Am 21.09.2012 12:11, schrieb Arthur Schiwon:
I think the main problem is, that owncloud only relies on its own database. It statically stores ldap user and group data in the tables oc_ldap_group_mapping, oc_ldap_group_members, and oc_ldap_user_mapping. And these tables are not up-to-date until you rescan the directoy.I think there is a misunderstanding. When you want to share a file and the list of shared users is supposed to be up to date, then every request will need to do a full scan. How else is the software (ownCloud) supposed to know the changes? Except your LDAP pushes a notification about it to ownCloud.
This is a different approach compared to other software products. I configured, for example, a drupal cms and a system monitoring software with ldap authentication. The access rights to certain features are based upon ldap groups. But, in contrast to owncloud, the software queries the ldap server each time a user tries to access a certain feature. This way, the access rights are always up-to-date. As soon as I add a user to an ldap group, the access is granted. And as soon as I delete a user from a group the access is denied.
That means, as soon as an owncloud user tries to access a file that is shared upon the members of an ldap group, oc has to make a request to the ldap server to see if the user is a member of the group. It should be sufficient to query the group memberships at login time. So they are valid until the user logs out. If a user is deleted from a group, the next time he logs in the access to a share will be denied.
I don't know how complicated it is to be implemented, but as other software works that way, it should be possible.
Dirk
smime.p7s
Description: S/MIME Kryptografische Unterschrift
_______________________________________________ Owncloud mailing list Owncloud@kde.org https://mail.kde.org/mailman/listinfo/owncloud
