On 06/26/2013 01:24 PM, alen vodopijevec wrote:
On 06/26/2013 12:46 PM, Tornóci László wrote:
I think there is a simple solution, if you have access to the LDAP
that is the backend to the identity provider service. Simply untick
the "Autocreate user after SAML login" and set up LDAP auth too. The
first prevents the creation of a record in oc_users. The second
provides you auth for webdav services. This setup works for me quite
well.
Thank you for your suggestion. We don't have access to LDAP database ..
AAI@EduHr is a service in front of all individual LDAP databases located
at our academic and research institutions - so, LDAP auth is not an
option in this case.
Most of my users are employees of my university. We also have a
federated auth system like you, but the federation just provides a
"where are you from" service, and the IdP-s are local. Since I provide
the local IdP service as well, it is not a problem to access the LDAP
too. LDAP auth also gives you LDAP groups, quota management etc.
The nice thing about this is that OC allows you to mix locally defined
users and users defined in LDAP. You can define local groups alongside
of groups defined in LDAP too. So I define users who are not in my LDAP
dir as local OC users, and this works quite well.
However, if you want to provide OC service to lots of people who are in
the federation, but not in the local LDAP (or simply there is no way to
access the local LDAP - but that is silly), you are in trouble. I would
probably write a web front end to set up local OC users based on the
federated authentication data, and would let my users to pick their own
passwords stored in oc_users. And I would not use SAML auth in OC at
all. Otherwise you will have loads of problems because people may have
two different passwords to access different services in OC.
An alternative possibility to automatically mail the generated password
to your users. But this also leads to the 2 passwords problem.
Yours: Laszlo
_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud
