[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] OC and FreeIPA

-----Original Message-----
From: Rob Crittenden <rcritten redhat com>
To: Jonathan J. Ramirez C. <jonathan ramirez solmar com>
Cc: freeipa-users redhat com
Subject: Re: [Freeipa-users] OC and FreeIPA
Date: Thu, 17 Jul 2014 10:33:50 -0400

Jonathan J. Ramirez C. wrote:
> -----Original Message-----
> *From*: Rob Crittenden <rcritten redhat com
> <mailto:Rob%20Crittenden%20%3crcritten redhat com%3e>>
> *To*: Jonathan J. Ramirez C. <jonathan ramirez solmar com
> <mailto:%22Jonathan%20J %20Ramirez%20C %22%20%3cjonathan ramirez solmar com%3e>>,
> freeipa-users redhat com <mailto:freeipa-users redhat com>
> *Subject*: Re: [Freeipa-users] OC and FreeIPA
> *Date*: Wed, 16 Jul 2014 14:12:34 -0400
> Jonathan J. Ramirez C. wrote:
>> Hi.
>> Does anybody here know how to properly set up ownCloud 6.0.4 to work
>> with FreeIPA 3.3.5? I keep getting these messages when trying to logon
>> to OC with a created account in FreeIPA.
>> Here's a sample:
>> ownCloud[2182]: {user_ldap} initializing paged search for 
>> FilterobjectClass=* base Array ([0] =>
>> uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com) attr ipauniqueid limit
>> 99999 offset 0
>> ownCloud[2182]: {user_ldap} Ready for a paged search
>> ownCloud[2182]: {user_ldap} Requested attribute ipauniqueid not found
>> for uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com
>> ownCloud[2182]: {user_ldap} Could not autodetect the UUID attribute
>> ownCloud[2182]: {user_ldap} Cannot determine UUID for
>> uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com. Skipping.
>> ownCloud[2182]: {core} Login failed: user 'jonram' , wrong password,
>> IP:set log_authfailip=true in conf
>> I'm really new to OC and IPA so I don't know where to poke to make it
>> work. I'll much appreciate any hint.
>> I've never dealt with OC before but I scanned the LDAP docs quickly.
>> You will want to set separate user and group base DNs. It is using the
>> compat tree and that is likely the wrong thing in this case.
>> Users: cn=users,cn=accounts,dc=mydomain,dc=com
>> Groups: cn=groups,cn=accounts,dc=mydomain,dc=com
>> That will fix the UUID issue at least.
>> Have you set a password for this user account, and have you
>> authenticated with it yet? IPA marks all administratively set passwords
>> as expired, so you need to authenticate and change the password before
>> it is generally usable.
>> IPA uses memberOf for its grouping in case you need to specify it.
>> rob
> Thank you very much Rob.
> The use of separate user and group DNs gave me the clue to what I had to add in the OC LDAP settings.

Great news. If you have the time and inclination I'd encourage you to
consider writing up a short how-to on our wiki at



I will do that. As soon as I wrap it all up, I'll write a short tutorial.

Again, thanks.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]