[Owncloud] owncloud alpha 1 and LDAP entryUUID
Arthur Schiwon
blizzz at owncloud.com
Tue Feb 26 11:25:58 UTC 2013
On 02/22/2013 11:09 AM, Dirk Kastens wrote:
> Hi,
>
>>> the LDAP backend is now using the entyUUID attribute to store users.
>>
>> (tech detail: the uuid attribute will be autodetected, e.g. AD uses a
>> different one)
> This could be a problem if you change your ldap server, maybe from
> openldap to AD or to Novell.
Yes.
>Although the user data are the same (uid,
> mail, etc.), no user will have access to his owncloud data, because the
> UUID, that is internal to the LDAP server, has changed.
The problem is, that all other attributes may change (and may be not
unique) in the directory server.
> The same happens, if you want to restore a deleted user from an LDIF
> file. Unless you are using "slapadd" (this only works if you stop the
> openldap server), an "ldapadd" will recreate the user with a new UUID,
> so that he also loses all his data.
The challenge is that we need to identify and recognize any user from
LDAP. The UUID is the only reliable way to do it, because CNs, DNs and
what not may change. We sticked to DN before, but that was simply not
practical. There will be no real data loss, the admin will be able to
make data accessable again to users whose UUID changed, also a migration
tool can be written.
Cheers
Arthur
>
> Dirk
>
>
>
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
>
More information about the Owncloud
mailing list