* ActiveDirectory: allow to disable VLV controls, if your AD has problems with it AND can return all users in a single query

This commit is contained in:
ralf 2024-08-26 17:53:12 +02:00
parent 941321dd9f
commit bdf50616e9
5 changed files with 37 additions and 26 deletions

View File

@ -89,6 +89,7 @@ trait LdapVlvSortRequestTrait
// check if we require sorting and server supports it
$control = [];
if (PHP_VERSION >= 7.3 && !empty($order_by) && is_numeric($start) &&
empty($this->frontend->config['ads_disable_vlv']) &&
$this->serverinfo->supportedControl(LDAP_CONTROL_SORTREQUEST, LDAP_CONTROL_VLVREQUEST) &&
($sort_values = $this->sortValues($order_by)))
{

View File

@ -1237,7 +1237,9 @@ class Ldap
// check if we require sorting and server supports it
$control = [];
if (PHP_VERSION >= 7.3 && !empty($order_by) && is_array($start) && $this->ldapServerInfo->supportedControl(LDAP_CONTROL_SORTREQUEST, LDAP_CONTROL_VLVREQUEST) &&
if (PHP_VERSION >= 7.3 && !empty($order_by) && is_array($start) &&
empty($this->ldap_config['ads_disable_vlv']) &&
$this->ldapServerInfo->supportedControl(LDAP_CONTROL_SORTREQUEST, LDAP_CONTROL_VLVREQUEST) &&
($sort_values = $this->sort_values($order_by)))
{
[$offset, $num_rows] = $start;
@ -1260,6 +1262,7 @@ class Ldap
}
elseif (PHP_VERSION >= 7.3 && empty($order_by) &&
($start === false || is_array($start) && count($start) === 3) &&
empty($this->ldap_config['ads_disable_vlv']) &&
$this->ldapServerInfo->supportedControl(LDAP_CONTROL_PAGEDRESULTS))
{
if ($start === false)

