nextcloud · come-nc · Apr 1, 2026 · Apr 1, 2026
diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php
@@ -1,10 +1,12 @@
 <?php
 
 declare(strict_types=1);
+
 /**
  * SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
+
 namespace OCA\LdapWriteSupport\AppInfo;
 
 use OCA\LdapWriteSupport\Listener\GroupBackendRegisteredListener;

diff --git a/lib/Command/GroupAdminsToLdap.php b/lib/Command/GroupAdminsToLdap.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors
  * SPDX-FileCopyrightText: 2019 Cooperativa EITA <eita.org.br>
@@ -22,37 +24,23 @@ class GroupAdminsToLdap extends Command {
 	/**
 	 * This adds/removes group subadmins as ldap group owners
 	 */
-	private $simulate = false;
-	private $verbose = false;
-
-	/** @var SubAdmin */
-	private $subAdmin;
-	/** @var IConfig */
-	private $ocConfig;
-	/** @var Helper */
-	private $helper;
-	/** @var Group_Proxy */
-	private $groupProxy;
+	private bool $simulate = false;
+	private bool $verbose = false;
 
 	/**
 	 * GroupAdminsToLdap constructor.
 	 */
 	public function __construct(
-		SubAdmin $subAdmin,
-		IConfig $ocConfig,
-		Helper $helper,
-		Group_Proxy $groupProxy,
+		private SubAdmin $subAdmin,
+		private IConfig $ocConfig,
+		private Helper $helper,
+		private Group_Proxy $groupProxy,
 	) {
 		parent::__construct();
-
-		$this->subAdmin = $subAdmin;
-		$this->ocConfig = $ocConfig;
-		$this->helper = $helper;
-		$this->groupProxy = $groupProxy;
 	}
 
 	#[\Override]
-	protected function configure() {
+	protected function configure(): void {
 		$this
 			->setName('ldap-ext:sync-group-admins')
 			->setDescription('syncs group admin informations to ldap')
@@ -147,6 +135,9 @@ function diff_user_arrays($array1, $array2) {
 
 			foreach ($onlyInNC as $gid => $users) {
 				$groupDN = $access->getGroupMapper()->getDNByName($gid);
+				if ($groupDN === false) {
+					throw new Exception('Failed to find group '.$gid);
+				}
 				foreach ($users as $uid) {
 					$userDN = $access->getUserMapper()->getDNByName($uid);
 					$entry = [
@@ -163,6 +154,9 @@ function diff_user_arrays($array1, $array2) {
 
 			foreach ($onlyInLDAP as $gid => $users) {
 				$groupDN = $access->getGroupMapper()->getDNByName($gid);
+				if ($groupDN === false) {
+					throw new Exception('Failed to find group '.$gid);
+				}
 				foreach ($users as $uid) {
 					$userDN = $access->getUserMapper()->getDNByName($uid);
 					$entry = [

diff --git a/lib/LDAPConnect.php b/lib/LDAPConnect.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
  * SPDX-FileCopyrightText: 2017 Cooperativa EITA <eita.org.br>
@@ -16,26 +18,23 @@
 use Psr\Log\LoggerInterface;
 
 class LDAPConnect {
-	/** @var Configuration */
-	private $ldapConfig;
-	/** @var bool|null */
-	private $passwdSupport;
+	private Configuration $ldapConfig;
+	private ?bool $passwdSupport;
 
 	public function __construct(
 		Helper $ldapBackendHelper,
 		private LoggerInterface $logger,
 	) {
 		$this->passwdSupport = null;
 		$ldapConfigPrefixes = $ldapBackendHelper->getServerConfigurationPrefixes(true);
-		$prefix = array_shift($ldapConfigPrefixes);
+		$prefix = array_shift($ldapConfigPrefixes) ?? '';
 		$this->ldapConfig = new Configuration($prefix);
 	}
 
 	/**
-	 * @return resource|Connection
 	 * @throws ServerNotAvailableException
 	 */
-	public function connect() {
+	public function connect(): Connection {
 		$ldapHost = $this->ldapConfig->ldapHost;
 		$ldapPort = $this->ldapConfig->ldapPort;
 
@@ -51,7 +50,7 @@ public function connect() {
 
 		// Connecting to LDAP - TODO: connect directly via LDAP plugin
 		$cr = ldap_connect($ldapHost);
-		if (!is_resource($cr) && !is_object($cr)) {
+		if (!is_object($cr)) {
 			$this->logger->error('Unable to connect to LDAP host {ldapHost}:{ldapPort}',
 				[
 					'app' => Application::APP_ID,
@@ -72,10 +71,9 @@ public function connect() {
 	}
 
 	/**
-	 * @return false|resource|Connection
 	 * @throws ServerNotAvailableException
 	 */
-	public function bind() {
+	public function bind(): Connection|false {
 		$ds = $this->connect();
 		$dn = $this->ldapConfig->ldapAgentName;
 		$secret = $this->ldapConfig->ldapAgentPassword;
@@ -95,10 +93,9 @@ public function bind() {
 	}
 
 	/**
-	 * @return false|resource|Connection
 	 * @throws ServerNotAvailableException
 	 */
-	public function getLDAPConnection() {
+	public function getLDAPConnection(): Connection|false {
 		return $this->bind();
 	}
 
@@ -142,11 +139,12 @@ public function hasPasswordPolicy(): bool {
 	 * checks whether the LDAP server supports the passwd exop
 	 *
 	 * @param Connection $connection LDAP connection to check
-	 * @return boolean either the user can or cannot
+	 * @return bool either the user can or cannot
 	 */
-	public function hasPasswdExopSupport($connection): bool {
+	public function hasPasswdExopSupport(Connection $connection): bool {
 		// TODO: We should cache this by ldap prefix, but currently we have no access to it.
 		if (is_null($this->passwdSupport)) {
+			/** @var \LDAP\Result|false */
 			$ret = ldap_read($connection, '', '(objectclass=*)', ['supportedExtension']);
 			if ($ret === false) {
 				$this->passwdSupport = false;

diff --git a/lib/LDAPGroupManager.php b/lib/LDAPGroupManager.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * SPDX-FileCopyrightText: 2019-2024 Nextcloud GmbH and Nextcloud contributors
  * SPDX-FileCopyrightText: 2017-2019 Cooperativa EITA <eita.org.br>
@@ -77,7 +79,7 @@
 		$connection = $this->ldapProvider->getGroupLDAPConnection($gid);
 		$groupDN = $this->ldapProvider->getGroupDN($gid);

 		if (!$ret = ldap_delete($connection, $groupDN)) {
 			$this->logger->error('Unable to delete LDAP Group: ' . $gid);
 		} else {
 			$this->logger->notice('Delete LDAP Group: ' . $gid);
@@ -116,7 +118,7 @@
 				break;
 		}

 		if (!$ret = ldap_mod_add($connection, $groupDN, $entry)) {
 			$this->logger->error('Unable to add user ' . $uid . ' to group ' . $gid);
 		} else {
 			$this->logger->notice('Add user: ' . $uid . ' to group: ' . $gid);
@@ -155,7 +157,7 @@
 				break;
 		}

 		if (!$ret = ldap_mod_del($connection, $groupDN, $entry)) {
 			$this->logger->error('Unable to remove user: ' . $uid . ' from group: ' . $gid);
 		} else {
 			$this->logger->notice('Remove user: ' . $uid . ' from group: ' . $gid);

diff --git a/lib/LDAPUserManager.php b/lib/LDAPUserManager.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 /**
  * SPDX-FileCopyrightText: 2019-2024 Nextcloud GmbH and Nextcloud contributors
  * SPDX-FileCopyrightText: 2017-2019 Cooperativa EITA <eita.org.br>
@@ -48,7 +50,7 @@
 	 * @return int bitwise-or'ed actions
 	 */
 	#[\Override]
-	public function respondToActions() {
+	public function respondToActions(): int {
 		$setPassword = $this->canSetPassword() && !$this->ldapConnect->hasPasswordPolicy()
 			? Backend::SET_PASSWORD
 			: 0;
@@ -63,12 +65,11 @@
 	 *
 	 * @param string $uid user ID of the user
 	 * @param string $displayName new user's display name
-	 * @return string
 	 * @throws HintException
 	 * @throws ServerNotAvailableException
 	 */
 	#[\Override]
-	public function setDisplayName($uid, $displayName) {
+	public function setDisplayName($uid, $displayName): string {
 		$userDN = $this->getUserDN($uid);
 
 		$connection = $this->ldapProvider->getLDAPConnection($uid);
@@ -84,7 +85,7 @@
 			);
 		}
 
-		if (!is_resource($connection) && !is_object($connection)) {
+		if (!is_object($connection)) {
 			$this->logger->debug('LDAP resource not available', ['app' => 'ldap_write_support']);
 			throw new ServerNotAvailableException('LDAP server is not available');
 		}
@@ -106,10 +107,9 @@
 	 * checks whether the user is allowed to change his avatar in Nextcloud
 	 *
 	 * @param string $uid the Nextcloud user name
-	 * @return bool either the user can or cannot
 	 */
 	#[\Override]
-	public function canChangeAvatar($uid) {
+	public function canChangeAvatar($uid): bool {
 		return $this->configuration->hasAvatarPermission();
 	}
 
@@ -131,7 +131,7 @@
 			$data = $avatar->data();

 			$connection = $this->ldapProvider->getLDAPConnection($user->getUID());
 			ldap_mod_replace($connection, $userDN, ['jpegphoto' => $data]);
 		}
 	}

@@ -150,7 +150,7 @@

 		$emailField = $this->ldapProvider->getLDAPEmailField($user->getUID());
 		$connection = $this->ldapProvider->getLDAPConnection($user->getUID());
 		ldap_mod_replace($connection, $userDN, [$emailField => $newEmail]);
 	}

 	/**
@@ -158,11 +158,10 @@
 	 *
 	 * @param string $uid The username of the user to create
 	 * @param string $password The password of the new user
-	 * @return bool|string the created user of false
 	 * @throws Exception
 	 */
 	#[\Override]
-	public function createUser($uid, $password) {
+	public function createUser($uid, $password): string|false {
 		$adminUser = $this->userSession->getUser();
 		$requireActorFromLDAP = $this->configuration->isLdapActorRequired();
 		if ($requireActorFromLDAP && !$adminUser instanceof IUser) {
@@ -199,7 +198,7 @@
 		$newUserDN = $this->ldapProvider->sanitizeDN([$newUserDN])[0];
 		$this->ensureAttribute($newUserEntry, $displayNameAttribute, $uid);

 		$ret = ldap_add($connection, $newUserDN, $newUserEntry);

 		$message = 'Create LDAP user \'{username}\' ({dn})';
 		$logMethod = 'info';
@@ -214,11 +213,11 @@
 		]);

 		if (!$ret && $this->configuration->isPreventFallback()) {
 			throw new \Exception('Cannot create user: ' . ldap_error($connection), ldap_errno($connection));
 		}

 		if ($this->respondToActions() & Backend::SET_PASSWORD) {
 			$this->handleSetPassword($newUserDN, $password, $connection);
 		}
 		return $ret ? $newUserDN : false;
 	}
@@ -230,7 +229,7 @@
 		}
 	}
 
-	public function buildNewEntry($username, $password, $base): array {
+	private function buildNewEntry(string $username, string $password, string $base): array {
 		// Make sure the parameters don't fool the following algorithm
 		if (str_contains($username, PHP_EOL)) {
 			throw new Exception('Username contains a new line');
@@ -253,7 +252,7 @@
 		foreach ($lines as $line) {
 			$split = explode(':', $line, 2);
 			$key = trim($split[0]);
-			$value = trim($split[1]);
+			$value = trim($split[1] ?? '');
 			if (!isset($entry[$key])) {
 				$entry[$key] = $value;
 			} elseif (is_array($entry[$key])) {
@@ -268,15 +267,11 @@
 		return [$dn, $entry];
 	}
 
-	/**
-	 * @param $uid
-	 * @return bool
-	 */
 	public function deleteUser($uid): bool {
 		$connection = $this->ldapProvider->getLDAPConnection($uid);
 		$userDN = $this->getUserDN($uid);
 		$user = $this->userManager->get($uid);
 		if ($res = ldap_delete($connection, $userDN)) {
 			$message = 'Delete LDAP user (isDeleted): ' . $uid;
 			$this->logger->notice($message, ['app' => Application::APP_ID]);
 			if (
@@ -318,12 +313,11 @@
 	 *
 	 * @param string $uid The username
 	 * @param string $password The new password
-	 * @return bool
 	 *
 	 * Change the password of a user
 	 */
 	#[\Override]
-	public function setPassword($uid, $password) {
+	public function setPassword($uid, $password): bool {
 		$connection = $this->ldapProvider->getLDAPConnection($uid);
 		$userDN = $this->getUserDN($uid);
 
@@ -334,10 +328,9 @@
 	 * get the user's home directory
 	 *
 	 * @param string $uid the username
-	 * @return bool
 	 */
 	#[\Override]
-	public function getHome($uid) {
+	public function getHome($uid): bool {
 		// Not implemented
 		return false;
 	}
@@ -346,21 +339,18 @@
 	 * get display name of the user
 	 *
 	 * @param string $uid user ID of the user
-	 * @return string display name
 	 */
 	#[\Override]
-	public function getDisplayName($uid) {
+	public function getDisplayName($uid): string {
 		// Not implemented
 		return $uid;
 	}
 
 	/**
 	 * Count the number of users
-	 *
-	 * @return int|bool
 	 */
 	#[\Override]
-	public function countUsers() {
+	public function countUsers(): false {
 		// Not implemented
 		return false;
 	}
@@ -398,7 +388,7 @@
 		}
 	}
 
-	private function getUserDN($uid): string {
+	private function getUserDN(string $uid): string {
 		return $this->ldapProvider->getUserDN($uid);
 	}
 

diff --git a/lib/Listener/GroupBackendRegisteredListener.php b/lib/Listener/GroupBackendRegisteredListener.php
@@ -1,6 +1,7 @@
 <?php
 
 declare(strict_types=1);
+
 /**
  * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors
  * SPDX-License-Identifier: AGPL-3.0-or-later
@@ -18,14 +19,10 @@
  * @template-implements IEventListener<GroupBackendRegistered>
  */
 class GroupBackendRegisteredListener implements IEventListener {
-	/** @var IAppManager */
-	private $appManager;
-
 	public function __construct(
-		IAppManager $appManager,
+		private IAppManager $appManager,
 		private LDAPGroupManager $ldapGroupManager,
 	) {
-		$this->appManager = $appManager;
 	}
 
 	/**

diff --git a/lib/Listener/UserBackendRegisteredListener.php b/lib/Listener/UserBackendRegisteredListener.php
@@ -1,6 +1,7 @@
 <?php
 
 declare(strict_types=1);
+
 /**
  * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors
  * SPDX-License-Identifier: AGPL-3.0-or-later
@@ -18,14 +19,10 @@
  * @template-implements IEventListener<UserBackendRegistered>
  */
 class UserBackendRegisteredListener implements IEventListener {
-	/** @var IAppManager */
-	private $appManager;
-
 	public function __construct(
-		IAppManager $appManager,
+		private IAppManager $appManager,
 		private LDAPUserManager $ldapUserManager,
 	) {
-		$this->appManager = $appManager;
 	}
 
 	/**