[Owncloud] AD : How to restrict access to someuser

MOKRANI Rachid rachid.mokrani at ifpen.fr
Thu Jan 17 10:31:22 UTC 2013


Many many thanks Holger,

With your suggestion, now I can restrict owncloud access to only some users. Many many thanks !


But I don't really understand how work "Groups" and "Group Admin" in the web Setting/Users interface now.

After save LDAP setting, I can see only the users that I add in AD OwnCloudGroup. It's OK.


But all users are members of Groups = Groups (option : I can set a user "admin")

and are members of Group Admin = Group Admin   (I have no option)

I don't really understand how work this Groups and group Admin.




My new config.

 LDAP Basic
 Host = my_hostname.exemple.com
 Base DN = DC=exemple,DC=com
 User DN = cn=adminad,ou=DIR,dc=exemple,dc=com
 Password = adminad user password
 User Login Filter = (&(&(sAMAccountName=%uid)(objectClass=user))(memberOf=CN=OwnCloudGroup,OU=OwnCloudAccess,DC=exemple,DC=com))
 User List Filter = memberOf=CN=OwnCloudGroup,OU=OwnCloudAccess,DC=exemple,DC=com
 Group Filter =

 Advanced
 Base User Tree= OU=DIR,DC=exemple,DC=com
 Base Group Tree = OU=OwnCloud,DC=exemple,DC=com
 Group-Member association = member (AD)
 User Display Name Field = sAMAccountName
 Group Display Name Field = sAMAccountName




> -----Message d'origine-----
> De : Holger Angenent [mailto:h_zimm01 at uni-muenster.de] 
> Envoyé : jeudi 17 janvier 2013 10:48
> À : owncloud at kde.org; MOKRANI Rachid
> Objet : Re: [Owncloud] AD : How to restrict access to someuser
> 
> Hi,
> 
> I use the same setting and for me, it works.
> My configuration is:
> 
> Host: hostname_of_domaincontroller
> Base-DN: OU=Project-Users,DC=domain,DC=de
> User-DN: CN=username,OU=Admins,DC=domain,DC=de
> User-Login-Filter:
> (&(&(sAMAccountName=%uid)(objectClass=user))(memberOf=CN=u0ziv
> mit,OU=Projekt-Gruppen,DC=domain,DC=de))
> User-List-Filter: 
> memberOf=CN=u0zivmit,OU=Project-Groups,DC=domain,DC=de
> Group Filter: empty
> 
> Advanced:
> Group Member association: member(AD)
> User Display Name Field: cn
> Group Display Name Field: cn
> 
> As far as I can see it, you need both the User-Login-Filter and
> User-List-Filter. The former to restrict the other users from logging
> in, the latter to get the right user list in the user 
> administration menu.
> 
> Best regards,
> Holger
> 
> Am 17.01.2013 10:31, schrieb MOKRANI Rachid:
> > Hi,
> >
> > OwnCloud = v 4.5.4
> >
> > I have AD W2003 with more than 1000 users. I would like to 
> restrict OwnCloud access to some users only, but no luck. 
> >
> > My domain = exemple.com
> > I have an OU "DIR" with all my users (more than 1000 users).
> > In the OU "DIR" I have différent groups. (Group1 - Group2 - 
> Group3 ....)
> >
> > I created a new OU ine the Base DN = "OwnCloudAccess"
> > In this new OU I created a new group "OwnCloudGroup" and 
> add 10 users. 
> >
> >
> > But no luck, all users can always connect....
> >
> >
> > My conf.
> >
> > LDAP Basic
> > Host = my_hostname.exemple.com
> > Base DN = DC=exemple,DC=com
> > User DN = cn=adminad,ou=DIR,dc=exemple,dc=com
> > Password = adminad user password
> > User Login Filter = sAMAccountName=%uid
> > User List Filter = 
> (&(memberOf=OU=OwnCloudAcess,CN=OwnCloudGroup,DC=exemple,DC=com))
> > Group Filter = 
> (&(memberOf=OU=OwnCloudAcess,CN=OwnCloudGroup,DC=exemple,DC=com))
> >
> >
> >
> > Advanced
> > Base User Tree= OU=DIR,DC=exemple,DC=com
> > Base Group Tree = OU=OwnCloud,DC=exemple,DC=com
> > Group-Member association = member (AD)
> > User Display Name Field = sAMAccountName
> > Group Display Name Field = sAMAccountName
> >
> >
> > Any help about the good config ?
> >
> > Best regards.
> > __________________________
> > Avant d'imprimer, pensez à l'environnement ! Please 
> consider the environment before printing ! 
> > Ce message et toutes ses pièces jointes sont confidentiels 
> et établis à l'intention exclusive de ses destinataires. 
> Toute utilisation non conforme à sa destination, toute 
> diffusion ou toute publication, totale ou partielle, est 
> interdite, sauf autorisation expresse. IFP Energies nouvelles 
> décline toute responsabilité au titre de ce message. This 
> message and any attachments are confidential and intended 
> solely for the addressees. Any unauthorised use or 
> dissemination is prohibited. IFP Energies nouvelles should 
> not be liable for this message.
> > __________________________
> >
> > _______________________________________________
> > Owncloud mailing list
> > Owncloud at kde.org
> > https://mail.kde.org/mailman/listinfo/owncloud
> 
> 
__________________________
Avant d'imprimer, pensez à l'environnement ! Please consider the environment before printing ! 
Ce message et toutes ses pièces jointes sont confidentiels et établis à l'intention exclusive de ses destinataires. Toute utilisation non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. IFP Energies nouvelles décline toute responsabilité au titre de ce message. This message and any attachments are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. IFP Energies nouvelles should not be liable for this message.
__________________________




More information about the Owncloud mailing list