New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LDAP authentication #2879
Comments
@blizzz do you understand whats going on here? |
@dragotin i assume the client wants to authenticate, but the LDAP server is down so it does not succeed and subsequently the client cries for a new password. |
So what happens is that the server can not validate the password against the LDAP and thus it returns 401 to the client? Why doesn't it use the session header? @blizzz |
@dragotin most likely, with LDAP being offline user existence cannot be verified. |
@Bran-Ko which server version are you using? @LukasReschke afaik for oc8 we did change the cookie/basic auth validation. Background the client is always sending basic auth headers and cookies - this might lead to the effect that the session is not reused???? |
just another reason why we should move away from the cookie and basic auth kung-fu - long live OAuthy-Fu |
I did some tests locally, though not connected to a LDAP server. If both, a valid cookie, as well as a basic auth header is provided the server will prefer the cookie and not request a reauthentication. My best guess here is that |
No, that's not the problem, we have them in the mappings table. The thing is, that we would have it there, even if the user was removed or disabled in LDAP. |
I have a similar issue. Background: Once LDAP goes down the ownCloud client forgets the last used password. Then when LDAP is available again it asks the user to enter their password. Ideally the client should retry the connection with the saved password before asking the user for a new one. Environment: Debian 7.5 (root vps) |
@waspinator But then how to know how long to retry with the saved password? For you it is 10 minutes (vs 10 secs for @Bran-Ko) , but what if the user actually changed their password in AD but the oC client does not prompt for the password? |
@DeepDiver1975 @LukasReschke @blizzz Is there a way for the oC auth plugin to return HTTP 500 or so for WebDAV if it is configured to use LDAP? |
@guruz you may show the dialogue, but keep it filled wiht the known password. Currently there is nothing foreseen to create a 500 or something else in this scenario. |
Sorry I was outside... But I think it will be sufficient |
I using local owncloud and LDAP authentization. But every time when I update/reboot LDAP server local client (on windows) wants login. Restart of sever took 10-20sec - I mean that client is very sensitive. Can you extend this time for connect LDAP ? Or is it possible to configure it on server ?
The text was updated successfully, but these errors were encountered: