[owncloud-devel] Editing LDAP profile data

user3254 lulahlulah at yahoo.com
Fri Mar 11 08:29:52 GMT 2016


Dear Arthur,

Sorry I forgot this question (which is actually covered by the question of
feasibility): Will ownCloud use LDAP or database for authentication when the
user exists in both? 

Thanks!

2016-03-11 16:14 GMT+08:00 Morris Jobke <notifications at github.com>:
>
> Hi Arthur, 
>
> Thanks a lot for the reply. 
>
>
> > 
> > On Tue, 1 Mar 2016 03:06:49 -0700 (MST) 
> > user3254 <lulahlulah at yahoo.com> wrote: 
> > 
> > Hey Lucy, 
> > 
> > > Hi Arthur, 
> > > 
> > > I'm going to write and possibly contribute an app which can write to 
> > > LDAP and any modifications to user data in the MySQL database should 
> > > also be done in LDAP. 
> > > 
> > > Could you please eloborate the interfaces you mentioned? Which 
> > > methods need to be hooked in? 
> > 
> > Please keep the old mail quoted, so the context is not missing. If I 
> > would not have it in my maildir it would have been tough to find this 
> > again ;) 
> > 
> > Back then I was writing 
> > 
> > >>  However, I am open for needed interfaces or so in here if you 
> > >> follow the approach with an another app. 
> > 
> > That said, there is currently nothing that would let you interact with 
> > the LDAP backend. 
> > 
> > What we would need to do is to provide an public API in ownCloud core. 
> > Probably the basic methods would be user centered 
> > 
> > * translate an ownCloud username to the LDAP DN: This allows you to 
> >   work with a user record. 
> > 
> > * return the LDAP connection for the specified user (since more than 
> >   one LDAP server can be configured): This allows you to talk to the 
> >   LDAP server and you do not need to worry about establishing 
> >   connections and stuff 
> > 
> > Or is there anything else needed by you? 
>
>
> Wow, hm, I initially didn't think that a change in the ownCloud core is
> needed. Actually in our project, only user name and password must be
> stored in LDAP, storing additional attributes would have been a bonus. And
> as our schedule doesn't really allow us to wait for an ownCloud 9.1
> release, I'm now thinking whether I could just write an app that is cloned
> over from user_ldap using the same configs, connections etc. and hooks in
> to the following methods of \OC\User: 
>
> preSetPassword: save the password to LDAP. If any error in LDAP occurs,
> throw an exception and display a helpful message in ownCloud webUI. 
>
> preCreateUser: create a user in LDAP with the specified password. If any
> error in LDAP occurs, throw an exception and display a helpful message in
> ownCloud webUI. 
>
> preDelete:delete the corresponding user in LDAP. If any error in LDAP
> occurs, throw an exception and display a helpful message in ownCloud
> webUI. 
>
>
> Important questions would arise: Firstly, is it feasible? Secondly, how do
> you pass such a helpful message or error code to ownCloud webUI, for
> example in case of a LDAP password policy violation? And how to do that in
> the best way so that the app is not project specific, but can be used
> generically?  
>
> > 
> > Those methods need to be specified in an interface within a new folder 
> > lib/public/ldap/ 
> > 
> > There needs to be a default dummy implementation in core (lib/private/…) 
> > that would just throw exceptions, and an real implementation in 
> > apps/user_ldap/. Upon install/update it should override the default 
> > implementation and set it back when disabling. 
> > 
>
> Uhm, exceptions not debug messages? But then, I'm not familiar with the
> core yet :D 
>
>
> > The server (lib/private/server.php) would just receive a need method 
> > and provide an instance of that implementation. 
> > 
> > This is less complicated than may sound :) 
> > 
> > When this is done, your future app would just retrieve the instance via 
> > \OC::$server->getLDAPProvider() (maybe find a better name), which 
> > allows you to receive the DN of the user and the LDAP connection 
> > resource, allowing you to use all the PHP ldap_* methods to interact 
> > with the server. 
> > 
> > What do you think? 
>
> Well, it definitely sounds good. However if my proposal above is feasible,
> we would stick to that for time reasons. 
>
> > 
> > Cheers 
> > Arthur 
> > 
> > > 
> > 
> > 
>
> Your opinion is highly appreciated :) 
>
>
> Best regards, 
> Lucy
>
> > 
>
>



--
View this message in context: http://owncloud.10557.n7.nabble.com/Editing-LDAP-profile-data-tp15999p16872.html
Sent from the Developers mailing list archive at Nabble.com.


More information about the Devel mailing list