ldap question

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

ldap question

Michael Pfitzner
I need some help with the proper configuration of ldap.
The tree looks something like:
->dn
    ->ou=user
        ->uid=... all the information but no way to get all groups the
user is member of from here,
                        only users main group could be found

    ->ou=group
        ->cn=... here you can find the uid of all users who are member
of this group

my question is now, how do I restrict owncloud access to users of
certain groups, without changing anithing at the ldap tree.

I can filter for user whose maingroup is set in the user tree, but these
aren't all I want to give access to owncloud.

big thanx, michael

_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: ldap question

Timo Springmann
Hi Michael,

Am 13.06.2013 um 19:53 schrieb Michael Pfitzner <[hidden email]>:
> my question is now, how do I restrict owncloud access to users of
> certain groups, without changing anithing at the ldap tree.
>
> I can filter for user whose maingroup is set in the user tree, but these
> aren't all I want to give access to owncloud.

here's my solution to allow all members of the group "owncloud"  to login to my owncloud installation:

$>ldapsearch -x cn=owncloud
dn: cn=owncloud,ou=groups,dc=example,dc=local
objectClass: groupOfNames
objectClass: top
cn: owncloud
description: Owncloud Users
member: cn=Test Muster,ou=people,dc=example,dc=local
member: cn=Test2 Testor,ou=people,dc=example,dc=local

OwnCloud User Login Filter: (&(uid=%uid)(memberOf=cn=owncloud,ou=groups,dc=example,dc=local))

You need the "memberof" overlay in your OpenLDAP (http://www.openldap.org/doc/admin24/guide.html#Reverse%20Group%20Membership%20Maintenance) for this to work.

slapd.conf:
module load      memberof.la
overlay memberof

Regards,
Timo

--
funny, but it's still rock and roll to me

_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: ldap question

Pekka Sutela
On 13.6.2013 21.08, Timo Springmann wrote:

> here's my solution to allow all members of the group "owncloud"  to login to my owncloud installation:
>
> $>ldapsearch -x cn=owncloud
> dn: cn=owncloud,ou=groups,dc=example,dc=local
> objectClass: groupOfNames
> objectClass: top
> cn: owncloud
> description: Owncloud Users
> member: cn=Test Muster,ou=people,dc=example,dc=local
> member: cn=Test2 Testor,ou=people,dc=example,dc=local
>
> OwnCloud User Login Filter: (&(uid=%uid)(memberOf=cn=owncloud,ou=groups,dc=example,dc=local))
>
> You need the "memberof" overlay in your OpenLDAP (http://www.openldap.org/doc/admin24/guide.html#Reverse%20Group%20Membership%20Maintenance) for this to work.
>
> slapd.conf:
> module load      memberof.la
> overlay memberof
>

Hi,

is there any way to do this with Open Directory (Mac OS X Server 10.8)?
There is no memberof attribute in OD but there is memberuid.


--

Pekka Sutela

_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: ldap question

hippykilla
In reply to this post by Timo Springmann
I would like to know how to get ownCloud to not send me email in German. Not
that I don't like German but, I only speak English. :-)

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf
Of Timo Springmann
Sent: Thursday, June 13, 2013 11:08 AM
To: [hidden email]
Subject: Re: [Owncloud] ldap question

Hi Michael,

Am 13.06.2013 um 19:53 schrieb Michael Pfitzner
<[hidden email]>:
> my question is now, how do I restrict owncloud access to users of
> certain groups, without changing anithing at the ldap tree.
>
> I can filter for user whose maingroup is set in the user tree, but
> these aren't all I want to give access to owncloud.

here's my solution to allow all members of the group "owncloud"  to login to
my owncloud installation:

$>ldapsearch -x cn=owncloud
dn: cn=owncloud,ou=groups,dc=example,dc=local
objectClass: groupOfNames
objectClass: top
cn: owncloud
description: Owncloud Users
member: cn=Test Muster,ou=people,dc=example,dc=local
member: cn=Test2 Testor,ou=people,dc=example,dc=local

OwnCloud User Login Filter:
(&(uid=%uid)(memberOf=cn=owncloud,ou=groups,dc=example,dc=local))

You need the "memberof" overlay in your OpenLDAP
(http://www.openldap.org/doc/admin24/guide.html#Reverse%20Group%20Membership
%20Maintenance) for this to work.

slapd.conf:
module load      memberof.la
overlay memberof

Regards,
Timo

--
funny, but it's still rock and roll to me

_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud

_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: ldap question

Arthur Schiwon (Blizzz)
On Sunday 16 June 2013 20:02:31 Derek Broes wrote:
> I would like to know how to get ownCloud to not send me email in German. Not
> that I don't like German but, I only speak English. :-)

What's the connection to LDAP? :)

Is English selected as language in the web interface? And which email anyway?

Cheers
Arthur



> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf
> Of Timo Springmann
> Sent: Thursday, June 13, 2013 11:08 AM
> To: [hidden email]
> Subject: Re: [Owncloud] ldap question
>
> Hi Michael,
>
> Am 13.06.2013 um 19:53 schrieb Michael Pfitzner
>
> <[hidden email]>:
> > my question is now, how do I restrict owncloud access to users of
> > certain groups, without changing anithing at the ldap tree.
> >
> > I can filter for user whose maingroup is set in the user tree, but
> > these aren't all I want to give access to owncloud.
>
> here's my solution to allow all members of the group "owncloud"  to login to
> my owncloud installation:
>
> $>ldapsearch -x cn=owncloud
> dn: cn=owncloud,ou=groups,dc=example,dc=local
> objectClass: groupOfNames
> objectClass: top
> cn: owncloud
> description: Owncloud Users
> member: cn=Test Muster,ou=people,dc=example,dc=local
> member: cn=Test2 Testor,ou=people,dc=example,dc=local
>
> OwnCloud User Login Filter:
> (&(uid=%uid)(memberOf=cn=owncloud,ou=groups,dc=example,dc=local))
>
> You need the "memberof" overlay in your OpenLDAP
> (http://www.openldap.org/doc/admin24/guide.html#Reverse%20Group%20Membership
> %20Maintenance) for this to work.
>
> slapd.conf:
> module load      memberof.la
> overlay memberof
>
> Regards,
> Timo
>
> --
> funny, but it's still rock and roll to me
>
> _______________________________________________
> Owncloud mailing list
> [hidden email]
> https://mail.kde.org/mailman/listinfo/owncloud
>
> _______________________________________________
> Owncloud mailing list
> [hidden email]
> https://mail.kde.org/mailman/listinfo/owncloud
_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud