[Owncloud] Users LDAP storage related issues

Jeroen van Meeuwen (Kolab Systems) vanmeeuwen at kolabsys.com
Sat Mar 3 12:20:02 UTC 2012 

On 2012-02-29 19:46, Arthur Schiwon wrote:
> On Tuesday 28 February 2012 14:27:36 Aleksander Machniak wrote:
>> - Authenticating against LDAP does not create the owncloud 
>> equivalent of
>> a user account, and therefore sharing with permissions is not 
>> working,
>
> These are two different things. Sharing with permissions is not 
> dependent on
> local accounts. Is there another reason for them?
>

Correct me if I'm wrong, but I thought ownCloud saved the (user, group) 
permissions on files shared, amongst other things, in it's own database.

I'm seeing owncloud.oc_sharing be filled with a uid_owner (my LDAP 
UID), and I'm seeing sharing only be possible with local database user 
accounts (not other LDAP accounts).

I think it is easiest to acknowledge the users end up in the database's 
users table, with a proper user_id, and refer back to that user_id in 
other tables (such as sharing) instead of continuously referring to a 
'uid' - because of renames of people.

The same goes for groups, really, and ultimately you may want to 
indicate the authentication and authorization database (type) these 
users could have originally come from (i.e. the users and groups tables 
get an LDAP tree identifier added to them).

If you wanted, you could then detect renames by adding yet another 
column that holds the persistent, unique identifier for LDAP entries 
(usually entryUUID, or nsUniqueID, or something custom).

You would then search for the entry in LDAP, get its unique identifier, 
search your own tables for said identifier, either create a new entry or 
update an existing entry.

Alternatively, some sort of API call could cause a synchronization 
daemon (Kolab does this a lot, I'm working on the parts that make this 
happen for Roundcube at this very moment), to issue a rename, add or 
delete.

Thoughts?

Kind regards,

Jeroen van Meeuwen

-- 
Systems Architect, Kolab Systems AG

e: vanmeeuwen at kolabsys.com
m: +44 74 2516 3817
w: http://www.kolabsys.com

pgp: 9342 BF08

More information about the Owncloud mailing list