-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: remove caching in fetchListOfGroups #47513
base: master
Are you sure you want to change the base?
Conversation
b911880
to
a81b6be
Compare
Is that fixing the same issue as #45364? |
Looks related. server/apps/user_ldap/lib/Access.php Lines 949 to 966 in dde0b48
Our working theory was that the above block maps LDAP groups that do not match the group filter. That can happen with nested groups, where we cannot use the group filter for the query right away. I think it should work to combine this pr with #46364: Keep the caching logic, but turn auto-mapping off. If @blizzz and you think we should keep it, then let's do it. But please keep in mind that the amount of caching logic makes the code really difficult to understand and debug, and therefore removing the cache block improves the maintainability a bit. |
Quite frankly I think we can remove this logic it looks like it tries to be too smart. |
a81b6be
to
afe91fb
Compare
When using nested groups without a memberof overlay, then fetchListOfGroups is called from getGroupsByMember without applying the group filter. In some setups, the "unfiltered" result is then written back to the group mapping table. That might cause random "An administrator removed you from group" activities. I was unable to replicate it locally, but we got the feedback that the random activities stopped with the patch applied. Ref: #42195 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
afe91fb
to
a50ce1a
Compare
I tried gathering you some reliable data, but's the caching layers, having the mapping in the db already yes/no, .... makes it horrible to get reproducible results. Login with LDAP user:
Calls RCeguhBIPMUV5367Y3EP (master)
Calls aZrSU6ja9xgU3k85USB2 (this branch)
|
I may be missing something, but I did not solve the issue on my side with this fix. I've commented out the code on my side, but the problem persists. I'm still getting those emails "An administrator removed you from group ..." How should I test this? Should I clear something from the BD? Reconfigure LDAP? |
You should double-check your LDAP configuration in Nextcloud for group-member association. |
Upgrading to the recent 29.0.8 version fixed the problem. This same code is still there (the code commented out in this PR on |
Upgrading to 30.0.1 restores this issue! A lot of new email messages with An administrator removed you from group xxxx |
Issue #29832 may or may not also contain some related reports this covers. |
Summary
When using nested groups without a memberof overlay, then fetchListOfGroups is called from getGroupsByMember without applying the group filter.
In some setups, the "unfiltered" result is then written back to the group mapping table. That might cause random "An administrator removed you from group" activities.
I was unable to replicate it locally, but we got the feedback that the random activities stopped with the patch applied.
Ref: #42195
TODO
Checklist