Re: [Owncloud] How to partially predefine OC settings

[Vladimir Sapronov]

In version 5 it's if all parameters should be provided (including admin
login:password) and then "Finish setup" screen won't appear. Otherwise
nothing from autoconfig.php will be taken into account (your case since you
haven't provided admin login:password).


On Thu, Oct 31, 2013 at 9:50 PM, Alessio Fattorini <
alessio.fattor...@nethesis.it> wrote:

> Thank you, i'm working on 5 version. This is my fault ;-(
>
> Vladimir Sapronov  ha scritto:
>
>
> Hi Alessio,
>
> What version of ownCloud are you running? Partial configuration should
> work only in latest version 6.
>
> Could you please show me core/setup.php and
> core/templates/installation.php from your ownCloud installation.
>
> Where did you put autoconfig.php? It should be in config folder of your
> ownCloud installation.
> On Oct 31, 2013 1:39 PM, "Alessio Fattorini" <
> alessio.fattor...@nethesis.it> wrote:
>
>> Il 03/10/2013 19:28, Vladimir Sapronov ha scritto:
>>
>>> Hi,
>>>
>>> I made the change to setup I described before. Here's a pull request:
>>> https://github.com/owncloud/**core/pull/4982The
>>>  code was already reviewed
>>> and this pull request need to be tested. Can someone test it, please?
>>>
>>> Thanks,
>>> Vladimir Sapronov
>>>
>>
>> Hi Vladimir,
>> i see this:
>> https://github.com/owncloud/**documentation/pull/175
>>
>> but it doesn't works for me :-\
>>
>> I configure this autoconfig.php:
>> > $AUTOCONFIG = array(
>>   "dbtype"=> "mysql",
>>   "dbname"=> "owncloud",
>>   "dbuser"=> "own***",
>>   "dbpass"=> "own***",
>>   "dbhost"=> "localhost",
>>   "dbtableprefix" => "",
>>   "directory" => "/var/www/html/owncloud/data",
>>   "default_language" => "it",
>> );
>>
>> But the webui ask me db configuration too, i fill and user/pwd then i
>> click "Finish" (advanced is not hided)
>> But sqlite db is configured :-\ why?
>> Why autoconfig.php parameter are ignored?
>> Any hint?
>>
>> __**_
>> Owncloud mailing list
>> Owncloud@kde.org
>> https://mail.kde.org/mailman/**listinfo/owncloud
>>
>
> ___
> Owncloud mailing list
> Owncloud@kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
>
>


-- 

Vladimir Sapronov
___
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud

Re: [Owncloud] How to partially predefine OC settings

[Alessio Fattorini]

Thank you, i'm working on  5 version. This is my fault ;-(

Vladimir Sapronov  ha scritto:

>___
>Owncloud mailing list
>Owncloud@kde.org
>https://mail.kde.org/mailman/listinfo/owncloud
___
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud

Re: [Owncloud] How to partially predefine OC settings

[Vladimir Sapronov]

Hi Alessio,

What version of ownCloud are you running? Partial configuration should work
only in latest version 6.

Could you please show me core/setup.php and core/templates/installation.php
from your ownCloud installation.

Where did you put autoconfig.php? It should be in config folder of your
ownCloud installation.
On Oct 31, 2013 1:39 PM, "Alessio Fattorini" 
wrote:

> Il 03/10/2013 19:28, Vladimir Sapronov ha scritto:
>
>> Hi,
>>
>> I made the change to setup I described before. Here's a pull request:
>> https://github.com/owncloud/**core/pull/4982The
>>  code was already reviewed
>> and this pull request need to be tested. Can someone test it, please?
>>
>> Thanks,
>> Vladimir Sapronov
>>
>
> Hi Vladimir,
> i see this:
> https://github.com/owncloud/**documentation/pull/175
>
> but it doesn't works for me :-\
>
> I configure this autoconfig.php:
>  $AUTOCONFIG = array(
>   "dbtype"=> "mysql",
>   "dbname"=> "owncloud",
>   "dbuser"=> "own***",
>   "dbpass"=> "own***",
>   "dbhost"=> "localhost",
>   "dbtableprefix" => "",
>   "directory" => "/var/www/html/owncloud/data",
>   "default_language" => "it",
> );
>
> But the webui ask me db configuration too, i fill and user/pwd then i
> click "Finish" (advanced is not hided)
> But sqlite db is configured :-\ why?
> Why autoconfig.php parameter are ignored?
> Any hint?
>
> __**_
> Owncloud mailing list
> Owncloud@kde.org
> https://mail.kde.org/mailman/**listinfo/owncloud
>
___
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud

Re: [Owncloud] what's the best way to synchronize without X (without the gui client) on linux?

