Add LDAP with existing user / migrate local to ldap user accounts

DerDanilo · November 6, 2019, 4:57pm

After adding LDAP login with the same login credentials the existing user are able to login with both credentials. Local user account and LDAP user account. Since the login attribute is the same they can access their data just fine with either account.
So how does one disable local user account access after successfull LDAP setup?

Does someone have a working FreeIPA filter for LDAP? ‘MemberOf’ should be supported but I couldn’t get the filter working within 10 minutes and wanted to ask before I waste more time.

Thanks!

uosseafile · November 8, 2019, 8:15am

Hi,

can you not just delete the local users from the ccnet-db.EmailUser table?

DerDanilo · November 11, 2019, 2:17pm

Yes we can edit the DB of course. But shouldnt the software be able to handle such switch?
What about all the libraries. Will the ownership still work out?

uosseafile · November 11, 2019, 2:25pm

The repos are owned by user@domain, as you can see in the RepoOwner table in seafile-db. So it shouldn’t matter, if it is a local user or an ldap user. (Of course, that’s only my interpretation )