I'm agree with the solution proposed by Tornóci László Other option is to allow the user to change his password without knowing his old password, maybe using a "reset password based on mail functionality". (Only users that plan to use a non-web based interface will be required to do that)
2013/6/26 Tornóci László <[email protected]> > On 06/26/2013 12:16 PM, alen vodopijevec wrote: > >> Dear OwnCloud-ers, >> >> we have a test implementation of Owncloud instance at our institution >> (since ver. 4.5.0). So far a dozen of our users happily share their >> files and collaborate. "user_saml" is working fine with OC 5.0.7. >> >> Current system specification: >> -- >> 1. Owncloud ver. 5.0.7 on Debian GNU Linux system (simplesaml sP) >> 2. A few standard plugins >> 3. user_saml plugin (with couple of adjustments regarding user >> filtering) for authentication through our national authentication and >> authorization system AAI@EduHr (http://www.aaiedu.hr) >> -- >> >> I'm experimenting with sync client (1.3.0) but there is catch. When user >> authenticates (user_saml) for the first time he/she gets a new record on >> "oc_users" table with random password -> OK.. simplesamlphp manages user >> login, so system password is not used for web logins. >> >> >> PROBLEM: >> Users cannot use sync clients because they don't know their random >> system password and they cannot even change it because of the same >> issue.. Admin user can change other user passwords (after applying patch >> https://github.com/owncloud/**core/commit/** >> 563f343291fb5d0292c66cb761a053**557bfdae47<https://github.com/owncloud/core/commit/563f343291fb5d0292c66cb761a053557bfdae47> >> ) >> .. thats ok but it's not the real solution. >> > > > I think there is a simple solution, if you have access to the LDAP that is > the backend to the identity provider service. Simply untick the "Autocreate > user after SAML login" and set up LDAP auth too. The first prevents the > creation of a record in oc_users. The second provides you auth for webdav > services. This setup works for me quite well. > > Yours: Laszlo > > ______________________________**_________________ > Owncloud mailing list > [email protected] > https://mail.kde.org/mailman/**listinfo/owncloud<https://mail.kde.org/mailman/listinfo/owncloud> > -- Sixto Pablo Martín García Ingeniero Informático Yaco Sistemas SL Teléfono +34 954 50 00 57 C/Rioja 5-1ª Planta 41001 Sevilla
_______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