View File

@ -28,7 +28,6 @@
80 (http) setup de 80 (http)
<b>charset to use</b> (use utf-8 if you plan to use languages with different charsets): setup de <b>Zeichensatz</b> (benutzen sie UTF-8 wenn sie planen Sprachen mit verschiedenen Zeichensätzen zu verwenden)
==> different group '%1' under that gidnumber %2, not setting memberships! setup de ==> andere Gruppe '%1' unter der gidNumber %2, Mitgliedschaften wurden NICHT gesetzt!
[header-password],[header-user],[new-password],[new-user] setup de [Header-Passwort],[Header-Benutzer],[neues-Passwort],[neuer-Benutzer]
access denied: wrong username or password for manage-header !!! setup de Zugriff verweigert: Falsche Benutzername oder Passwort für die Headerverwaltung!
access denied: wrong username or password to configure the domain '%1(%2)' !!! setup de Zugriff verweigert: Falsche Benutzername oder Passwort für Konfiguration der Domain '%1(%2)' !
account repository{sql(default) | ldap},[authentication{sql | ldap | mail | ads | http | ...}],[sql encrypttion{md5 | blowfish_crypt | md5_crypt | crypt}],[check save password{ (default)|true}],[allow cookie auth{ (default)|true}] setup de Benutzer speichern{sql(Vorgabe) | ldap},[Authentifizierung{sql | ldap | mail | ads | http | ...}],[sql Verschlüsselung{sha512_crypt(default) | sha256_crypt | blowfish_crypt | md5_crypt | ssha | smd5 | crypt | md5}],[überprüfe Passworte{ (Vorgabe) | True}],[erlaube Cookie Authtentifizierung{ (Vorgabe) | True}]
@ -259,6 +258,8 @@ deregistered setup de nicht registriert
details for admin account setup de Details des Admin-Kontos
developers' table schema toy setup de Entwickler Tabellen Schema "Spielzeug"
did not find any valid db support! setup de Konnte keine gültige Datenbankunterstützung finden!
disable only if your ad has problems with vlv controls and can return all users in a single query! setup de Nur abschalten wenn Ihr AD Probleme mit VLV Kontrollen hat UND alle Benutzer in einer einzigen Abfrage liefern kann!
disable vlv controls setup de VLV Kontrollen abschalten
distribution-lists too setup de auch Verteilerlisten
do not check for deleted user setup de Nicht auf gelöschte Benutzer prüfen
do you want persistent connections (higher performance, but consumes more resources) setup de Wollen Sie eine permanente Datenbankverbindung verwenden?<br>(höhere Performance, braucht aber mehr Ressourcen)
@ -304,10 +305,10 @@ enable mcrypt setup de MCrypt einschalten
enforce ssl (allows to specify just a path above) setup de Erzwinge SSL (erlaubt darüber nur einen Pfad anzugeben)
enter some random text for app session encryption setup de Zufallstext zur Verschlüsselung der Anwendungssitzung
enter some random text for app_session <br />encryption (requires mcrypt) setup de Zufallstext zur Verschlüsselung der Anwendungssitzung<br>(benötigt mcrypt)
enter the full path for temporary files.<br />examples: /tmp, c:\temp setup de Vollständiger Pfad für temporäre Dateien.<br>Beispiel: /tmp, C:\TEMP
enter the full path for temporary files.<br />examples: /tmp, c:temp setup de Vollständiger Pfad für temporäre Dateien.<br>Beispiel: /tmp, C:\TEMP
enter the full path for users and group files.<br />examples: /files, e:\files setup de Vollständiger Pfad für Benutzer- und Gruppendateien.<br>Beispiel: /files, E:\Files
enter the full path for temporary files.<br />examples: /tmp, c:\temp setup de Vollständiger Pfad für temporäre Dateien.<br>Beispiel: /tmp, C:\TEMP
enter the full path for users and group files.<br />examples: /files, e:files setup de Vollständiger Pfad für Benutzer- und Gruppendateien.<br>Beispiel: /files, E:\Files