[Dr. Johannes Zellner]

Hi Daniel,

thanks // is owncloudcmd yet available somewhere at least as source for
compiling myself?

-- 
Johannes


2013/10/31 Daniel Molkentin 

>
> Am 31.10.2013 um 22:34 schrieb Dr. Johannes Zellner:
>
>
> what's the best way to synchronize on a box which doesn't run X (without
> the gui client) on linux?
>
>
> There is (was?) pyOwnCloud (https://github.com/csawyerYumaed/pyOwnCloud),
> a python frontend for csync.
>
> Starting with owncloud Client 1.5, there will be a tool called
> "owncloudcmd", which just like today's ocsync binary will only perform one
> sync and exit (to be run via cron for instance).
>
> I have no prior experience with pyOwnCloud (which claims to be used in
> production, but not many details), but owncloudcmd was developed mostly as
> a testing tool.
>
> HTH,
>   Daniel
>
>
> --
> www.owncloud.com - Your Data, Your Cloud, Your Way!
>
> ownCloud GmbH, GF: Markus Rex, Holger Dyroff
> Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)
>
>
> ___
> Owncloud mailing list
> Owncloud@kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
>
>
___
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud

Re: [Owncloud] what's the best way to synchronize without X (without the gui client) on linux?

[Daniel Molkentin]

Am 31.10.2013 um 22:34 schrieb Dr. Johannes Zellner:
> 
> what's the best way to synchronize on a box which doesn't run X (without the 
> gui client) on linux?
> 


There is (was?) pyOwnCloud (https://github.com/csawyerYumaed/pyOwnCloud), a 
python frontend for csync. 

Starting with owncloud Client 1.5, there will be a tool called "owncloudcmd", 
which just like today's ocsync binary will only perform one sync and exit (to 
be run via cron for instance).

I have no prior experience with pyOwnCloud (which claims to be used in 
production, but not many details), but owncloudcmd was developed mostly as a 
testing tool.

HTH,
  Daniel


--
www.owncloud.com - Your Data, Your Cloud, Your Way!

ownCloud GmbH, GF: Markus Rex, Holger Dyroff
Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)

___
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud

[Owncloud] what's the best way to synchronize without X (without the gui client) on linux?

[Dr. Johannes Zellner]

Hi,

what's the best way to synchronize on a box which doesn't run X (without
the gui client) on linux?

-- 
Johannes
___
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud

Re: [Owncloud] oc with ssl client certificate

[Dr. Johannes Zellner]

Hi,

thanks, but that's not what I thought of. Authorization via client
certificate DOES already work if used from a web browser.

What I'd like to have is the owncloud client (windows or linux gui) to use
a client certificate to authenticate to a server which allows connection
only by a client certificate.
This doesn't work yet unfortunately.

-- 
Dr. Johannes Zellner 


2013/10/31 Mario Klug 

> **
>
>
> Sorry, this was a mistake.
>
> You'd have to check if $_SERVER['SSL_CLIENT_VERIFY'] says "SUCCESS".  If
> no certificate is available it's also there but the value is "NONE".
>
> Regards
> Mario
>
> -Ursprüngliche Nachricht-
> *Von:* Mario Klug 
> *Gesendet:* Don 31 Oktober 2013 08:05
> *An:* owncloud@kde.org
> *Betreff:* AW: [Owncloud] oc with ssl client certificate
>
>
>  Hi Johannes,
> I haven't tried it by myself but theoratically when using a client
> certificate the apache webserver adds SSL_SERVER_I_DN_CN and
> SSL_SERVER_I_DN_Email to the $_SERVER array.
>
> This makes it very easy to add a check if a certificate is available in
> index.php.
>
> if(!isset($_SERVER['SSL_SERVER_I_DN_CN'])) {
>
> die('You must provide a valid client certificate!');
> }
>
> When anybody opens your owncloud without a certificate he will receive a
> blank page which tells "You must provide a valid client certificate".
> If the browser send this certificate the login should appear as usual.
>
> Hope this helps as workaround.
>
> Regards
> Mario
>
> -Ursprüngliche Nachricht-
> *Von:* Dr. Johannes Zellner 
> *Gesendet:* Mit 30 Oktober 2013 22:49
> *An:* owncloud@kde.org
> *Betreff:* Re: [Owncloud] oc with ssl client certificate
>
> Hi,
>
> thanks.
>
> *The interesting question from my (the client) perspective is: (how) did
> you make it work on the server?*
> *
> *
> It's as simple as having the client certificate to grant (and be required)
> to access the web server.
> Afterwards I've to log into owncloud as usual.
>
> So this is a two stage login process, which...
>
> 1. ...prevents anybody who doesn't have a valid client certificat to even
> see the login page
> 2. ...still allows to log into owncloud under different accounts, e.g. an
> admin and a user account (if you have the certificate)
>
> This is perfectly what I like and what works inside a web browser.
> In fact I wouldn't like the certificate to be linked to an owncloud
> account as it wouldn't allow me to log in under different accounts any more.
> I believe that this is a very common scenario that someone wishes to
> double-protect a private owncloud server.
>
> so it would be nice to have client authentication working with the
> owncloud clients.
>
> regards,
>
> --
> Johannes
>
>
> 2013/10/30 Daniel Molkentin 
>
>> Hi Johannes,
>>
>> Am 30.10.2013 um 17:03 schrieb Dr. Johannes Zellner:
>>
>> how do owncloud clients work when apache is configured with ssl client
>> certificate authentification?
>>
>>
>> Neither the desktop nor the mobile clients support certificate
>> authentication at this point, see below for details.
>>
>> does the windows client work with a client certificate?
>>
>>
>> The Desktop Client (which has the same codebase for all OSes), has
>> https://github.com/owncloud/mirall/issues/69 filed for that. It's not
>> yet scheduled for any release, but if you look at the bug report, someone
>> has volunteered to look into it, although it's been a few weeks since I
>> last heard of him.
>>
>> The interesting question from my (the client) perspective is: (how) did
>> you make it work on the server? IMHO client certificates are only
>> interesting if ownCloud automatically maps them to a user (as opposed to
>> just being in front of http basic auth as a second layer), and afaik there
>> is no user backend for the server that implements such functionality.
>>
>> does mounting via davfs2 on linux work with a client certificate?
>>
>>
>> Haven't tested that yet myself. The man page indicates that it does.
>>
>> Cheers,
>>   Daniel
>>
>>  --
>> www.owncloud.com - Your Data, Your Cloud, Your Way!
>>
>> ownCloud GmbH, GF: Markus Rex, Holger Dyroff
>> Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)
>>
>>
>> ___
>> Owncloud mailing list
>> Owncloud@kde.org
>> https://mail.kde.org/mailman/listinfo/owncloud
>>
>>
> ___
>
> Owncloud mailing list
> Owncloud@kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
>
>
> ___
> Owncloud mailing list
> Owncloud@kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
>
>
___
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud

Re: [Owncloud] How to partially predefine OC settings

[Alessio Fattorini]

Il 03/10/2013 19:28, Vladimir Sapronov ha scritto:

Hi,

I made the change to setup I described before. Here's a pull request:
https://github.com/owncloud/core/pull/4982 The code was already reviewed
and this pull request need to be tested. Can someone test it, please?

Thanks,
Vladimir Sapronov


Hi Vladimir,
i see this:
https://github.com/owncloud/documentation/pull/175

but it doesn't works for me :-\

I configure this autoconfig.php:
 "mysql",
  "dbname"=> "owncloud",
  "dbuser"=> "own***",
  "dbpass"=> "own***",
  "dbhost"=> "localhost",
  "dbtableprefix" => "",
  "directory" => "/var/www/html/owncloud/data",
  "default_language" => "it",
);

But the webui ask me db configuration too, i fill and user/pwd then i 
click "Finish" (advanced is not hided)

But sqlite db is configured :-\ why?
Why autoconfig.php parameter are ignored?
Any hint?

___
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud

Re: [Owncloud] Antwort: Re: two LDAP backends: duplicate user accounts

[Erwin Rennert]

On 10/31/2013 12:33 PM, Sven Ehret wrote:

thanks! You mean, you introduced a custom LDAP attribute and specified
it in the filter?


