Thanks I could be a well know user if I follow up! ;-)
Now, I can have relation between users and group :-). My ownCloud profile is as
this:
The user OC configuration:
User Login Filter: uid=%uid
User List Filter: (&(objectClass=qmailuser)(accountStatus=active))
User Display Name Field: mail (<< last good modification)
And this "User List Filter" with this specific rule:
(&(objectClass=qmailuser)(accountStatus=active))
The group OC configuration is absolutely nominal:
Group Filter: objectClass=posixGroup
Group Display Name Field: cn
Group-Member association: memberUid
The LDAP which is used is on nis.schema (uidMember, gidMember, …)
I have modify our "ou=Group" LDAP table as this:
dn: cn=<Group_Name>, ou=Group, dc=MyLDAP,dc=Domain gidNumber:
description: <Group_Name>
objectClass: posixGroup
objectClass: top
memberUid: eMail@Domain (<< last good modification)
....................
cn: <Group_Name>
The email field on "memberUid" correpond with the one stored in ownCloud MySQL
LDAP users table (oc_ldap_user_mapping).
So, now, we have an automatic relation between users and group :-)
BUT, my problem is not closed!
As I stil have a generate UUID as "owncloud_name" in "oc_ldap_user_mapping"
MySQL table, the owncloud user's home directory is named with this UUID and not
the email address as it was with OC 4.5.7!
So, if I "update" our owncloud 4.5.7 service, all ours user will lost their
files because they are not in the good owncloud "data" folder...
Even all LDAP users are now listed on "oc_ldap_user_mapping" MySQL LDAP users
table, I can't display all of them in the administrative windows of ownCloud
interface. As is, I can't modify their properties!
The display is stil limited to 30 entries and I have this message in
"owncloud.log" file:
{"app":"user_ldap","message":"Paged search failed
:(","level":1,"time":1364133108}
{"app":"user_ldap","message":"No paged search for us, Cpt., Limit 10 Offset
12","level":1,"time":1364133108}
If you have a solution?
Cheers
PS:
In our owncloud 4.5.7 service, which is now in production, the LDAP users <->
Group relation work perfectly and, with the same owncloud LDAP profile, the
"mail" LDAP field is really used by ownCloud as "owncloud_name". So the "data"
users folder is named by their "mail" address.
Le 24 mars 2013 à 11:37, Tornóci László <[email protected]>
a écrit :
> Hi Pierre,
>
> I don't know what causes your problems, but I've followed the development of
> OC5 from the point of view of LDAP settings (as a tester), and I think it is
> pretty solid. I happen to have some wierdness in the admin user page too, but
> it mostly seems ok.
>
> So I encourage you to double check your LDAP setup again, (have you used the
> TEST button, have you SAVED your new settings etc.). The new LDAP features
> introduced in OC5 actually are quite neat, and work for me as documented. If
> you can't make it work, report it on github (owncloud/core area).
> Yours: Laszlo
>
> On 03/23/2013 11:02 PM, Pierre Malard wrote:
>> Hi,
>>
>> Since OC5, we have a lot of problems with ours LDAP users.
>>
>> Our LDAP db is standard RFC. It is only used to log ours mail's users. We
>> have just add a qmail schema to manage mail connexion.
>>
>> Folowing our discution, I have had some "Group" entries to have the
>> "memberUid" relation between users and group.
>>
>> About user's LDAP DB:
>> =====================
>> The user OC configuration is absolutely nominal:
>> User Login Filter: uid=%uid
>> User List Filter: (&(objectClass=qmailuser)(accountStatus=active))
>> User Display Name Field: cn
>> I have just modify the "User List Filter" with this rule:
>> (&(objectClass=qmailuser)(accountStatus=active))
>> to select only active users
>>
>> 1-Our LDAP users can't be stored with their real "name". The system seem to
>> lok for an UUID fields in LDAP db which not exist, create one and store it
>> as "owncloud_name" inside "oc_ldap_user_mapping" MySQL DB.
>>
>> 2-In administration LDAP OC window advanced tab/Directory Settings, their is
>> a field named "User Display Name Fiels" which must be "The LDAP attribute to
>> use to generate the user's ownCloud name" by default on "cn" LDAP user's
>> LDAP field. But in the MySQL "oc_ldap_user_mapping", it's just in "ldap_dn",
>> not in the "owncloud_name" field.
>>
>> 3- We can't display more than 30 users in the administrative windows of OC.
