Dear Arthur, Sorry I forgot this question (which is actually covered by the question of feasibility): Will ownCloud use LDAP or database for authentication when the user exists in both?
Thanks! 2016-03-11 16:14 GMT+08:00 Morris Jobke <[email protected]>: > > Hi Arthur, > > Thanks a lot for the reply. > > > > > > On Tue, 1 Mar 2016 03:06:49 -0700 (MST) > > user3254 <[email protected]> wrote: > > > > Hey Lucy, > > > > > Hi Arthur, > > > > > > I'm going to write and possibly contribute an app which can write to > > > LDAP and any modifications to user data in the MySQL database should > > > also be done in LDAP. > > > > > > Could you please eloborate the interfaces you mentioned? Which > > > methods need to be hooked in? > > > > Please keep the old mail quoted, so the context is not missing. If I > > would not have it in my maildir it would have been tough to find this > > again ;) > > > > Back then I was writing > > > > >> However, I am open for needed interfaces or so in here if you > > >> follow the approach with an another app. > > > > That said, there is currently nothing that would let you interact with > > the LDAP backend. > > > > What we would need to do is to provide an public API in ownCloud core. > > Probably the basic methods would be user centered > > > > * translate an ownCloud username to the LDAP DN: This allows you to > > work with a user record. > > > > * return the LDAP connection for the specified user (since more than > > one LDAP server can be configured): This allows you to talk to the > > LDAP server and you do not need to worry about establishing > > connections and stuff > > > > Or is there anything else needed by you? > > > Wow, hm, I initially didn't think that a change in the ownCloud core is > needed. Actually in our project, only user name and password must be > stored in LDAP, storing additional attributes would have been a bonus. And > as our schedule doesn't really allow us to wait for an ownCloud 9.1 > release, I'm now thinking whether I could just write an app that is cloned > over from user_ldap using the same configs, connections etc. and hooks in > to the following methods of \OC\User: > > preSetPassword: save the password to LDAP. If any error in LDAP occurs, > throw an exception and display a helpful message in ownCloud webUI. > > preCreateUser: create a user in LDAP with the specified password. If any > error in LDAP occurs, throw an exception and display a helpful message in > ownCloud webUI. > > preDelete:delete the corresponding user in LDAP. If any error in LDAP > occurs, throw an exception and display a helpful message in ownCloud > webUI. > > > Important questions would arise: Firstly, is it feasible? Secondly, how do > you pass such a helpful message or error code to ownCloud webUI, for > example in case of a LDAP password policy violation? And how to do that in > the best way so that the app is not project specific, but can be used > generically? > > > > > Those methods need to be specified in an interface within a new folder > > lib/public/ldap/ > > > > There needs to be a default dummy implementation in core (lib/private/…) > > that would just throw exceptions, and an real implementation in > > apps/user_ldap/. Upon install/update it should override the default > > implementation and set it back when disabling. > > > > Uhm, exceptions not debug messages? But then, I'm not familiar with the > core yet :D > > > > The server (lib/private/server.php) would just receive a need method > > and provide an instance of that implementation. > > > > This is less complicated than may sound :) > > > > When this is done, your future app would just retrieve the instance via > > \OC::$server->getLDAPProvider() (maybe find a better name), which > > allows you to receive the DN of the user and the LDAP connection > > resource, allowing you to use all the PHP ldap_* methods to interact > > with the server. > > > > What do you think? > > Well, it definitely sounds good. However if my proposal above is feasible, > we would stick to that for time reasons. > > > > > Cheers > > Arthur > > > > > > > > > > > Your opinion is highly appreciated :) > > > Best regards, > Lucy > > > > > -- View this message in context: http://owncloud.10557.n7.nabble.com/Editing-LDAP-profile-data-tp15999p16872.html Sent from the Developers mailing list archive at Nabble.com. _______________________________________________ Devel mailing list [email protected] http://mailman.owncloud.org/mailman/listinfo/devel
