<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8"> <META NAME="GENERATOR" CONTENT="GtkHTML/4.6.6"> </HEAD> <BODY> <BLOCKQUOTE TYPE=CITE> <PRE> -----Original Message----- </PRE> From: Rob Crittenden <<A HREF="mailto:Rob%20Crittenden%20%3crcritten@redhat.com%3e">rcritten@redhat.com</A>> To: Jonathan J. Ramirez C. <<A HREF="mailto:%22Jonathan%20J.%20Ramirez%20C.%22%20%3cjonathan.ramirez@solmar.com%3e">jonathan.ramirez@solmar.com</A>> Cc: <A HREF="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</A> Subject: Re: [Freeipa-users] OC and FreeIPA Date: Thu, 17 Jul 2014 10:33:50 -0400 <PRE> Jonathan J. Ramirez C. wrote: > -----Original Message----- > *From*: Rob Crittenden <<A HREF="mailto:rcritten@redhat.com">rcritten@redhat.com</A> > <<A HREF="mailto:Rob%20Crittenden%20%3crcritten@redhat.com">mailto:Rob%20Crittenden%20%3crcritten@redhat.com</A>%3e>> > *To*: Jonathan J. Ramirez C. <<A HREF="mailto:jonathan.ramirez@solmar.com">jonathan.ramirez@solmar.com</A> > <<A HREF="mailto:%22Jonathan%20J.%20Ramirez%20C.%22%20%3cjonathan.ramirez@solmar.com">mailto:%22Jonathan%20J.%20Ramirez%20C.%22%20%3cjonathan.ramirez@solmar.com</A>%3e>>, > <A HREF="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</A> <<A HREF="mailto:freeipa-users@redhat.com">mailto:freeipa-users@redhat.com</A>> > *Subject*: Re: [Freeipa-users] OC and FreeIPA > *Date*: Wed, 16 Jul 2014 14:12:34 -0400 > > Jonathan J. Ramirez C. wrote: >> Hi. >> >> Does anybody here know how to properly set up ownCloud 6.0.4 to work >> with FreeIPA 3.3.5? I keep getting these messages when trying to logon >> to OC with a created account in FreeIPA. >> >> Here's a sample: >> >> ownCloud[2182]: {user_ldap} initializing paged search for >> FilterobjectClass=* base Array ([0] => >> uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com) attr ipauniqueid limit >> 99999 offset 0 >> ownCloud[2182]: {user_ldap} Ready for a paged search >> ownCloud[2182]: {user_ldap} Requested attribute ipauniqueid not found >> for uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com >> ownCloud[2182]: {user_ldap} Could not autodetect the UUID attribute >> ownCloud[2182]: {user_ldap} Cannot determine UUID for >> uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com. Skipping. >> ownCloud[2182]: {core} Login failed: user 'jonram' , wrong password, >> IP:set log_authfailip=true in conf >> >> I'm really new to OC and IPA so I don't know where to poke to make it >> work. I'll much appreciate any hint. > > >> I've never dealt with OC before but I scanned the LDAP docs quickly. >> >> You will want to set separate user and group base DNs. It is using the >> compat tree and that is likely the wrong thing in this case. >> >> Users: cn=users,cn=accounts,dc=mydomain,dc=com >> Groups: cn=groups,cn=accounts,dc=mydomain,dc=com >> >> That will fix the UUID issue at least. >> >> Have you set a password for this user account, and have you >> authenticated with it yet? IPA marks all administratively set passwords >> as expired, so you need to authenticate and change the password before >> it is generally usable. >> >> IPA uses memberOf for its grouping in case you need to specify it. >> >> rob > > Thank you very much Rob. > > The use of separate user and group DNs gave me the clue to what I had to add in the OC LDAP settings. Great news. If you have the time and inclination I'd encourage you to consider writing up a short how-to on our wiki at <A HREF="http://www.freeipa.org/page/HowTos">http://www.freeipa.org/page/HowTos</A> regards rob </PRE> </BLOCKQUOTE> <PRE> I will do that. As soon as I wrap it all up, I'll write a short tutorial. Again, thanks. </PRE> </BODY> </HTML>