Hi everybody, I'm having a problem with my owncloud server. This is my situation, I have two owncloud servers in two different branch offices. The two server heve LDAP bind with two different Active Directory domains. Everything works grate except for the federation sharing. When someone tries to share something from one owncloud server to the other the share works perfectly but the users are shown with their Federated ID, that is created (in case of LDAP bind) using the UUID of the user and the FQDN of the server. I agree with your choice to use UUID to identify users, but in my opinion it should never been displayed. The most annoying problem that comes to this is that users doesn't recognize who are sharing with, and it makes the feature almost unusable.
P.S.: I know I'm not using the newest version of ownclod but I've checked the changelog and didn't see anything about this problem so I prefer not to upgrade without being sure it fix the problem. Thank you in advance
Steps to reproduce
Setup two different owncloud server
Setup the bind with two different Active Directory domains
Share a file between a user of one server to an LDAP user of the other
You'll see in the list of user the federated id that is not understandable by the users
Expected behaviour
I expect owncloud server to use the federated ID to share the file and translate it with the Displayed Name in the web UI
Actual behaviour
Now owncloud display the federated ID in the UI
Server configuration
CentOS Linux release 7.3.1611 (Core)
Web server: Apache/2.4.6 (CentOS)
Database: 5.5.52-MariaDB
PHP version: PHP 5.6.30
ownCloud version: (see ownCloud admin page) version "9.1.3.1"
Updated from an older ownCloud or fresh install: Fresh install
Where did you install ownCloud from: Installed from EPEL Repository
What do you mean with trusted federated? Do I need another server to federate them both? They are alrady federated with eachother. Just to be sure, are you in the same condition of me? I have owncloud-server1 binded with active-directory1 and owncloud-server2 binded with active-directory2. When a user of owncloud-server1 shares a file with a user of the second server he types the name and the display-name appear correct, but when he clicks on it and share the file in the shared properties appear with the UUID
I have read this link, it's the one I used when I created the federation. I followed all the tutorial and used the "user share" to create the federation. My connection between the two server is green
Indeed the sharing is working as described, the problem is that when owncloud creates LDAP users from Active Directory uses the UUID as UserName. So when the share is created (as you can see in my previous comment) you will see UUID@https://owncloud.url That is exactly what happens in the tutorial: username@https://owncloud.url
You are right, the attributes tab in the expert tab are empty. We didn't figured out it could have been useful until we sow the problem of this topic. it would have been better to use SamAccountName or something similar but, unfortunatelly, the server has been in production for some time.
Anyway, in my opinion there is a problem with owncloud account management. I mean, owncloud uses UserName field as the unique ID, so in middle/big companies, it is a good practice not to use the name of the colleague or somthing similar, because if the colleague leaves or is fired or is moved in another company of the group it's impossible to rename the account. (it's even more important when someone get's married and the name change) So in my opinion it's important to have a unique ID loose from the physical person. (I've read some other topics on this forum where owncloud staff said the same) The problem is that (always in my opinion) the user IDs should never be displayed to the final user. So, as I said when I opened the topic, owncloud should retrieve the DisplayName from the federated server and use it on the UI instead of using the UserName
I think for now the behavior works as designed because you selected UUIDs as default, but probably could be an improvement to add the different user options to the search with the name instead.