Owncloud with Kolab LDAP Backend
Christian Hügel
christian.huegel at stonebyte.de
Sat Dec 14 00:54:18 CET 2013
Hi Jan,
what version of OC are you using?
My Kolab 3.1 is setup for a multi domain environment so i think the base
dn should look something like
dc=%2,dc=%1 but I'm not sure. I'm not even sure if the whole owncloud
ldap auth works with a multi domain kolab as the right base dn has to be
queried.
@Timotheus/Daniel what do you think?
To test it I have set base dn to a known domain with one user.
dc=example,dc=de
I can see from the User Filter tab that the query finds one user..thats fine
But if i try to login i get following error
"Automatischer Login zurückgewiesen!
Wenn Du Dein Passwort nicht vor kurzem geändert hast, könnte Dein
Account kompromittiert sein!
Bitte ändere Dein Passwort, um Deinen Account wieder zu schützen."
"Automatic logon rejected!
If you did not chanfe your password recently, your account may be
compromised!
Please change your password to secure your account again."
The ldap log looks like this again:
>> 13/Dec/2013:21:22:01 +0100] NSACLPlugin - acllas__client_match_URL: url
>> [ldap:///dc=example,dc=de??sub?(objectclass=*)] scope is subtree but dn
>> [dc=example,dc=de] is not a suffix of [uid=kolab-service,ou=special
>> users,dc=kolabmail,dc=de]
So I'm out of ideas..
Regards,
Christian
Am 13.12.2013 23:23, schrieb Jan Kowalsky:
> Hi Christian,
>
> Am Friday, 13. December 2013 schrieb Christian Hügel:
>> Hi,
>>
>> i just wanted to ask if someone managed to get the owncloud ldap-auth
>> app working with the kolab ldap backend? If yes, what particular
>> entries are needed? I have managed to bind to kolab ldap but the user
>> filter gives me headaches.
>
> here it runs fine with:
>
> host: ldap.example.org
> Base dn: dc=example,dc=org
> User dn: uid=kolab-service,ou=Special Users,dc=example,dc=org
> Password: secret
> User Login Filter (|(uid=%uid)(mail=%uid))
> User List Filter: objectClass=person
> Group Filter: objectClass=posixGroup
>
> in the Ldap-Basic...
>
> The User Login Filter is set for accepting uid or primary email-addresses.
> uid=%uid does ist for only accepting uid.
>
> What I didn't manage so far ist to restrict access to users with an special
> role entry. If anybody has a hint how to do this, I would appreciate.
>
>> This is the error message from dirsrv:
>>
>> 13/Dec/2013:21:22:01 +0100] NSACLPlugin - acllas__client_match_URL: url
>> [ldap:///dc=example,dc=de??sub?(objectclass=*)] scope is subtree but dn
>> [dc=example,dc=de] is not a suffix of [uid=kolab-service,ou=special
>> users,dc=kolabmail,dc=de]
>
> what where your entries?
>
> Best Regards
>
> Jan
>
More information about the users
mailing list