graph: Allow disabling user by adding to local group

* A new config option for disabling users with the options "none", "attribute" and "group". * When set to "none", there will be no enabledAttribute returned in user info and trying to change enabledAttribute will return an error * Disable/enable group name DN as config parameter * Adding/removing users to specified group on user update * Changing log level for service initialization failure to error * Adding helper methods to check if user is enabled/disabled + tests Fixes #5554
2026-04-26 01:35:25 +02:00 · 2023-02-21 09:08:01 +01:00
parent e3d9b810bd
commit ca746106d8
6 changed files with 867 additions and 48 deletions
--- a/services/graph/pkg/config/defaults/defaultconfig.go
+++ b/services/graph/pkg/config/defaults/defaultconfig.go
@@ -69,6 +69,8 @@ func DefaultConfig() *config.Config {
 				//        ideally this needs to	be constant for the lifetime of a users
 				UserIDAttribute:           "owncloudUUID",
 				UserEnabledAttribute:      "ownCloudUserEnabled",
+				DisableUserMechanism:      "attribute",
+				LdapDisabledUsersGroupDN:  "cn=DisabledUsersGroup,ou=groups,o=libregraph-idm",
 				GroupBaseDN:               "ou=groups,o=libregraph-idm",
 				GroupSearchScope:          "sub",
 				GroupFilter:               "",