That's right!

Regards, E.



Best, Sven



Von: Erwin Rennert 
An: owncloud@kde.org
Datum: 31.10.2013 10:49
Betreff: Re: [Owncloud] two LDAP backends: duplicate user accounts
Gesendet von: owncloud-boun...@kde.org




We do not permit all our OpenLDAP-Users to access Owncloud; so we have a
user list filter "hihoAllowOwncloud=TRUE"

If you only have the occasional double user, disabling this manually
should do the trick.

Regards,
E.R.

On 10/31/2013 08:34 AM, Sven Ehret wrote:
 > Hello List!
 >
 > We are using Owncloud version 5.0.12 on Ubuntu 12.04.3 and maintain two
 > separate LDAP directories for a customer:
 > 1. MS Active Directory and
 > 2. OpenLDAP.
 > Both directories are configured in Owncloud. Hooray for being able to
 > configure multiple LDAP backends! As User Login and User List filter, I
 > setup group memberships in both cases:
 >
 > 1. MS Active Directory:
 >
 >   * User Login Filter:
 > (&(sAMAccountName=%uid)(objectClass=person)(memberOf= group>))
 >   * User List Filter: memberOf:1.2.840.113556.1.4.1941:=
 >
 > 2. OpenLDAP:
 >
 >   * User Login Filter: uid=%uid
 >   * User List Filter: objectClass=posixAccount
 >
 >
 > That way, users from both directories can log on to Owncloud, which is
 > fantastic.
 >
 > Now, it is not uncommon that some users are in /both/ directories. This
 > results in lack of clarity /which/ account is effective for OC logons.
 > Furthermore, when data shall be shared with one of these users, they do
 > appear /twice/ in the sharing list and it is not clear which user is the
 > active one.
 >
 > First I thought that this would be easy to fix: Just remove the user
 > from the Active Directory group that is special for Owncloud logons.
 > However, this is not effective as a removal of the account from this
 > group does not seem to change anything in Owncloud.
 >
 > Does anybody have an idea what could be done to clean this up? This
 > really is frustrating and a show stopper for some of those users. Thank
 > you for reading!
 >
 > Best, Sven.
 >
 >
 > ___
 > Owncloud mailing list
 > Owncloud@kde.org
 > https://mail.kde.org/mailman/listinfo/owncloud
 >
 >
 > !DSPAM:5272083b148721225111392!
 >


--
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Erwin Rennert, IT Services
Center for Social Innovation

A-1150 Wien, Linke Wienzeile 246
Austria, Europe

Phone: ++43-1-495 04 42 - 61
Facsimile: ++43-1-495 04 42 - 40
http://www.zsi.at/

___
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud

!DSPAM:5272404d148722147491501!


___
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud


!DSPAM:5272404d148722147491501!




--
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Erwin Rennert, IT Services
Center for Social Innovation

A-1150 Wien, Linke Wienzeile 246
Austria, Europe

Phone: ++43-1-495 04 42 - 61
Facsimile: ++43-1-495 04 42 - 40
http://www.zsi.at/

___
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud

[Owncloud] Antwort: Re: two LDAP backends: duplicate user accounts

[Sven Ehret]

thanks! You mean, you introduced a custom LDAP attribute and specified it 
in the filter?

Best, Sven



Von:Erwin Rennert 
An: owncloud@kde.org
Datum:  31.10.2013 10:49
Betreff:Re: [Owncloud] two LDAP backends: duplicate user accounts
Gesendet von:   owncloud-boun...@kde.org



We do not permit all our OpenLDAP-Users to access Owncloud; so we have a 
user list filter "hihoAllowOwncloud=TRUE"

If you only have the occasional double user, disabling this manually 
should do the trick.

Regards,
E.R.

On 10/31/2013 08:34 AM, Sven Ehret wrote:
> Hello List!
>
> We are using Owncloud version 5.0.12 on Ubuntu 12.04.3 and maintain two
> separate LDAP directories for a customer:
> 1. MS Active Directory and
> 2. OpenLDAP.
> Both directories are configured in Owncloud. Hooray for being able to
> configure multiple LDAP backends! As User Login and User List filter, I
> setup group memberships in both cases:
>
> 1. MS Active Directory:
>
>   * User Login Filter:
> (&(sAMAccountName=%uid)(objectClass=person)(memberOf= group>))
>   * User List Filter: memberOf:1.2.840.113556.1.4.1941:=
>
> 2. OpenLDAP:
>
>   * User Login Filter: uid=%uid
>   * User List Filter: objectClass=posixAccount
>
>
> That way, users from both directories can log on to Owncloud, which is
> fantastic.
>
> Now, it is not uncommon that some users are in /both/ directories. This
> results in lack of clarity /which/ account is effective for OC logons.
> Furthermore, when data shall be shared with one of these users, they do
> appear /twice/ in the sharing list and it is not clear which user is the
> active one.
>
> First I thought that this would be easy to fix: Just remove the user
> from the Active Directory group that is special for Owncloud logons.
> However, this is not effective as a removal of the account from this
> group does not seem to change anything in Owncloud.
>
> Does anybody have an idea what could be done to clean this up? This
> really is frustrating and a show stopper for some of those users. Thank
> you for reading!
>
> Best, Sven. !DSPAM:5272083b148721225111392!
>
>
> ___
> Owncloud mailing list
> Owncloud@kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
>
>
> !DSPAM:5272083b148721225111392!
>


-- 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Erwin Rennert, IT Services
Center for Social Innovation

A-1150 Wien, Linke Wienzeile 246
Austria, Europe

Phone: ++43-1-495 04 42 - 61
Facsimile: ++43-1-495 04 42 - 40
http://www.zsi.at/

___
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud

___
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud

Re: [Owncloud] two LDAP backends: duplicate user accounts

[Erwin Rennert]

We do not permit all our OpenLDAP-Users to access Owncloud; so we have a 
user list filter "hihoAllowOwncloud=TRUE"


If you only have the occasional double user, disabling this manually 
should do the trick.


Regards,
E.R.

On 10/31/2013 08:34 AM, Sven Ehret wrote:

Hello List!

We are using Owncloud version 5.0.12 on Ubuntu 12.04.3 and maintain two
separate LDAP directories for a customer:
1. MS Active Directory and
2. OpenLDAP.
Both directories are configured in Owncloud. Hooray for being able to
configure multiple LDAP backends! As User Login and User List filter, I
setup group memberships in both cases:

1. MS Active Directory:

  * User Login Filter:
(&(sAMAccountName=%uid)(objectClass=person)(memberOf=))
  * User List Filter: memberOf:1.2.840.113556.1.4.1941:=

2. OpenLDAP:

  * User Login Filter: uid=%uid
  * User List Filter: objectClass=posixAccount


That way, users from both directories can log on to Owncloud, which is
fantastic.

Now, it is not uncommon that some users are in /both/ directories. This
results in lack of clarity /which/ account is effective for OC logons.
Furthermore, when data shall be shared with one of these users, they do
appear /twice/ in the sharing list and it is not clear which user is the
active one.

First I thought that this would be easy to fix: Just remove the user
from the Active Directory group that is special for Owncloud logons.
However, this is not effective as a removal of the account from this
group does not seem to change anything in Owncloud.

Does anybody have an idea what could be done to clean this up? This
really is frustrating and a show stopper for some of those users. Thank
you for reading!

Best, Sven. !DSPAM:5272083b148721225111392!


___
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud


!DSPAM:5272083b148721225111392!




--
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Erwin Rennert, IT Services
Center for Social Innovation

A-1150 Wien, Linke Wienzeile 246
Austria, Europe

Phone: ++43-1-495 04 42 - 61
Facsimile: ++43-1-495 04 42 - 40
http://www.zsi.at/

___
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud

Re: [Owncloud] own cloud 5 - gallery app

[Wolfgang Pichler]

that is the problem - i have found that directory - but it is empty - it
does not there...

Web Server does have write privileges there...

br,
Wolfgang



2013/10/30 Victor Dubiniuk 

> Hi,
>
> it does, somewhere under /*data*/*user*/gallery/
>
> Victor
>
>
> On 10/30/2013 07:32 PM, Wolfgang Pichler wrote:
>
>> hi all,
>>
>> i was not able to find an answer to my question by asking google, so i
>> will try it here
>>
>> Does the gallery app in own cloud cache the generated thumbnails or not ?
>> I can not find anything on the host about this.
>>
>> br,
>> Wolfgang Pichler
>> __**_
>> Owncloud mailing list
>> Owncloud@kde.org
>> https://mail.kde.org/mailman/**listinfo/owncloud
>>
>
> __**_
> Owncloud mailing list
> Owncloud@kde.org
> https://mail.kde.org/mailman/**listinfo/owncloud
>
___
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud

[Owncloud] two LDAP backends: duplicate user accounts

[Sven Ehret]

Hello List!

