[Freeipa-users] OC and FreeIPA
Jonathan J. Ramirez C.
jonathan.ramirez at solmar.com
Wed Jul 16 23:48:20 UTC 2014
-----Original Message-----
From: Rob Crittenden <rcritten at redhat.com>
To: Jonathan J. Ramirez C. <jonathan.ramirez at solmar.com>,
freeipa-users at redhat.com
Subject: Re: [Freeipa-users] OC and FreeIPA
Date: Wed, 16 Jul 2014 14:12:34 -0400
Jonathan J. Ramirez C. wrote:
> Hi.
>
> Does anybody here know how to properly set up ownCloud 6.0.4 to work
> with FreeIPA 3.3.5? I keep getting these messages when trying to logon
> to OC with a created account in FreeIPA.
>
> Here's a sample:
>
> ownCloud[2182]: {user_ldap} initializing paged search for
> FilterobjectClass=* base Array ([0] =>
> uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com) attr ipauniqueid limit
> 99999 offset 0
> ownCloud[2182]: {user_ldap} Ready for a paged search
> ownCloud[2182]: {user_ldap} Requested attribute ipauniqueid not found
> for uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com
> ownCloud[2182]: {user_ldap} Could not autodetect the UUID attribute
> ownCloud[2182]: {user_ldap} Cannot determine UUID for
> uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com. Skipping.
> ownCloud[2182]: {core} Login failed: user 'jonram' , wrong password,
> IP:set log_authfailip=true in conf
>
> I'm really new to OC and IPA so I don't know where to poke to make it
> work. I'll much appreciate any hint.
> I've never dealt with OC before but I scanned the LDAP docs quickly.
>
> You will want to set separate user and group base DNs. It is using the
> compat tree and that is likely the wrong thing in this case.
>
> Users: cn=users,cn=accounts,dc=mydomain,dc=com
> Groups: cn=groups,cn=accounts,dc=mydomain,dc=com
>
> That will fix the UUID issue at least.
>
> Have you set a password for this user account, and have you
> authenticated with it yet? IPA marks all administratively set passwords
> as expired, so you need to authenticate and change the password before
> it is generally usable.
>
> IPA uses memberOf for its grouping in case you need to specify it.
>
> rob
Thank you very much Rob.
The use of separate user and group DNs gave me the clue to what I had to add in the OC LDAP settings.
Regards.
JonRam.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140716/28dd935c/attachment.htm>
More information about the Freeipa-users
mailing list