External Directory synchronisation

vladimir.d

We are trying to link Univention LDAP as External Directory and I noticed that it doesn't import group memberships properly.

It looks like it's case sensitive issue, when I import test.test user, it puts the user into a group properly.

Mar 30 12:50:12 box:externalldap syncUsers: [adding user] username=test.test email=test.test@dev.mynet displayName=test test
Mar 30 12:50:12 box:externalldap syncUsers: done
...

Mar 30 12:50:12 box:tasks update 4074: {"percent":68,"message":"Syncing... uni-all-cloudron-users"}
Mar 30 12:50:12 box:externalldap syncGroups: [up-to-date group] groupname=uni-all-cloudron-users
Mar 30 12:50:12 box:externalldap syncGroups: sync done
...
Mar 30 12:50:12 box:externalldap syncGroupUsers: Sync users for group uni-all-cloudron-users
Mar 30 12:50:12 box:externalldap syncGroupUsers: Group uni-all-cloudron-users has 2 members.
Mar 30 12:50:12 box:externalldap ldapGetByDN: Get object at uid=test.test,ou=Users,dc=dev,dc=mynet
Mar 30 12:50:12 box:externalldap syncGroupUsers: Found member object at uid=test.test,ou=Users,dc=dev,dc=mynet adding to group uni-all-cloudron-users

If I rename it to Test.Test it fails to import.

Mar 30 12:12:37 box:tasks update 4068: {"percent":30,"message":"Syncing... Test.Test"}
Mar 30 12:12:37 box:externalldap syncUsers: [adding user] username=Test.Test email=test.test@dev.mynet displayName=test test
Mar 30 12:12:37 box:externalldap syncUsers: done
...
Mar 30 12:12:37 box:externalldap syncGroupUsers: Group uni-all-cloudron-users has 2 members.
Mar 30 12:12:37 box:externalldap ldapGetByDN: Get object at uid=Test.Test,ou=Users,dc=dev,dc=mynet
Mar 30 12:12:37 box:externalldap syncGroupUsers: Found member object at uid=Test.Test,ou=Users,dc=dev,dc=mynet adding to group uni-all-cloudron-users
Mar 30 12:12:37 box:externalldap syncGroupUsers: Failed to get user by username Test.Test User not found

I can get the same data using ldapsearch using both test.test and Test.Test from Univention LDAP.

We need to make External Directory synchronisation working with usernames in Test.Test format.

luckow

@vladimir-d to be fair: I never used groups in UCS. Do you mean this admin screen where you put users into groups?

vladimir.d

@luckow we have created Cloudron users group in UCS and put some users to the group.

On the Connect an External Directory section on Cloudron we have configured to import users and groups from UCS.

Users and Groups are imported in Cloudron.

But it fails to assign Test.Test1 user to groups. If we rename Test.Test1 username to lowercase as test.test1, it starts working properly - see test.test user on the screenshots.
I suspect there is a bug or misconfiguration somewhere in Cloudron.

We cannot rename real usernames to lower case due to our company policy.

nebulon

@vladimir-d so Cloudron will always lowercase the username, this is required also to be compatible with apps and how they handle usernames. The question here is, why the syncer manages to create a Cloudron user record with uppercase usernames. I have to debug this further. Once this is solved, the group assignment will work as expected.

girish

@vladimir-d Did you happen to add users to the database directly? Atleast in code, usernames are always lower cased. I am unable to see how usernames can have non-lower case.

vladimir.d

@girish I used 'Syncronize' button nothing else.
Did you have a chance to reproduce the group assignment issue on our server?

nebulon

@vladimir-d the group assignment fails, since for some reason in your Cloudron the username is not lowercased. This seems to be the root cause we need to track down and fix.

fbartels

Maybe the following this is old news, but ldap is in general not case sensitive, so while users may create entries even in camel case a case insensitive search (and Cloudron sided conversion to lowercase) should always give the same results.

nebulon

I finally managed to get around reproducing and debugging this and it is fixed for next release: https://git.cloudron.io/cloudron/box/-/commit/0cd48bd239b13a6edec04974031ffdfed4688e08