQuery($fdnsSlice);
+                continue;
+            }
+
+            if (!empty($fdnsSlice)) {
+                $qb->orWhere($qb->expr()->in('ldap_dn_hash', $qb->createNamedParameter($fdnsSlice, IQueryBuilder::PARAM_STR_ARRAY)));
+            }
+
+            if ($slice % $maxSlices === 0) {
+                $this->collectResultsFromListOfIdsQuery($qb, $results);
+                unset($qb);
+            }
+        }
+
+        if (isset($qb)) {
+            $this->collectResultsFromListOfIdsQuery($qb, $results);
+        }
+
+        return $results;
+    }
+
+    /**
+     * Searches mapped names by the giving string in the name column
+     *
+     * @return string[]
+     */
+    public function getNamesBySearch(string $search, string $prefixMatch = '', string $postfixMatch = ''): array {
+        $statement = $this->dbc->prepare('
 			SELECT `owncloud_name`
 			FROM `' . $this->getTableName() . '`
 			WHERE `owncloud_name` LIKE ?
 		');
 
-		try {
-			$res = $statement->execute([$prefixMatch . $this->dbc->escapeLikeParameter($search) . $postfixMatch]);
-		} catch (Exception $e) {
-			return [];
-		}
-		$names = [];
-		while ($row = $res->fetch()) {
-			$names[] = $row['owncloud_name'];
-		}
-		return $names;
-	}
-
-	/**
-	 * Gets the name based on the provided LDAP UUID.
-	 *
-	 * @param string $uuid
-	 * @return string|false
-	 */
-	public function getNameByUUID($uuid) {
-		return $this->getXbyY('owncloud_name', 'directory_uuid', $uuid);
-	}
-
-	public function getDnByUUID($uuid) {
-		return $this->getXbyY('ldap_dn', 'directory_uuid', $uuid);
-	}
-
-	/**
-	 * Gets the UUID based on the provided LDAP DN
-	 *
-	 * @param string $dn
-	 * @return false|string
-	 * @throws \Exception
-	 */
-	public function getUUIDByDN($dn) {
-		return $this->getXbyY('directory_uuid', 'ldap_dn_hash', $this->getDNHash($dn));
-	}
-
-	public function getList(int $offset = 0, ?int $limit = null, bool $invalidatedOnly = false): array {
-		$select = $this->dbc->getQueryBuilder();
-		$select->selectAlias('ldap_dn', 'dn')
-			->selectAlias('owncloud_name', 'name')
-			->selectAlias('directory_uuid', 'uuid')
-			->from($this->getTableName())
-			->setMaxResults($limit)
-			->setFirstResult($offset);
-
-		if ($invalidatedOnly) {
-			$select->where($select->expr()->like('directory_uuid', $select->createNamedParameter('invalidated_%')));
-		}
-
-		$result = $select->executeQuery();
-		$entries = $result->fetchAll();
-		$result->closeCursor();
-
-		return $entries;
-	}
-
-	/**
-	 * attempts to map the given entry
-	 *
-	 * @param string $fdn fully distinguished name (from LDAP)
-	 * @param string $name
-	 * @param string $uuid a unique identifier as used in LDAP
-	 * @return bool
-	 */
-	public function map($fdn, $name, $uuid) {
-		if (mb_strlen($fdn) > 4000) {
-			Server::get(LoggerInterface::class)->error(
-				'Cannot map, because the DN exceeds 4000 characters: {dn}',
-				[
-					'app' => 'user_ldap',
-					'dn' => $fdn,
-				]
-			);
-			return false;
-		}
-
-		$row = [
-			'ldap_dn_hash' => $this->getDNHash($fdn),
-			'ldap_dn' => $fdn,
-			'owncloud_name' => $name,
-			'directory_uuid' => $uuid
-		];
-
-		try {
-			$result = $this->dbc->insertIfNotExist($this->getTableName(), $row);
-			if ((bool)$result === true) {
-				$this->cache[$fdn] = $name;
-				$this->localNameToDnCache?->set($name, $fdn, self::LOCAL_CACHE_TTL);
-			}
-			// insertIfNotExist returns values as int
-			return (bool)$result;
-		} catch (\Exception $e) {
-			return false;
-		}
-	}
-
-	/**
-	 * removes a mapping based on the owncloud_name of the entry
-	 *
-	 * @param string $name
-	 * @return bool
-	 */
-	public function unmap($name) {
-		$statement = $this->dbc->prepare('
+        try {
+            $res = $statement->execute([$prefixMatch . $this->dbc->escapeLikeParameter($search) . $postfixMatch]);
+        } catch (Exception $e) {
+            return [];
+        }
+        $names = [];
+        while ($row = $res->fetch()) {
+            $names[] = $row['owncloud_name'];
+        }
+        return $names;
+    }
+
+    /**
+     * Gets the name based on the provided LDAP UUID.
+     *
+     * @param string $uuid
+     * @return string|false
+     */
+    public function getNameByUUID($uuid) {
+        return $this->getXbyY('owncloud_name', 'directory_uuid', $uuid);
+    }
+
+    public function getDnByUUID($uuid) {
+        return $this->getXbyY('ldap_dn', 'directory_uuid', $uuid);
+    }
+
+    /**
+     * Gets the UUID based on the provided LDAP DN
+     *
+     * @param string $dn
+     * @return false|string
+     * @throws \Exception
+     */
+    public function getUUIDByDN($dn) {
+        return $this->getXbyY('directory_uuid', 'ldap_dn_hash', $this->getDNHash($dn));
+    }
+
+    public function getList(int $offset = 0, ?int $limit = null, bool $invalidatedOnly = false): array {
+        $select = $this->dbc->getQueryBuilder();
+        $select->selectAlias('ldap_dn', 'dn')
+            ->selectAlias('owncloud_name', 'name')
+            ->selectAlias('directory_uuid', 'uuid')
+            ->from($this->getTableName())
+            ->setMaxResults($limit)
+            ->setFirstResult($offset);
+
+        if ($invalidatedOnly) {
+            $select->where($select->expr()->like('directory_uuid', $select->createNamedParameter('invalidated_%')));
+        }
+
+        $result = $select->executeQuery();
+        $entries = $result->fetchAll();
+        $result->closeCursor();
+
+        return $entries;
+    }
+
+    /**
+     * attempts to map the given entry
+     *
+     * @param string $fdn fully distinguished name (from LDAP)
+     * @param string $name
+     * @param string $uuid a unique identifier as used in LDAP
+     * @return bool
+     */
+    public function map($fdn, $name, $uuid) {
+        if (mb_strlen($fdn) > 4000) {
+            Server::get(LoggerInterface::class)->error(
+                'Cannot map, because the DN exceeds 4000 characters: {dn}',
+                [
+                    'app' => 'user_ldap',
+                    'dn' => $fdn,
+                ]
+            );
+            return false;
+        }
+
+        $row = [
+            'ldap_dn_hash' => $this->getDNHash($fdn),
+            'ldap_dn' => $fdn,
+            'owncloud_name' => $name,
+            'directory_uuid' => $uuid
+        ];
+
+        try {
+            $result = $this->dbc->insertIfNotExist($this->getTableName(), $row);
+            if ((bool)$result === true) {
+                $this->cache[$fdn] = $name;
+                $this->localNameToDnCache?->set($name, $fdn, self::LOCAL_CACHE_TTL);
+            }
+            // insertIfNotExist returns values as int
+            return (bool)$result;
+        } catch (\Exception $e) {
+            return false;
+        }
+    }
+
+    /**
+     * removes a mapping based on the owncloud_name of the entry
+     *
+     * @param string $name
+     * @return bool
+     */
+    public function unmap($name) {
+        $statement = $this->dbc->prepare('
 			DELETE FROM `' . $this->getTableName() . '`
 			WHERE `owncloud_name` = ?');
 
-		$dn = array_search($name, $this->cache);
-		if ($dn !== false) {
-			unset($this->cache[$dn]);
-		}
-		$this->localNameToDnCache?->remove($name);
-
-		return $this->modify($statement, [$name]);
-	}
-
-	/**
-	 * Truncates the mapping table
-	 *
-	 * @return bool
-	 */
-	public function clear() {
-		$sql = $this->dbc
-			->getDatabasePlatform()
-			->getTruncateTableSQL('`' . $this->getTableName() . '`');
-		try {
-			$this->dbc->executeQuery($sql);
-			$this->localNameToDnCache?->clear();
-
-			return true;
-		} catch (Exception $e) {
-			return false;
-		}
-	}
-
-	/**
-	 * clears the mapping table one by one and executing a callback with
-	 * each row's id (=owncloud_name col)
-	 *
-	 * @param callable $preCallback
-	 * @param callable $postCallback
-	 * @return bool true on success, false when at least one row was not
-	 *              deleted
-	 */
-	public function clearCb(callable $preCallback, callable $postCallback): bool {
-		$picker = $this->dbc->getQueryBuilder();
-		$picker->select('owncloud_name')
-			->from($this->getTableName());
-		$cursor = $picker->executeQuery();
-		$result = true;
-		while (($id = $cursor->fetchOne()) !== false) {
-			$preCallback($id);
-			if ($isUnmapped = $this->unmap($id)) {
-				$postCallback($id);
-			}
-			$result = $result && $isUnmapped;
-		}
-		$cursor->closeCursor();
-		return $result;
-	}
-
-	/**
-	 * returns the number of entries in the mappings table
-	 *
-	 * @return int
-	 */
-	public function count(): int {
-		$query = $this->dbc->getQueryBuilder();
-		$query->select($query->func()->count('ldap_dn_hash'))
-			->from($this->getTableName());
-		$res = $query->executeQuery();
-		$count = $res->fetchOne();
-		$res->closeCursor();
-		return (int)$count;
-	}
-
-	public function countInvalidated(): int {
-		$query = $this->dbc->getQueryBuilder();
-		$query->select($query->func()->count('ldap_dn_hash'))
-			->from($this->getTableName())
-			->where($query->expr()->like('directory_uuid', $query->createNamedParameter('invalidated_%')));
-		$res = $query->executeQuery();
-		$count = $res->fetchOne();
-		$res->closeCursor();
-		return (int)$count;
-	}
+        $dn = array_search($name, $this->cache);
+        if ($dn !== false) {
+            unset($this->cache[$dn]);
+        }
+        $this->localNameToDnCache?->remove($name);
+
+        return $this->modify($statement, [$name]);
+    }
+
+    /**
+     * Truncates the mapping table
+     *
+     * @return bool
+     */
+    public function clear() {
+        $sql = $this->dbc
+            ->getDatabasePlatform()
+            ->getTruncateTableSQL('`' . $this->getTableName() . '`');
+        try {
+            $this->dbc->executeQuery($sql);
+            $this->localNameToDnCache?->clear();
+
+            return true;
+        } catch (Exception $e) {
+            return false;
+        }
+    }
+
+    /**
+     * clears the mapping table one by one and executing a callback with
+     * each row's id (=owncloud_name col)
+     *
+     * @param callable $preCallback
+     * @param callable $postCallback
+     * @return bool true on success, false when at least one row was not
+     *              deleted
+     */
+    public function clearCb(callable $preCallback, callable $postCallback): bool {
+        $picker = $this->dbc->getQueryBuilder();
+        $picker->select('owncloud_name')
+            ->from($this->getTableName());
+        $cursor = $picker->executeQuery();
+        $result = true;
+        while (($id = $cursor->fetchOne()) !== false) {
+            $preCallback($id);
+            if ($isUnmapped = $this->unmap($id)) {
+                $postCallback($id);
+            }
+            $result = $result && $isUnmapped;
+        }
+        $cursor->closeCursor();
+        return $result;
+    }
+
+    /**
+     * returns the number of entries in the mappings table
+     *
+     * @return int
+     */
+    public function count(): int {
+        $query = $this->dbc->getQueryBuilder();
+        $query->select($query->func()->count('ldap_dn_hash'))
+            ->from($this->getTableName());
+        $res = $query->executeQuery();
+        $count = $res->fetchOne();
+        $res->closeCursor();
+        return (int)$count;
+    }
+
+    public function countInvalidated(): int {
+        $query = $this->dbc->getQueryBuilder();
+        $query->select($query->func()->count('ldap_dn_hash'))
+            ->from($this->getTableName())
+            ->where($query->expr()->like('directory_uuid', $query->createNamedParameter('invalidated_%')));
+        $res = $query->executeQuery();
+        $count = $res->fetchOne();
+        $res->closeCursor();
+        return (int)$count;
+    }
 }

apps/user_ldap/lib/User_LDAP.php

Indentation +620 added lines, -620 removed lines

@@ -23,624 +23,624 @@
 use Psr\Log\LoggerInterface;
 
