[Owncloud] Antwort: Re: two LDAP backends: duplicate user accounts

Erwin Rennert rennert at zsi.at
Thu Oct 31 12:09:46 UTC 2013 

On 10/31/2013 12:33 PM, Sven Ehret wrote:
> thanks! You mean, you introduced a custom LDAP attribute and specified
> it in the filter?

That's right!

Regards, E.

>
> Best, Sven
>
>
>
> Von: Erwin Rennert <rennert at zsi.at>
> An: owncloud at kde.org
> Datum: 31.10.2013 10:49
> Betreff: Re: [Owncloud] two LDAP backends: duplicate user accounts
> Gesendet von: owncloud-bounces at kde.org
> ------------------------------------------------------------------------
>
>
>
> We do not permit all our OpenLDAP-Users to access Owncloud; so we have a
> user list filter "hihoAllowOwncloud=TRUE"
>
> If you only have the occasional double user, disabling this manually
> should do the trick.
>
> Regards,
> E.R.
>
> On 10/31/2013 08:34 AM, Sven Ehret wrote:
>  > Hello List!
>  >
>  > We are using Owncloud version 5.0.12 on Ubuntu 12.04.3 and maintain two
>  > separate LDAP directories for a customer:
>  > 1. MS Active Directory and
>  > 2. OpenLDAP.
>  > Both directories are configured in Owncloud. Hooray for being able to
>  > configure multiple LDAP backends! As User Login and User List filter, I
>  > setup group memberships in both cases:
>  >
>  > 1. MS Active Directory:
>  >
>  >   * User Login Filter:
>  >     (&(sAMAccountName=%uid)(objectClass=person)(memberOf=<a specific
>  >     group>))
>  >   * User List Filter: memberOf:1.2.840.113556.1.4.1941:=<a specific
> group>
>  >
>  > 2. OpenLDAP:
>  >
>  >   * User Login Filter: uid=%uid
>  >   * User List Filter: objectClass=posixAccount
>  >
>  >
>  > That way, users from both directories can log on to Owncloud, which is
>  > fantastic.
>  >
>  > Now, it is not uncommon that some users are in /both/ directories. This
>  > results in lack of clarity /which/ account is effective for OC logons.
>  > Furthermore, when data shall be shared with one of these users, they do
>  > appear /twice/ in the sharing list and it is not clear which user is the
>  > active one.
>  >
>  > First I thought that this would be easy to fix: Just remove the user
>  > from the Active Directory group that is special for Owncloud logons.
>  > However, this is not effective as a removal of the account from this
>  > group does not seem to change anything in Owncloud.
>  >
>  > Does anybody have an idea what could be done to clean this up? This
>  > really is frustrating and a show stopper for some of those users. Thank
>  > you for reading!
>  >
>  > Best, Sven.
>  >
>  >
>  > _______________________________________________
>  > Owncloud mailing list
>  > Owncloud at kde.org
>  > https://mail.kde.org/mailman/listinfo/owncloud
>  >
>  >
>  > !DSPAM:5272083b148721225111392!
>  >
>
>
> --
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> Erwin Rennert, IT Services
> Center for Social Innovation
>
> A-1150 Wien, Linke Wienzeile 246
> Austria, Europe
>
> Phone: ++43-1-495 04 42 - 61
> Facsimile: ++43-1-495 04 42 - 40
> http://www.zsi.at/
>
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
>
> !DSPAM:5272404d148722147491501!
>
>
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
>
>
> !DSPAM:5272404d148722147491501!
>


-- 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Erwin Rennert, IT Services
Center for Social Innovation

A-1150 Wien, Linke Wienzeile 246
Austria, Europe

Phone: ++43-1-495 04 42 - 61
Facsimile: ++43-1-495 04 42 - 40
http://www.zsi.at/

More information about the Owncloud mailing list