search

nextcloud / user_external

👥 External user authentication methods like IMAP, SMB and FTP
https://apps.nextcloud.com/apps/user_external
108 stars 64 forks source link

Enabling domain stripping creates a new user instead of changing existing #127

Open controlcde opened 4 years ago

controlcde commented 4 years ago

Steps to reproduce

  1. Got a nextcloud instance from version 11 to 18 with enabled user_external and IMAP. Have a few users with IMAP auth. and userid "username@domain.com".
  2. Configure nextcloud for using user_external with stripped domain part for more than one domain like here.
  3. Login with the same user that exist before reconfiguration.

Expected behaviour

I want to use the existing user with his owned files.

Actual behaviour

A new user with a new uid (checked in database) - with stripped domain name - will create and got an empty folder.

Affected Authentication backend

IMAP

Server configuration

User External App version: 0.8.0 Operating system: nextcloud:latest Database: mariadb Nextcloud version: 18.0.0 Updated from an older Nextcloud/ownCloud or fresh install: Updated Where did you install Nextcloud from:

Nextcloud configuration:

Config report ``` { "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "domain.com" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "overwrite.cli.url": "https:\/\/domain.com\/", "overwriteprotocol": "https", "dbtype": "mysql", "version": "18.0.0.10", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "defaultapp": "files", "enable_previews": true, "logtimezone": "UTC", "installed": true, "versions_retention_obligation": "auto, 7", "trashbin_retention_obligation": "auto, 7", "knowledgebaseenabled": false, "mail_smtpmode": "smtp", "htaccess.RewriteBase": "\/", "mail_smtpsecure": "tls", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "587", "mail_smtpauthtype": "PLAIN", "mail_smtpauth": 1, "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "maintenance": false, "theme": "", "loglevel": 2, "user_backends": [ { "class": "OC_User_IMAP", "arguments": [ "mail.domain.com", 993, "ssl", "domain1.com", true, false ] }, { "class": "OC_User_IMAP", "arguments": [ "mail.domain.com", 993, "ssl", "domain2.com", true, false ] } ], "auth.bruteforce.protection.enabled": false, "updater.release.channel": "stable", "memcache.local": "\\OC\\Memcache\\APCu", "apps_paths": [ { "path": "\/var\/www\/html\/apps", "url": "\/apps", "writable": false }, { "path": "\/var\/www\/html\/custom_apps", "url": "\/custom_apps", "writable": true } ], "data-fingerprint": "6d18a4c9c16f944e1c9fd8cadb91f4a0", "mysql.utf8mb4": true, "app_install_overwrite": [ "quota_warning", "sharerenamer" ] } } ```
violoncelloCH commented 4 years ago

Well, that's kind of expected because of the simplicity of this app and the fact that usernames can't be changed in Nextcloud. Afaik the username is used as unique user identifier and you would need to change it in all possible database tables (including those of all installed apps) as well as the respective folder(s) in the data directory (cc @ChristophWurst ?). So if you are brave you could try to do this manually for your users, but make sure to not do this in production but only in a testing environment as you could easily break your whole Nextcloud instance.

controlcde commented 4 years ago

@violoncelloCH Thanks for clarification. I think thats a good point to add it to the documentation. Would it be an useful option to migrate all data from "old user" to the new user account with occ files:transfer-ownership?

violoncelloCH commented 4 years ago

yes that's right, we should add this to the documentation! Best would be a general statement (at the top) that any change which modifies how the username will look like will create a new user account and a reference to this from the imap domain stripping section etc. Would you be up for a PR for this @controlcde ?

Transferring file ownership can indeed be a good idea here, however if there are other apps used (calendar, deck, talk or any other app) you would need to check and consider if a transfer or manual import/export there is also available/needed for your users.

DJCrashdummy commented 4 years ago

well... this is some kind of mentioned at the 2nd paragraph of the readme, but indeed not completely clear. do you have suggestions for improvements?

one additional thing @controlcde, you should consider when using more than one IMAP-server (and obviously also domain) in conjunction with stripping domains: how do/can you ensure that the uids are different?!? a quick example with your config.php: the user who uses user@domain1.com to login will get the uid user because of domain stripping... so far so good, but the user with user@domain2.com will also get the uid user. - so these two users are the absolutely identical for nextcloud and will share one and the same account! and yes, this is already mentioned at the general warning in the readme.