Hello, we have recently evaluated OwnCloud for use at our institute and I have mentioned before that we were impressed with many features of OwnCloud (positive feedback from our testers on several platforms, smooth installation, good architecture, nice interface). Our main concern so far has been the lack of a "one-time password support" (authentication by temporary token for first-time users who then have to choose a new password). Related to this is the need to create accounts in an automated fashion (for integration with other services, i.e. a ticketing system).
We now have a short PHP script that addresses these points using OwnCloud infrastructure, our solution requires the MySQL backend. Some details: (1) the following commandline call creates a new user "Albert Einstein" with login "aeinstein", mail address "[email protected]" and sends an E-mail to "[email protected]" containing a link with an authentication token, enabling "aeinstein" to set his password (this is the only possible action with this link). php mpinf_rpwd.php aeinstein "Albert Einstein" [email protected] (2) Our approach uses parts of OwnCloud's "lost password" feature, but our mail template is slightly different: "[...] you have received this automatically generated E-mail because you are either a new user at our institute's OwnCloud-service or have requested to reset your password. Please use the following link to set a new (and strong) password: https://owncloud.abc.de/index.php/lostpassword/reset/c06291c393cb4bbec191cd1d3eb8edcf2bcb727e9a0f045791b557446xsf6789/aeinstein After setting the password, you can use the service at https://owncloud.abc.de Username: aeinstein [...]" (3) Creating user entries in the MySQL database, including the E-mail settings: $stmt = $db->query("SELECT * FROM oc_users WHERE uid=" .$db->quote($login)); $row =$stmt->fetch(); if ($row) { print "*** ERROR: login already exists with display name: \"" .$row["displayname"]."\"\n"; die (); } print "* login does not yet exist: OK.\n"; $stmt = $db->exec("INSERT INTO oc_users (uid, displayname, password)" ." VALUES (" .$db->quote($login)."," .$db->quote($display)."," .$db->quote($password) .")"); $stmt = $db->exec("INSERT INTO oc_preferences" ." VALUES (" .$db->quote($login)."," .$db->quote("files")."," .$db->quote("cache_version")."," .$db->quote("5") .")"); $stmt = $db->exec("INSERT INTO oc_preferences" ." VALUES (" .$db->quote($login)."," .$db->quote("settings")."," .$db->quote("email")."," .$db->quote($email) .")"); (4) Using OwnCloud's "Lost-Password"-Infrastructure: require_once 'lib/base.php'; ... $token = hash('sha256', OC_Util::generate_random_bytes(30).OC_Config::getValue('passwordsalt', '')); OC_Preferences::setValue($login, 'owncloud', 'lostpassword', hash('sha256', $token)); $email = OC_Preferences::getValue($login, 'settings', 'email', ''); $link = OC_Helper::linkToRoute('core_lostpassword_reset', array('user' => $login, 'token' => $token)); ... // insert $link into our own mail template, sent to $email This approach seems to work well for us and we hope other users find it useful, too. Best regards, Stefan -- Dr. Stefan Vollmar, Dipl.-Phys. Head of IT group Max-Planck-Institut für neurologische Forschung Gleueler Str. 50, 50931 Köln, Germany Tel.: +49-221-4726-213 FAX +49-221-4726-298 Tel.: +49-221-478-5713 Mobile: 0160-93874279 E-Mail: [email protected] http://www.nf.mpg.de
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
