mirror of
https://github.com/lldap/lldap.git
synced 2026-04-25 08:15:52 +03:00
[GH-ISSUE #293] Expose UUID Field #111
Labels
No labels
backend
blocked
bug
cleanup
dependencies
docker
documentation
duplicate
enhancement
enhancement
frontend
github_actions
good first issue
help wanted
help wanted
integration
invalid
ldap
pull-request
question
rust
rust
tests
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/lldap-lldap#111
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @zicklag on GitHub (Aug 27, 2022).
Original GitHub issue: https://github.com/lldap/lldap/issues/293
Would you be open to exposing the
uuidfield for users and groups in the LDAP API?I'm having an issue migrating my nextcloud instance to lldap because nextcloud uses the
uuidfield in order to map users to their Nextcloud equivalents. Essentially, once the user is created with a UUID, there's no way to map them to a new LDAP user, so I have no way to make Nextcloud respect the new accounts, even if they have the same DN, without there being a uuid field on the LDAP records.If might be able to open a PR for this, but that's only if I don't find a work-around, because I'm quite busy, unfortunately.
Big thanks for LLDAP! ❤️
@nitnelave commented on GitHub (Aug 27, 2022):
I guess it could make sense in the context of a migration to allow user
creation to specify a UUID. Not for user modification though.
I'd be open to a PR adding it to the GraphQL interface, and if it's not
given then it's generated automatically.
You'll need to add support to the frontend, and potentially the migration
tool as well. The migration tool should probably try a few different
alternative fields to find the UUID (entryUUID, ipaUuid, ...)
On Sat, 27 Aug 2022, 14:34 Zicklag, @.***> wrote:
@zicklag commented on GitHub (Aug 27, 2022):
👍
OK, if I can't get around the need then I'll look into that. I might be able to get around for now and not need it, but we'll see.
Thanks.
@styt commented on GitHub (Oct 10, 2022):
Hi,
Did you solve this? I am unable to map my LLDAP users to my existing Nextcloud users. I changed expert settings in Nextcloud to use UID but still get unique users so I guess I need to be able to map UUID for Nextcloud to see users as the same in LLDAP.
Thx
Stefan
@martadinata666 commented on GitHub (Oct 10, 2022):
I migrated with existing user to ldap, after setup a LDAP,
dont forget override uuid with uid at expert tab, you need to drop the user except admin. And login using LDAP UID, the existing file with same UID will mapped directly.The guide im using https://help.nextcloud.com/t/migration-to-ldap-keeping-users-and-data/13205
@zicklag commented on GitHub (Oct 10, 2022):
I ended up not using it with Nextcloud for now, so no, I didn't get it working.
I tried overriding the UUID's in the LLDAP database using a SQL client, but I can't remember why I still couldn't get Nextcloud to connect after that.
@styt commented on GitHub (Oct 12, 2022):
Thanks for the comments so far. So far I have not been able to "sync" existing Nextcloud user with lldap user despite the same uid. I end up with a second account with a random number in the end.
@zicklag commented on GitHub (Oct 12, 2022):
Yeah, I think that's what I ended up with. You have to make sure that the
uuidfield is the same, for Nextcloud to think that it's the same user.Now I remember what issue I had. While I can use a SQL explorer to set the UUID field of the users in the LLDAP Sqlite database to be what they were in Nextcloud, LLDAP doesn't return that UUID in the LDAP query responses, so Nextcloud can't see it.
So we need LLDAP to return the
uuidthat it has in the database, to the LDAP queries that Nextcloud makes.@nitnelave commented on GitHub (Oct 12, 2022):
Oh, I think I know the problem here:
entryUUIDis not part of the default list of attributes returned for a user. Maybe that's what's missing?@zicklag commented on GitHub (Oct 12, 2022):
Yes! I think Nextcloud might use a
uuidattribute by default, or it's auto-detected, I can't remember, but you can probably tell it to use theentryUUIDfield either way.@styt commented on GitHub (Oct 12, 2022):
Hi, now I am thinking we are getting close on the issue....I have seen some threads about uuid being exposed but not fully aware of how far that has come, what we can expose so far? Can we currently modify uuid (to be the same as in Nextcloud) in lldap and have it to respond with it to Nextcloud as well? Thanks for your help here so far.