 class User_LDAP extends BackendUtility implements IUserBackend, UserInterface, IUserLDAP, ILimitAwareCountUsersBackend, ICountMappedUsersBackend, IProvideEnabledStateBackend {
-	public function __construct(
-		Access $access,
-		protected INotificationManager $notificationManager,
-		protected UserPluginManager $userPluginManager,
-		protected LoggerInterface $logger,
-		protected DeletedUsersIndex $deletedUsersIndex,
-	) {
-		parent::__construct($access);
-	}
-
-	/**
-	 * checks whether the user is allowed to change their avatar in Nextcloud
-	 *
-	 * @param string $uid the Nextcloud user name
-	 * @return boolean either the user can or cannot
-	 * @throws \Exception
-	 */
-	public function canChangeAvatar($uid) {
-		if ($this->userPluginManager->implementsActions(Backend::PROVIDE_AVATAR)) {
-			return $this->userPluginManager->canChangeAvatar($uid);
-		}
-
-		if (!$this->implementsActions(Backend::PROVIDE_AVATAR)) {
-			return true;
-		}
-
-		$user = $this->access->userManager->get($uid);
-		if (!$user instanceof User) {
-			return false;
-		}
-		$imageData = $user->getAvatarImage();
-		if ($imageData === false) {
-			return true;
-		}
-		return !$user->updateAvatar(true);
-	}
-
-	/**
-	 * Return the username for the given login name, if available
-	 *
-	 * @param string $loginName
-	 * @return string|false
-	 * @throws \Exception
-	 */
-	public function loginName2UserName($loginName, bool $forceLdapRefetch = false) {
-		$cacheKey = 'loginName2UserName-' . $loginName;
-		$username = $this->access->connection->getFromCache($cacheKey);
-		$knownDn = $username ? $this->access->username2dn($username) : false;
-
-		$ignoreCache = (($username === false || $knownDn === false) && $forceLdapRefetch);
-		if ($username !== null && !$ignoreCache) {
-			return $username;
-		}
-
-		try {
-			$ldapRecord = $this->getLDAPUserByLoginName($loginName);
-			$user = $this->access->userManager->get($ldapRecord['dn'][0]);
-			if ($user === null || $user instanceof OfflineUser) {
-				// this path is not really possible, however get() is documented
-				// to return User, OfflineUser or null so we are very defensive here.
-				$this->access->connection->writeToCache($cacheKey, false);
-				return false;
-			}
-			$username = $user->getUsername();
-			$this->access->connection->writeToCache($cacheKey, $username);
-			if ($forceLdapRefetch) {
-				$user->processAttributes($ldapRecord);
-			}
-			return $username;
-		} catch (NotOnLDAP $e) {
-			$this->access->connection->writeToCache($cacheKey, false);
-			return false;
-		}
-	}
-
-	/**
-	 * returns the username for the given LDAP DN, if available
-	 *
-	 * @param string $dn
-	 * @return string|false with the username
-	 */
-	public function dn2UserName($dn) {
-		return $this->access->dn2username($dn);
-	}
-
-	/**
-	 * returns an LDAP record based on a given login name
-	 *
-	 * @param string $loginName
-	 * @return array
-	 * @throws NotOnLDAP
-	 */
-	public function getLDAPUserByLoginName($loginName) {
-		//find out dn of the user name
-		$attrs = $this->access->userManager->getAttributes();
-		$users = $this->access->fetchUsersByLoginName($loginName, $attrs);
-		if (count($users) < 1) {
-			throw new NotOnLDAP('No user available for the given login name on '
-				. $this->access->connection->ldapHost . ':' . $this->access->connection->ldapPort);
-		}
-		return $users[0];
-	}
-
-	/**
-	 * Check if the password is correct without logging in the user
-	 *
-	 * @param string $uid The username
-	 * @param string $password The password
-	 * @return false|string
-	 */
-	public function checkPassword($uid, $password) {
-		$username = $this->loginName2UserName($uid, true);
-		if ($username === false) {
-			return false;
-		}
-		$dn = $this->access->username2dn($username);
-		if ($dn === false) {
-			$this->logger->warning(
-				'LDAP Login: Found user {user}, but no assigned DN',
-				[
-					'app' => 'user_ldap',
-					'user' => $username,
-				]
-			);
-			return false;
-		}
-		$user = $this->access->userManager->get($dn);
-
-		if (!$user instanceof User) {
-			$this->logger->warning(
-				'LDAP Login: Could not get user object for DN ' . $dn
-				. '. Maybe the LDAP entry has no set display name attribute?',
-				['app' => 'user_ldap']
-			);
-			return false;
-		}
-		if ($user->getUsername() !== false) {
-			//are the credentials OK?
-			if (!$this->access->areCredentialsValid($dn, $password)) {
-				return false;
-			}
-
-			$this->access->cacheUserExists($user->getUsername());
-			$user->markLogin();
-
-			return $user->getUsername();
-		}
-
-		return false;
-	}
-
-	/**
-	 * Set password
-	 * @param string $uid The username
-	 * @param string $password The new password
-	 * @return bool
-	 */
-	public function setPassword($uid, $password) {
-		if ($this->userPluginManager->implementsActions(Backend::SET_PASSWORD)) {
-			return $this->userPluginManager->setPassword($uid, $password);
-		}
-
-		$user = $this->access->userManager->get($uid);
-
-		if (!$user instanceof User) {
-			throw new \Exception('LDAP setPassword: Could not get user object for uid ' . $uid
-				. '. Maybe the LDAP entry has no set display name attribute?');
-		}
-		if ($user->getUsername() !== false && $this->access->setPassword($user->getDN(), $password)) {
-			$ldapDefaultPPolicyDN = $this->access->connection->ldapDefaultPPolicyDN;
-			$turnOnPasswordChange = $this->access->connection->turnOnPasswordChange;
-			if (!empty($ldapDefaultPPolicyDN) && ((int)$turnOnPasswordChange === 1)) {
-				//remove last password expiry warning if any
-				$notification = $this->notificationManager->createNotification();
-				$notification->setApp('user_ldap')
-					->setUser($uid)
-					->setObject('pwd_exp_warn', $uid)
-				;
-				$this->notificationManager->markProcessed($notification);
-			}
-			return true;
-		}
-
-		return false;
-	}
-
-	/**
-	 * Get a list of all users
-	 *
-	 * @param string $search
-	 * @param integer $limit
-	 * @param integer $offset
-	 * @return string[] an array of all uids
-	 */
-	public function getUsers($search = '', $limit = 10, $offset = 0) {
-		$search = $this->access->escapeFilterPart($search, true);
-		$cachekey = 'getUsers-' . $search . '-' . $limit . '-' . $offset;
-
-		//check if users are cached, if so return
-		$ldap_users = $this->access->connection->getFromCache($cachekey);
-		if (!is_null($ldap_users)) {
-			return $ldap_users;
-		}
-
-		// if we'd pass -1 to LDAP search, we'd end up in a Protocol
-		// error. With a limit of 0, we get 0 results. So we pass null.
-		if ($limit <= 0) {
-			$limit = null;
-		}
-		$filter = $this->access->combineFilterWithAnd([
-			$this->access->connection->ldapUserFilter,
-			$this->access->connection->ldapUserDisplayName . '=*',
-			$this->access->getFilterPartForUserSearch($search)
-		]);
-
-		$this->logger->debug(
-			'getUsers: Options: search ' . $search . ' limit ' . $limit . ' offset ' . $offset . ' Filter: ' . $filter,
-			['app' => 'user_ldap']
-		);
-		//do the search and translate results to Nextcloud names
-		$ldap_users = $this->access->fetchListOfUsers(
-			$filter,
-			$this->access->userManager->getAttributes(true),
-			$limit, $offset);
-		$ldap_users = $this->access->nextcloudUserNames($ldap_users);
-		$this->logger->debug(
-			'getUsers: ' . count($ldap_users) . ' Users found',
-			['app' => 'user_ldap']
-		);
-
-		$this->access->connection->writeToCache($cachekey, $ldap_users);
-		return $ldap_users;
-	}
-
-	/**
-	 * checks whether a user is still available on LDAP
-	 *
-	 * @param string|User $user either the Nextcloud user
-	 *                          name or an instance of that user
-	 * @throws \Exception
-	 * @throws \OC\ServerNotAvailableException
-	 */
-	public function userExistsOnLDAP($user, bool $ignoreCache = false): bool {
-		if (is_string($user)) {
-			$user = $this->access->userManager->get($user);
-		}
-		if (is_null($user)) {
-			return false;
-		}
-		$uid = $user instanceof User ? $user->getUsername() : $user->getOCName();
-		$cacheKey = 'userExistsOnLDAP' . $uid;
-		if (!$ignoreCache) {
-			$userExists = $this->access->connection->getFromCache($cacheKey);
-			if (!is_null($userExists)) {
-				return (bool)$userExists;
-			}
-		}
-
-		$dn = $user->getDN();
-		//check if user really still exists by reading its entry
-		if (!is_array($this->access->readAttribute($dn, '', $this->access->connection->ldapUserFilter))) {
-			try {
-				$uuid = $this->access->getUserMapper()->getUUIDByDN($dn);
-				if (!$uuid) {
-					$this->access->connection->writeToCache($cacheKey, false);
-					return false;
-				}
-				$newDn = $this->access->getUserDnByUuid($uuid);
-				//check if renamed user is still valid by reapplying the ldap filter
-				if ($newDn === $dn || !is_array($this->access->readAttribute($newDn, '', $this->access->connection->ldapUserFilter))) {
-					$this->access->connection->writeToCache($cacheKey, false);
-					return false;
-				}
-				$this->access->getUserMapper()->setDNbyUUID($newDn, $uuid);
-			} catch (ServerNotAvailableException $e) {
-				throw $e;
-			} catch (\Exception $e) {
-				$this->access->connection->writeToCache($cacheKey, false);
-				return false;
-			}
-		}
-
-		if ($user instanceof OfflineUser) {
-			$user->unmark();
-		}
-
-		$this->access->connection->writeToCache($cacheKey, true);
-		return true;
-	}
-
-	/**
-	 * check if a user exists
-	 * @param string $uid the username
-	 * @return boolean
-	 * @throws \Exception when connection could not be established
-	 */
-	public function userExists($uid) {
-		$userExists = $this->access->connection->getFromCache('userExists' . $uid);
-		if (!is_null($userExists)) {
-			return (bool)$userExists;
-		}
-		$userExists = $this->access->userManager->exists($uid);
-
-		if (!$userExists) {
-			$this->logger->debug(
-				'No DN found for ' . $uid . ' on ' . $this->access->connection->ldapHost,
-				['app' => 'user_ldap']
-			);
-			$this->access->connection->writeToCache('userExists' . $uid, false);
-			return false;
-		}
-
-		$this->access->connection->writeToCache('userExists' . $uid, true);
-		return true;
-	}
-
-	/**
-	 * returns whether a user was deleted in LDAP
-	 *
-	 * @param string $uid The username of the user to delete
-	 * @return bool
-	 */
-	public function deleteUser($uid) {
-		if ($this->userPluginManager->canDeleteUser()) {
-			$status = $this->userPluginManager->deleteUser($uid);
-			if ($status === false) {
-				return false;
-			}
-		}
-
-		$marked = $this->deletedUsersIndex->isUserMarked($uid);
-		if (!$marked) {
-			try {
-				$user = $this->access->userManager->get($uid);
