LDAP group rename

ldap

#1

Does ownCloud LDAP integration support group display name propegation? The behavior is telling me it does not, but in the hours I've been looking I can't find any documentation on it.

ownCloud 10.0.7.2
openLDAP 2.4.40

  1. Create an LDAP group that works with ownCloud configured for LDAP. Ex: org-it for the DN portion, Information Technology for the display name.
  2. Note that when sharing, the group display name shows up and it also appears in Users page.
  3. Go into LDAP and change the display name of the group, but leave the DN id attribute unmodified (or internal identifier, obviously). In this case we'll change "Information Technology" to "DevOps".
  4. After logging in again, or triggering a Cache TTL reset from LDAP settings, note that the display name is un-altered in ownCloud.

It seems like once the ownCloud group is created from the LDAP group display name it's fixed and unchangeable even though it's able to gather membership detail properly. I've yet to actually try this with users and the same test thinking it would probably work, but now I'm no longer sure.

If I had time I'd love to take a stab at implementing a change that could propagate the group display name, but I wanted to verify and understand the expected behavior first. And of course, find time to do such things.


#2

Hi,

have you tried this?

https://doc.owncloud.com/server/10.0/admin_manual/configuration/server/occ_command.html?highlight=occ#ldap-commands-label


#3

That just updates memberships.

The problem seems to be how groups are handled internally. It uses the name as the key vs. using a separate display name. So a proper fix would be to migrate into a key and display name system. A middle ground hack would be to add a display name and preserve the internal usage as-is. But since I don’t have time to contribute that effort I’ll have to find a work around.

I’m probably going to try to just delete the offending groups (the ones I want to rename) from the ldap side in the database, use the occ group delete, then go back and let the LDAP stuff rediscover and add them back.

I’ll update if I make any progress.


#4

We’re using ownCloud 9.1.6 and looks like there’s no group:delete on this version.

As we’re facing the same issue, is there another way to delete any group?


#5

I think you should ASAP upgrade to ownCloud 10.0.8 anyway as the versions below reached their end-of-life. Then you probably get the group:delete command for free :slightly_smiling_face:


#6

I’m well aware, thank you :wink:
But we had a somewhat large changes in our LDAP tree and as we won’t be able to upgrade the cloud anytime soon, I thought maybe any of you could give me some guideline.