@nitnelave commented on GitHub (Oct 12, 2022):
LLDAP will return the UUID if it's requested in the request. By default the response contains all the fields, but for LLDAP there's a bug and the UUID is not in "all the fields", which is I think the issue here.
To modify the UUID, you can do it directly in SQL with an sqlite3 client, there's currently no support in LLDAP. I'm open to PRs that will allow you to specify the UUID when creating a new user (but not modifying UUID of existing users).
@nitnelave commented on GitHub (Oct 12, 2022):
Alright, as soon as the image builds (in a couple of minutes) you can try with the latest LLDAP, that should give you the entryUUID in the response.
@styt commented on GitHub (Oct 15, 2022):
Hi,
I just want to say thank you and how amazing it is with how interactive this project is. I will try this over the weekend, I just need to read up a bit on editing the database directly.
I will let you know how it goes.
Thx
Stefan
@zicklag commented on GitHub (Oct 15, 2022):
I was able to use DBeaver to update the database, if you want to try that.
@styt commented on GitHub (Oct 28, 2022):
Hi,
Do You remember how You did run this? I have two problems, I want to update an uid to lowercase, e.g. "Adam" to "adam" but also delete a bunch of garbage users (and all references) after playing around with LDAP configuration too much such as "adam_1234", "adam_5678" etc. etc. Would be grateful for any real examples of code as I am not succeeding with what I am trying to achieve unfortunately. Thx
@nitnelave commented on GitHub (Oct 28, 2022):
Maybe relevant: UID in LLDAP are always lowercase. And if you delete a user (either from the web UI or directly in the
userstable in the DB), all references will be deleted.@zicklag commented on GitHub (Oct 28, 2022):
On my Linux laptop I just downloaded the app, unzipped it and started it from the commandline, but they have installers for Mac and Windows here, too.
After starting I created a new database connection, selected Sqlite and the path to my database, and then I was able to browse the tables in the UI and manually edit rows and columns.
I'm not well versed in SQL, so I don't know about how to update all the records in an automated fashion, if you have tons of rows to modify.
@styt commented on GitHub (Oct 28, 2022):
Thank You both for the quick reply.
I am not that savvy in SQL either and it seems I have a bit of scripting to do in the NC database. I need to clean up a lot of obsolete users as I mentioned after my try-outs with lldap but also to rename uid with capital first letter in NC to align with all lowercase in lldap.
Seems a bit cumbersome to make sure the edits are across all tables. But no star in SQL....
@eapetitfils commented on GitHub (Nov 1, 2022):
Hi,
My comment is not fully relevant to the initial topic but I just did a migration from openldap to lldap and updated nextcloud to work with the new accounts. The main reason I wanted to bring it up here is that I did not need to update the
uuidin the end.What I did is update the LDAP settings in nextcloud to connect to LLDAP (where I had created the new accounts). However, nextcloud is using the DN to uniquely identify the users and my openldap was using a DN in the form
uid=daniel,ou=users,dc=example,dc=comwhile LLDAP hasuid=daniel,ou=people,dc=example,dc=com. Because of this, logging in would create a new user account.In order to fix this, I updated the table
oc_ldap_user_mappingin the database using HeidiSQL (dbeaver or any other that suits you works as well). I updated theldap_dnfields accordingly, changing "users" to "people". However, you also need to change the fieldldap_dn_hashas this is actually what Nextcloud uses. This column is, at the time of writing this comment, computed by simply doing a sha256 of theldap_dnfield, with values in lower case. I did not update thedirectory_uuidand so far everything seems to wor. Actually, the values there seem different from even my openldap uuids.Edit:
You might still need to correct the uuid if nextcloud is configured to use to as a default name for the directory. This is I believe the default behaviour of nextcloud. I did not have this problem as I had setup nextcloud to use the uid (aka the username) so the different uuid was not an issue.
@styt commented on GitHub (Nov 2, 2022):
Thanks @eapetitfils . Still very valid information for people migrating and using Nextcloud.
I have been able to purge my bunch of obsolete account created during my attempts to map account with lldap and NC.
Last thing I have is to rename uid in NC with capital letter to all lowercase but have not dared to pull the trigger yet. There were so many references to the uid in different columns in different tables. Last piece I hope to map NC users to LLDAP user.
@nitnelave commented on GitHub (Sep 12, 2023):
If there's nothing else to add here, I'm closing this issue.