enter the full path for users and group files.<br />examples: /files, e:\files setup de Vollständiger Pfad für Benutzer- und Gruppendateien.<br>Beispiel: /files, E:\Files
enter the full path to the backup directory.<br />if empty: files directory setup de Vollständiger Pfad für das Datensicherungsverzeichnis.<br>Wenn leer: Dateiverzeichnis
enter the hostname of the machine on which this server is running setup de Hostname des Computers auf dem der Server läuft
enter the location of egroupware's url.<br />example: http://www.domain.com/egroupware &nbsp; or &nbsp; /egroupware<br /><b>no trailing slash</b> setup de URL zur EGroupware Installation.<br>Beispiel: https://egw.domain.com/egroupware or /egroupware<br><b>Keinen nachfolgenden Slash /</b>
@ -461,8 +462,8 @@ manage applications setup de Anwendungen verwalten
manage languages setup de Sprachen verwalten
manual / help setup de Handbuch / Hilfe
match saml usernames to existing ones (use strings or regular expression) setup de Verbinde SAML Benutzernamen mit bestehenden (benutze Strings oder Reguläre Ausdrücke)
max_execution_time is set to less than 30 (seconds): egroupware sometimes needs a higher execution_time, expect occasional failures setup de max_execution_time (maximale Ausführungszeit eines Skripts) ist auf weniger als 30 (Sekunden) gesetzt: EGroupware benötigt teilweise längere Ausführungszeiten. Sie müssen mit gelegentlichen Fehlern rechnen.
maximum account id (e.g. 65535 or 1000000) setup de Maximum für Benutzer-ID (z.B. 65535 oder 1000000)
max_execution_time is set to less than 30 (seconds): egroupware sometimes needs a higher execution_time, expect occasional failures setup de max_execution_time (maximale Ausführungszeit eines Skripts) ist auf weniger als 30 (Sekunden) gesetzt: EGroupware benötigt teilweise längere Ausführungszeiten. Sie müssen mit gelegentlichen Fehlern rechnen.
may be broken setup de Kann kaputt sein
mcrypt algorithm (default tripledes) setup de MCrypt-Algorithmus (Vorgabe TRIPLEDES)
mcrypt initialization vector setup de MCrypt-Initialisierungsvektor
@ -576,8 +577,8 @@ read translations from setup de Lese Übersetzungen von
readable by the webserver setup de Lesbar durch den Webserver
really uninstall all applications setup de WIRKLICH alle Anwendungen deinstallieren
refusing to delete dn "%1"! setup de Löschen von DN "%1" verweigert!
register_globals is turned on, egroupware does not require it and it's generaly more secure to have it turned off setup de register_globals ist eingeschaltet (On), EGroupware benötigt das NICHT und es ist generell sicherer es auszuschalten (Off)
registered setup de Registriert
register_globals is turned on, egroupware does not require it and it's generaly more secure to have it turned off setup de register_globals ist eingeschaltet (On), EGroupware benötigt das NICHT und es ist generell sicherer es auszuschalten (Off)
regular expression to filter by dn setup de Regulärer Ausdruck zum Filtern nach DN
rejected lines setup de Zurückgewiesene Zeilen
remove setup de Entfernen
@ -847,5 +848,6 @@ your php installation does not have appropriate gd support. you need gd library
your tables are current setup de Ihre Tabellen sind aktuell
your tables will be dropped and you will lose data setup de Ihre Tabellen werden gelöscht und Sie werden alle Daten verlieren!
your temporary directory '%1' %2 setup de Ihr temporäres Verzeichnis '%1' %2
[header-password],[header-user],[new-password],[new-user] setup de [Header-Passwort],[Header-Benutzer],[neues-Passwort],[neuer-Benutzer]
{db | php(default) | php-restore} setup de {db | php(Vorgabe) | php-restore}
{off(default) | on} setup de {off(Vorgabe) | on}

