LDAP user delete problem

user_management
ldap

#1

Hi,

I have a problem with and LDAP user. Our owncloud is connected with Windows Active Directory via LDAP and files are encrypted.

So... The problem is, the user change his password via LDAP a few months ago but he didn't change in owncloud server. Right now he don't remember the old password so he can't change it and encrypt the files again with the new password.

We tried to remove the user by the admin web panel but we get an error:

Unable to delete 25A7B9BE-XXXX-XXXX-XXXX-424445615463
Unable to delete user.

I understand we can't delete a LDAP user. The problem is the user can't log in right now, he gets:

Public Key missing for user: 25A7B9BE-XXXX-XXXX-XXXX-424445615463


#2

I thought he forgot his password. How can he login if he forgot his password?

If you have ownCloud connected to an AD, you should be able to login into ownCloud with the new password.


#3

I tried to delete user and now the user can't log in with the new password. Before i tried to delete the user he can log in.


#4

if no recovery key was enabled, the user has no chance to decrypt the data

if recovery key, an admin has a way to re-set the user's password directly in OC using the recovery key

if a user knows both the old and new password they need to login in OC and go to personal page to enter the old password to reencrypt the keys. There should be a yellow message about this in web UI at login time.


#5

Sorry for my bad explanation.

I don't want to recover data, I only want to recover the user, because right now he can't log in.


#6

Okay let me get this straight.

You have an ownCloud, you have an AD connected to it and AD Users can log in to ownCloud with their AD credentials.

Now a user has changed his password in the AD. You have tried to delete his account in ownCloud. And now he can't login with his new password?

I feel like using encryption and deleting the user might caused some confusion in ownCloud


#7

First of all, thanks for yout answer @dmitry.

Yes, before i tried to delete the user can log in and see his files. But when he can't upload new files because owncloud is encrypting with old password.

The user didn't remember his old password, so he can't update the password (he needs the old password to set a new password). For that reason, I tried to delete the user, to delete his files and generate the user again and he could be able to put a new password.

When i was deleting the user, I get the error i said in other post and from that moment the user can't log in on owncloud server. He gets Public Key missing for user: 25A7B9BE-XXXX-XXXX-XXXX-424445615463.


#8

Can't you just delete the user in the AD, make a new Account and log in to owncloud in to the new account in owncloud? Or do you have dependencies?


#9

Sure, I need to delete it but i get this error:


#10

I mean delete the user in AD. You can't delete AD users in ownCloud user management tab


#11

Ah! No, I can't delete the user in AD directory. This is an important user with mail. This is not an option.


#12

So your goal is simply to allow this AD user to log in into owncloud? You don't care about the data, right?


#13

I don't care about data I only want this user log in to owncloud, being able to upload files with his new password.


#14

Okay, you would have to delete the entries of this user by hand in every table his UUID is in.

How versed are you in mysql? :slight_smile:

You would have to do a mysql query. Log in to the database, and do something like this:

Delete from where =25A7B9BE-XXXX-XXXX-XXXX-424445615463;

Then when you are done with that, you have to delete the home folder of this user

Then the user can login. I would also remove him from the users that are synchronized in to owncloud. and when you are done cleaning up, include him again.


#15

Which table I have to delete the user?


#16

In oc_users I don't see the user because is connected via LDAP. I don't know where he is.


#17

You would have to look in all the 46 tables for his uid, this long number, not only in oc_users


#18

Are you sure it will work?


#19

It's dirty as it gets, but if you remove all the user IDs from the database, it should work. I don't know any other way to do this.


#20

@mago Which version of ownCloud are you using? Please can you look for the user in oc_ldap_user_mapping table