We are using Owncloud version 5.0.12 on Ubuntu 12.04.3 and maintain two 
separate LDAP directories for a customer:
1.  MS Active Directory and
2.  OpenLDAP.
Both directories are configured in Owncloud. Hooray for being able to 
configure multiple LDAP backends! As User Login and User List filter, I 
setup group memberships in both cases:

1.  MS Active Directory:
User Login Filter: (&(sAMAccountName=%uid)(objectClass=person)(memberOf=))
User List Filter: memberOf:1.2.840.113556.1.4.1941:=
2.  OpenLDAP:
User Login Filter: uid=%uid
User List Filter: objectClass=posixAccount

That way, users from both directories can log on to Owncloud, which is 
fantastic.

Now, it is not uncommon that some users are in both directories. This 
results in lack of clarity which account is effective for OC logons. 
Furthermore, when data shall be shared with one of these users, they do 
appear twice in the sharing list and it is not clear which user is the 
active one.

First I thought that this would be easy to fix: Just remove the user from 
the Active Directory group that is special for Owncloud logons. However, 
this is not effective as a removal of the account from this group does not 
seem to change anything in Owncloud.

Does anybody have an idea what could be done to clean this up? This really 
is frustrating and a show stopper for some of those users. Thank you for 
reading!

Best, Sven.___
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud

Re: [Owncloud] oc with ssl client certificate

[Mario Klug]

Sorry, this was a mistake.

You'd have to check if $_SERVER['SSL_CLIENT_VERIFY'] says "SUCCESS".  If no 
certificate is available it's also there but the value is "NONE".

Regards
Mario

-Ursprüngliche Nachricht-
Von: Mario Klug 
Gesendet: Don 31 Oktober 2013 08:05
An: owncloud@kde.org
Betreff: AW: [Owncloud] oc with ssl client certificate

 

Hi Johannes,
I haven't tried it by myself but theoratically when using a client certificate 
the apache webserver adds SSL_SERVER_I_DN_CN and SSL_SERVER_I_DN_Email to the 
$_SERVER array.

This makes it very easy to add a check if a certificate is available in 
index.php.

if(!isset($_SERVER['SSL_SERVER_I_DN_CN'])) {

    die('You must provide a valid client certificate!');
}

When anybody opens your owncloud without a certificate he will receive a blank 
page which tells "You must provide a valid client certificate".
If the browser send this certificate the login should appear as usual.

Hope this helps as workaround.

Regards
Mario

-Ursprüngliche Nachricht-
Von: Dr. Johannes Zellner 
Gesendet: Mit 30 Oktober 2013 22:49
An: owncloud@kde.org
Betreff: Re: [Owncloud] oc with ssl client certificate

Hi,

thanks.

The interesting question from my (the client) perspective is: (how) did you 
make it work on the server?

It's as simple as having the client certificate to grant (and be required) to 
access the web server.
Afterwards I've to log into owncloud as usual.

So this is a two stage login process, which...

1. ...prevents anybody who doesn't have a valid client certificat to even see 
the login page
2. ...still allows to log into owncloud under different accounts, e.g. an admin 
and a user account (if you have the certificate)

This is perfectly what I like and what works inside a web browser.
In fact I wouldn't like the certificate to be linked to an owncloud account as 
it wouldn't allow me to log in under different accounts any more.
I believe that this is a very common scenario that someone wishes to 
double-protect a private owncloud server.

so it would be nice to have client authentication working with the owncloud 
clients.

regards,

-- 
Johannes


2013/10/30 Daniel Molkentin mailto:dan...@owncloud.com> >
Hi Johannes,

Am 30.10.2013 um 17:03 schrieb Dr. Johannes Zellner:

how do owncloud clients work when apache is configured with ssl client 
certificate authentification?

Neither the desktop nor the mobile clients support certificate authentication 
at this point, see below for details.

does the windows client work with a client certificate?