-				if (($user instanceof User) && !$this->userExistsOnLDAP($uid, true)) {
-					$user->markUser();
-					$marked = true;
-				}
-			} catch (\Exception $e) {
-				$this->logger->debug(
-					$e->getMessage(),
-					['app' => 'user_ldap', 'exception' => $e]
-				);
-			}
-			if (!$marked) {
-				$this->logger->notice(
-					'User ' . $uid . ' is not marked as deleted, not cleaning up.',
-					['app' => 'user_ldap']
-				);
-				return false;
-			}
-		}
-		$this->logger->info('Cleaning up after user ' . $uid,
-			['app' => 'user_ldap']);
-
-		$this->access->getUserMapper()->unmap($uid); // we don't emit unassign signals here, since it is implicit to delete signals fired from core
-		$this->access->userManager->invalidate($uid);
-		$this->access->connection->clearCache();
-		return true;
-	}
-
-	/**
-	 * get the user's home directory
-	 *
-	 * @param string $uid the username
-	 * @return bool|string
-	 * @throws NoUserException
-	 * @throws \Exception
-	 */
-	public function getHome($uid) {
-		// user Exists check required as it is not done in user proxy!
-		if (!$this->userExists($uid)) {
-			return false;
-		}
-
-		if ($this->userPluginManager->implementsActions(Backend::GET_HOME)) {
-			return $this->userPluginManager->getHome($uid);
-		}
-
-		$cacheKey = 'getHome' . $uid;
-		$path = $this->access->connection->getFromCache($cacheKey);
-		if (!is_null($path)) {
-			return $path;
-		}
-
-		// early return path if it is a deleted user
-		$user = $this->access->userManager->get($uid);
-		if ($user instanceof User || $user instanceof OfflineUser) {
-			$path = $user->getHomePath() ?: false;
-		} else {
-			throw new NoUserException($uid . ' is not a valid user anymore');
-		}
-
-		$this->access->cacheUserHome($uid, $path);
-		return $path;
-	}
-
-	/**
-	 * get display name of the user
-	 * @param string $uid user ID of the user
-	 * @return string|false display name
-	 */
-	public function getDisplayName($uid) {
-		if ($this->userPluginManager->implementsActions(Backend::GET_DISPLAYNAME)) {
-			return $this->userPluginManager->getDisplayName($uid);
-		}
-
-		if (!$this->userExists($uid)) {
-			return false;
-		}
-
-		$cacheKey = 'getDisplayName' . $uid;
-		if (!is_null($displayName = $this->access->connection->getFromCache($cacheKey))) {
-			return $displayName;
-		}
-
-		//Check whether the display name is configured to have a 2nd feature
-		$additionalAttribute = $this->access->connection->ldapUserDisplayName2;
-		$displayName2 = '';
-		if ($additionalAttribute !== '') {
-			$displayName2 = $this->access->readAttribute(
-				$this->access->username2dn($uid),
-				$additionalAttribute);
-		}
-
-		$displayName = $this->access->readAttribute(
-			$this->access->username2dn($uid),
-			$this->access->connection->ldapUserDisplayName);
-
-		if ($displayName && (count($displayName) > 0)) {
-			$displayName = $displayName[0];
-
-			if (is_array($displayName2)) {
-				$displayName2 = count($displayName2) > 0 ? $displayName2[0] : '';
-			}
-
-			$user = $this->access->userManager->get($uid);
-			if ($user instanceof User) {
-				$displayName = $user->composeAndStoreDisplayName($displayName, (string)$displayName2);
-				$this->access->connection->writeToCache($cacheKey, $displayName);
-			}
-			if ($user instanceof OfflineUser) {
-				$displayName = $user->getDisplayName();
-			}
-			return $displayName;
-		}
-
-		return null;
-	}
-
-	/**
-	 * set display name of the user
-	 * @param string $uid user ID of the user
-	 * @param string $displayName new display name of the user
-	 * @return string|false display name
-	 */
-	public function setDisplayName($uid, $displayName) {
-		if ($this->userPluginManager->implementsActions(Backend::SET_DISPLAYNAME)) {
-			$this->userPluginManager->setDisplayName($uid, $displayName);
-			$this->access->cacheUserDisplayName($uid, $displayName);
-			return $displayName;
-		}
-		return false;
-	}
-
-	/**
-	 * Get a list of all display names
-	 *
-	 * @param string $search
-	 * @param int|null $limit
-	 * @param int|null $offset
-	 * @return array an array of all displayNames (value) and the corresponding uids (key)
-	 */
-	public function getDisplayNames($search = '', $limit = null, $offset = null) {
-		$cacheKey = 'getDisplayNames-' . $search . '-' . $limit . '-' . $offset;
-		if (!is_null($displayNames = $this->access->connection->getFromCache($cacheKey))) {
-			return $displayNames;
-		}
-
-		$displayNames = [];
-		$users = $this->getUsers($search, $limit, $offset);
-		foreach ($users as $user) {
-			$displayNames[$user] = $this->getDisplayName($user);
-		}
-		$this->access->connection->writeToCache($cacheKey, $displayNames);
-		return $displayNames;
-	}
-
-	/**
-	 * Check if backend implements actions
-	 * @param int $actions bitwise-or'ed actions
-	 * @return boolean
-	 *
-	 * Returns the supported actions as int to be
-	 * compared with \OC\User\Backend::CREATE_USER etc.
-	 */
-	public function implementsActions($actions) {
-		return (bool)((Backend::CHECK_PASSWORD
-			| Backend::GET_HOME
-			| Backend::GET_DISPLAYNAME
-			| (($this->access->connection->ldapUserAvatarRule !== 'none') ? Backend::PROVIDE_AVATAR : 0)
-			| Backend::COUNT_USERS
-			| (((int)$this->access->connection->turnOnPasswordChange === 1)? Backend::SET_PASSWORD :0)
-			| $this->userPluginManager->getImplementedActions())
-			& $actions);
-	}
-
-	/**
-	 * @return bool
-	 */
-	public function hasUserListings() {
-		return true;
-	}
-
-	/**
-	 * counts the users in LDAP
-	 */
-	public function countUsers(int $limit = 0): int|false {
-		if ($this->userPluginManager->implementsActions(Backend::COUNT_USERS)) {
-			return $this->userPluginManager->countUsers();
-		}
-
-		$filter = $this->access->getFilterForUserCount();
-		$cacheKey = 'countUsers-' . $filter . '-' . $limit;
-		if (!is_null($entries = $this->access->connection->getFromCache($cacheKey))) {
-			return $entries;
-		}
-		$entries = $this->access->countUsers($filter, limit:$limit);
-		$this->access->connection->writeToCache($cacheKey, $entries);
-		return $entries;
-	}
-
-	public function countMappedUsers(): int {
-		return $this->access->getUserMapper()->count();
-	}
-
-	/**
-	 * Backend name to be shown in user management
-	 * @return string the name of the backend to be shown
-	 */
-	public function getBackendName() {
-		return 'LDAP';
-	}
-
-	/**
-	 * Return access for LDAP interaction.
-	 * @param string $uid
-	 * @return Access instance of Access for LDAP interaction
-	 */
-	public function getLDAPAccess($uid) {
-		return $this->access;
-	}
-
-	/**
-	 * Return LDAP connection resource from a cloned connection.
-	 * The cloned connection needs to be closed manually.
-	 * of the current access.
-	 * @param string $uid
-	 * @return \LDAP\Connection The LDAP connection
-	 */
-	public function getNewLDAPConnection($uid) {
-		$connection = clone $this->access->getConnection();
-		return $connection->getConnectionResource();
-	}
-
-	/**
-	 * create new user
-	 * @param string $username username of the new user
-	 * @param string $password password of the new user
-	 * @throws \UnexpectedValueException
-	 * @return bool
-	 */
-	public function createUser($username, $password) {
-		if ($this->userPluginManager->implementsActions(Backend::CREATE_USER)) {
-			if ($dn = $this->userPluginManager->createUser($username, $password)) {
-				if (is_string($dn)) {
-					// the NC user creation work flow requires a know user id up front
-					$uuid = $this->access->getUUID($dn, true);
-					if (is_string($uuid)) {
-						$this->access->mapAndAnnounceIfApplicable(
-							$this->access->getUserMapper(),
-							$dn,
-							$username,
-							$uuid,
-							true
-						);
-					} else {
-						$this->logger->warning(
-							'Failed to map created LDAP user with userid {userid}, because UUID could not be determined',
-							[
-								'app' => 'user_ldap',
-								'userid' => $username,
-							]
-						);
-					}
-				} else {
-					throw new \UnexpectedValueException('LDAP Plugin: Method createUser changed to return the user DN instead of boolean.');
-				}
-			}
-			return (bool)$dn;
-		}
-		return false;
-	}
-
-	public function isUserEnabled(string $uid, callable $queryDatabaseValue): bool {
-		if ($this->deletedUsersIndex->isUserMarked($uid) && ((int)$this->access->connection->markRemnantsAsDisabled === 1)) {
-			return false;
-		} else {
-			return $queryDatabaseValue();
-		}
-	}
-
-	public function setUserEnabled(string $uid, bool $enabled, callable $queryDatabaseValue, callable $setDatabaseValue): bool {
-		$setDatabaseValue($enabled);
-		return $enabled;
-	}
-
-	public function getDisabledUserList(?int $limit = null, int $offset = 0, string $search = ''): array {
-		throw new \Exception('This is implemented directly in User_Proxy');
-	}
+    public function __construct(
+        Access $access,
+        protected INotificationManager $notificationManager,
+        protected UserPluginManager $userPluginManager,
+        protected LoggerInterface $logger,
+        protected DeletedUsersIndex $deletedUsersIndex,
+    ) {
+        parent::__construct($access);
+    }
+
+    /**
+     * checks whether the user is allowed to change their avatar in Nextcloud
+     *
+     * @param string $uid the Nextcloud user name
+     * @return boolean either the user can or cannot
+     * @throws \Exception
+     */
+    public function canChangeAvatar($uid) {
+        if ($this->userPluginManager->implementsActions(Backend::PROVIDE_AVATAR)) {
+            return $this->userPluginManager->canChangeAvatar($uid);
+        }
+
+        if (!$this->implementsActions(Backend::PROVIDE_AVATAR)) {
+            return true;
+        }
+
+        $user = $this->access->userManager->get($uid);
+        if (!$user instanceof User) {
+            return false;
+        }
+        $imageData = $user->getAvatarImage();
+        if ($imageData === false) {
+            return true;
+        }
+        return !$user->updateAvatar(true);
+    }
+
+    /**
+     * Return the username for the given login name, if available
+     *
+     * @param string $loginName
+     * @return string|false
+     * @throws \Exception
+     */
+    public function loginName2UserName($loginName, bool $forceLdapRefetch = false) {
+        $cacheKey = 'loginName2UserName-' . $loginName;
+        $username = $this->access->connection->getFromCache($cacheKey);
+        $knownDn = $username ? $this->access->username2dn($username) : false;
+
+        $ignoreCache = (($username === false || $knownDn === false) && $forceLdapRefetch);
+        if ($username !== null && !$ignoreCache) {
