Document new command ldap:check-group

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2026-01-02 17:59:36 +07:00 · 2023-08-28 17:11:08 +02:00
parent 2ccba7f809
commit dec903223c
2 changed files with 10 additions and 0 deletions
--- a/admin_manual/configuration_server/occ_command.rst
+++ b/admin_manual/configuration_server/occ_command.rst
@@ -946,6 +946,7 @@ you can run the following LDAP commands with ``occ``::

 ldap
  ldap:check-user               checks whether a user exists on LDAP.
+  ldap:check-group              checks whether a group exists on LDAP.
  ldap:create-empty-config      creates an empty LDAP configuration
  ldap:delete-config            deletes an existing LDAP configuration
  ldap:search                   executes a user or group search
@@ -990,6 +991,11 @@ use the ``--force`` option to force it to check all active LDAP connections::

 sudo -u www-data php occ ldap:check-user --force robert

+``ldap:check-group`` checks whether a group still exists in the LDAP directory.
+Use with ``--update`` to update group membership cache on Nextcloud side::
+
+ sudo -u www-data php occ ldap:check-group --update mygroup
+
 ``ldap:create-empty-config`` creates an empty LDAP configuration. The first
 one you create has ``configID`` ``s01``, and all subsequent configurations
 that you create are automatically assigned IDs::
--- a/admin_manual/configuration_user/user_auth_ldap.rst
+++ b/admin_manual/configuration_user/user_auth_ldap.rst
@@ -796,6 +796,10 @@ in batches from all users again. Beside that they are also refreshed during a
 login for this user or can be fetched manually via the occ command 
 ``occ ldap:check-user --update USERID`` where ``USERID`` is Nextcloud's user id.

+For groups, a cache of memberships is stored in database to be able to fire
+events when a membership is added or removed. This cache is updated by a background
+job, and can be force updated using ``occ ldap:check-group --update GROUPID``.
+
 Caching
 ^^^^^^^