OK, I see.
The term access is misused.
The user filter is used to restrict user searches when sharing.
Thank you.
Antoine
Le 22/01/2015 13:01, Tornóci László a écrit :
On 01/22/2015 11:50 AM, Antoine Migeon wrote:
Laszlo,
If I understand the documentation, and the web GUI :
- user filter restrict access (define which user can use owncloud)
- login filter define which attributes can be used for "username", like
uid or email
You are right that the documentation is not clear, actually it is
likely to be misinterpreted. Really the user filter is just for who is
displayed in the list of users, and login filter decides who can
actually login. There is an example for a raw filter for the login
filter.
So in my opinion in your case:
raw user filter:
(& (objectclass=ubPerson)(isMemberOf=applis:calcul_numerique:ucn))
raw login filter:
(&(objectclass=ubPerson)(isMemberOf=applis:calcul_numerique:ucn)(uid=%uid))
should be ok. I myself use raw filters and LDAP just works fine with
owncloud. You can also use special attributes in the advanced setup too.
Yours: Laszlo
Unfortunately, raw user filter is never used.
Antoine
Antoine Migeon
Centre de Calcul et Messageries
Pôle des Systèmes d'information et des Usages du Numérique
Université de Bourgogne
Maison de l'université
Esplanade Erasme - BP 27877
21078 Dijon Cedex
Tel : 03 80 39 52 70
Le 21/01/2015 17:10, Tornóci László a écrit :
Hi Antoine,
On 01/21/2015 04:10 PM, Antoine Migeon wrote:
Hello,
I try to limit access to Owncloud with ldap filter. My openldap don't
support member-of-overlay.
In web GUI, the test button work fine and counter show the right
number
of users, but other users can still connect..
which means your userlist filter is fine, but your login filter is not
In ldap log (and owncloud debug log), I see the good filter when I
press
test button, and wrong filter (always objectClass=*) when user log on.
The raw user filter I want to use :
(& (objectclass=ubPerson)(isMemberOf=applis:calcul_numerique:ucn))
Using the login filter works fine, but I think this is the wrong way :
This should be ok as a login filter:
(&(objectclass=ubPerson)(isMemberOf=applis:calcul_numerique:ucn)(uid=%uid))
You can always check your actual settings directly in the database
like this:
select * from oc_appconfig where appid='user_ldap';
Yours: Laszlo
Regards,
Antoine
_______________________________________________
User mailing list
[email protected]
http://mailman.owncloud.org/mailman/listinfo/user
_______________________________________________
User mailing list
[email protected]
http://mailman.owncloud.org/mailman/listinfo/user
_______________________________________________
User mailing list
[email protected]
http://mailman.owncloud.org/mailman/listinfo/user
_______________________________________________
User mailing list
[email protected]
http://mailman.owncloud.org/mailman/listinfo/user
_______________________________________________
User mailing list
[email protected]
http://mailman.owncloud.org/mailman/listinfo/user
