New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LDAP: Domain Users are not being loaded with User Filter #13533
Comments
Updating the post with an exact php version: PHP 5.4.34 (cli) (built: Oct 16 2014 10:19:38) |
@sbelov1 what are the reproduction steps? What is the LDAP config? Hint: https://raw.githubusercontent.com/owncloud/core/master/issue_template.md |
@blizzz oh yes, and we have requested for LDAP config. I'll update once we get it back from customer. |
ok, in the meantime, the missing users have "Domain Users" assigned as their primary group? |
@blizzz I believe so, yes. Looks like something we've already resolved, didn't we? |
i am not aware, just that rework of primary group handling is still on my list (but for other reasons). And unfortunately everything works with my test AD. |
@blizzz would it be easier jumping on a quick call with customer? They've been having this issue for awhile now. It could be something specific to their environment as I'm not having this type of issue with anyone else. |
Not really, at least not that alone. I would provide a patch to gather some debug output instead. |
@blizzz sounds good. Should I expect the patch now or do we have to wait for the LDAP config output from customer first? |
@sbelov1 I'd like to LDAP have a look on the config first. |
@blizzz please check your email for the output. |
I follow up there, stay tuned. |
Oh, and for a manual workaround: currently there is no group limitation in user or login filter. To make this work with primary groups do as follow: Change User Filter from
To
and Login filter from
To
In both cases you must insert the whole DN of the domain users group in the memberof= pair. The primaryGroupID should be 513 for Domain Users. Otherwise you can get details of a user's domain group using this script: https://gist.github.com/blizzz/101e17cdc1d399031b50#file-primgrtest-php Example usage and output:
It should not be necessary in this case though. |
OK, i think i have a fix here: #13740 |
@blizzz sounds good. Please let me know the instructions for applying it once its all set. |
@sbelov1 here is the corresponding PR for stable7: #13742 You can get a diff here https://github.com/owncloud/core/pull/13742.diff, save it and apply it using patch against 7.0.4 (worked for me):
|
@blizzz this patch wouldn't affect any changes to the database or anything, right? Just a php code? Just wanted to make sure its safe to run as customer is on a production environment. |
@sbelov1 exactly. If you took it from before, please save it again, i did a fix there. About code quality in general: yet it has neither not been tested by someone else and from review side got only few comments on coding style and inline documentation. |
@blizzz I'll let Allen take it from here. Please let me know if there's I can do.. |
@craigpg @bboule @blizzz I will coordinate a time to install with the customer. |
@blizzz I have another prospect experiencing same/similar issue. A user selects Domain Users group -> only 2 users are shown under User Filter (should be much more) -> 2 users are shown under Users Page -> Only those two users can login. Does it sound like the same issue? If it does, can we please update the patch to 8.0.2 because that's the version we're using. Unless we ported it into 8.0.3 in which case, I'll just update their build. |
@blizzz ? |
I can get you an 8.0.3 for testing 13533 if that helps |
Can we stop apply random patches to production instances. If the patch is verified to fix an issue, we should get it into the next patch release and provide that for a production environment. |
I agree with @MorrisJobke We have to handle such problems this more coordinated and professionally |
@bboule @MorrisJobke @sbelov1 @karlitschek |
@blizzz, has this patch made it into a release yet? |
If you referring to #13533 (comment), this still waits for a test result from @gig13. If you refer to the patch mentioned in #13533 (comment) it probably refers to #13742. Which is a backport of #13740 which made it to 8.0.2. However, the patch in #13533 (comment) would need to be applied to OC 8 as well. I will do a PR out of it. |
This is odd. The prospect having this issue was running 8.0.2. However, I've just applied this patch in my internal lab and it did fix the issue. Are we sure it made it to 8.0.2? From the notes on #13740 it looks like its in 8.1 milestone. Please clarify. |
Indeed, it was not backported to stable8. |
Patch from #13533 (comment) is added to #15606 (eventually needs to be backported to OC 8, too). For OC 7 it is added to #13742 which incorporates the backport of #15606 already, since the issues are connected and it was open for so long. |
Stable8 backport is in #16456 |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Environment:
OC v7.0.4 on apache
CentOS 6.5
php 5.4.32
MySQL
AD LDAP
Description: Customer is attempting to select just a Domain Users group from the User Filter, however only 2 (as oppose to 200) are shown. As a workaround we have to either use a different group or allow all the groups to login with OC.
Here's the log excerpt:
@gig13
The text was updated successfully, but these errors were encountered: