Open rhafer opened 1 year ago
The helm charts configure the graph API to use the cs3 users backend. The user management UI tries to list all users (issueing a graph request with an empty search string):
curl 'https://ocis.owncloud.kube/graph/v1.0/users?%24top=0&%24skip=0&%24search=&%24filter=&%24count=false&%24orderby=displayName&%24select=&%24expand=memberOf'
When LDAP_USER_SUBSTRING_FILTER_TYPE
is set to any
(or default since #4282) the LDAP backend in the CS3 users service will generate an invalid LDAP filter for it. (e.g. (uid=**)
instead of (uid=*)
). This needs to be fixed in the cs3 user provider.
@NexZhu I think the easiest temporary workaround for you setup would be to reconfigure your helm chart and set externalUserManagement.ldap.substringFilterType=initial
. The downside would be, that until we have a real fix your user will not be able to do a full substring search for users when try to create file shares (see #4282).
@micbar To avoid this becoming a blocker for ocis, I think we can change the helm chart to deploy the graph service to use the LDAP backend instead of the CS3 backend.
Thank you!
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 10 days if no further activity occurs. Thank you for your contributions.
This is happening when using an external IDP / external LDAP configuration (setup with our helm chart). Trying to list all users in the user-management (e.g. to assign roles) results in invalid LDAP filters.
@NexZhu I was able to reproduce the problem. It seems to be caused by a bug in the user provider, which constructs a broken LDAP filter under certain circumstances. I'll open a new issue for this with some background and a possible workaround.
Originally posted by @rhafer in https://github.com/owncloud/ocis/issues/5045#issuecomment-1329370022