Re: [Owncloud] AD : How to restrict access to someuser

Wed, 30 Jan 2013 05:21:06 -0800 

On 01/17/2013 11:31 AM, MOKRANI Rachid wrote:

Many many thanks Holger,

With your suggestion, now I can restrict owncloud access to only some users. 
Many many thanks !


But I don't really understand how work "Groups" and "Group Admin" in the web 
Setting/Users interface now.

After save LDAP setting, I can see only the users that I add in AD 
OwnCloudGroup. It's OK.


But all users are members of Groups = Groups (option : I can set a user "admin")

and are members of Group Admin = Group Admin   (I have no option)

I don't really understand how work this Groups and group Admin.


With the group filter not set (i.e. empty) no AD groups will appear.
For instance, try to set it to: objectClass=group

Cheers
Arthur






My new config.

  LDAP Basic
  Host = my_hostname.exemple.com
  Base DN = DC=exemple,DC=com
  User DN = cn=adminad,ou=DIR,dc=exemple,dc=com
  Password = adminad user password
  User Login Filter = 
(&(&(sAMAccountName=%uid)(objectClass=user))(memberOf=CN=OwnCloudGroup,OU=OwnCloudAccess,DC=exemple,DC=com))
  User List Filter = 
memberOf=CN=OwnCloudGroup,OU=OwnCloudAccess,DC=exemple,DC=com
  Group Filter =

  Advanced
  Base User Tree= OU=DIR,DC=exemple,DC=com
  Base Group Tree = OU=OwnCloud,DC=exemple,DC=com
  Group-Member association = member (AD)
  User Display Name Field = sAMAccountName
  Group Display Name Field = sAMAccountName





-----Message d'origine-----
De : Holger Angenent [mailto:[email protected]]
Envoyé : jeudi 17 janvier 2013 10:48
À : [email protected]; MOKRANI Rachid
Objet : Re: [Owncloud] AD : How to restrict access to someuser

Hi,

I use the same setting and for me, it works.
My configuration is:

Host: hostname_of_domaincontroller
Base-DN: OU=Project-Users,DC=domain,DC=de
User-DN: CN=username,OU=Admins,DC=domain,DC=de
User-Login-Filter:
(&(&(sAMAccountName=%uid)(objectClass=user))(memberOf=CN=u0ziv
mit,OU=Projekt-Gruppen,DC=domain,DC=de))
User-List-Filter:
memberOf=CN=u0zivmit,OU=Project-Groups,DC=domain,DC=de
Group Filter: empty

Advanced:
Group Member association: member(AD)
User Display Name Field: cn
Group Display Name Field: cn

As far as I can see it, you need both the User-Login-Filter and
User-List-Filter. The former to restrict the other users from logging
in, the latter to get the right user list in the user
administration menu.

Best regards,
Holger

Am 17.01.2013 10:31, schrieb MOKRANI Rachid:

Hi,

OwnCloud = v 4.5.4

I have AD W2003 with more than 1000 users. I would like to

restrict OwnCloud access to some users only, but no luck.


My domain = exemple.com
I have an OU "DIR" with all my users (more than 1000 users).
In the OU "DIR" I have différent groups. (Group1 - Group2 -

Group3 ....)


I created a new OU ine the Base DN = "OwnCloudAccess"
In this new OU I created a new group "OwnCloudGroup" and

add 10 users.



But no luck, all users can always connect....


My conf.

LDAP Basic
Host = my_hostname.exemple.com
Base DN = DC=exemple,DC=com
User DN = cn=adminad,ou=DIR,dc=exemple,dc=com
Password = adminad user password
User Login Filter = sAMAccountName=%uid
User List Filter =

(&(memberOf=OU=OwnCloudAcess,CN=OwnCloudGroup,DC=exemple,DC=com))

Group Filter =

(&(memberOf=OU=OwnCloudAcess,CN=OwnCloudGroup,DC=exemple,DC=com))




Advanced
Base User Tree= OU=DIR,DC=exemple,DC=com
Base Group Tree = OU=OwnCloud,DC=exemple,DC=com
Group-Member association = member (AD)
User Display Name Field = sAMAccountName
Group Display Name Field = sAMAccountName


Any help about the good config ?

Best regards.
__________________________
Avant d'imprimer, pensez à l'environnement ! Please

consider the environment before printing !

Ce message et toutes ses pièces jointes sont confidentiels

et établis à l'intention exclusive de ses destinataires.
Toute utilisation non conforme à sa destination, toute
diffusion ou toute publication, totale ou partielle, est
interdite, sauf autorisation expresse. IFP Energies nouvelles
décline toute responsabilité au titre de ce message. This
message and any attachments are confidential and intended
solely for the addressees. Any unauthorised use or
dissemination is prohibited. IFP Energies nouvelles should
not be liable for this message.

__________________________

_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud




__________________________
Avant d'imprimer, pensez à l'environnement ! Please consider the environment 
before printing !
Ce message et toutes ses pièces jointes sont confidentiels et établis à 
l'intention exclusive de ses destinataires. Toute utilisation non conforme à sa 
destination, toute diffusion ou toute publication, totale ou partielle, est 
interdite, sauf autorisation expresse. IFP Energies nouvelles décline toute 
responsabilité au titre de ce message. This message and any attachments are 
confidential and intended solely for the addressees. Any unauthorised use or 
dissemination is prohibited. IFP Energies nouvelles should not be liable for 
this message.
__________________________

_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud


_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud

Reply via email to