[Bug]: Deleted ldap account is not listed in disabled users with markRemnantsAsDisabled = 1

[kesselb]

Bug description

Deleted ldap account is not listed in disabled users with markRemnantsAsDisabled = 1

Steps to reproduce

1. Have an LDAP confguration
2. Modify the config per cli: occ ldap:set-config s01 markRemnantsAsDisabled 1
3. Delete a users on LDAP
4. Ensure the user is known as deleted: occ ldap:check-user $USERID
5. Open the user management and select "disabled users"

Expected behavior

The user should appear there ;)

Nextcloud Server version

28

Additional info

1. Weird implementation of the markRemnantsAsDisabled flag

server/apps/user_ldap/lib/User_Proxy.php

Lines 423 to 425 in f63ac94

	if ((int)$this->getAccess(array_key_first($this->backends) ?? '')->connection->markRemnantsAsDisabled !== 1) {
	return [];
	}

It's possible to have more than one ldap backend. The above code seems to check if the first ldap connection have the flag set. It should take all backends into account.

Likely resolved by #46992.

2. Wrong enable state for ldap remnants

stable28:

server/apps/provisioning_api/lib/Controller/AUserData.php

Line 127 in 6c9bb46

$data['enabled'] = $this->config->getUserValue($targetUserObject->getUID(), 'core', 'enabled', 'true') === 'true';

master:

server/apps/provisioning_api/lib/Controller/AUserDataOCSController.php

Line 90 in f63ac94

$data['enabled'] = $this->config->getUserValue($targetUserObject->getUID(), 'core', 'enabled', 'true') === 'true';

The controller reads the disable state from the oc_preferences table. That does not take the disabled state for ldap remnants into account.

Apparently the users are returned by the endpoint, but filtered out by the frontend because they have enabled = true. Using $data['enabled'] = $targetUserObject->isEnabled(); makes it work. However there are some menu options, like enable user, that needs to be hidden for ldap remnants.

[joshtrichards]

Related to #46992?

[kesselb]

Related to #46992?

Yep, thank you 👍