oauth2 uses internal UUID instead of username

[jnweiger]

Seen with oauth2-0.5.1rc1 on server 10.8.0 with desktop client 2.9.1 and ldap user

# Start dn with uid (user identifier / login), not cn (Firstname + Surname)
dn: uid=einstein,ou=users,dc=owncloud,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ownCloud
objectClass: person
objectClass: posixAccount
objectClass: top
uid: einstein
givenName: Albert
sn: Einstein
cn: albert-einstein
sAMAccountName: AlbertEinstein
displayName: Albert Einstein
mail: [email protected]
uidNumber: 20000
gidNumber: 30000
homeDirectory: /home/einstein
ownCloudUUID:: NGM1MTBhZGEtYzg2Yi00ODE1LTg4MjAtNDJjZGY4MmMzZDUx

• Connect desktop to server using oauth and user einstein -> the connection is shown as
  

• Use account -> logout, followed by account log in -> the oauth browser dialog opens:
  

• Instead of the username the UUID is seen.

• Login with this is not possible in my configuration.

• Changing to login name filed to einstein and logging in results in
  

After "switching", authorization fails, (probably still due to owncloud/oauth2#309)

[michaelstingl]

@jnweiger client log with HTTP? Could you post the response from the user endpoint /ocs/v1.php/cloud/user?format=json

[michaelstingl]

{
  "ocs": {
    "meta": {
      "status": "ok",
      "statuscode": 100,
      "message": "OK",
      "totalitems": "",
      "itemsperpage": ""
    },
    "data": {
      "id": "36a07214-c470-103b-9d15-9bfeddd58623",
      "display-name": "Albert Einstein",
      "email": "[email protected]"
    }
  }
}

@jnweiger clients only rely on information from user endpoint

[michaelstingl]

LDAP Config:

