Solved External Directory synchronisation
-
We are trying to link Univention LDAP as External Directory and I noticed that it doesn't import group memberships properly.
It looks like it's case sensitive issue, when I import
test.testuser, it puts the user into a group properly.Mar 30 12:50:12 box:externalldap syncUsers: [adding user] username=test.test email=test.test@dev.mynet displayName=test test Mar 30 12:50:12 box:externalldap syncUsers: done ... Mar 30 12:50:12 box:tasks update 4074: {"percent":68,"message":"Syncing... uni-all-cloudron-users"} Mar 30 12:50:12 box:externalldap syncGroups: [up-to-date group] groupname=uni-all-cloudron-users Mar 30 12:50:12 box:externalldap syncGroups: sync done ... Mar 30 12:50:12 box:externalldap syncGroupUsers: Sync users for group uni-all-cloudron-users Mar 30 12:50:12 box:externalldap syncGroupUsers: Group uni-all-cloudron-users has 2 members. Mar 30 12:50:12 box:externalldap ldapGetByDN: Get object at uid=test.test,ou=Users,dc=dev,dc=mynet Mar 30 12:50:12 box:externalldap syncGroupUsers: Found member object at uid=test.test,ou=Users,dc=dev,dc=mynet adding to group uni-all-cloudron-usersIf I rename it to
Test.Testit fails to import.Mar 30 12:12:37 box:tasks update 4068: {"percent":30,"message":"Syncing... Test.Test"} Mar 30 12:12:37 box:externalldap syncUsers: [adding user] username=Test.Test email=test.test@dev.mynet displayName=test test Mar 30 12:12:37 box:externalldap syncUsers: done ... Mar 30 12:12:37 box:externalldap syncGroupUsers: Group uni-all-cloudron-users has 2 members. Mar 30 12:12:37 box:externalldap ldapGetByDN: Get object at uid=Test.Test,ou=Users,dc=dev,dc=mynet Mar 30 12:12:37 box:externalldap syncGroupUsers: Found member object at uid=Test.Test,ou=Users,dc=dev,dc=mynet adding to group uni-all-cloudron-users Mar 30 12:12:37 box:externalldap syncGroupUsers: Failed to get user by username Test.Test User not foundI can get the same data using
ldapsearchusing bothtest.testandTest.Testfrom Univention LDAP.We need to make External Directory synchronisation working with usernames in
Test.Testformat. -
Topic has been marked as a question
nebulon
-
@vladimir-d to be fair: I never used groups in UCS. Do you mean this admin screen where you put users into groups?
Pronouns: he/him | Primary language: German
-
@luckow we have created
Cloudron usersgroup in UCS and put some users to the group.
On the Connect an External Directory section on Cloudron we have configured to import users and groups from UCS.
Users and Groups are imported in Cloudron.
But it fails to assign
Test.Test1user to groups. If we renameTest.Test1username to lowercase astest.test1, it starts working properly - seetest.testuser on the screenshots.
I suspect there is a bug or misconfiguration somewhere in Cloudron.We cannot rename real usernames to lower case due to our company policy.
-
@vladimir-d so Cloudron will always lowercase the username, this is required also to be compatible with apps and how they handle usernames. The question here is, why the syncer manages to create a Cloudron user record with uppercase usernames. I have to debug this further. Once this is solved, the group assignment will work as expected.
-
@vladimir-d Did you happen to add users to the database directly? Atleast in code, usernames are always lower cased. I am unable to see how usernames can have non-lower case.
-
@girish I used 'Syncronize' button nothing else.
Did you have a chance to reproduce the group assignment issue on our server? -
@vladimir-d the group assignment fails, since for some reason in your Cloudron the username is not lowercased. This seems to be the root cause we need to track down and fix.
-
Maybe the following this is old news, but ldap is in general not case sensitive, so while users may create entries even in camel case a case insensitive search (and Cloudron sided conversion to lowercase) should always give the same results.
-
I finally managed to get around reproducing and debugging this and it is fixed for next release: https://git.cloudron.io/cloudron/box/-/commit/0cd48bd239b13a6edec04974031ffdfed4688e08
-
Topic has been marked as solved nebulon
