Change UUID for LDAP Migration

ocadmin · February 27, 2024, 9:32am

I need to migrate all our users from Domain A to Domain B - the usernames and the passwords stay the same. The problem is, that the unique identifier is the objectGUID - Which is not migratable

To fix this, I’ve changed the UUID-identifier to “samaccountname” (f.surename) - But old records are not updated.
So I wrote a script to change the OC UUID to “f.surename” and update all records directly in MySQL (6 tables in total).
Everything is working fine and my testusers can (re-l)login in to the browser without any problems and see all their own, as well as shared folders. However, I can’t get the Owncloud Client to work. The only solution that works is to completely remove the user’s account in the OC Client and to set up the space from scratch. If I don’t do that, I get the error “This space is currently unavailable” while being connected successfully to our cloud.

I guess (since I’ve looked up the OC Client Config file), that the UUID is hardcoded and does not seem to get updated.
Is there a way on the server to tell the client “UUID changed! Please update” - or is my whole approach for the migration wrong and there is a better way?

ocadmin · February 27, 2024, 1:06pm

I guess I found out the solution myself. For anyone else in need for a LDAP migration:

In the web admin LDAP interface, I’ve changed the UUID-attribute to “samaccountname” for the new LDAP directory. In the MySQL table “oc_ldap_user_mapping” I’ve changed the directory_uuid to the current samaccountname.

After migrating the domain user with the migration tool from Microsoft, I was able to login in Owncloud - Both web & client (Woop woop!)

I am not sure how OC is checking for attributes in LDAP, but it looks like it simply searches all attributes for the value stored in the table directory_uuid and if it is found, it updates the LDAP DN.