[Owncloud] owncloud alpha 1 and LDAP entryUUID

Arthur Schiwon blizzz at owncloud.com
Fri Mar 8 19:22:08 UTC 2013 

On 03/07/2013 01:25 PM, Tornóci László wrote:
> On 03/07/2013 11:49 AM, Dirk Kastens wrote:
>> Hi,
>>
>> seems that this was the wrong place.
Why? Did you truncate the oc_ldap_user_mapping table?
Could have been that something was left in the Cache, too.

>>Owncloud still used the UUID for
>> the user directory. Meanwhile I have changed line 431 in
>> user_ldap/lib/connection.php from
>>
>> if(!in_array($this->config['ldapUuidAttribute'], array('auto',
>> 'entryuuid', 'nsuniqueid', 'objectguid'))
>>
>> to
>>
>> if(!in_array($this->config['ldapUuidAttribute'], array('uid'))
>>
>> and line 895 in user_ldap/lib/connection.php from
>>
>> $testAttributes = array('entryuuid', 'nsuniqueid', 'objectguid');
>>
>> to
>>
>> $testAttributes = array('uid');
>>
>> Now OC only uses the uid for the users and the directories.

Not only, but also to recognize users. If you want that, OK.

[Now some copy mess from the other mails, sorry]

>> Your problem was that from OC5 the LDAP entryUUID was used for #2,
>> right? For this you need to change the source for sure (perhaps at more
>> than one place).
> Exactly.

Exactly this should have been achieved with my suggestion.

> With the changes that I made, OC behaves like OC4, where users and directories are named after the users UIDs.

This was also the case with OC4.5 (depending on your config). However, 
those names always have been sanitized. Other characters but a-zA-z0-9 
and four other chars have been replaced or thrown away, because of 
username limitiations in ownCloud.

Since  OC 4.5 LDAP users are identified/recognized with their UUID 
attribute. This was necessary as anything else did not prove to be 
reliable enough and caused problems.

Now we switched to generally use the UUID also for the internal name, 
because displayed will only be the display name.

>It would be great if this could be made configurable through the admin 
interface. You just need to add a field like "unique attribute". Then 
it's up to the admin if he chooses the uid, the entryuuid, the uidnumber 
or whatever.

These are two things
1) customizable attribute for display name (will be sanitizied to meet 
ownCloud limitations). I think we can get it into 5.0.1, although I do 
not see it as a bug, but I understand that some are not so happy with 
this behaviour.
2) customizable UUID attribute to identify and recognize users. 
Honestly, I really love to keep it as it is, to avoid configuration 
disasters. But I agree it may be handy when there really is another 
unique attribute and it would solve migration headaches. Here we would 
also need to implement a mechanism, that updates all mapped users and 
groups. Since we have this policy since 4.5 and there were no complaints 
so far and it is another feature, this can be done only for OC 6.


Cheers
Arthur


>
> Hi,
>
> If I understand your problem correctly, you don't need to change the
> source at so many places. There are many things here that can be easily
> mixed up:
> 1. uid to login
> 2. internal ID for OC
> 3. user home dir path
> 4. display name
>
> Your problem was that from OC5 the LDAP entryUUID was used for #2,
> right? For this you need to change the source for sure (perhaps at more
> than one place).
>
> For #1 you can use any ldap attribute you like in "User login filter" of
> the basic ldap setup
>
> For #3 you can use "Group display name field" in the advanced setup
> For #4 you can use "User home folder naming rule" in the advanced setup
>
>                      Yours: Laszlo
>>
>>>> You can patch it yourself by replacing
>>>> the line
>>>> https://github.com/owncloud/core/blob/master/apps/user_ldap/lib/access.php#L317
>>>>
>>>>
>>>>
>>>>
>>>> with
>>>> $intname = $isUser ? $this->sanitizeUsername($this->readAttribute($dn,
>>>> 'uid')) : $this->sanitizeUsername($ldapname);
>>>
>>> Great! I didn't know that this is that simple. I'll give it a try.
>>
>> Dirk
>>
>>
>>
>> _______________________________________________
>> Owncloud mailing list
>> Owncloud at kde.org
>> https://mail.kde.org/mailman/listinfo/owncloud
>>
>
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud

More information about the Owncloud mailing list