[Owncloud] allow auth only for LDAP/AD users of a specific group
Vieri
rentorbuy at yahoo.com
Wed May 29 06:53:04 UTC 2013
--- On Tue, 5/28/13, Arthur Schiwon <blizzz at owncloud.com> wrote:
> Vieri wrote:
> > --- On Tue, 5/28/13, Arthur Schiwon <blizzz at owncloud.com>
> wrote:
> > > Vieri wrote:
> > > > I'm attaching an LDAP listing I made with the
> same bind
> > >
> > > user as in owncloud
> > >
> > > > but with another LDAP client.
> > >
> > > the attachment is missing.
> >
> > sorry, attached.
>
> thx.
>
> The user DN does not contain cn=vpn as stated in your user
> base setting.
>
> Instead you want to remove the cn=vpn from the user base
> setting, but adjust
> your user list and user login filter:
>
> (&(memberof=GROUPDN)(ORIGINAL_PART))
>
> replace the GROUPDN and the ORIGINAL_PART (the filter
> before) accordingly.
>
> Hope that helps,
It did. Thanks a lot.
I set "User List Filter" to (&(memberof=cn=vpn,cn=users,dc=domain,dc=org)(objectClass=person))
I also set "User Login Filter" to (&(memberof=cn=vpn,cn=users,dc=domain,dc=org)(sAMAccountName=%uid))
and I successfully got the user list members of the vpn group:
Debug user_ldap getGroups getGroups---1-0 May 29, 2013 08:32
Debug user_ldap getUsers: Options: search limit offset Filter: (&(&(memberof=cn=vpn,cn=users,dc=domain,dc=org)(objectClass=person))(displayname=*)) May 29, 2013 08:32
Debug user_ldap getUsers: 19 Users found
However, I'd like to know if setting "User Login Filter" to sAMAccountName=%uid should be enough to do the same job.
In fact, I'm getting the same listing.
Thanks again,
Vieri
More information about the Owncloud
mailing list