Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

user data removed (on clients) on LDAP outage on the server #22313

Closed
umlaeute opened this issue Feb 11, 2016 · 13 comments
Closed

user data removed (on clients) on LDAP outage on the server #22313

umlaeute opened this issue Feb 11, 2016 · 13 comments
Labels

Comments

@umlaeute
Copy link

@umlaeute umlaeute commented Feb 11, 2016

Steps to reproduce

  1. setup owncloud to authenticate users against LDAP
  2. have the oc-client of user ada automatically sync
  3. remove user ada from LDAP

Expected behaviour

the server tells the client that the user does not exist and that it should go away.
the client should then stop synching and try again after some time (10 minutes).

Actual behaviour

the server tells the client that there is no data.
the client syncs with the empty directory, removing all files previously synched.

leading to data loss on the client-side.

Server configuration

Operating system:

Debian/jessie 8.3 (amd64)

Web server:

apache 2.4.10-10+deb8u4

Database:

PostgreSQL 9.4.5-0+deb8u

PHP version:

5.6.17+dfsg-0+deb8u

ownCloud version: (see ownCloud admin page)

7.0.4+dfsg-4~deb8u4

Updated from an older ownCloud or fresh install:

updated

Signing status (ownCloud 9.0 and above):

n/a

List of activated apps:

  • Enabled
    • activity
    • calendar
    • contacts
    • documents
    • files
    • files_pdfviewer
    • files_sharing
    • files_texteditor
    • files_trashbin
    • files_versions
    • files_videoviewer
    • firstrunwizard
    • gallery
    • search_lucene
    • user_ldap
  • Disabled:
    • admin_dependencies_chk
    • bookmarks
    • external
    • files_encryption
    • files_external
    • templateeditor
    • user_external
    • user_webdavauth

The content of config/config.php:

<?php
$CONFIG = array (
  'instanceid' => 'ocb6155c0dd2',
  'dbtype' => 'pgsql',
  'passwordsalt' => 'XXX',
  'datadirectory' => '/usr/share/owncloud/data',
  'version' => '7.0.4.2',
  'appstoreenabled' => false,
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/usr/share/owncloud/apps',
      'url' => '/apps',
      'writable' => false,
    ),
  ),
  'dbname' => 'owncloud',
  'dbhost' => 'localhost',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'XXX',
  'dbpassword' => 'XXX',
  'installed' => true,
  'ldapIgnoreNamingRules' => false,
  'forcessl' => true,
  'theme' => 'example',
  'loglevel' => '2',
  'name' => 'iemCloud',
  'title' => 'iemCloud',
  'maintenance' => false,
  'trusted_domains' => 
  array (
    0 => 'cloud.example.com',
    1 => 'cloud.local',
  ),
  'mail_from_address' => 'noc',
  'mail_smtpmode' => 'smtp',
  'mail_domain' => 'example.com',
  'mail_smtphost' => 'mail.local',
  'mail_smtpport' => '25',
  'secret' => 'XXX',
);

Are you using external storage, if yes which one: local/smb/sftp/...

NFS

Are you using encryption:

yes (https)

the data itself is not encrypted on the storage.

Are you using an external user-backend, if yes which one:

LDAP

LDAP configuration (delete this part if not used)

+------------------------------+---------------------------------------------+
| Configuration                | s02                                         |
+------------------------------+---------------------------------------------+
| hasMemberOfFilterSupport     |                                             |
| hasPagedResultSupport        |                                             |
| homeFolderNamingRule         |                                             |
| lastJpegPhotoLookup          | 0                                           |
| ldapAgentName                |                                             |
| ldapAgentPassword            | ***                                         |
| ldapAttributesForGroupSearch |                                             |
| ldapAttributesForUserSearch  | cn;uid;gecos                                |
| ldapBackupHost               |                                             |
| ldapBackupPort               |                                             |
| ldapBase                     | o=Staff,o=organization,dc=example,dc=com    |
| ldapBaseGroups               | o=organization,dc=example,dc=com    |
| ldapBaseUsers                | ou=people,o=Staff,o=organization,dc=example,dc=com  |
| ldapCacheTTL                 | 600                                         |
| ldapConfigurationActive      | 1                                           |
| ldapEmailAttribute           | mail                                        |
| ldapExperiencedAdmin         | 1                                           |
| ldapExpertUUIDGroupAttr      |                                             |
| ldapExpertUUIDUserAttr       |                                             |
| ldapExpertUsernameAttr       |                                             |
| ldapGroupDisplayName         | cn                                          |
| ldapGroupFilter              |                                             |
| ldapGroupFilterGroups        |                                             |
| ldapGroupFilterMode          | 1                                           |
| ldapGroupFilterObjectclass   | posixGroup                                  |
| ldapGroupMemberAssocAttr     | uniqueMember                                |
| ldapHost                     | ldaps://ldap.example.com                  |
| ldapIgnoreNamingRules        |                                             |
| ldapLoginFilter              | (&(|(objectclass=inetOrgPerson))(uid=%uid)) |
| ldapLoginFilterAttributes    |                                             |
| ldapLoginFilterEmail         | 0                                           |
| ldapLoginFilterMode          | 1                                           |
| ldapLoginFilterUsername      | 1                                           |
| ldapNestedGroups             | 0                                           |
| ldapNoCase                   | 0                                           |
| ldapOverrideMainServer       | 0                                           |
| ldapPagingSize               | 500                                         |
| ldapPort                     | 636                                         |
| ldapQuotaAttribute           |                                             |
| ldapQuotaDefault             |                                             |
| ldapTLS                      | 0                                           |
| ldapUserDisplayName          | cn                                          |
| ldapUserFilter               | (|(objectclass=inetOrgPerson))              |
| ldapUserFilterGroups         |                                             |
| ldapUserFilterMode           | 1                                           |
| ldapUserFilterObjectclass    | inetOrgPerson                               |
| ldapUuidGroupAttribute       | auto                                        |
| ldapUuidUserAttribute        | auto                                        |
| turnOffCertCheck             | 0                                           |
+------------------------------+---------------------------------------------+
@PVince81
Copy link
Contributor

@PVince81 PVince81 commented Feb 11, 2016

ownCloud 7 will only receive security updates, you might want to try upgrading to more recent versions.

@MorrisJobke @blizzz in which version was the LDAP availability fix in ?

@blizzz
Copy link
Contributor

@blizzz blizzz commented Feb 11, 2016

Any 8.x version has it

@umlaeute
Copy link
Author

@umlaeute umlaeute commented Feb 11, 2016

do you have a reference (PR#) to the LDAP availability fix?

i will check why Debian's ownCloud has not been updated for ages.

@blizzz
Copy link
Contributor

@blizzz blizzz commented Feb 11, 2016

The one closes to OC 7 – the 8.0 backport – is here: #15797
however it is pretty mighty.

@MorrisJobke
Copy link
Contributor

@MorrisJobke MorrisJobke commented Feb 12, 2016

Closing as this is fixed in our version 7.0.6.

@DeepDiver1975 DeepDiver1975 changed the title user data removed (on clients) on LDAP outage on the server user data removed (on clients) on LDAP outage on the server Feb 12, 2016
@MorrisJobke
Copy link
Contributor

@MorrisJobke MorrisJobke commented Feb 12, 2016

@umlaeute We recommend to not use the debian package because it is a very old version that still suffers many bugs that are fixed in more recent versions (on the stable7 branch as well as in 8.0.x, 8.1.x and 8.2.x)

We also provide packages (https://owncloud.org/install/#instructions-server) and we also do security backports for stable versions for at least 18 months: https://github.com/owncloud/core/wiki/Maintenance-and-Release-Schedule

@blizzz
Copy link
Contributor

@blizzz blizzz commented Feb 12, 2016

Woah, sorry for my misinformation. Thanks for clearing this up @MorrisJobke

@MorrisJobke
Copy link
Contributor

@MorrisJobke MorrisJobke commented Feb 12, 2016

Woah, sorry for my misinformation. Thanks for clearing this up @MorrisJobke

It is the same stuff that was actually the problem with the ubuntu packages 1.5 year ago. This is the same package but the debian version of it.

@MorrisJobke
Copy link
Contributor

@MorrisJobke MorrisJobke commented Feb 12, 2016

I think @LukasReschke can told us a long story about all of this.

@LukasReschke
Copy link
Member

@LukasReschke LukasReschke commented Feb 12, 2016

Sure. Another new story coming up soon 🙊 🙉 🙈

Stay tuned… 😉

@LukasReschke
Copy link
Member

@LukasReschke LukasReschke commented Feb 12, 2016

cc @karlitschek @jospoortvliet FYI. Frankenstein packages by downstream leading to data loss 🎉

@karlitschek
Copy link
Contributor

@karlitschek karlitschek commented Feb 12, 2016

But hey. It's stable!! ;-)

@lock
Copy link

@lock lock bot commented Aug 6, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Aug 6, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants