I have set-up an owncloud instance with LDAP-Authentication enabled. For various purposes we have also some local non-ldap system users. I would like to be able to prevent normal LDAP users from sharing with them. First, I disabled a user, but others were still able to share with this user.
After this, I created a local group e.g. “hidden” and added it to the Group Sharing Blacklist. This works for the group, but not for its members. According to “These groups will not be available to share with.” this works as intended. But in my understanding, according to the next phrase “Members of the group are not restricted in initiating shares and can receive shares with other groups they are a member of as usual.”, users not member of “hidden” should not be able to share with them.
Should this work like this and I just misunderstood the description? If yes, are there any good ideas how I can prevent these local users being found in sharing search and/or receiving shares?
Steps to reproduce
- set-up LDAP-Auth
- create local user with occ user:add test
- create local group with occ group:add hidden
- add user test to group hidden occ group:add-member -m test hidden
- add “hidden” to “Group Sharing Blacklist”
- with any user share something with test
According to " These groups will not be available to share with. Members of the group are not restricted in initiating shares and can receive shares with other groups they are a member of as usual. ", this should at least be prevented since no one else is member of the group “hidden”
The user “test” can be selected in sharing search and the item be shared.
Operating system: CentOS 7.6
Web server: Apache 2.4.6
Database: PostgreSQL 11
PHP version: 7.2.10
ownCloud version: 10.4
Updated from an older ownCloud or fresh install: Updated from 10.3.1, fresh install was 10.2
Where did you install ownCloud from: https://download.owncloud.org/community/owncloud-10.4.0.tar.bz2
Signing status (ownCloud 9.0 and above):
The content of config/config.php:
doesn’t matter yet
List of activated apps:
doesn’t matter yet
Are you using external storage, if yes which one: no
Are you using encryption: no
Are you using an external user-backend, if yes which one: LDAP
LDAP configuration (delete this part if not used)
works perfectly fine