The Desktop Client (which has the same codebase for all OSes), has 
https://github.com/owncloud/mirall/issues/69 filed for that. It's not yet 
scheduled for any release, but if you look at the bug report, someone has 
volunteered to look into it, although it's been a few weeks since I last heard 
of him.

The interesting question from my (the client) perspective is: (how) did you 
make it work on the server? IMHO client certificates are only interesting if 
ownCloud automatically maps them to a user (as opposed to just being in front 
of http basic auth as a second layer), and afaik there is no user backend for 
the server that implements such functionality.

does mounting via davfs2 on linux work with a client certificate?

Haven't tested that yet myself. The man page indicates that it does. 

Cheers,
  Daniel

--
www.owncloud.com  - Your Data, Your Cloud, Your Way!

ownCloud GmbH, GF: Markus Rex, Holger Dyroff
Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)


___
Owncloud mailing list
Owncloud@kde.org  
https://mail.kde.org/mailman/listinfo/owncloud



___

Owncloud mailing list

Owncloud@kde.org

https://mail.kde.org/mailman/listinfo/owncloud



___
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud

Re: [Owncloud] oc with ssl client certificate

[Mario Klug]

Hi Johannes,
I haven't tried it by myself but theoratically when using a client certificate 
the apache webserver adds SSL_SERVER_I_DN_CN and SSL_SERVER_I_DN_Email to the 
$_SERVER array.

This makes it very easy to add a check if a certificate is available in 
index.php.

if(!isset($_SERVER['SSL_SERVER_I_DN_CN'])) {

    die('You must provide a valid client certificate!');
}

When anybody opens your owncloud without a certificate he will receive a blank 
page which tells "You must provide a valid client certificate".
If the browser send this certificate the login should appear as usual.

Hope this helps as workaround.

Regards
Mario

-Ursprüngliche Nachricht-
Von: Dr. Johannes Zellner 
Gesendet: Mit 30 Oktober 2013 22:49
An: owncloud@kde.org
Betreff: Re: [Owncloud] oc with ssl client certificate

Hi,

thanks.

The interesting question from my (the client) perspective is: (how) did you 
make it work on the server?

It's as simple as having the client certificate to grant (and be required) to 
access the web server.
Afterwards I've to log into owncloud as usual.

So this is a two stage login process, which...

1. ...prevents anybody who doesn't have a valid client certificat to even see 
the login page
2. ...still allows to log into owncloud under different accounts, e.g. an admin 
and a user account (if you have the certificate)

This is perfectly what I like and what works inside a web browser.
In fact I wouldn't like the certificate to be linked to an owncloud account as 
it wouldn't allow me to log in under different accounts any more.
I believe that this is a very common scenario that someone wishes to 
double-protect a private owncloud server.

so it would be nice to have client authentication working with the owncloud 
clients.

regards,

-- 
Johannes


2013/10/30 Daniel Molkentin mailto:dan...@owncloud.com> >
Hi Johannes,

Am 30.10.2013 um 17:03 schrieb Dr. Johannes Zellner:

how do owncloud clients work when apache is configured with ssl client 
certificate authentification?

Neither the desktop nor the mobile clients support certificate authentication 
at this point, see below for details.

does the windows client work with a client certificate?

The Desktop Client (which has the same codebase for all OSes), has 
https://github.com/owncloud/mirall/issues/69 filed for that. It's not yet 
scheduled for any release, but if you look at the bug report, someone has 
volunteered to look into it, although it's been a few weeks since I last heard 
of him.

The interesting question from my (the client) perspective is: (how) did you 
make it work on the server? IMHO client certificates are only interesting if 
ownCloud automatically maps them to a user (as opposed to just being in front 
of http basic auth as a second layer), and afaik there is no user backend for 
the server that implements such functionality.

does mounting via davfs2 on linux work with a client certificate?

Haven't tested that yet myself. The man page indicates that it does. 

Cheers,
  Daniel

--
www.owncloud.com  - Your Data, Your Cloud, Your Way!

ownCloud GmbH, GF: Markus Rex, Holger Dyroff
Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)


___
Owncloud mailing list
Owncloud@kde.org  
https://mail.kde.org/mailman/listinfo/owncloud



___

Owncloud mailing list

Owncloud@kde.org

https://mail.kde.org/mailman/listinfo/owncloud



___
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud