Hi all,
I m stuck and dont’t find any informations if it’s possible.
I would like to make a specific Active Directory group member of the OC admin group to only manage users in Active Directory.
Thx in advance.
Steps to reproduce
1.Install Owncloud on Ubuntu Server
2.Install LDAP Integration module
3.Configure LDAP module sync with two specifics AD groups (owncloud_user and owncloud_admins)
4.Look for a way to make AD owncloud_admin group member of the Owncloud admin group
Expected behaviour
I would like to make a specific Active Directory group member of the OC admin group to only manage users in Active Directory
Server configuration
Operating system: Ubuntu Server 22.0.4
Web server: Apache 2.4.52 (Ubuntu)
Database: mysql Ver 15.1 Distrib 10.6.12-MariaDB
PHP version: 7.4.33
ownCloud version: 10.12.0 (stable)
Where did you install ownCloud from: apt install owncloud-complete-files
You can make any LDAP user be member of the ownCloud’s admin group. This is a per-user action, so you find the user and add him to the group.
The only group with admin privileges is the ownCloud’s “admin” group. This can’t be changed, and you can’t assign any other group to have admin privileges.
That seems like a missed opportunity to leverage LDAP. It seems like mapping the ownCloud admin group membership to an existing LDAP group would be a huge payoff for minimal effort.
Thx for your answer. I hoped maybe a tricks in the php code or MariaDB existed but apparently not. So if my understanding is good. The only way to give a user the Owncloud admin right is to add it directly in the Owncloud web portal.
Can you confirm that please ?
You can create a “local” user (not LDAP) and add him to the admin group. This is probably the easiest option.
In addition, if you don’t want to create a new user account in ownCloud, you can add you existing LDAP user to the admin group. This way, that LDAP user will have admin rights.
Adding users to groups can be done through the web UI, in the users page (requires admin privileges).
I’m pretty sure you can also add users to groups through the command line, although it might be more inconvenient because you might need to use user ids.
As you can see from your explanation, that’s a lot more work than simply ensuring that admins are in the ocadmin group in AD or LDAP. More manual work increases the chance of mistakes. With OC10 being phased out for OCIS, it’s merely academic at this point. Hopefully this shortcoming can lead to an improvement in how OCIS manages admin users and groups.
No offense, but that reads like you just posted some nonsense that ChatGPT made up that sounds good, but doesn’t actually work. Based on the age of your account and the fact that all of your posts are formulaicly identical, you appear to be a bad bot.