[owncloud-user] Encryption problems after LDAP password is reset

Kevin Long kevin.long at haloprivacy.com
Fri Jan 13 08:28:50 GMT 2017


I have ownCloud 9.0.2 (from source, on debian jessie) deployed with Active Directory LDAP authentication configured.

We enabled server side encryption, and all the files on disk are encrypted .

This organization has a 90 day password reset policy. So after users reset their A.D. password, the following problems occur:

1. User tries to login to ownCloud UI , gets internal server error
2. User tries to log to ownCloud UI a second time, login succeeds, but clicking on any file results in “encryption not ready” (same error in desktop client as well)

^ This goes in a loop with subsequent logouts/logins. 

The files remain inaccessible to the end users.

I am assuming that the user’s LDAP password is used as the passphrase for his/her the encryption key, and there is some step that must be done by logging in to the webUI to update the passphrase after the LDAP password is change, and this instance is getting an internal server error at this step ?

Am I correct in saying that if you use LDAP and server side encryption,  that manual login to the webUI to change the passphrase is required,  and if so,  is this also true of database authentication, or just external auth w/LDAP?

Any suggestions/info greatly appreciated, 


Kevin Long

More information about the User mailing list