-----Original Message-----
From: Rob Crittenden <rcrit...@redhat.com>
To: Jonathan J. Ramirez C. <jonathan.rami...@solmar.com>,
Subject: Re: [Freeipa-users] OC and FreeIPA
Date: Wed, 16 Jul 2014 14:12:34 -0400

Jonathan J. Ramirez C. wrote:
> Hi.
> Does anybody here know how to properly set up ownCloud 6.0.4 to work
> with FreeIPA 3.3.5? I keep getting these messages when trying to logon
> to OC with a created account in FreeIPA.
> Here's a sample:
> ownCloud[2182]: {user_ldap} initializing paged search for 
> FilterobjectClass=* base Array ([0] =>
> uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com) attr ipauniqueid limit
> 99999 offset 0
> ownCloud[2182]: {user_ldap} Ready for a paged search
> ownCloud[2182]: {user_ldap} Requested attribute ipauniqueid not found
> for uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com
> ownCloud[2182]: {user_ldap} Could not autodetect the UUID attribute
> ownCloud[2182]: {user_ldap} Cannot determine UUID for
> uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com. Skipping.
> ownCloud[2182]: {core} Login failed: user 'jonram' , wrong password,
> IP:set log_authfailip=true in conf
> I'm really new to OC and IPA so I don't know where to poke to make it
> work. I'll much appreciate any hint.

> I've never dealt with OC before but I scanned the LDAP docs quickly.
> You will want to set separate user and group base DNs. It is using the
> compat tree and that is likely the wrong thing in this case.
> Users: cn=users,cn=accounts,dc=mydomain,dc=com
> Groups: cn=groups,cn=accounts,dc=mydomain,dc=com
> That will fix the UUID issue at least.
> Have you set a password for this user account, and have you
> authenticated with it yet? IPA marks all administratively set passwords
> as expired, so you need to authenticate and change the password before
> it is generally usable.
> IPA uses memberOf for its grouping in case you need to specify it.
> rob

Thank you very much Rob.

The use of separate user and group DNs gave me the clue to what I had to add in 
the OC LDAP settings.



Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to