From dec903223ca6df1f308827b0a1df00af982fccdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=B4me=20Chilliet?= Date: Mon, 28 Aug 2023 17:11:08 +0200 Subject: [PATCH] Document new command ldap:check-group MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Côme Chilliet --- admin_manual/configuration_server/occ_command.rst | 6 ++++++ admin_manual/configuration_user/user_auth_ldap.rst | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/admin_manual/configuration_server/occ_command.rst b/admin_manual/configuration_server/occ_command.rst index 081e5cb98..5a2c63068 100644 --- a/admin_manual/configuration_server/occ_command.rst +++ b/admin_manual/configuration_server/occ_command.rst @@ -946,6 +946,7 @@ you can run the following LDAP commands with ``occ``:: ldap ldap:check-user checks whether a user exists on LDAP. + ldap:check-group checks whether a group exists on LDAP. ldap:create-empty-config creates an empty LDAP configuration ldap:delete-config deletes an existing LDAP configuration ldap:search executes a user or group search @@ -990,6 +991,11 @@ use the ``--force`` option to force it to check all active LDAP connections:: sudo -u www-data php occ ldap:check-user --force robert +``ldap:check-group`` checks whether a group still exists in the LDAP directory. +Use with ``--update`` to update group membership cache on Nextcloud side:: + + sudo -u www-data php occ ldap:check-group --update mygroup + ``ldap:create-empty-config`` creates an empty LDAP configuration. The first one you create has ``configID`` ``s01``, and all subsequent configurations that you create are automatically assigned IDs:: diff --git a/admin_manual/configuration_user/user_auth_ldap.rst b/admin_manual/configuration_user/user_auth_ldap.rst index 3f24120da..ed8c6e4a4 100644 --- a/admin_manual/configuration_user/user_auth_ldap.rst +++ b/admin_manual/configuration_user/user_auth_ldap.rst @@ -796,6 +796,10 @@ in batches from all users again. Beside that they are also refreshed during a login for this user or can be fetched manually via the occ command ``occ ldap:check-user --update USERID`` where ``USERID`` is Nextcloud's user id. +For groups, a cache of memberships is stored in database to be able to fire +events when a membership is added or removed. This cache is updated by a background +job, and can be force updated using ``occ ldap:check-group --update GROUPID``. + Caching ^^^^^^^