View File

@ -28,7 +28,6 @@
80 (http) setup en 80 (http)
<b>charset to use</b> (use utf-8 if you plan to use languages with different charsets): setup en <b>Charset to use.</b> Use UTF-8 if you plan to use languages with different charsets:
==> different group '%1' under that gidnumber %2, not setting memberships! setup en ==> different group '%1' under that gidNumber %2, NOT setting memberships!
[header-password],[header-user],[new-password],[new-user] setup en [header-password],[header-user],[new-password],[new-user]
access denied: wrong username or password for manage-header !!! setup en Access denied: wrong username or password for manage-header!
access denied: wrong username or password to configure the domain '%1(%2)' !!! setup en Access denied: wrong username or password to configure the domain '%1(%2)'!
account repository{sql(default) | ldap},[authentication{sql | ldap | mail | ads | http | ...}],[sql encrypttion{md5 | blowfish_crypt | md5_crypt | crypt}],[check save password{ (default)|true}],[allow cookie auth{ (default)|true}] setup en account repository{sql(default) | ldap},[authentication{sql | ldap | mail | ads | http | ...}],[sql encryption{sha512_crypt(default) | sha256_crypt | blowfish_crypt | md5_crypt | ssha | smd5 | crypt | md5}],[check save password{ (default)|True}],[allow cookie auth{ (default)|True}]
@ -259,6 +258,8 @@ deregistered setup en De-registered
details for admin account setup en Details for Admin account
developers' table schema toy setup en Developers' Table Schema Toy
did not find any valid db support! setup en Did not find any valid DB support!
disable only if your ad has problems with vlv controls and can return all users in a single query! setup en Disable only if your AD has problems with VLV controls AND can return all users in a single query!
disable vlv controls setup en Disable VLV controls
distribution-lists too setup en distribution-lists too
do not check for deleted user setup en Do NOT check for deleted user
do you want persistent connections (higher performance, but consumes more resources) setup en Do you want persistent connections (higher performance, but consumes more resources)
@ -304,10 +305,10 @@ enable mcrypt setup en Enable Mcrypt
enforce ssl (allows to specify just a path above) setup en Enforce SSL (allows to specify just a path above)
enter some random text for app session encryption setup en Enter some random text for app session encryption
enter some random text for app_session <br />encryption (requires mcrypt) setup en Enter some random text for app_session<br>encryption (requires mcrypt)
enter the full path for temporary files.<br />examples: /tmp, c:\temp setup en Enter the full path for temporary files.<br>Examples: /tmp, C:\TEMP
enter the full path for temporary files.<br />examples: /tmp, c:temp setup en Enter the full path for temporary files.<br>Examples: /tmp, C:\TEMP
enter the full path for users and group files.<br />examples: /files, e:\files setup en Enter the full path for users and group files.<br>Examples: /files, E:\FILES
enter the full path for temporary files.<br />examples: /tmp, c:\temp setup en Enter the full path for temporary files.<br>Examples: /tmp, C:\TEMP
enter the full path for users and group files.<br />examples: /files, e:files setup en Enter the full path for users and group files.<br>Examples: /files, E:\FILES
enter the full path for users and group files.<br />examples: /files, e:\files setup en Enter the full path for users and group files.<br>Examples: /files, E:\FILES
enter the full path to the backup directory.<br />if empty: files directory setup en Enter the full path to the backup directory.<br>if empty: files directory
enter the hostname of the machine on which this server is running setup en Enter the host name of the machine on which this server is running
enter the location of egroupware's url.<br />example: http://www.domain.com/egroupware &nbsp; or &nbsp; /egroupware<br /><b>no trailing slash</b> setup en Enter the location of EGroupware's URL.<br>Example: http://www.domain.com/egroupware or /egroupware<br><b>No trailing slash</b>
@ -461,8 +462,8 @@ manage applications setup en Manage applications
manage languages setup en Manage languages
manual / help setup en Manual | Help
match saml usernames to existing ones (use strings or regular expression) setup en Match SAML usernames to existing ones (use strings or regular expression)
max_execution_time is set to less than 30 (seconds): egroupware sometimes needs a higher execution_time, expect occasional failures setup en max_execution_time is set to less than 30 (seconds): EGroupware sometimes needs a higher execution_time, expect occasional failures
maximum account id (e.g. 65535 or 1000000) setup en Maximum account ID (e.g. 65535 or 1000000)
max_execution_time is set to less than 30 (seconds): egroupware sometimes needs a higher execution_time, expect occasional failures setup en max_execution_time is set to less than 30 (seconds): EGroupware sometimes needs a higher execution_time, expect occasional failures
may be broken setup en May be broken
mcrypt algorithm (default tripledes) setup en Mcrypt algorithm (default TRIPLEDES)
mcrypt initialization vector setup en Mcrypt initialization vector
@ -577,8 +578,8 @@ read translations from setup en Read translations from
readable by the webserver setup en Readable by the web server
really uninstall all applications setup en REALLY uninstall all applications
refusing to delete dn "%1"! setup en Refusing to delete DN "%1"!
register_globals is turned on, egroupware does not require it and it's generaly more secure to have it turned off setup en register_globals is turned On, EGroupware does NOT require it and it's generally more secure to have it turned Off
registered setup en Registered
register_globals is turned on, egroupware does not require it and it's generaly more secure to have it turned off setup en register_globals is turned On, EGroupware does NOT require it and it's generally more secure to have it turned Off
regular expression to filter by dn setup en Regular expression to filter by DN
rejected lines setup en Rejected lines
remove setup en Remove
@ -849,5 +850,6 @@ your php installation does not have appropriate gd support. you need gd library
your tables are current setup en Your tables are current
your tables will be dropped and you will lose data setup en Your tables will be dropped and you will lose data!
your temporary directory '%1' %2 setup en Your temporary directory '%1' %2
[header-password],[header-user],[new-password],[new-user] setup en [header-password],[header-user],[new-password],[new-user]
{db | php(default) | php-restore} setup en {db | php(default) | php-restore}
{off(default) | on} setup en {off(default) | on}

