New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

user data removed (on clients) on LDAP outage on the server #22313

Closed
umlaeute opened this Issue Feb 11, 2016 · 12 comments

Comments

Projects
None yet
6 participants
@umlaeute

umlaeute commented Feb 11, 2016

Steps to reproduce

  1. setup owncloud to authenticate users against LDAP
  2. have the oc-client of user ada automatically sync
  3. remove user ada from LDAP

Expected behaviour

the server tells the client that the user does not exist and that it should go away.
the client should then stop synching and try again after some time (10 minutes).

Actual behaviour

the server tells the client that there is no data.
the client syncs with the empty directory, removing all files previously synched.

leading to data loss on the client-side.

Server configuration

Operating system:

Debian/jessie 8.3 (amd64)

Web server:

apache 2.4.10-10+deb8u4

Database:

PostgreSQL 9.4.5-0+deb8u

PHP version:

5.6.17+dfsg-0+deb8u

ownCloud version: (see ownCloud admin page)

7.0.4+dfsg-4~deb8u4

Updated from an older ownCloud or fresh install:

updated

Signing status (ownCloud 9.0 and above):

n/a

List of activated apps:

  • Enabled
    • activity
    • calendar
    • contacts
    • documents
    • files
    • files_pdfviewer
    • files_sharing
    • files_texteditor
    • files_trashbin
    • files_versions
    • files_videoviewer
    • firstrunwizard
    • gallery
    • search_lucene
    • user_ldap
  • Disabled:
    • admin_dependencies_chk
    • bookmarks
    • external
    • files_encryption
    • files_external
    • templateeditor
    • user_external
    • user_webdavauth

The content of config/config.php:

<?php
$CONFIG = array (
  'instanceid' => 'ocb6155c0dd2',
  'dbtype' => 'pgsql',
  'passwordsalt' => 'XXX',
  'datadirectory' => '/usr/share/owncloud/data',
  'version' => '7.0.4.2',
  'appstoreenabled' => false,
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/usr/share/owncloud/apps',
      'url' => '/apps',
      'writable' => false,
    ),
  ),
  'dbname' => 'owncloud',
  'dbhost' => 'localhost',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'XXX',
  'dbpassword' => 'XXX',
  'installed' => true,
  'ldapIgnoreNamingRules' => false,
  'forcessl' => true,
  'theme' => 'example',
  'loglevel' => '2',
  'name' => 'iemCloud',
  'title' => 'iemCloud',
  'maintenance' => false,
  'trusted_domains' => 
  array (
    0 => 'cloud.example.com',
    1 => 'cloud.local',
  ),
  'mail_from_address' => 'noc',
  'mail_smtpmode' => 'smtp',
  'mail_domain' => 'example.com',
  'mail_smtphost' => 'mail.local',
  'mail_smtpport' => '25',
  'secret' => 'XXX',
);

Are you using external storage, if yes which one: local/smb/sftp/...

NFS

Are you using encryption:

yes (https)

the data itself is not encrypted on the storage.

Are you using an external user-backend, if yes which one:

LDAP

LDAP configuration (delete this part if not used)

