Changing Domain/LDAP server on a previous working installation

ldap
9.1.x

#1

Hi,
We have actually a owncloud 9.1.6 working at office, connected to an old linux domain via ldap.
We set up a new domain, under windows, with active directory.
If we change the attributes on configuration to point the new server, all previous data is lost,as we assume that it detects that are new users (all the users are the same, not the passwords).
MAybe we need to make a data backup, change attributes, and restore data¿?

Steps to reproduce

  1. Change attributes in administration to connect to new active directory server
  2. Checks that all data previously stored on users, is not show on the new user/server
  3. Change again attributes to connect to old server and data is still show there

Expected behaviour

Newbie of me, I hope that as users are the same, the data is still there in every single user...

Actual behaviour

No data is stored after the first login with new domain

Server configuration

Operating system:
ubuntu 16.04.3

Web server:
apache2
Database:
mysql
PHP version:

ownCloud version: (see ownCloud admin page)
9.1.6
Updated from an older ownCloud or fresh install:
updated since woncloud 8.X
Where did you install ownCloud from:

Signing status (ownCloud 9.0 and above):
No errors have been found.
`
Are you using external storage, if yes which one:
No

Are you using encryption: yes/no
No

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
Yes, currently ldap, want to change to active directory

Client configuration

Browser:
Firefox
Operating system:
Windows 10


#2

Do you use the LDAP plugin?
The solution is described here.
You can't duplicate LDAP users to AD (like in the last lines).But there are Expert Settings for that.


#3

thanks @skriesch , but unfortunately this is not the solution I need.

Yes, I use ldap plugin.
But I already can configure it to work with active directory, without problems. The only problem I have, is that the users in the new AD, for owncloud, are not the same users that were with the old LDAP, and all the content of users folders is lost.

I've at the end an owncloud configured to work against AD, with all AD users, but with no data on them, that's my problem. I need to put all the old data in the new users, but not sure how to do it...
I think that if I make a data backup and after change I'll make a restore, the data will be associated to old users, not the "new" ones...


#4

I believe that's the problem:

the users in the new AD, for owncloud, are not the same users that were with the old LDAP, and all the content of users folders is lost.

You have got two options:
- Setup an AD with LDAP data, use a backup of the old ownCloud and configure it with right user data in AD.
- Live with your situation and add all manually what is missing.


#5

If I make a backup (with owncloud), make the changes, and then restore the backup with the "new" owncloud users.. It will work, or create a new users with old data?

thanks in advance...


#6

The old ownCloud is using your LDAP data. It can't work with new users of AD, who should redirect to LDAP users (without right IDs). You have to setup the AD correct based on LDAP users. After that ownCloud will work right and can find all users.


#7

Sorry, but can't understand you very well...

Ldap users and AD users, are exactly the same users.
They use the same login name in either authentication

jcarter is the loginname in both domainserver (the old ldap, and the new AD).
But if I change configuration (from ldap to AD, both working), user can still login as jcarter, but has no data on it...


#8

Then explain this sentence, please:

You are saying now they are the same? That was your mistake with LDAP AD migration...
ownCloud can't identify new users, becaude they have different numbers. So you have to setup AD correctly.


#9

I'll try...

I said that are different users, because when I log on with my user, in the new configuration (AD), i haven't any file that I have in the previous configuration (ldap) but same server

Both configurations are made with the same plugin ( LDAP user and group backend 0.9.0)

I'll try it again..I hope I can explain better now.

I've one server with 90 users configured against an ldap server with "ldap user and group backend".
We've changed our domain configuration, and we've a new server with AD.
Both domains have the same users, with same loginnames but different passwords
When I change the owncloud configuration to login against AD, I can login (with new password), but I don't have any file other than defaults ones, I assume that for owncloud, this is a new user, not related with my "old ldap user".


#10

Do I understand you correctly?

You had a domain with an AD and 90 users, for example "foo.bar.com"

Then you changed something, and now you have a new domain, a new ad and 90 users. for example "zoo.bar.com"

And your problem is, that you are wondering why the files are missing when you login with a user?

I suppose it's because the files are mapped to the users, so file1.txt belongs to user1@foo.bar.com
now you login as user1, but he is now user1@zoo.bar.com, and that user has no files.

Is that remotely what your problem is or am I way of track here? :smiley:


#11

Not exactly.
Both domains are the same.

We have a system on zoo.bar.com on Linux with ldap, and we configure a new zoo.bar.com on Windows with Ad.

My user was soda@zoo.bar.com on Linux, and it's soda@zoo.bar.com on Windows.

But for owncloud, there are two differents users....


#12

soda wrote that all users have received new passwords. That's the reason I thought directly that wasn't a correct migration.

@soda Did you execute a migration like expained in tutorials in the internet or is that a new setup of AD with new users/ structures?


#13

New setup, we didn't migrate data because we didn't want to migrate many things accumulated for years


#14

That's the reason ownCloud can't find users and thinks all would be new, because user ids in AD are new and don't match ids in LDAP.

Resetup the AD with a correct migration and all will work fine. :slight_smile:


#15

I can't, new AD setup is on production, and we can't go back..
Any tip to migrate "old user" data to "new users"? Backup should work, or I will have the same issue?


#16

Use Google how to setup AD with LDAP data!
User ids don't match other user ids -> ownCloud can't find correct owners.
The 2nd option is: Reassigning all data manually! Have a lot of fun and time...

Alternatively you can write a script to change user ids in AD. You don't have other options.


#17

Hi Everybody,

I am having a similar problem here.

Problem:
All domain users were migrated to a new domain. I need to migrate app OwnCloud9.1 with all it's users and all their relevant data to a new domain with no data loss. ( UserID are the same in both domains, SID's are different)

I would appreciate if somebody points me in a right direction.


#18

At first, think about an ownCloud upgrade. After that read above and execute an AD domain migration without changing ids of users in the database. ownCloud should find those changes then.
If you set up a new AD server without old user ids, you'll have new user entries, because you have old user database entries and new user database entries with different ids.

Our documentation:
https://doc.owncloud.org/server/10.0/admin_manual/configuration/user/user_auth_ldap.html


#19

Hi, finally we copy data from old owncloud server to new one, as users are the sames, we "only" lost shares between users, they need to share again folders


#20

Hi Skriesch,

My apologies for not replying to your message immediately.

The thing is that we cannot use the same sid for users as users were migrated to the other domain and all of them are working with no issues. I have to exclude the option of changing new sid to old ones.
Is there way to do it with migrating user Owncloud profiles to a new domain ? Create new profiles and somehow remap their data to new profiles ? Please advise.