nextcloud / social

🎉 Social can be used for work, or to connect to the fediverse!
https://apps.nextcloud.com/apps/social
GNU Affero General Public License v3.0
491 stars 59 forks source link

LDAP Username instead of GUID #317

Open jdhirst opened 5 years ago

jdhirst commented 5 years ago

Describe the bug When using an Active Directory LDAP backend, NextCloud social shows user as "objectGuid@server.tld". This works, however it is quite unweildy as nobody wants to be known as @5DD3ED74-0B77-4501-B8DE-D3F5687B6F99@server.tld.

To Reproduce Enable LDAP authentication with Active Directory, and install and enable social app. All user ids including federated sharing are based upon objectGUID rather than the samAccountName or other configurable value.

Expected behavior The username used to login should be used to create the social ID rather than the objectGuid from LDAP.

Server details **Social app version:** 0.1.2 **Operating system**: CentOS 7.6.1810 **Web server:** Nginx 1.14.1-centos7.18120419 **Database:** MySQL Community 5.5.60-1.el7_5 **PHP version:** 7.2.13 **Nextcloud version:** (see Nextcloud admin page) 15.0.0
ArtificialOwl commented 5 years ago

@juliushaertl @jancborchardt what about this ? when you asked to force the social account based on current nextcloud account, you were saying that this can be fixed within the LDAP setup ?

jdhirst commented 5 years ago

Indeed, this can be fixed in LDAP setup, however it requires using a Nextcloud name mapping which will always map to a social username.

Apart from not being a universal identified, (which could cause issues with duplicates depending on how the administrator manages their directory), this means that it can only be configured on a new instance as it would require removing all users and re-adding them with the new identifiers.

Can we not simply have this configurable? (For example, admins could have an option to use the Nextcloud username for social accounts, or to use their login name, or even the first part of their email address. This would allow administrators to use the social app in their current deployed instances.

jancborchardt commented 5 years ago

@jdhirst1 we generally aim to have as few settings and configuration options as possible to make it just work. Is it possible for example to:

ArtificialOwl commented 5 years ago

I have almost no knowledge in LDAP, but the code of the Social app allow to define a different username than the userid when creating a social account. We just need to define a way to link a user to the wanted social-username in a configurable way.

phaus commented 5 years ago

I had the same problem. You need to go to the LDAP Settings and into Expert mode. Then you can override the default UUIDs:

screenshot 2019-02-04 05 36 29

Unfortunetally, you will loose the connection between user and data. So you will get new users and you have to copy the files manually to the specific user folder afterwards.

ArtificialOwl commented 5 years ago

@phaus thanks for your answer, would it be possible to assign the username to a custom variable and get it from the front-end ?

MorrisJobke commented 5 years ago

@phaus thanks for your answer, would it be possible to assign the username to a custom variable and get it from the front-end ?

There is no such option in Nextcloud. Keep in mind that the userID could always be super cryptic. This is the reason why we have also a login name (which is by default the email address if it is unique) and the display name. There is no way around this.

MorrisJobke commented 5 years ago

cc @schiessle @nickvergessen @rullzer Same stuff that is also with the federation ID present: the userID is the internal representation and it was a bad habit to use it in user facing parts of our system. It could be cryptic, long and only works by accident to login. We really need to think about this a bit more. :(

blizzz commented 5 years ago

In federated sharing there is a similar problem, and a – given ugly – workaround to use and resolved the (last) loginname. It's stored in the user session. This also means it is (without further magic, there's nothing in place to reverse lookup a login attribute) only known after a first login.

wesleylc1 commented 5 years ago

Hi guys. My nextcloud backend is not syncing the "ou = user" userbase, but workstation import is done "ou = stations".

Captura de tela de 2019-09-10 15-17-07

victort commented 5 years ago

hi, just adding my US$0.02++, could it just be as simple as

if using ldap
  set username to %uid

or something to that effect?

wesleylc1 commented 5 years ago

@victort Hi man, how are you? Really worked after setting user to use% uid Captura de tela de 2019-10-04 15-54-37

victort commented 5 years ago

yeah. then i have to redo my whole setup, when all the uuids are wiped and suddenly none of the files or calendars map anymore.

also, i'd like (to figure out how) to get it to not say @localhost while i'm at it.

victort commented 5 years ago

yay, figured it out. (it was the overwrite.cli.url variable in config.php)