+------------------------------+---------------------------------------------+
| Configuration                | s02                                         |
+------------------------------+---------------------------------------------+
| hasMemberOfFilterSupport     |                                             |
| hasPagedResultSupport        |                                             |
| homeFolderNamingRule         |                                             |
| lastJpegPhotoLookup          | 0                                           |
| ldapAgentName                |                                             |
| ldapAgentPassword            | ***                                         |
| ldapAttributesForGroupSearch |                                             |
| ldapAttributesForUserSearch  | cn;uid;gecos                                |
| ldapBackupHost               |                                             |
| ldapBackupPort               |                                             |
| ldapBase                     | o=Staff,o=organization,dc=example,dc=com    |
| ldapBaseGroups               | o=organization,dc=example,dc=com    |
| ldapBaseUsers                | ou=people,o=Staff,o=organization,dc=example,dc=com  |
| ldapCacheTTL                 | 600                                         |
| ldapConfigurationActive      | 1                                           |
| ldapEmailAttribute           | mail                                        |
| ldapExperiencedAdmin         | 1                                           |
| ldapExpertUUIDGroupAttr      |                                             |
| ldapExpertUUIDUserAttr       |                                             |
| ldapExpertUsernameAttr       |                                             |
| ldapGroupDisplayName         | cn                                          |
| ldapGroupFilter              |                                             |
| ldapGroupFilterGroups        |                                             |
| ldapGroupFilterMode          | 1                                           |
| ldapGroupFilterObjectclass   | posixGroup                                  |
| ldapGroupMemberAssocAttr     | uniqueMember                                |
| ldapHost                     | ldaps://ldap.example.com                  |
| ldapIgnoreNamingRules        |                                             |
| ldapLoginFilter              | (&(|(objectclass=inetOrgPerson))(uid=%uid)) |
| ldapLoginFilterAttributes    |                                             |
| ldapLoginFilterEmail         | 0                                           |
| ldapLoginFilterMode          | 1                                           |
| ldapLoginFilterUsername      | 1                                           |
| ldapNestedGroups             | 0                                           |
| ldapNoCase                   | 0                                           |
| ldapOverrideMainServer       | 0                                           |
| ldapPagingSize               | 500                                         |
| ldapPort                     | 636                                         |
| ldapQuotaAttribute           |                                             |
| ldapQuotaDefault             |                                             |
| ldapTLS                      | 0                                           |
| ldapUserDisplayName          | cn                                          |
| ldapUserFilter               | (|(objectclass=inetOrgPerson))              |
| ldapUserFilterGroups         |                                             |
| ldapUserFilterMode           | 1                                           |
| ldapUserFilterObjectclass    | inetOrgPerson                               |
| ldapUuidGroupAttribute       | auto                                        |
| ldapUuidUserAttribute        | auto                                        |
| turnOffCertCheck             | 0                                           |
+------------------------------+---------------------------------------------+
@PVince81

This comment has been minimized.

Member

PVince81 commented Feb 11, 2016

ownCloud 7 will only receive security updates, you might want to try upgrading to more recent versions.

@MorrisJobke @blizzz in which version was the LDAP availability fix in ?

@blizzz

This comment has been minimized.

Contributor

blizzz commented Feb 11, 2016

Any 8.x version has it

@umlaeute

This comment has been minimized.

umlaeute commented Feb 11, 2016

do you have a reference (PR#) to the LDAP availability fix?

i will check why Debian's ownCloud has not been updated for ages.

@blizzz

This comment has been minimized.

Contributor

blizzz commented Feb 11, 2016

The one closes to OC 7 – the 8.0 backport – is here: #15797
however it is pretty mighty.

@MorrisJobke

This comment has been minimized.

Member

MorrisJobke commented Feb 12, 2016

Closing as this is fixed in our version 7.0.6.

@DeepDiver1975 DeepDiver1975 changed the title from user data removed (on clients) on LDAP outage on the server to user data removed (on clients) on LDAP outage on the server Feb 12, 2016

@MorrisJobke

This comment has been minimized.

Member

MorrisJobke commented Feb 12, 2016

@umlaeute We recommend to not use the debian package because it is a very old version that still suffers many bugs that are fixed in more recent versions (on the stable7 branch as well as in 8.0.x, 8.1.x and 8.2.x)

We also provide packages (https://owncloud.org/install/#instructions-server) and we also do security backports for stable versions for at least 18 months: https://github.com/owncloud/core/wiki/Maintenance-and-Release-Schedule

@blizzz

This comment has been minimized.

Contributor

blizzz commented Feb 12, 2016

Woah, sorry for my misinformation. Thanks for clearing this up @MorrisJobke

@MorrisJobke

This comment has been minimized.

Member

MorrisJobke commented Feb 12, 2016

Woah, sorry for my misinformation. Thanks for clearing this up @MorrisJobke

It is the same stuff that was actually the problem with the ubuntu packages 1.5 year ago. This is the same package but the debian version of it.

@MorrisJobke

This comment has been minimized.

Member

MorrisJobke commented Feb 12, 2016

I think @LukasReschke can told us a long story about all of this.

@LukasReschke

This comment has been minimized.

Member

LukasReschke commented Feb 12, 2016

Sure. Another new story coming up soon 🙊 🙉 🙈

Stay tuned… 😉

@LukasReschke

This comment has been minimized.

Member

LukasReschke commented Feb 12, 2016

cc @karlitschek @jospoortvliet FYI. Frankenstein packages by downstream leading to data loss 🎉

@karlitschek

This comment has been minimized.

Member

karlitschek commented Feb 12, 2016

But hey. It's stable!! ;-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment