[Owncloud] allow auth only for LDAP/AD users of a specific group

Arthur Schiwon blizzz at owncloud.com
Wed May 29 10:03:56 UTC 2013 

On Tuesday, May 28, 2013 11:53:04 PM Vieri wrote:
> --- On Tue, 5/28/13, Arthur Schiwon <blizzz at owncloud.com> wrote:
> > Vieri wrote:
> > > --- On Tue, 5/28/13, Arthur Schiwon <blizzz at owncloud.com>
> > 
> > wrote:
> > > > Vieri wrote:
> > > > > I'm attaching an LDAP listing I made with the
> > 
> > same bind
> > 
> > > > user as in owncloud
> > > > 
> > > > > but with another LDAP client.
> > > > 
> > > > the attachment is missing.
> > > 
> > > sorry, attached.
> > 
> > thx.
> > 
> > The user DN does not contain cn=vpn as stated in your user
> > base setting.
> > 
> > Instead you want to remove the cn=vpn from the user base
> > setting, but adjust
> > your user list and user login filter:
> > 
> > (&(memberof=GROUPDN)(ORIGINAL_PART))
> > 
> > replace the GROUPDN and the ORIGINAL_PART (the filter
> > before) accordingly.
> > 
> > Hope that helps,
> 
> It did. Thanks a lot.
> 
> I set "User List Filter" to
> (&(memberof=cn=vpn,cn=users,dc=domain,dc=org)(objectClass=person))
> 
> I also set "User Login Filter" to
> (&(memberof=cn=vpn,cn=users,dc=domain,dc=org)(sAMAccountName=%uid)) and I
> successfully got the user list members of the vpn group:
> 
> Debug 	user_ldap 	getGroups getGroups---1-0 	May 29, 2013 08:32
> Debug 	user_ldap 	getUsers: Options: search limit offset Filter:
> (&(&(memberof=cn=vpn,cn=users,dc=domain,dc=org)(objectClass=person))(displa
> yname=*)) 	May 29, 2013 08:32 Debug 	user_ldap 	getUsers: 19 Users found
> 
> However, I'd like to know if setting "User Login Filter" to
> sAMAccountName=%uid should be enough to do the same job. In fact, I'm
> getting the same listing.

"User Login Filter" applies to logins only. I.e. having sAMAccountName=%uid 
only, any user with an sAMAccountName and a password can log in.

"User List Filter" applies to user listings only, i.e. on the Users page or on 
the Share dialogue. 

Cheers
Arthur


> 
> Thanks again,
> 
> Vieri
> 
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud

More information about the Owncloud mailing list