+            return $username;
+        }
+
+        try {
+            $ldapRecord = $this->getLDAPUserByLoginName($loginName);
+            $user = $this->access->userManager->get($ldapRecord['dn'][0]);
+            if ($user === null || $user instanceof OfflineUser) {
+                // this path is not really possible, however get() is documented
+                // to return User, OfflineUser or null so we are very defensive here.
+                $this->access->connection->writeToCache($cacheKey, false);
+                return false;
+            }
+            $username = $user->getUsername();
+            $this->access->connection->writeToCache($cacheKey, $username);
+            if ($forceLdapRefetch) {
+                $user->processAttributes($ldapRecord);
+            }
+            return $username;
+        } catch (NotOnLDAP $e) {
+            $this->access->connection->writeToCache($cacheKey, false);
+            return false;
+        }
+    }
+
+    /**
+     * returns the username for the given LDAP DN, if available
+     *
+     * @param string $dn
+     * @return string|false with the username
+     */
+    public function dn2UserName($dn) {
+        return $this->access->dn2username($dn);
+    }
+
+    /**
+     * returns an LDAP record based on a given login name
+     *
+     * @param string $loginName
+     * @return array
+     * @throws NotOnLDAP
+     */
+    public function getLDAPUserByLoginName($loginName) {
+        //find out dn of the user name
+        $attrs = $this->access->userManager->getAttributes();
+        $users = $this->access->fetchUsersByLoginName($loginName, $attrs);
+        if (count($users) < 1) {
+            throw new NotOnLDAP('No user available for the given login name on '
+                . $this->access->connection->ldapHost . ':' . $this->access->connection->ldapPort);
+        }
+        return $users[0];
+    }
+
+    /**
+     * Check if the password is correct without logging in the user
+     *
+     * @param string $uid The username
+     * @param string $password The password
+     * @return false|string
+     */
+    public function checkPassword($uid, $password) {
+        $username = $this->loginName2UserName($uid, true);
+        if ($username === false) {
+            return false;
+        }
+        $dn = $this->access->username2dn($username);
+        if ($dn === false) {
+            $this->logger->warning(
+                'LDAP Login: Found user {user}, but no assigned DN',
+                [
+                    'app' => 'user_ldap',
+                    'user' => $username,
+                ]
+            );
+            return false;
+        }
+        $user = $this->access->userManager->get($dn);
+
+        if (!$user instanceof User) {
+            $this->logger->warning(
+                'LDAP Login: Could not get user object for DN ' . $dn
+                . '. Maybe the LDAP entry has no set display name attribute?',
+                ['app' => 'user_ldap']
+            );
+            return false;
+        }
+        if ($user->getUsername() !== false) {
+            //are the credentials OK?
+            if (!$this->access->areCredentialsValid($dn, $password)) {
+                return false;
+            }
+
+            $this->access->cacheUserExists($user->getUsername());
+            $user->markLogin();
+
+            return $user->getUsername();
+        }
+
+        return false;
+    }
+
+    /**
+     * Set password
+     * @param string $uid The username
+     * @param string $password The new password
+     * @return bool
+     */
+    public function setPassword($uid, $password) {
+        if ($this->userPluginManager->implementsActions(Backend::SET_PASSWORD)) {
+            return $this->userPluginManager->setPassword($uid, $password);
+        }
+
+        $user = $this->access->userManager->get($uid);
+
+        if (!$user instanceof User) {
+            throw new \Exception('LDAP setPassword: Could not get user object for uid ' . $uid
+                . '. Maybe the LDAP entry has no set display name attribute?');
+        }
+        if ($user->getUsername() !== false && $this->access->setPassword($user->getDN(), $password)) {
+            $ldapDefaultPPolicyDN = $this->access->connection->ldapDefaultPPolicyDN;
+            $turnOnPasswordChange = $this->access->connection->turnOnPasswordChange;
+            if (!empty($ldapDefaultPPolicyDN) && ((int)$turnOnPasswordChange === 1)) {
+                //remove last password expiry warning if any
+                $notification = $this->notificationManager->createNotification();
+                $notification->setApp('user_ldap')
+                    ->setUser($uid)
+                    ->setObject('pwd_exp_warn', $uid)
+                ;
+                $this->notificationManager->markProcessed($notification);
+            }
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Get a list of all users
+     *
+     * @param string $search
+     * @param integer $limit
+     * @param integer $offset
+     * @return string[] an array of all uids
+     */
+    public function getUsers($search = '', $limit = 10, $offset = 0) {
+        $search = $this->access->escapeFilterPart($search, true);
+        $cachekey = 'getUsers-' . $search . '-' . $limit . '-' . $offset;
+
+        //check if users are cached, if so return
+        $ldap_users = $this->access->connection->getFromCache($cachekey);
+        if (!is_null($ldap_users)) {
+            return $ldap_users;
+        }
+
+        // if we'd pass -1 to LDAP search, we'd end up in a Protocol
+        // error. With a limit of 0, we get 0 results. So we pass null.
+        if ($limit <= 0) {
+            $limit = null;
+        }
+        $filter = $this->access->combineFilterWithAnd([
+            $this->access->connection->ldapUserFilter,
+            $this->access->connection->ldapUserDisplayName . '=*',
+            $this->access->getFilterPartForUserSearch($search)
+        ]);
+
+        $this->logger->debug(
+            'getUsers: Options: search ' . $search . ' limit ' . $limit . ' offset ' . $offset . ' Filter: ' . $filter,
+            ['app' => 'user_ldap']
+        );
+        //do the search and translate results to Nextcloud names
+        $ldap_users = $this->access->fetchListOfUsers(
+            $filter,
+            $this->access->userManager->getAttributes(true),
+            $limit, $offset);
+        $ldap_users = $this->access->nextcloudUserNames($ldap_users);
+        $this->logger->debug(
+            'getUsers: ' . count($ldap_users) . ' Users found',
+            ['app' => 'user_ldap']
+        );
+
+        $this->access->connection->writeToCache($cachekey, $ldap_users);
+        return $ldap_users;
+    }
+
+    /**
+     * checks whether a user is still available on LDAP
+     *
+     * @param string|User $user either the Nextcloud user
+     *                          name or an instance of that user
+     * @throws \Exception
+     * @throws \OC\ServerNotAvailableException
+     */
+    public function userExistsOnLDAP($user, bool $ignoreCache = false): bool {
+        if (is_string($user)) {
+            $user = $this->access->userManager->get($user);
+        }
+        if (is_null($user)) {
+            return false;
+        }
+        $uid = $user instanceof User ? $user->getUsername() : $user->getOCName();
+        $cacheKey = 'userExistsOnLDAP' . $uid;
+        if (!$ignoreCache) {
+            $userExists = $this->access->connection->getFromCache($cacheKey);
+            if (!is_null($userExists)) {
+                return (bool)$userExists;
+            }
+        }
+
+        $dn = $user->getDN();
+        //check if user really still exists by reading its entry
+        if (!is_array($this->access->readAttribute($dn, '', $this->access->connection->ldapUserFilter))) {
+            try {
+                $uuid = $this->access->getUserMapper()->getUUIDByDN($dn);
+                if (!$uuid) {
+                    $this->access->connection->writeToCache($cacheKey, false);
+                    return false;
+                }
+                $newDn = $this->access->getUserDnByUuid($uuid);
+                //check if renamed user is still valid by reapplying the ldap filter
+                if ($newDn === $dn || !is_array($this->access->readAttribute($newDn, '', $this->access->connection->ldapUserFilter))) {
+                    $this->access->connection->writeToCache($cacheKey, false);
+                    return false;
+                }
+                $this->access->getUserMapper()->setDNbyUUID($newDn, $uuid);
+            } catch (ServerNotAvailableException $e) {
+                throw $e;
+            } catch (\Exception $e) {
+                $this->access->connection->writeToCache($cacheKey, false);
+                return false;
+            }
+        }
+
+        if ($user instanceof OfflineUser) {
+            $user->unmark();
+        }
+
+        $this->access->connection->writeToCache($cacheKey, true);
+        return true;
+    }
+
+    /**
+     * check if a user exists
+     * @param string $uid the username
+     * @return boolean
+     * @throws \Exception when connection could not be established
+     */
+    public function userExists($uid) {
+        $userExists = $this->access->connection->getFromCache('userExists' . $uid);
+        if (!is_null($userExists)) {
+            return (bool)$userExists;
+        }
+        $userExists = $this->access->userManager->exists($uid);
+
+        if (!$userExists) {
+            $this->logger->debug(
+                'No DN found for ' . $uid . ' on ' . $this->access->connection->ldapHost,
+                ['app' => 'user_ldap']
+            );
+            $this->access->connection->writeToCache('userExists' . $uid, false);
+            return false;
+        }
+
+        $this->access->connection->writeToCache('userExists' . $uid, true);
+        return true;
+    }
+
+    /**
+     * returns whether a user was deleted in LDAP
+     *
+     * @param string $uid The username of the user to delete
+     * @return bool
+     */
+    public function deleteUser($uid) {
+        if ($this->userPluginManager->canDeleteUser()) {
+            $status = $this->userPluginManager->deleteUser($uid);
+            if ($status === false) {
+                return false;
+            }
+        }
+
+        $marked = $this->deletedUsersIndex->isUserMarked($uid);
+        if (!$marked) {
+            try {
+                $user = $this->access->userManager->get($uid);
+                if (($user instanceof User) && !$this->userExistsOnLDAP($uid, true)) {
+                    $user->markUser();
+                    $marked = true;
+                }
+            } catch (\Exception $e) {
+                $this->logger->debug(
+                    $e->getMessage(),
+                    ['app' => 'user_ldap', 'exception' => $e]
+                );
+            }
+            if (!$marked) {
+                $this->logger->notice(
+                    'User ' . $uid . ' is not marked as deleted, not cleaning up.',
+                    ['app' => 'user_ldap']
+                );
+                return false;
+            }
+        }
+        $this->logger->info('Cleaning up after user ' . $uid,
+            ['app' => 'user_ldap']);
+
+        $this->access->getUserMapper()->unmap($uid); // we don't emit unassign signals here, since it is implicit to delete signals fired from core
+        $this->access->userManager->invalidate($uid);
+        $this->access->connection->clearCache();
+        return true;
+    }
+
+    /**
+     * get the user's home directory
+     *
+     * @param string $uid the username
+     * @return bool|string
+     * @throws NoUserException
+     * @throws \Exception
+     */
+    public function getHome($uid) {
+        // user Exists check required as it is not done in user proxy!
+        if (!$this->userExists($uid)) {
+            return false;
+        }
+
+        if ($this->userPluginManager->implementsActions(Backend::GET_HOME)) {
+            return $this->userPluginManager->getHome($uid);
+        }
+
+        $cacheKey = 'getHome' . $uid;
+        $path = $this->access->connection->getFromCache($cacheKey);
+        if (!is_null($path)) {
+            return $path;
+        }
+
+        // early return path if it is a deleted user
+        $user = $this->access->userManager->get($uid);
+        if ($user instanceof User || $user instanceof OfflineUser) {
+            $path = $user->getHomePath() ?: false;
+        } else {
+            throw new NoUserException($uid . ' is not a valid user anymore');
+        }
+
+        $this->access->cacheUserHome($uid, $path);
+        return $path;
+    }
+
+    /**
+     * get display name of the user
+     * @param string $uid user ID of the user
+     * @return string|false display name
+     */
+    public function getDisplayName($uid) {
+        if ($this->userPluginManager->implementsActions(Backend::GET_DISPLAYNAME)) {
+            return $this->userPluginManager->getDisplayName($uid);
+        }
+
+        if (!$this->userExists($uid)) {
+            return false;
+        }
+
+        $cacheKey = 'getDisplayName' . $uid;
+        if (!is_null($displayName = $this->access->connection->getFromCache($cacheKey))) {
+            return $displayName;
+        }
+
+        //Check whether the display name is configured to have a 2nd feature
+        $additionalAttribute = $this->access->connection->ldapUserDisplayName2;
+        $displayName2 = '';
+        if ($additionalAttribute !== '') {
+            $displayName2 = $this->access->readAttribute(
+                $this->access->username2dn($uid),
+                $additionalAttribute);
+        }
+
+        $displayName = $this->access->readAttribute(
+            $this->access->username2dn($uid),
+            $this->access->connection->ldapUserDisplayName);
+
+        if ($displayName && (count($displayName) > 0)) {
+            $displayName = $displayName[0];
+
+            if (is_array($displayName2)) {
+                $displayName2 = count($displayName2) > 0 ? $displayName2[0] : '';
+            }
+
+            $user = $this->access->userManager->get($uid);
+            if ($user instanceof User) {
+                $displayName = $user->composeAndStoreDisplayName($displayName, (string)$displayName2);
+                $this->access->connection->writeToCache($cacheKey, $displayName);
+            }
+            if ($user instanceof OfflineUser) {
+                $displayName = $user->getDisplayName();
+            }
+            return $displayName;
+        }
+
+        return null;
+    }
+
+    /**
+     * set display name of the user
+     * @param string $uid user ID of the user
+     * @param string $displayName new display name of the user
+     * @return string|false display name
+     */
+    public function setDisplayName($uid, $displayName) {
+        if ($this->userPluginManager->implementsActions(Backend::SET_DISPLAYNAME)) {
+            $this->userPluginManager->setDisplayName($uid, $displayName);
+            $this->access->cacheUserDisplayName($uid, $displayName);
+            return $displayName;
+        }
+        return false;
+    }
+
+    /**
+     * Get a list of all display names
+     *
+     * @param string $search
+     * @param int|null $limit
+     * @param int|null $offset
+     * @return array an array of all displayNames (value) and the corresponding uids (key)
+     */
+    public function getDisplayNames($search = '', $limit = null, $offset = null) {
+        $cacheKey = 'getDisplayNames-' . $search . '-' . $limit . '-' . $offset;
+        if (!is_null($displayNames = $this->access->connection->getFromCache($cacheKey))) {
+            return $displayNames;
+        }
+
+        $displayNames = [];
+        $users = $this->getUsers($search, $limit, $offset);
+        foreach ($users as $user) {
+            $displayNames[$user] = $this->getDisplayName($user);
+        }
+        $this->access->connection->writeToCache($cacheKey, $displayNames);
+        return $displayNames;
+    }
+
+    /**
+     * Check if backend implements actions
+     * @param int $actions bitwise-or'ed actions
+     * @return boolean
+     *
+     * Returns the supported actions as int to be
+     * compared with \OC\User\Backend::CREATE_USER etc.
+     */
+    public function implementsActions($actions) {
+        return (bool)((Backend::CHECK_PASSWORD
+            | Backend::GET_HOME
+            | Backend::GET_DISPLAYNAME
+            | (($this->access->connection->ldapUserAvatarRule !== 'none') ? Backend::PROVIDE_AVATAR : 0)
+            | Backend::COUNT_USERS
+            | (((int)$this->access->connection->turnOnPasswordChange === 1)? Backend::SET_PASSWORD :0)
+            | $this->userPluginManager->getImplementedActions())
+            & $actions);
+    }
+
+    /**
+     * @return bool
+     */
+    public function hasUserListings() {
+        return true;
+    }
+
+    /**
+     * counts the users in LDAP
+     */
+    public function countUsers(int $limit = 0): int|false {
+        if ($this->userPluginManager->implementsActions(Backend::COUNT_USERS)) {
+            return $this->userPluginManager->countUsers();
+        }
+
+        $filter = $this->access->getFilterForUserCount();
+        $cacheKey = 'countUsers-' . $filter . '-' . $limit;
+        if (!is_null($entries = $this->access->connection->getFromCache($cacheKey))) {
+            return $entries;
+        }
+        $entries = $this->access->countUsers($filter, limit:$limit);
+        $this->access->connection->writeToCache($cacheKey, $entries);
+        return $entries;
+    }
+
+    public function countMappedUsers(): int {
+        return $this->access->getUserMapper()->count();
+    }
+
+    /**
+     * Backend name to be shown in user management
+     * @return string the name of the backend to be shown
+     */
+    public function getBackendName() {
+        return 'LDAP';
+    }
+
+    /**
+     * Return access for LDAP interaction.
+     * @param string $uid
+     * @return Access instance of Access for LDAP interaction
+     */
+    public function getLDAPAccess($uid) {
+        return $this->access;
+    }
+
+    /**
+     * Return LDAP connection resource from a cloned connection.
+     * The cloned connection needs to be closed manually.
+     * of the current access.
+     * @param string $uid
+     * @return \LDAP\Connection The LDAP connection
+     */
+    public function getNewLDAPConnection($uid) {
+        $connection = clone $this->access->getConnection();
+        return $connection->getConnectionResource();
+    }
+
+    /**
+     * create new user
+     * @param string $username username of the new user
+     * @param string $password password of the new user
+     * @throws \UnexpectedValueException
+     * @return bool
+     */
+    public function createUser($username, $password) {
+        if ($this->userPluginManager->implementsActions(Backend::CREATE_USER)) {
+            if ($dn = $this->userPluginManager->createUser($username, $password)) {
+                if (is_string($dn)) {
+                    // the NC user creation work flow requires a know user id up front
+                    $uuid = $this->access->getUUID($dn, true);
+                    if (is_string($uuid)) {
+                        $this->access->mapAndAnnounceIfApplicable(
+                            $this->access->getUserMapper(),
+                            $dn,
+                            $username,
+                            $uuid,
+                            true
+                        );
+                    } else {
+                        $this->logger->warning(
+                            'Failed to map created LDAP user with userid {userid}, because UUID could not be determined',
+                            [
+                                'app' => 'user_ldap',
+                                'userid' => $username,
+                            ]
+                        );
+                    }
+                } else {
+                    throw new \UnexpectedValueException('LDAP Plugin: Method createUser changed to return the user DN instead of boolean.');
+                }
+            }
+            return (bool)$dn;
+        }
+        return false;
+    }
+
+    public function isUserEnabled(string $uid, callable $queryDatabaseValue): bool {
+        if ($this->deletedUsersIndex->isUserMarked($uid) && ((int)$this->access->connection->markRemnantsAsDisabled === 1)) {
+            return false;
+        } else {
+            return $queryDatabaseValue();
+        }
+    }
+
+    public function setUserEnabled(string $uid, bool $enabled, callable $queryDatabaseValue, callable $setDatabaseValue): bool {
+        $setDatabaseValue($enabled);
+        return $enabled;
+    }
+
+    public function getDisabledUserList(?int $limit = null, int $offset = 0, string $search = ''): array {
+        throw new \Exception('This is implemented directly in User_Proxy');
+    }
 }

apps/user_ldap/ajax/clearMappings.php

Indentation +26 added lines, -26 removed lines

@@ -22,32 +22,32 @@
 $subject = (string)$_POST['ldap_clear_mapping'];
 $mapping = null;
 try {
-	if ($subject === 'user') {
-		$mapping = Server::get(UserMapping::class);
-		/** @var IEventDispatcher $dispatcher */
-		$dispatcher = Server::get(IEventDispatcher::class);
-		$result = $mapping->clearCb(
-			function (string $uid) use ($dispatcher): void {
-				$dispatcher->dispatchTyped(new BeforeUserIdUnassignedEvent($uid));
-				/** @psalm-suppress UndefinedInterfaceMethod For now we have to emit, will be removed when all hooks are removed */
-				Server::get(IUserManager::class)->emit('\OC\User', 'preUnassignedUserId', [$uid]);
-			},
-			function (string $uid) use ($dispatcher): void {
-				$dispatcher->dispatchTyped(new UserIdUnassignedEvent($uid));
-				/** @psalm-suppress UndefinedInterfaceMethod For now we have to emit, will be removed when all hooks are removed */
-				Server::get(IUserManager::class)->emit('\OC\User', 'postUnassignedUserId', [$uid]);
-			}
-		);
-	} elseif ($subject === 'group') {
-		$mapping = Server::get(GroupMapping::class);
-		$result = $mapping->clear();
-	}
+    if ($subject === 'user') {
+        $mapping = Server::get(UserMapping::class);
+        /** @var IEventDispatcher $dispatcher */
+        $dispatcher = Server::get(IEventDispatcher::class);
+        $result = $mapping->clearCb(
+            function (string $uid) use ($dispatcher): void {
+                $dispatcher->dispatchTyped(new BeforeUserIdUnassignedEvent($uid));
+                /** @psalm-suppress UndefinedInterfaceMethod For now we have to emit, will be removed when all hooks are removed */
+                Server::get(IUserManager::class)->emit('\OC\User', 'preUnassignedUserId', [$uid]);
+            },
+            function (string $uid) use ($dispatcher): void {
+                $dispatcher->dispatchTyped(new UserIdUnassignedEvent($uid));
+                /** @psalm-suppress UndefinedInterfaceMethod For now we have to emit, will be removed when all hooks are removed */
+                Server::get(IUserManager::class)->emit('\OC\User', 'postUnassignedUserId', [$uid]);
+            }
+        );
+    } elseif ($subject === 'group') {
+        $mapping = Server::get(GroupMapping::class);
+        $result = $mapping->clear();
+    }
 
-	if ($mapping === null || !$result) {
-		$l = Util::getL10N('user_ldap');
-		throw new \Exception($l->t('Failed to clear the mappings.'));
-	}
-	\OC_JSON::success();
+    if ($mapping === null || !$result) {
+        $l = Util::getL10N('user_ldap');
+        throw new \Exception($l->t('Failed to clear the mappings.'));
+    }
+    \OC_JSON::success();
 } catch (\Exception $e) {
-	\OC_JSON::error(['message' => $e->getMessage()]);
+    \OC_JSON::error(['message' => $e->getMessage()]);
 }

apps/user_ldap/tests/Mapping/GroupMappingTest.php

Indentation +3 added lines, -3 removed lines

@@ -21,7 +21,7 @@
  * @package OCA\User_LDAP\Tests\Mapping
  */
 class GroupMappingTest extends AbstractMappingTestCase {
-	public function getMapper(IDBConnection $dbMock, ICacheFactory $cacheFactory, IAppConfig $appConfig): GroupMapping {
-		return new GroupMapping($dbMock, $cacheFactory, $appConfig, true);
-	}
+    public function getMapper(IDBConnection $dbMock, ICacheFactory $cacheFactory, IAppConfig $appConfig): GroupMapping {
+        return new GroupMapping($dbMock, $cacheFactory, $appConfig, true);
+    }
 }

apps/user_ldap/tests/Mapping/UserMappingTest.php

Indentation +3 added lines, -3 removed lines

@@ -22,7 +22,7 @@
  * @package OCA\User_LDAP\Tests\Mapping
  */
 class UserMappingTest extends AbstractMappingTestCase {
-	public function getMapper(IDBConnection $dbMock, ICacheFactory $cacheFactory, IAppConfig $appConfig): UserMapping {
-		return new UserMapping($dbMock, $cacheFactory, $appConfig, true, $this->createMock(IAssertion::class));
-	}
+    public function getMapper(IDBConnection $dbMock, ICacheFactory $cacheFactory, IAppConfig $appConfig): UserMapping {
+        return new UserMapping($dbMock, $cacheFactory, $appConfig, true, $this->createMock(IAssertion::class));
+    }
 }

apps/user_ldap/tests/Mapping/AbstractMappingTestCase.php

Indentation +279 added lines, -279 removed lines

@@ -17,283 +17,283 @@
 
 abstract class AbstractMappingTestCase extends \Test\TestCase {
 
-	private ICacheFactory&MockObject $cacheFactoryMock;
-
-	private IAppConfig&MockObject $configMock;
-
-	abstract public function getMapper(IDBConnection $dbMock, ICacheFactory $cacheFactory, IAppConfig $appConfig): AbstractMapping;
-
-	protected function setUp(): void {
-		$this->cacheFactoryMock = $this->createMock(ICacheFactory::class);
-		$this->configMock = $this->createMock(IAppConfig::class);
-	}
-
-	/**
-	 * kiss test on isColNameValid
-	 */
-	public function testIsColNameValid(): void {
-		$dbMock = $this->createMock(IDBConnection::class);
-		$mapper = $this->getMapper($dbMock, $this->cacheFactoryMock, $this->configMock);
-
-		$this->assertTrue($mapper->isColNameValid('ldap_dn'));
-		$this->assertFalse($mapper->isColNameValid('foobar'));
-	}
-
-	/**
-	 * returns an array of test entries with dn, name and uuid as keys
-	 * @return array
-	 */
-	protected static function getTestData(): array {
-		return [
-			[
-				'dn' => 'uid=foobar,dc=example,dc=org',
-				'name' => 'Foobar',
-				'uuid' => '1111-AAAA-1234-CDEF',
-			],
-			[
-				'dn' => 'uid=barfoo,dc=example,dc=org',
-				'name' => 'Barfoo',
-				'uuid' => '2222-BBBB-1234-CDEF',
-			],
-			[
-				'dn' => 'uid=barabara,dc=example,dc=org',
-				'name' => 'BaraBara',
-				'uuid' => '3333-CCCC-1234-CDEF',
-			]
-		];
-	}
-
-	/**
-	 * calls map() on the given mapper and asserts result for true
-	 * @param AbstractMapping $mapper
-	 * @param array $data
-	 */
-	protected function mapEntries(AbstractMapping $mapper, array $data): void {
-		foreach ($data as $entry) {
-			$done = $mapper->map($entry['dn'], $entry['name'], $entry['uuid']);
-			$this->assertTrue($done);
-		}
-	}
-
-	/**
-	 * initializes environment for a test run and returns an array with
-	 * test objects. Preparing environment means that all mappings are cleared
-	 * first and then filled with test entries.
-	 * @return array 0 = \OCA\User_LDAP\Mapping\AbstractMapping, 1 = array of
-	 *               users or groups
-	 */
-	private function initTest(): array {
-		$dbc = Server::get(IDBConnection::class);
-		$mapper = $this->getMapper($dbc, $this->cacheFactoryMock, $this->configMock);
-		$data = $this->getTestData();
-		// make sure DB is pristine, then fill it with test entries
-		$mapper->clear();
-		$this->mapEntries($mapper, $data);
-
-		return [$mapper, $data];
-	}
-
-	/**
-	 * tests map() method with input that should result in not-mapping.
-	 * Hint: successful mapping is tested inherently with mapEntries().
-	 */
-	public function testMap(): void {
-		[$mapper, $data] = $this->initTest();
-
-		// test that mapping will not happen when it shall not
-		$tooLongDN = 'uid=joann,ou=Secret Small Specialized Department,ou=Some Tremendously Important Department,ou=Another Very Important Department,ou=Pretty Meaningful Derpartment,ou=Quite Broad And General Department,ou=The Topmost Department,dc=hugelysuccessfulcompany,dc=com';
-		$paramKeys = ['', 'dn', 'name', 'uuid', $tooLongDN];
-		foreach ($paramKeys as $key) {
-			$failEntry = $data[0];
-			if (!empty($key)) {
-				$failEntry[$key] = 'do-not-get-mapped';
-			}
-			$isMapped = $mapper->map($failEntry['dn'], $failEntry['name'], $failEntry['uuid']);
-			$this->assertFalse($isMapped);
-		}
-	}
-
-	/**
-	 * tests unmap() for both successful and unsuccessful removing of
-	 * mapping entries
-	 */
-	public function testUnmap(): void {
-		[$mapper, $data] = $this->initTest();
-
-		foreach ($data as $entry) {
-			$fdnBefore = $mapper->getDNByName($entry['name']);
-			$result = $mapper->unmap($entry['name']);
-			$fdnAfter = $mapper->getDNByName($entry['name']);
-			$this->assertTrue($result);
-			$this->assertSame($fdnBefore, $entry['dn']);
-			$this->assertFalse($fdnAfter);
-		}
-
-		$result = $mapper->unmap('notAnEntry');
-		$this->assertFalse($result);
-	}
-
-	/**
-	 * tests getDNByName(), getNameByDN() and getNameByUUID() for successful
-	 * and unsuccessful requests.
-	 */
-	public function testGetMethods(): void {
-		[$mapper, $data] = $this->initTest();
-
-		foreach ($data as $entry) {
-			$fdn = $mapper->getDNByName($entry['name']);
-			$this->assertSame($fdn, $entry['dn']);
-		}
-		$fdn = $mapper->getDNByName('nosuchname');
-		$this->assertFalse($fdn);
-
-		foreach ($data as $entry) {
-			$name = $mapper->getNameByDN($entry['dn']);
-			$this->assertSame($name, $entry['name']);
-		}
-		$name = $mapper->getNameByDN('nosuchdn');
-		$this->assertFalse($name);
-
-		foreach ($data as $entry) {
-			$name = $mapper->getNameByUUID($entry['uuid']);
-			$this->assertSame($name, $entry['name']);
-		}
-		$name = $mapper->getNameByUUID('nosuchuuid');
-		$this->assertFalse($name);
-	}
-
-	/**
-	 * tests getNamesBySearch() for successful and unsuccessful requests.
-	 */
-	public function testSearch(): void {
-		[$mapper,] = $this->initTest();
-
-		$names = $mapper->getNamesBySearch('oo', '%', '%');
-		$this->assertIsArray($names);
-		$this->assertSame(2, count($names));
-		$this->assertContains('Foobar', $names);
-		$this->assertContains('Barfoo', $names);
-		$names = $mapper->getNamesBySearch('nada');
-		$this->assertIsArray($names);
-		$this->assertCount(0, $names);
-	}
-
-	/**
-	 * tests setDNbyUUID() for successful and unsuccessful update.
-	 */
-	public function testSetDNMethod(): void {
-		[$mapper, $data] = $this->initTest();
-
-		$newDN = 'uid=modified,dc=example,dc=org';
-		$done = $mapper->setDNbyUUID($newDN, $data[0]['uuid']);
-		$this->assertTrue($done);
-		$fdn = $mapper->getDNByName($data[0]['name']);
-		$this->assertSame($fdn, $newDN);
-
-		$newDN = 'uid=notme,dc=example,dc=org';
-		$done = $mapper->setDNbyUUID($newDN, 'iamnothere');
-		$this->assertFalse($done);
-		$name = $mapper->getNameByDN($newDN);
-		$this->assertFalse($name);
-	}
-
-	/**
-	 * tests setUUIDbyDN() for successful and unsuccessful update.
-	 */
-	public function testSetUUIDMethod(): void {
-		/** @var AbstractMapping $mapper */
-		[$mapper, $data] = $this->initTest();
-
-		$newUUID = 'ABC737-DEF754';
-
-		$done = $mapper->setUUIDbyDN($newUUID, 'uid=notme,dc=example,dc=org');
-		$this->assertFalse($done);
-		$name = $mapper->getNameByUUID($newUUID);
-		$this->assertFalse($name);
-
-		$done = $mapper->setUUIDbyDN($newUUID, $data[0]['dn']);
-		$this->assertTrue($done);
-		$uuid = $mapper->getUUIDByDN($data[0]['dn']);
-		$this->assertSame($uuid, $newUUID);
-	}
-
-	/**
-	 * tests clear() for successful update.
-	 */
-	public function testClear(): void {
-		[$mapper, $data] = $this->initTest();
-
-		$done = $mapper->clear();
-		$this->assertTrue($done);
-		foreach ($data as $entry) {
-			$name = $mapper->getNameByUUID($entry['uuid']);
-			$this->assertFalse($name);
-		}
-	}
-
-	/**
-	 * tests clear() for successful update.
-	 */
-	public function testClearCb(): void {
-		[$mapper, $data] = $this->initTest();
-
-		$callbackCalls = 0;
-		$test = $this;
-
-		$callback = function (string $id) use ($test, &$callbackCalls): void {
-			$test->assertTrue(trim($id) !== '');
-			$callbackCalls++;
-		};
-
-		$done = $mapper->clearCb($callback, $callback);
-		$this->assertTrue($done);
-		$this->assertSame(count($data) * 2, $callbackCalls);
-		foreach ($data as $entry) {
-			$name = $mapper->getNameByUUID($entry['uuid']);
-			$this->assertFalse($name);
-		}
-	}
-
-	/**
-	 * tests getList() method
-	 */
-	public function testList(): void {
-		[$mapper, $data] = $this->initTest();
-
-		// get all entries without specifying offset or limit
-		$results = $mapper->getList();
-		$this->assertCount(3, $results);
-
-		// get all-1 entries by specifying offset, and an high limit
-		// specifying only offset without limit will not work by underlying lib
-		$results = $mapper->getList(1, 999);
-		$this->assertCount(count($data) - 1, $results);
-
-		// get first 2 entries by limit, but not offset
-		$results = $mapper->getList(0, 2);
-		$this->assertCount(2, $results);
-
-		// get 2nd entry by specifying both offset and limit
-		$results = $mapper->getList(1, 1);
-		$this->assertCount(1, $results);
-	}
-
-	public function testGetListOfIdsByDn(): void {
-		/** @var AbstractMapping $mapper */
-		[$mapper,] = $this->initTest();
-
-		$listOfDNs = [];
-		for ($i = 0; $i < 66640; $i++) {
-			// Postgres has a limit of 65535 values in a single IN list
-			$name = 'as_' . $i;
-			$dn = 'uid=' . $name . ',dc=example,dc=org';
-			$listOfDNs[] = $dn;
-			if ($i % 20 === 0) {
-				$mapper->map($dn, $name, 'fake-uuid-' . $i);
-			}
-		}
-
-		$result = $mapper->getListOfIdsByDn($listOfDNs);
-		$this->assertCount(66640 / 20, $result);
-	}
+    private ICacheFactory&MockObject $cacheFactoryMock;
+
+    private IAppConfig&MockObject $configMock;
+
+    abstract public function getMapper(IDBConnection $dbMock, ICacheFactory $cacheFactory, IAppConfig $appConfig): AbstractMapping;
+
+    protected function setUp(): void {
+        $this->cacheFactoryMock = $this->createMock(ICacheFactory::class);
+        $this->configMock = $this->createMock(IAppConfig::class);
+    }
+
+    /**
+     * kiss test on isColNameValid
+     */
+    public function testIsColNameValid(): void {
+        $dbMock = $this->createMock(IDBConnection::class);
+        $mapper = $this->getMapper($dbMock, $this->cacheFactoryMock, $this->configMock);
+
+        $this->assertTrue($mapper->isColNameValid('ldap_dn'));
+        $this->assertFalse($mapper->isColNameValid('foobar'));
+    }
+
+    /**
+     * returns an array of test entries with dn, name and uuid as keys
+     * @return array
+     */
+    protected static function getTestData(): array {
+        return [
+            [
+                'dn' => 'uid=foobar,dc=example,dc=org',
+                'name' => 'Foobar',
+                'uuid' => '1111-AAAA-1234-CDEF',
+            ],
+            [
+                'dn' => 'uid=barfoo,dc=example,dc=org',
+                'name' => 'Barfoo',
+                'uuid' => '2222-BBBB-1234-CDEF',
+            ],
+            [
+                'dn' => 'uid=barabara,dc=example,dc=org',
+                'name' => 'BaraBara',
+                'uuid' => '3333-CCCC-1234-CDEF',
+            ]
+        ];
+    }
+
+    /**
+     * calls map() on the given mapper and asserts result for true
+     * @param AbstractMapping $mapper
+     * @param array $data
+     */
+    protected function mapEntries(AbstractMapping $mapper, array $data): void {
+        foreach ($data as $entry) {
+            $done = $mapper->map($entry['dn'], $entry['name'], $entry['uuid']);
+            $this->assertTrue($done);
+        }
+    }
+
+    /**
+     * initializes environment for a test run and returns an array with
+     * test objects. Preparing environment means that all mappings are cleared
+     * first and then filled with test entries.
+     * @return array 0 = \OCA\User_LDAP\Mapping\AbstractMapping, 1 = array of
+     *               users or groups
+     */
+    private function initTest(): array {
+        $dbc = Server::get(IDBConnection::class);
+        $mapper = $this->getMapper($dbc, $this->cacheFactoryMock, $this->configMock);
+        $data = $this->getTestData();
+        // make sure DB is pristine, then fill it with test entries
+        $mapper->clear();
+        $this->mapEntries($mapper, $data);
+
+        return [$mapper, $data];
+    }
+
+    /**
+     * tests map() method with input that should result in not-mapping.
+     * Hint: successful mapping is tested inherently with mapEntries().
+     */
+    public function testMap(): void {
+        [$mapper, $data] = $this->initTest();
+
+        // test that mapping will not happen when it shall not
+        $tooLongDN = 'uid=joann,ou=Secret Small Specialized Department,ou=Some Tremendously Important Department,ou=Another Very Important Department,ou=Pretty Meaningful Derpartment,ou=Quite Broad And General Department,ou=The Topmost Department,dc=hugelysuccessfulcompany,dc=com';
+        $paramKeys = ['', 'dn', 'name', 'uuid', $tooLongDN];
+        foreach ($paramKeys as $key) {
+            $failEntry = $data[0];
+            if (!empty($key)) {
+                $failEntry[$key] = 'do-not-get-mapped';
+            }
+            $isMapped = $mapper->map($failEntry['dn'], $failEntry['name'], $failEntry['uuid']);
+            $this->assertFalse($isMapped);
+        }
+    }
+
+    /**
+     * tests unmap() for both successful and unsuccessful removing of
+     * mapping entries
+     */
+    public function testUnmap(): void {
+        [$mapper, $data] = $this->initTest();
+
+        foreach ($data as $entry) {
+            $fdnBefore = $mapper->getDNByName($entry['name']);
+            $result = $mapper->unmap($entry['name']);
+            $fdnAfter = $mapper->getDNByName($entry['name']);
+            $this->assertTrue($result);
+            $this->assertSame($fdnBefore, $entry['dn']);
+            $this->assertFalse($fdnAfter);
+        }
+
+        $result = $mapper->unmap('notAnEntry');
+        $this->assertFalse($result);
+    }
+
+    /**
+     * tests getDNByName(), getNameByDN() and getNameByUUID() for successful
+     * and unsuccessful requests.
+     */
+    public function testGetMethods(): void {
+        [$mapper, $data] = $this->initTest();
+
+        foreach ($data as $entry) {
+            $fdn = $mapper->getDNByName($entry['name']);
+            $this->assertSame($fdn, $entry['dn']);
+        }
+        $fdn = $mapper->getDNByName('nosuchname');
+        $this->assertFalse($fdn);
+
+        foreach ($data as $entry) {
+            $name = $mapper->getNameByDN($entry['dn']);
+            $this->assertSame($name, $entry['name']);
+        }
+        $name = $mapper->getNameByDN('nosuchdn');
+        $this->assertFalse($name);
+
+        foreach ($data as $entry) {
+            $name = $mapper->getNameByUUID($entry['uuid']);
+            $this->assertSame($name, $entry['name']);
+        }
+        $name = $mapper->getNameByUUID('nosuchuuid');
+        $this->assertFalse($name);
+    }
+
+    /**
+     * tests getNamesBySearch() for successful and unsuccessful requests.
+     */
+    public function testSearch(): void {
+        [$mapper,] = $this->initTest();
+
+        $names = $mapper->getNamesBySearch('oo', '%', '%');
+        $this->assertIsArray($names);
+        $this->assertSame(2, count($names));
+        $this->assertContains('Foobar', $names);
+        $this->assertContains('Barfoo', $names);
+        $names = $mapper->getNamesBySearch('nada');
+        $this->assertIsArray($names);
+        $this->assertCount(0, $names);
+    }
+
+    /**
+     * tests setDNbyUUID() for successful and unsuccessful update.
+     */
+    public function testSetDNMethod(): void {
+        [$mapper, $data] = $this->initTest();
+
+        $newDN = 'uid=modified,dc=example,dc=org';
+        $done = $mapper->setDNbyUUID($newDN, $data[0]['uuid']);
+        $this->assertTrue($done);
+        $fdn = $mapper->getDNByName($data[0]['name']);
+        $this->assertSame($fdn, $newDN);
+
+        $newDN = 'uid=notme,dc=example,dc=org';
+        $done = $mapper->setDNbyUUID($newDN, 'iamnothere');
+        $this->assertFalse($done);
+        $name = $mapper->getNameByDN($newDN);
+        $this->assertFalse($name);
+    }
+
+    /**
+     * tests setUUIDbyDN() for successful and unsuccessful update.
+     */
+    public function testSetUUIDMethod(): void {
+        /** @var AbstractMapping $mapper */
+        [$mapper, $data] = $this->initTest();
+
+        $newUUID = 'ABC737-DEF754';
+
+        $done = $mapper->setUUIDbyDN($newUUID, 'uid=notme,dc=example,dc=org');
+        $this->assertFalse($done);
+        $name = $mapper->getNameByUUID($newUUID);
+        $this->assertFalse($name);
+
+        $done = $mapper->setUUIDbyDN($newUUID, $data[0]['dn']);
+        $this->assertTrue($done);
+        $uuid = $mapper->getUUIDByDN($data[0]['dn']);
+        $this->assertSame($uuid, $newUUID);
+    }
+
+    /**
+     * tests clear() for successful update.
+     */
+    public function testClear(): void {
+        [$mapper, $data] = $this->initTest();
+
+        $done = $mapper->clear();
+        $this->assertTrue($done);
+        foreach ($data as $entry) {
+            $name = $mapper->getNameByUUID($entry['uuid']);
+            $this->assertFalse($name);
+        }
+    }
+
+    /**
+     * tests clear() for successful update.
+     */
+    public function testClearCb(): void {
+        [$mapper, $data] = $this->initTest();
+
+        $callbackCalls = 0;
+        $test = $this;
+
+        $callback = function (string $id) use ($test, &$callbackCalls): void {
+            $test->assertTrue(trim($id) !== '');
+            $callbackCalls++;
+        };
+
+        $done = $mapper->clearCb($callback, $callback);
+        $this->assertTrue($done);
+        $this->assertSame(count($data) * 2, $callbackCalls);
+        foreach ($data as $entry) {
+            $name = $mapper->getNameByUUID($entry['uuid']);
+            $this->assertFalse($name);
+        }
+    }
+
+    /**
+     * tests getList() method
+     */
+    public function testList(): void {
+        [$mapper, $data] = $this->initTest();
+
+        // get all entries without specifying offset or limit
+        $results = $mapper->getList();
+        $this->assertCount(3, $results);
+
+        // get all-1 entries by specifying offset, and an high limit
+        // specifying only offset without limit will not work by underlying lib
+        $results = $mapper->getList(1, 999);
+        $this->assertCount(count($data) - 1, $results);
+
+        // get first 2 entries by limit, but not offset
+        $results = $mapper->getList(0, 2);
+        $this->assertCount(2, $results);
+
+        // get 2nd entry by specifying both offset and limit
+        $results = $mapper->getList(1, 1);
+        $this->assertCount(1, $results);
+    }
+
+    public function testGetListOfIdsByDn(): void {
+        /** @var AbstractMapping $mapper */
+        [$mapper,] = $this->initTest();
+
+        $listOfDNs = [];
+        for ($i = 0; $i < 66640; $i++) {
+            // Postgres has a limit of 65535 values in a single IN list
+            $name = 'as_' . $i;
+            $dn = 'uid=' . $name . ',dc=example,dc=org';
+            $listOfDNs[] = $dn;
+            if ($i % 20 === 0) {
+                $mapper->map($dn, $name, 'fake-uuid-' . $i);
+            }
+        }
+
+        $result = $mapper->getListOfIdsByDn($listOfDNs);
+        $this->assertCount(66640 / 20, $result);
+    }
 }