Jonathan J. Ramirez C. wrote: > -----Original Message----- > *From*: Rob Crittenden <[email protected] > <mailto:rob%20crittenden%20%[email protected]%3e>> > *To*: Jonathan J. Ramirez C. <[email protected] > <mailto:%22jonathan%20j.%20ramirez%20c.%22%20%[email protected]%3e>>, > [email protected] <mailto:[email protected]> > *Subject*: Re: [Freeipa-users] OC and FreeIPA > *Date*: Wed, 16 Jul 2014 14:12:34 -0400 > > Jonathan J. Ramirez C. wrote: >> Hi. >> >> Does anybody here know how to properly set up ownCloud 6.0.4 to work >> with FreeIPA 3.3.5? I keep getting these messages when trying to logon >> to OC with a created account in FreeIPA. >> >> Here's a sample: >> >> ownCloud[2182]: {user_ldap} initializing paged search for >> FilterobjectClass=* base Array ([0] => >> uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com) attr ipauniqueid limit >> 99999 offset 0 >> ownCloud[2182]: {user_ldap} Ready for a paged search >> ownCloud[2182]: {user_ldap} Requested attribute ipauniqueid not found >> for uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com >> ownCloud[2182]: {user_ldap} Could not autodetect the UUID attribute >> ownCloud[2182]: {user_ldap} Cannot determine UUID for >> uid=jonram,cn=users,cn=compat,dc=mydomain,dc=com. Skipping. >> ownCloud[2182]: {core} Login failed: user 'jonram' , wrong password, >> IP:set log_authfailip=true in conf >> >> I'm really new to OC and IPA so I don't know where to poke to make it >> work. I'll much appreciate any hint. > > >> I've never dealt with OC before but I scanned the LDAP docs quickly. >> >> You will want to set separate user and group base DNs. It is using the >> compat tree and that is likely the wrong thing in this case. >> >> Users: cn=users,cn=accounts,dc=mydomain,dc=com >> Groups: cn=groups,cn=accounts,dc=mydomain,dc=com >> >> That will fix the UUID issue at least. >> >> Have you set a password for this user account, and have you >> authenticated with it yet? IPA marks all administratively set passwords >> as expired, so you need to authenticate and change the password before >> it is generally usable. >> >> IPA uses memberOf for its grouping in case you need to specify it. >> >> rob > > Thank you very much Rob. > > The use of separate user and group DNs gave me the clue to what I had to add > in the OC LDAP settings.
Great news. If you have the time and inclication I'd encourage you to consider writing up a short how-to on our wiki at http://www.freeipa.org/page/HowTos regards rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
