ldap entries without display name are not synced by 'occ user:sync'

[individual-it]

1. create a user in LDAP with the displayname attribute
2. create a user in LDAP without the displayname attribute
3. run ./occ user:sync -m remove "OCA\User_LDAP\User_Proxy"
4. check the users page

Only the user with the displayname got synced. The user without a display name is not synced, but can still be used to login. After login the displayname will be synced correctly

[individual-it]

The LDAP search filter in https://github.com/owncloud/user_ldap/blob/master/lib/User/Manager.php#L552 is (&(objectclass=*)(displayName=*)(displayName=*)) what about changing it to (&(objectclass=*)(|(displayName=*)(!(displayName=*)))) or take the displayName out there at all?

[butonic]

yeah, so you found the reason for https://github.com/owncloud/user_ldap/blob/c7445610a8cd4e9115ddc234318fc153967d5694/lib/User/Manager.php#L448

=* is called a presence filter. This filters the users that do not have a displayname set. No Idea why we do that. We actually have a fallback mechanism that will use the username if displayname is empty. In user_ldap: https://github.com/owncloud/user_ldap/blob/c7445610a8cd4e9115ddc234318fc153967d5694/lib/User/UserEntry.php#L163 as well as core ... somewhere.

I think we can safely remove that line ... and should replace it with the uuid match to make configuring the additional search attribute obsolete ...

[IljaN]

Just had the same issue. Not an expert but could we fallback to CN or saMAccountName or similar?