View File

@ -30,7 +30,7 @@
<tr class="row_on">
<td>{lang_Enter_the_full_path_for_users_and_group_files.<br />Examples:_/files,_E:\FILES}</td>
<td><input name="newsettings[files_dir]" value="{value_files_dir}" size="40" /></td>
<td><input name="newsettings[files_dir]" value="{value_files_dir}" size="80" /></td>
</tr>
<tr class="row_off">
@ -47,7 +47,7 @@
<tr class="row_off">
<td>{lang_Enter_the_full_path_to_the_backup_directory.<br />if_empty:_files_directory}/db_backup:</td>
<td><input name="newsettings[backup_dir]" value="{value_backup_dir}" size="40" /></td>
<td><input name="newsettings[backup_dir]" value="{value_backup_dir}" size="80" /></td>
</tr>
<tr class="row_on">
@ -56,12 +56,12 @@
<tr class="row_off">
<td>{lang_Enter_the_full_path_for_temporary_files.<br />Examples:_/tmp,_C:\TEMP}:</td>
<td><input name="newsettings[temp_dir]" value="{value_temp_dir}" size="40" /></td>
<td><input name="newsettings[temp_dir]" value="{value_temp_dir}" size="80" /></td>
</tr>
<tr class="row_on">
<td>{lang_Enter_the_location_of_eGroupWare's_URL.<br />Example:_http://www.domain.com/egroupware_&nbsp;_or_&nbsp;_/egroupware<br /><b>No_trailing_slash</b>}:</td>
<td><input name="newsettings[webserver_url]" value="{value_webserver_url}" size="40" /></td>
<td><input name="newsettings[webserver_url]" value="{value_webserver_url}" size="80" /></td>
</tr>
<tr class="row_off">
@ -300,32 +300,32 @@
{lang_LDAP_host} {lang_IP_or_URL}: (ldap|ldaps|tls)://IP[:port]/<br/>
({lang_use_space_to_separate_multiple}):
</td>
<td><input name="newsettings[ldap_host]" value="{value_ldap_host}" size="40" /></td>
<td><input name="newsettings[ldap_host]" value="{value_ldap_host}" size="80" /></td>
</tr>
<tr class="row_off">
<td>{lang_LDAP_accounts_context}:</td>
<td><input name="newsettings[ldap_context]" value="{value_ldap_context}" size="40" /></td>
<td><input name="newsettings[ldap_context]" value="{value_ldap_context}" size="80" /></td>
</tr>
<tr class="row_on">
<td>{lang_LDAP_search_filter_for_accounts,_default:_"(uid=%user)",_%domain=EGw-domain}:</td>
<td><input name="newsettings[ldap_search_filter]" value="{value_ldap_search_filter}" size="40" /></td>
<td><input name="newsettings[ldap_search_filter]" value="{value_ldap_search_filter}" size="80" /></td>
</tr>
<tr class="row_off">
<td>{lang_LDAP_groups_context}:</td>
<td><input name="newsettings[ldap_group_context]" value="{value_ldap_group_context}" size="40" /></td>
<td><input name="newsettings[ldap_group_context]" value="{value_ldap_group_context}" size="80" /></td>
</tr>
<tr class="row_on">
<td>{lang_Additional_group_filter_(optional)}:</td>
<td><input name="newsettings[ldap_group_filter]" value="{value_ldap_group_filter}" size="40" /></td>
<td><input name="newsettings[ldap_group_filter]" value="{value_ldap_group_filter}" size="80" /></td>
</tr>
<tr class="row_off">
<td>{lang_LDAP_rootdn} {lang_(searching_accounts_and_changing_passwords)}:</td>
<td><input name="newsettings[ldap_root_dn]" value="{value_ldap_root_dn}" size="40" /></td>
<td><input name="newsettings[ldap_root_dn]" value="{value_ldap_root_dn}" size="80" /></td>
</tr>
<tr class="row_on">
@ -387,11 +387,11 @@
</tr>
<tr class="row_off">
<td>{lang_Host/IP_Domain_controler} ({lang_use_space_to_separate_multiple}):</td>
<td><input name="newsettings[ads_host]" value="{value_ads_host}" size="40" /></td>
<td><input name="newsettings[ads_host]" value="{value_ads_host}" size="80" /></td>
</tr>
<tr class="row_on">
<td>{lang_Domain_name}:</td>
<td><input name="newsettings[ads_domain]" value="{value_ads_domain}" size="40" /></td>
<td><input name="newsettings[ads_domain]" value="{value_ads_domain}" size="80" /></td>
</tr>
<tr class="row_off">
<td>
@ -399,11 +399,11 @@
({lang_optional,_if_only_authentication_AND_anonymous_search_is_enabled})<br/>
{lang_Requires_"Reset_Password"_privilege,_to_change_passwords!}
</td>
<td><input name="newsettings[ads_admin_user]" value="{value_ads_admin_user}" size="40" /></td>
<td><input name="newsettings[ads_admin_user]" value="{value_ads_admin_user}" size="80" /></td>
</tr>
<tr class="row_on">
<td>{lang_Password}:</td>
<td><input type="password" name="newsettings[ads_admin_passwd]" value="{value_ads_admin_passwd}" size="40" /></td>
<td><input type="password" name="newsettings[ads_admin_passwd]" value="{value_ads_admin_passwd}" size="80" /></td>
</tr>
<tr class="row_off">
<td>
@ -417,6 +417,9 @@
<option value="tls"{selected_ads_connection_tls}>TLS</option>
<option value="ssl"{selected_ads_connection_ssl}>SSL</option>
</select>
&nbsp; <label title="{lang_Disable_only_if_your_AD_has_problems_with_VLV_controls_AND_can_return_all_users_in_a_single_query!}">
<input type="checkbox" value="disable" {checked_ads_disable_vlv_disable} name="newsettings[ads_disable_vlv]"/>
{lang_Disable_VLV_controls}</label>
</td>
</tr>
<tr class="row_on">
@ -434,7 +437,7 @@
<input name="newsettings[ads_group_context]" value="{value_ads_group_context}" size="80" />
<input type="hidden" value="" name="newsettings[ads_group_extra_types]"/>
<label><input type="checkbox" value="distributionlists" {checked_ads_group_extra_types_distributionlists} name="newsettings[ads_group_extra_types]"/>
{lang_distribution-lists too}</label>
{lang_distribution-lists_too}</label>
</td>
</tr>
<tr class="row_on">