user_ldap icon indicating copy to clipboard operation
user_ldap copied to clipboard
verified publisher icon owncloud

fix saml login for good

Open butonic opened this issue 7 years ago • 2 comments

if cn or uid aru used in the saml token, the ldap app will not use them, because core currently has to use the getUsers method, which does a generic user search ... and also appends a wildcard, which is why using the email in the token is recommended to prevent ambiguous logins where more than one user matches the filter.

The proper solution in core is to introduce an api that tries to lookup a single user.

A quickfix in user_ldap would be to add the login attribute to the search filter in https://github.com/owncloud/user_ldap/blob/master/lib/User/Manager.php#L552-L556

butonic avatar Apr 10 '18 13:04 butonic

old ticket, no one actively working -> backlog

PVince81 avatar Jul 24 '18 12:07 PVince81

related https://github.com/owncloud/user_ldap/pull/238 and https://github.com/owncloud/core/issues/29503#issuecomment-462800169

butonic avatar Feb 18 '19 11:02 butonic