Owncloud with Kolab LDAP Backend
Jan Kowalsky
tuxus at notraces.net
Mon Dec 16 14:42:13 CET 2013
Hi Christian,
Am Saturday, 14. December 2013 schrieb Christian Hügel:
> Hi Jan,
>
> what version of OC are you using?
I use 5.0 - but not with multi-domail.
> My Kolab 3.1 is setup for a multi domain environment so i think the base
> dn should look something like
> dc=%2,dc=%1 but I'm not sure. I'm not even sure if the whole owncloud
> ldap auth works with a multi domain kolab as the right base dn has to be
> queried.
that's an intersting question. But it should work
> @Timotheus/Daniel what do you think?
>
> To test it I have set base dn to a known domain with one user.
> dc=example,dc=de
>
> I can see from the User Filter tab that the query finds one user..thats
> fine
that looks ok. What says your ldap-server in the /var/log/dirsrv/access.log?
If there is an output with "ok" the authentification from the ldap side should
be ok.
> But if i try to login i get following error
>
>
> "Automatischer Login zurückgewiesen!
> Wenn Du Dein Passwort nicht vor kurzem geändert hast, könnte Dein
> Account kompromittiert sein!
> Bitte ändere Dein Passwort, um Deinen Account wieder zu schützen."
This looks like an owncloud problem.
Does an local user (not ldap) exists in owncloud with the same uid?
> "Automatic logon rejected!
> If you did not chanfe your password recently, your account may be
> compromised!
> Please change your password to secure your account again."
>
> The ldap log looks like this again:
> >> 13/Dec/2013:21:22:01 +0100] NSACLPlugin - acllas__client_match_URL: url
> >> [ldap:///dc=example,dc=de??sub?(objectclass=*)] scope is subtree but dn
> >> [dc=example,dc=de] is not a suffix of [uid=kolab-service,ou=special
> >> users,dc=kolabmail,dc=de]
>
> So I'm out of ideas..
Can you post your entries in the ldap-gui of owncloud? I'm curious if I can
reproduce your problem here. Since I'm interested in the same goal (owncloud
in an muti-domain-setup) I would apreciate if we could solve the problem.
Regards
Jan
> Regards,
>
> Christian
>
> Am 13.12.2013 23:23, schrieb Jan Kowalsky:
> > Hi Christian,
> >
> > Am Friday, 13. December 2013 schrieb Christian Hügel:
> >> Hi,
> >>
> >> i just wanted to ask if someone managed to get the owncloud ldap-auth
> >> app working with the kolab ldap backend? If yes, what particular
> >> entries are needed? I have managed to bind to kolab ldap but the user
> >> filter gives me headaches.
> >
> > here it runs fine with:
> >
> > host: ldap.example.org
> > Base dn: dc=example,dc=org
> > User dn: uid=kolab-service,ou=Special Users,dc=example,dc=org
> > Password: secret
> > User Login Filter (|(uid=%uid)(mail=%uid))
> > User List Filter: objectClass=person
> > Group Filter: objectClass=posixGroup
> >
> > in the Ldap-Basic...
> >
> > The User Login Filter is set for accepting uid or primary
> > email-addresses. uid=%uid does ist for only accepting uid.
> >
> > What I didn't manage so far ist to restrict access to users with an
> > special role entry. If anybody has a hint how to do this, I would
> > appreciate.
> >
> >> This is the error message from dirsrv:
> >>
> >> 13/Dec/2013:21:22:01 +0100] NSACLPlugin - acllas__client_match_URL: url
> >> [ldap:///dc=example,dc=de??sub?(objectclass=*)] scope is subtree but dn
> >> [dc=example,dc=de] is not a suffix of [uid=kolab-service,ou=special
> >> users,dc=kolabmail,dc=de]
> >
> > what where your entries?
> >
> > Best Regards
> >
> > Jan
>
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users
More information about the users
mailing list