tweak(TB AD) user sync group pwd cant change sddl fixed

tine20/Tinebase/User/ActiveDirectory.php

@@ -173,6 +173,8 @@ public function addUserToSyncBackend(Tinebase_Model_FullUser $_user)
         $user = $this->getUserByPropertyFromSyncBackend('accountId', $_user, 'Tinebase_Model_FullUser');
 
         if (Tinebase_Config::getInstance()->{Tinebase_Config::USERBACKEND}->{Tinebase_Config::SYNCOPTIONS}->{Tinebase_Config::PWD_CANT_CHANGE}) {
+            $user->accountId = $_user->accountId;
+            $user->xprops()[static::class]['syncId'] = $_user->xprops()[static::class]['syncId'];
             $this->updateUserInSyncBackend($user);
             $user = $this->getUserByPropertyFromSyncBackend('accountId', $_user, 'Tinebase_Model_FullUser');
         }
@@ -571,6 +573,8 @@ protected function _user2ldap(Tinebase_Model_FullUser $_user, array $_ldapEntry
         );
         if (Tinebase_Config::getInstance()->{Tinebase_Config::USERBACKEND}->{Tinebase_Config::SYNCOPTIONS}->{Tinebase_Config::PWD_CANT_CHANGE}
                 && ($_ldapEntry['ntsecuritydescriptor'][0] ?? false)) {
+            if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG))
+                Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' start parsing sddl');
             try {
                 $sddl = SDDL::fromBytes($_ldapEntry['ntsecuritydescriptor'][0]);
                 $foundSelf = false;
@@ -629,6 +633,8 @@ protected function _user2ldap(Tinebase_Model_FullUser $_user, array $_ldapEntry
                 }
 
                 $ldapData['ntsecuritydescriptor'] = $sddl->toBytes();
+                if ($_ldapEntry['ntsecuritydescriptor'][0] !== $ldapData['ntsecuritydescriptor'] && Tinebase_Core::isLogLevel(Zend_Log::DEBUG))
+                        Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' changing ntsecuritydescriptor');
             } catch (\Tine\SDDL_Parser\ParserException $e) {
                 Tinebase_Exception::log($e);
             }