@@ -1080,8 +1080,13 @@ you can run the following LDAP commands with ``occ``::
1080
1080
LDAP anymore, but have remnants in
1081
1081
Nextcloud.
1082
1082
ldap:test-config tests an LDAP configuration
1083
+ ldap:test-user-settings runs tests and show information about user
1084
+ related LDAP settings
1083
1085
1084
- Search for an LDAP user, using this syntax::
1086
+ ldap\: search
1087
+ ^^^^^^^^^^^^
1088
+
1089
+ Search for an LDAP user, using this syntax
1085
1090
1086
1091
sudo -u www-data php occ ldap:search [--group] [--offset="..."]
1087
1092
[--limit="..."] search
@@ -1107,21 +1112,30 @@ connected to an LDAP server::
1107
1112
1108
1113
sudo -u www-data php occ ldap:check-user robert
1109
1114
1110
- ``ldap:check-user `` will not run a check when it finds a disabled LDAP
1115
+ ldap\: check-user
1116
+ ^^^^^^^^^^^^^^^^
1117
+
1118
+ Will not run a check when it finds a disabled LDAP
1111
1119
connection. This prevents users that exist on disabled LDAP connections from
1112
1120
being marked as deleted. If you know for certain that the user you are searching for
1113
1121
is not in one of the disabled connections, and exists on an active connection,
1114
1122
use the ``--force `` option to force it to check all active LDAP connections::
1115
1123
1116
1124
sudo -u www-data php occ ldap:check-user --force robert
1117
1125
1118
- ``ldap:check-group `` checks whether a group still exists in the LDAP directory.
1126
+ ldap\: check-group
1127
+ ^^^^^^^^^^^^^^^^^
1128
+
1129
+ Checks whether a group still exists in the LDAP directory.
1119
1130
Use with ``--update `` to update the group membership cache on the Nextcloud side::
1120
1131
1121
1132
sudo -u www-data php occ ldap:check-group --update mygroup
1122
1133
1123
- ``ldap:create-empty-config `` creates an empty LDAP configuration. The first
1124
- one you create has ``configID `` ``s01 ``, and all subsequent configurations
1134
+ ldap\: create-empty-config
1135
+ ^^^^^^^^^^^^^^^^^^^^^^^^^
1136
+
1137
+ Creates an empty LDAP configuration. The first one you create
1138
+ has ``configID `` ``s01 ``, and all subsequent configurations
1125
1139
that you create are automatically assigned IDs::
1126
1140
1127
1141
sudo -u www-data php occ ldap:create-empty-config
@@ -1135,24 +1149,78 @@ And view the configuration for a single configID::
1135
1149
1136
1150
sudo -u www-data php occ ldap:show-config s01
1137
1151
1138
- ``ldap:delete-config [configID] `` deletes an existing LDAP configuration::
1152
+ ldap\: delete-config
1153
+ ^^^^^^^^^^^^^^^^^^^
1154
+
1155
+ Deletes an existing LDAP configuration::
1139
1156
1140
1157
sudo -u www-data php occ ldap:delete s01
1141
1158
Deleted configuration with configID 's01'
1142
1159
1143
- The ``ldap:set-config `` command is for manipulating configurations, like this
1160
+ ldap\: set-config
1161
+ ^^^^^^^^^^^^^^^^
1162
+
1163
+ This command is for manipulating configurations, like this
1144
1164
example that sets search attributes::
1145
1165
1146
1166
sudo -u www-data php occ ldap:set-config s01 ldapAttributesForUserSearch
1147
1167
"cn;givenname;sn;displayname;mail"
1148
1168
1149
- ``ldap:test-config `` tests whether your configuration is correct and can bind to
1169
+ ldap\: test-config
1170
+ ^^^^^^^^^^^^^^^^^
1171
+
1172
+ Tests whether your configuration is correct and can bind to
1150
1173
the server::
1151
1174
1152
1175
sudo -u www-data php occ ldap:test-config s01
1153
1176
The configuration is valid and the connection could be established!
1154
1177
1155
- ``ldap:show-remnants `` is for cleaning up the LDAP mappings table, and is
1178
+ ldap\: test-user-settings
1179
+ ^^^^^^^^^^^^^^^^^^^^^^^^
1180
+
1181
+ Tests user-related LDAP settings::
1182
+
1183
+ sudo -u www-data php occ ldap:test-user-settings "cn=philip j. fry,ou=people,dc=planetexpress,dc=com" --group "Everyone"
1184
+
1185
+ User cn=philip j. fry,ou=people,dc=planetexpress,dc=com is mapped with account name fry.
1186
+ Known UUID is ce6cd914-71d5-103f-95a8-ad2dab17b2f9.
1187
+ Configuration prefix is s01
1188
+
1189
+ Attributes set in configuration:
1190
+ - ldapExpertUsernameAttr: uid
1191
+ - ldapUuidUserAttribute: auto
1192
+ - ldapEmailAttribute: mail
1193
+ - ldapUserDisplayName: cn
1194
+
1195
+ Attributes fetched from LDAP using filter (|(objectclass=inetOrgPerson)):
1196
+ - entryuuid: ["ce6cd914-71d5-103f-95a8-ad2dab17b2f9"]
1197
+ - uid: ["fry"]
1198
+
1199
+ - cn: ["Philip J. Fry"]
1200
+
1201
+ Detected UUID attribute: entryuuid
1202
+
1203
+ UUID for cn=philip j. fry,ou=people,dc=planetexpress,dc=com: ce6cd914-71d5-103f-95a8-ad2dab17b2f9
1204
+
1205
+ Group information:
1206
+ Configuration:
1207
+ - ldapGroupFilter: (|(objectclass=groupOfNames))
1208
+ - ldapGroupMemberAssocAttr: member
1209
+
1210
+ Primary group:
1211
+ Group from gidNumber:
1212
+ All known groups: ["Ship crew", "Everyone"]
1213
+ MemberOf usage: off (0,1)
1214
+
1215
+ Group Everyone:
1216
+ Group cn=everyone,ou=groups,dc=planetexpress,dc=com is mapped with name Everyone.
1217
+ Known UUID is ce8b61c2-71d5-103f-95af-ad2dab17b2f9.
1218
+ Members: ["bender", "fry", "leela"]
1219
+
1220
+ ldap\: show-remnants
1221
+ ^^^^^^^^^^^^^^^^^^^
1222
+
1223
+ Used to cleaning up the LDAP mappings table, and is
1156
1224
documented in :doc: `../configuration_user/user_auth_ldap_cleanup `.
1157
1225
1158
1226
.. _logging_commands_label :
0 commit comments