[Owncloud] allow auth only for LDAP/AD users of a specific group

Vieri rentorbuy at yahoo.com
Wed May 29 06:53:04 UTC 2013



--- On Tue, 5/28/13, Arthur Schiwon <blizzz at owncloud.com> wrote:

> Vieri wrote:
> > --- On Tue, 5/28/13, Arthur Schiwon <blizzz at owncloud.com>
> wrote:
> > > Vieri wrote:
> > > > I'm attaching an LDAP listing I made with the
> same bind
> > > 
> > > user as in owncloud
> > > 
> > > > but with another LDAP client.
> > > 
> > > the attachment is missing.
> > 
> > sorry, attached.
> 
> thx.
> 
> The user DN does not contain cn=vpn as stated in your user
> base setting.
> 
> Instead you want to remove the cn=vpn from the user base
> setting, but adjust 
> your user list and user login filter:
> 
> (&(memberof=GROUPDN)(ORIGINAL_PART))
> 
> replace the GROUPDN and the ORIGINAL_PART (the filter
> before) accordingly.
> 
> Hope that helps,

It did. Thanks a lot.

I set "User List Filter" to (&(memberof=cn=vpn,cn=users,dc=domain,dc=org)(objectClass=person))

I also set "User Login Filter" to (&(memberof=cn=vpn,cn=users,dc=domain,dc=org)(sAMAccountName=%uid))
and I successfully got the user list members of the vpn group:

Debug 	user_ldap 	getGroups getGroups---1-0 	May 29, 2013 08:32
Debug 	user_ldap 	getUsers: Options: search limit offset Filter: (&(&(memberof=cn=vpn,cn=users,dc=domain,dc=org)(objectClass=person))(displayname=*)) 	May 29, 2013 08:32
Debug 	user_ldap 	getUsers: 19 Users found 

However, I'd like to know if setting "User Login Filter" to sAMAccountName=%uid should be enough to do the same job.
In fact, I'm getting the same listing.

Thanks again,

Vieri




More information about the Owncloud mailing list