Problem Sharing file with LDAP username invalid


#1

Hello there,

we are using Seafile Server 5.1.4 in our professional environment. After the evaluation process we decided to switch the Login Attribute from mail addresses to account names.

So the ccnet.conf contains the following:

LOGIN_ATTR = sAMAccountName

This works without any flaws, except the sharing of libraries to users. If I try to share a library with a user I get the error
np1024: username invalid. while np1024 is the username. Adding a user to a group and share the library to a group is working without any issues. Unless it is a workaround, it works.

Using an old user which was created using the mail address as the attribute works as well.

Are there any suggestions or bugfixes to this issues?

Best regards,

Andreas Till


#2

Hi Andreas,

As we documented here: http://manual.seafile.com/deploy/using_ldap.html, and http://manual.seafile.com/deploy_pro/using_ldap_pro.html

LOGIN_ATTR can only be Email address or UserPrincipalName:

If you use sAMAccountName, the user sharing can’t work, also email sending can’t work.

If you like users be able to login via Login Attribute, you need to use the LDAP syncing feature in professional edition. With this feature, you can sync Login Attribute to Seafile’s internal database as login_id. So users can use login_id to login the system. You can also sync user’s name and email from LDAP to Seafile. In this way, the auto-completion will work better and email sending will work.

Best regards,
Daniel Pan


#3

Hey daniel,

thanks for your respond. I changed the Attribute to UserPrincipalName.

We still consider to upgrade to Seafile Pro, once everything runs smoothly and nice.

Thank you.

Best regards,

Andreas Till


#4

Hi Daniel,

Sorry for opening an old thread. I faced the same problem and I’d like to better understand it. I’m using the Community edition of Seafile.

I’m using the LDAP uid attribute to login the users, and it works except for the Share to user feature. I prefer not to use mail as a LOGIN_ATTR because my team’s emails are not standardised.

Does this mean that Sharing to user won’t work regardless of whether I use the Community or Pro edition?

Thanks!


#5

Hi,

The LDAP uid should not be used as the unique identifier for a user. This is by design. Even though some features can work, we can’t guarantee there will not broken in the future.

If you want to let users use uid to login, you can should the pro edition, and sync uid to Seafile’s user_id field.


#6

Thanks Daniel! That clears things up. I’ll propose to my team your suggestion.