From 15a922937cb3c9810234f650682f61a4a7dc9298 Mon Sep 17 00:00:00 2001
From: Paul Mehrer <p.mehrer@metaways.de>
Date: Wed, 18 Dec 2024 16:18:40 +0100
Subject: [PATCH] tweak(TB AD) user sync group pwd cant change sddl fixed

---
 tine20/Tinebase/User/ActiveDirectory.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tine20/Tinebase/User/ActiveDirectory.php b/tine20/Tinebase/User/ActiveDirectory.php
index fa2647a5f0..1ee382f38f 100644
--- a/tine20/Tinebase/User/ActiveDirectory.php
+++ b/tine20/Tinebase/User/ActiveDirectory.php
@@ -173,6 +173,8 @@ public function addUserToSyncBackend(Tinebase_Model_FullUser $_user)
         $user = $this->getUserByPropertyFromSyncBackend('accountId', $_user, 'Tinebase_Model_FullUser');
 
         if (Tinebase_Config::getInstance()->{Tinebase_Config::USERBACKEND}->{Tinebase_Config::SYNCOPTIONS}->{Tinebase_Config::PWD_CANT_CHANGE}) {
+            $user->accountId = $_user->accountId;
+            $user->xprops()[static::class]['syncId'] = $_user->xprops()[static::class]['syncId'];
             $this->updateUserInSyncBackend($user);
             $user = $this->getUserByPropertyFromSyncBackend('accountId', $_user, 'Tinebase_Model_FullUser');
         }
@@ -571,6 +573,8 @@ protected function _user2ldap(Tinebase_Model_FullUser $_user, array $_ldapEntry
         );
         if (Tinebase_Config::getInstance()->{Tinebase_Config::USERBACKEND}->{Tinebase_Config::SYNCOPTIONS}->{Tinebase_Config::PWD_CANT_CHANGE}
                 && ($_ldapEntry['ntsecuritydescriptor'][0] ?? false)) {
+            if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG))
+                Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' start parsing sddl');
             try {
                 $sddl = SDDL::fromBytes($_ldapEntry['ntsecuritydescriptor'][0]);
                 $foundSelf = false;
@@ -629,6 +633,8 @@ protected function _user2ldap(Tinebase_Model_FullUser $_user, array $_ldapEntry
                 }
 
                 $ldapData['ntsecuritydescriptor'] = $sddl->toBytes();
+                if ($_ldapEntry['ntsecuritydescriptor'][0] !== $ldapData['ntsecuritydescriptor'] && Tinebase_Core::isLogLevel(Zend_Log::DEBUG))
+                        Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' changing ntsecuritydescriptor');
             } catch (\Tine\SDDL_Parser\ParserException $e) {
                 Tinebase_Exception::log($e);
             }