[Freeipa-users] OC and FreeIPA

Rob Crittenden rcritten at redhat.com
Thu Jul 17 14:33:50 UTC 2014 

Jonathan J. Ramirez C. wrote:
> -----Original Message-----
> *From*: Rob Crittenden <rcritten at redhat.com
> <mailto:Rob%20Crittenden%20%3crcritten at redhat.com%3e>>
> *To*: Jonathan J. Ramirez C. <jonathan.ramirez at solmar.com
> <mailto:%22Jonathan%20J.%20Ramirez%20C.%22%20%3cjonathan.ramirez at solmar.com%3e>>,
> freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
> *Subject*: Re: [Freeipa-users] OC and FreeIPA
> *Date*: Wed, 16 Jul 2014 14:12:34 -0400
> 
> Jonathan J. Ramirez C. wrote:
>> Hi.
>> 
>> Does anybody here know how to properly set up ownCloud 6.0.4 to work
>> with FreeIPA 3.3.5? I keep getting these messages when trying to logon
>> to OC with a created account in FreeIPA.
>> 
>> Here's a sample:
>> 
>> ownCloud[2182]: {user_ldap} initializing paged search for 
>> FilterobjectClass=* base Array ([0] =>
>> uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com) attr ipauniqueid limit
>> 99999 offset 0
>> ownCloud[2182]: {user_ldap} Ready for a paged search
>> ownCloud[2182]: {user_ldap} Requested attribute ipauniqueid not found
>> for uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com
>> ownCloud[2182]: {user_ldap} Could not autodetect the UUID attribute
>> ownCloud[2182]: {user_ldap} Cannot determine UUID for
>> uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com. Skipping.
>> ownCloud[2182]: {core} Login failed: user 'jonram' , wrong password,
>> IP:set log_authfailip=true in conf
>> 
>> I'm really new to OC and IPA so I don't know where to poke to make it
>> work. I'll much appreciate any hint.
> 
> 
>> I've never dealt with OC before but I scanned the LDAP docs quickly.
>>
>> You will want to set separate user and group base DNs. It is using the
>> compat tree and that is likely the wrong thing in this case.
>>
>> Users: cn=users,cn=accounts,dc=mydomain,dc=com
>> Groups: cn=groups,cn=accounts,dc=mydomain,dc=com
>>
>> That will fix the UUID issue at least.
>>
>> Have you set a password for this user account, and have you
>> authenticated with it yet? IPA marks all administratively set passwords
>> as expired, so you need to authenticate and change the password before
>> it is generally usable.
>>
>> IPA uses memberOf for its grouping in case you need to specify it.
>>
>> rob
> 
> Thank you very much Rob.
> 
> The use of separate user and group DNs gave me the clue to what I had to add in the OC LDAP settings.

Great news. If you have the time and inclication I'd encourage you to
consider writing up a short how-to on our wiki at
http://www.freeipa.org/page/HowTos

regards

rob

More information about the Freeipa-users mailing list