milux / ctldap

LDAP Wrapper for ChurchTools
GNU General Public License v3.0
12 stars 8 forks source link

CT User with umlauts in cn not syncing #35

Closed silasroeber closed 5 months ago

silasroeber commented 2 years ago

In the process of mapping preexisting NC users to newly synced ldap users from CT discovered no occ ldap:check-user --update USERID possible with ldap (CT) users containing umlauts in their cn.

Initial LDAP sync shows umlauts as white question marks on black rhombus in DB table _oc_ldap_usermapping but when doing the ldap:check-user after entering the _ocname and _directoryuuid from the existing NC user I get The user does not exists on LDAP anymore. Clean up the user's remnants by: ./occ user:delete "USERID"

Ist the wrapper coping with umlauts?

milux commented 1 year ago

Hey Silas, took a look into this, and Umlauts, Accents etc. are not a problem in general. We have numerous groups with Umlauts, but, funny enough, I think that none of the users from our database with Umlauts in his nickname is a NextCloud user at the same time. :laughing: I know from experience that LDAP has some very weird quirks regarding encoding indeed. For instance, user binds have to submit passwords using UTF16LE, at least for AD implementations some years ago, and will silently fail otherwise. Fun.

If you can find out where exactly this gets messed up, we might be able to fix that, but I assume the error in the PHP code of the LDAP plugin. :see_no_evil: Best thing you can do is to ask affected users to change their CT nickname to something without special symbols. An advisable thing anyway...

milux commented 1 year ago

I checked once more. Seems that we used to have users Umlauts in their CN, but with no Umlauts in their NextCloud name. That would be consistent with what I expect. (So somehow the NC plugin normalized this away, which seems not to happen in your setup, for whatever reason...)