I’m hoping you can help me. This is my first post. I need help syncing openldap users from command line. I’m using “user_ldap: 0.15.0”. The owncloud portal works great with LDAPS and uses the ldap client TLS_CACERT value that points to the CA (Turn off SSL certificate validation is not checked under Admin -> User Authentication -> Advanced. For some reason, I don’t know how to specify the CA in the sync command because it doesn’t detect the /etc/openldap/ldap.conf setting “TLS_CACERT <ca_cert>”.
These were the steps I followed:
echo -n | openssl s_client -connect openjdk-bcw.csps.com:636 -showcerts | awk ‘/-----BEGIN/,/END CERTIFICATE-----/’
(Copy the certificate from —–BEGIN CERTIFICATE—– to —–END CERTIFICATE—– and put it on specific file, in this guide we use /etc/pki/tls/cacert.pem.)
vim etc/pki/tls/cacert.pem
vim /etc/openldap/ldap.conf
…
#TLS_CACERT /etc/pki/tls/cert.pem
TLS_CACERT /etc/pki/tls/cacert.pem
…
Configure SELinux
(Allow HTTPD scripts and modules to connect to the network.)
setsebool -P httpd_can_network_connect 1
(Allow HTTPD to connect to LDAP)
setsebool -P httpd_can_connect_ldap 1
(Allow nsswitch to allow LDAP logins)
setsebool -P authlogin_nsswitch_use_ldap 1
(Enable NIS)
setsebool -P nis_enabled 1
Steps to reproduce
- sudo -u apache php /var/www/owncloud/occ user:sync “OCA\User_LDAP\User_Proxy” -m disable -r
Expected behaviour
[root@owncloud owncloud]# sudo -u apache php /var/www/owncloud/occ user:sync “OCA\User_LDAP\User_Proxy” -m disable -r
Analysing known accounts …
2 [============================]
No removed users have been detected.
No existing accounts to re-enable.
Inserting new and updating all known users from OCA\User_LDAP\User_Proxy …
3 [============================]
[root@owncloud owncloud]# sudo -u apache php /var/www/owncloud/occ user:sync “OCA\User_LDAP\User_Proxy” -m disable -r
Analysing known accounts …
4 [============================]
No removed users have been detected.
No existing accounts to re-enable.
Inserting new and updating all known users from OCA\User_LDAP\User_Proxy …
3 [============================]
[root@owncloud owncloud]#
Actual behaviour
In Connection.php line 532:
[OCA\User_LDAP\Exceptions\BindFailedException]
user:sync [-l|–list] [-u|–uid UID] [-s|–seenOnly] [-c|–showCount] [-m|–missing-account-action MISSING-ACCOUNT-ACTION] [-r|–re-enable] [–] []
Apps
Enabled:
- comments: 0.3.0
- configreport: 0.2.0
- dav: 0.5.0
- encryption: 1.4.0
- external: 1.4.0
- federatedfilesharing: 0.5.0
- federation: 0.1.0
- files: 1.5.2
- files_external: 0.7.1
- files_mediaviewer: 1.0.1
- files_sharing: 0.12.0
- files_trashbin: 0.9.1
- files_versions: 1.3.0
- firstrunwizard: 1.2.0
- market: 0.5.0
- notifications: 0.5.0
- provisioning_api: 0.5.0
- systemtags: 0.3.0
- user_external: 0.6.0
- user_ldap: 0.15.0
Disabled: - updatenotification
Web server:
HTTPD 2.4
PHP version:
7.2.24
ownCloud version: (see ownCloud admin page)
10.4.0
Updated from an older ownCloud or fresh install:
Updated from 10.3.2
Operating system:
RHEL 7.7