[Owncloud] Users LDAP storage related issues
Michael Gapczynski
mtgap at owncloud.com
Sat Mar 3 15:27:54 UTC 2012
On Saturday, March 03, 2012 12:20:02 PM Jeroen van Meeuwen wrote:
> On 2012-02-29 19:46, Arthur Schiwon wrote:
> > On Tuesday 28 February 2012 14:27:36 Aleksander Machniak wrote:
> >> - Authenticating against LDAP does not create the owncloud
> >> equivalent of
> >> a user account, and therefore sharing with permissions is not
> >> working,
> >
> > These are two different things. Sharing with permissions is not
> > dependent on
> > local accounts. Is there another reason for them?
>
> Correct me if I'm wrong, but I thought ownCloud saved the (user, group)
> permissions on files shared, amongst other things, in it's own database.
>
> I'm seeing owncloud.oc_sharing be filled with a uid_owner (my LDAP
> UID), and I'm seeing sharing only be possible with local database user
> accounts (not other LDAP accounts).
>
> I think it is easiest to acknowledge the users end up in the database's
> users table, with a proper user_id, and refer back to that user_id in
> other tables (such as sharing) instead of continuously referring to a
> 'uid' - because of renames of people.
>
> The same goes for groups, really, and ultimately you may want to
> indicate the authentication and authorization database (type) these
> users could have originally come from (i.e. the users and groups tables
> get an LDAP tree identifier added to them).
>
> If you wanted, you could then detect renames by adding yet another
> column that holds the persistent, unique identifier for LDAP entries
> (usually entryUUID, or nsUniqueID, or something custom).
>
> You would then search for the entry in LDAP, get its unique identifier,
> search your own tables for said identifier, either create a new entry or
> update an existing entry.
>
> Alternatively, some sort of API call could cause a synchronization
> daemon (Kolab does this a lot, I'm working on the parts that make this
> happen for Roundcube at this very moment), to issue a rename, add or
> delete.
>
> Thoughts?
>
> Kind regards,
>
> Jeroen van Meeuwen
Sharing is already possible with LDAP users and other user backends. There is
no direct link between the database users table and the sharing table.
I'm aware that our method of keeping track of users in the database is not
good and can cause problems with renames. This applies to more than just
sharing. This is on my todo list for the next release.
Michael
More information about the Owncloud
mailing list