>> In the "owncloud.log" file, in "info" mode, we have:
>> {"app":"user_ldap","message":"initializing paged search for Filter(&(&
>> (objectClass=qmailuser)(accountStatus=active))(cn=*)) base Array\n(\n
>> [0] =>
>> dc=MyLDAP,dc=Domain\n)\n attr Array\n(\n [0] => cn\n [1] =>
>> dn\n)\n limit 30 offset 0","level":1,"time":1364073199}
>>
>> And if I go to the bottom of window to display more users:
>> {"app":"user_ldap","message":"initializing paged search for Filter(&
>> (&(objectClass=qmailuser)(accountStatus=active))(cn=*)) base Array\n(\n
>> [0]
>> => dc=MyLDAP,dc=Domain\n)\n attr Array\n(\n [0] => cn\n [1] =>
>> dn\n)\n limit 10 offset 32","level":1,"time":1364073337}
>> {"app":"user_ldap","message":"Looking for cookie L\/O
>> 10\/22","level":1,"time":1364073337}
>> {"app":"user_ldap","message":"initializing paged search for Filter(&
>> (&(objectClass=qmailuser)(accountStatus=active))(cn=*)) base Array\n(\n
>> [0]
>> => dc=MyLDAP,dc=Domain\n)\n attr Array\n(\n [0] => cn\n [1] =>
>> dn\n)\n limit 10 offset 22","level":1,"time":1364073337}
>> {"app":"user_ldap","message":"Looking for cookie L\/O
>> 10\/12","level":1,"time":1364073337}
>> {"app":"user_ldap","message":"initializing paged search for Filter(&
>> (&(objectClass=qmailuser)(accountStatus=active))(cn=*)) base Array\n(\n
>> [0]
>> => dc=MyLDAP,dc=Domain\n)\n attr Array\n(\n [0] => cn\n [1] =>
>> dn\n)\n limit 10 offset 12","level":1,"time":1364073337}
>> {"app":"user_ldap","message":"Looking for cookie L\/O
>> 10\/2","level":1,"time":1364073337}
>> {"app":"user_ldap","message":"initializing paged search for Filter(&
>> (&(objectClass=qmailuser)(accountStatus=active))(cn=*)) base Array\n(\n
>> [0]
>> => dc=MyLDAP,dc=Domain\n)\n attr Array\n(\n [0] => cn\n [1] =>
>> dn\n)\n limit 10 offset 2","level":1,"time":1364073337}
>> {"app":"user_ldap","message":"Looking for cookie L\/O
>> 10\/0","level":1,"time":1364073337}
>> {"app":"user_ldap","message":"initializing paged search for Filter(&
>> (&(objectClass=qmailuser)(accountStatus=active))(cn=*)) base Array\n(\n
>> [0]
>> => dc=MyLDAP,dc=Domain\n)\n attr Array\n(\n [0] => cn\n [1] =>
>> dn\n)\n limit 10 offset 0","level":1,"time":1364073337}
>>
>> And... no way to have more than these 30 users... and only these 30 users
>> are listed in the "oc_ldap_user_mapping" MySQL table. We can log an other
>> LDAP user but he is not stored in the MySQL table...
>>
>> About Group LDAP DB and Group-Member association:
>> =================================================
>> The group OC configuration is absolutely nominal:
>> Group Filter: objectClass=posixGroup
>> Group Display Name Field: cn
>> Group-Member association: memberUid
>> The LDAP which is used is on nis.schema (uidMember, gidMember, …)
>>
>> 1- Why the "ownCloud's name" is allway "cn".
>> I have try to modify it on "Group Display Name Field" without any success!
>>
>> 2- Their is no association Group-Member.
>> All of our members have now a "uidNumber" and a "gidNumber" on our
>> "ou=mails" LDAP table. On "ou=Group" LDAP table, each group entry have the
>> list of its members like that:
>> dn: cn=<Group_Name>, ou=Group, dc=MyLDAP,dc=Domain gidNumber:
>> description: <Group_Name>
>> objectClass: posixGroup
>> objectClass: top
>> memberUid: cn=<eMail@Domain>,ou=mails,dc=MyLDAP,dc=Domain
>> ....................
>> cn: <Group_Name>
>>
>> The "cn=<eMail@Domain>,ou=mails,dc=MyLDAP,dc=Domain" is the real LDAP entry
>> of the users, "<eMail@Domain>" is the login's user.
>>
>> So why their is no assiciation? None of our users are listed on a group. If
>> I see the MySQL tables, the "oc_ldap_group_mapping" contain all of the
>> groups but the "oc_ldap_group_members" is ... empty!
>>
>> If I understand how work this table, the association is between "ownCloud
>> group name" and "ownCloud user name" with the LDAP user name. If it's exact,
>> it can't work because "ownCloud user name" is alway a auto-generate UUID
>> which have no correspondance in LDAP table.
>>
>> If I want to force the association with admin OC. I have no message in
>> owncloud logs but I haven't no record in MySQL table.
>>
>>
>> Conclusion
>> ==========
>> Before OC 5.0, with the same LDAP configuration, the "owncloud_name" of
>> "oc_ldap_user_mapping" were the equal to the "ldap_dn" which is our "cn"
>> LDAP name. Now it's not the case even I say to owncloud to take "cn" LDAP
>> field as "owncloud_name" on OC admin window...
>>
>> Is anyone have a solution?
>>
>> We can't offer this product to our collegues since it doesn't work.
>> "Dommage" ! It was really near production with 4.5.7 version. We have just
>> the association Group/users, but every things work propely. I thaught with
>> add posix shema with Group information in our LDAP DB will arrange things,
>> but it's not the case. So I'm really disapointed...
----
Pierre Malard
« Si, comme le disait le général de Gaule, la France n'avait pas été la
France... on peut logiquement penser que tous les français auraient été
des étrangers » ;-)
Pierre Dac
|\ _,,,---,,_
/,`.-'`' -. ;-;;,_
|,4- ) )-,_. ,\ ( `'-'
'---''(_/--' `-'\_)
perl -e '$_=q#: 3|\ 5-,3-3,2-: 3/,`.'"'"'`'"'"' 5-. ;-;;,-: |,A- ) )-,_. ,\
( `'"'"'-'"'"': '"'"'-3'"'"'2(-/--'"'"' `-'"'"'\-):
22PLM::#;y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print'
- --> Ce message n’engage que son auteur <--
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