        {
            "id": "user_ldap",
            "name": "LDAP Integration",
            "summary": "Integrate LDAP user directories",
            "description": "Looking to leverage your LDAP-based user directory? ownCloud perfectly integrates with existing infrastructure making professional user management a breeze. With centrally managed directories users can just use their account credentials for ownCloud as with any other service that is provided. Simultaneously IT is relieved as there is no need to care about different user accounts for specific services. Just connect ownCloud to a user directory and you're good to go!\n\nThis application enables administrators to connect ownCloud to an LDAP-based user directory for authenticating and provisioning users, groups and user attributes. Administrators can configure this application to connect to one or more LDAP directories or Active Directories via an LDAP interface. Attributes such as user quota, email, avatar pictures, group memberships and more can be pulled into ownCloud from a directory with the appropriate queries and filters.\n\nA user logs into ownCloud with their LDAP\/AD credentials, and is granted access based on an authentication request handled by the LDAP\/AD server. ownCloud does not store LDAP\/AD passwords, rather these credentials are used to authenticate a user. ownCloud then uses a session for the user ID. More information is available in the [LDAP User and Group Backend documentation](https:\/\/doc.owncloud.com\/server\/latest\/admin_manual\/configuration\/user\/user_auth_ldap.html).\n\n",
            "licence": "AGPL",
            "author": "J\u00f6rn Friedrich Dreyer, Tom Needham, Juan Pablo Villafa\u00f1ez Ramos, Dominik Schmidt and Arthur Schiwon",
            "version": "0.15.4",
            "types": [
                "authentication"
            ],
            "documentation": {
                "admin": "https:\/\/doc.owncloud.com\/server\/latest\/admin_manual\/configuration\/user\/user_auth_ldap.html"
            },
            "category": "integration",
            "screenshot": "https:\/\/raw.githubusercontent.com\/owncloud\/screenshots\/master\/user_ldap\/ownCloud-app-ldap-user-management.jpg",
            "dependencies": {
                "lib": "ldap",
                "owncloud": {
                    "@attributes": {
                        "min-version": "10.4",
                        "max-version": "10"
                    }
                }
            },
            "namespace": "User_LDAP",
            "settings": {
                "admin": "OCA\\User_LDAP\\AdminPanel"
            },
            "commands": [
                "OCA\\User_LDAP\\Command\\ShowConfig",
                "OCA\\User_LDAP\\Command\\SetConfig",
                "OCA\\User_LDAP\\Command\\TestConfig",
                "OCA\\User_LDAP\\Command\\CreateEmptyConfig",
                "OCA\\User_LDAP\\Command\\DeleteConfig",
                "OCA\\User_LDAP\\Command\\Search",
                "OCA\\User_LDAP\\Command\\CheckUser"
            ],
            "use-migrations": "true",
            "info": [],
            "remote": [],
            "public": [],
            "repair-steps": {
                "install": [],
                "pre-migration": [],
                "post-migration": [],
                "live-migration": [],
                "uninstall": []
            },
            "background-jobs": [],
            "two-factor-providers": [],
            "_cached": true,
            "groups": null,
            "active": true,
            "level": 100,
            "removable": true,
            "internal": false,
            "preview": "\/apps\/user_ldap\/img\/app.svg",
            "previewAsIcon": true,
            "appconfig": {
                "enabled": "yes",
                "installed_version": "0.15.4",
                "reuse_accounts": "yes",
                "s01has_memberof_filter_support": "",
                "s01home_folder_naming_rule": "",
                "s01last_jpegPhoto_lookup": "0",
                "s01ldap_agent_password": "***REMOVED SENSITIVE VALUE***",
                "s01ldap_attributes_for_group_search": "",
                "s01ldap_attributes_for_user_search": "",
                "s01ldap_backup_host": "",
                "s01ldap_backup_port": "",
                "s01ldap_base": "dc=example,dc=com",
                "s01ldap_base_groups": "dc=example,dc=com",
                "s01ldap_base_users": "dc=example,dc=com",
                "s01ldap_cache_ttl": "600",
                "s01ldap_configuration_active": "1",
                "s01ldap_display_name": "cn",
                "s01ldap_dn": "cn=admin,dc=example,dc=com",
                "s01ldap_dynamic_group_member_url": "",
                "s01ldap_email_attr": "mail",
                "s01ldap_experienced_admin": "0",
                "s01ldap_expert_username_attr": "cn",
                "s01ldap_expert_uuid_group_attr": "",
                "s01ldap_expert_uuid_user_attr": "entryuuid",
                "s01ldap_group_display_name": "cn",
                "s01ldap_group_filter": "(|(objectclass=posixGroup)(objectclass=group))",
                "s01ldap_group_filter_mode": "1",
                "s01ldap_group_member_assoc_attribute": "uniqueMember",
                "s01ldap_groupfilter_groups": "",
                "s01ldap_groupfilter_objectclass": "posixGroup",
                "s01ldap_host": "ldap:\/\/95.217.210.161",
                "s01ldap_login_filter": "(&(|(objectclass=inetOrgPerson)(objectclass=organizationalPerson))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))(|(cn=%uid)(displayName=%uid)(givenName=%uid)(mail=%uid)(sn=%uid)(uid=%uid))))",
                "s01ldap_login_filter_mode": "0",
                "s01ldap_loginfilter_attributes": "cn\ndisplayName\ngivenName\nmail\nsn\nuid",
                "s01ldap_loginfilter_email": "1",
                "s01ldap_loginfilter_username": "1",
                "s01ldap_nested_groups": "0",
                "s01ldap_network_timeout": "20",
                "s01ldap_override_main_server": "",
                "s01ldap_paging_size": "500",
                "s01ldap_port": "389",
                "s01ldap_quota_attr": "roomNumber",
                "s01ldap_quota_def": "66 MB",
                "s01ldap_tls": "0",
                "s01ldap_turn_off_cert_check": "0",
                "s01ldap_user_display_name_2": "displayname",
                "s01ldap_user_filter_mode": "0",
                "s01ldap_user_name": "samaccountname",
                "s01ldap_userfilter_groups": "",
                "s01ldap_userfilter_objectclass": "",
                "s01ldap_userlist_filter": "(|(objectclass=inetOrgPerson)(objectclass=organizationalPerson))",
                "s01use_memberof_to_detect_membership": "1",
                "s02has_memberof_filter_support": "0",
                "s02home_folder_naming_rule": "",
                "s02last_jpegPhoto_lookup": "0",
                "s02ldap_agent_password": "***REMOVED SENSITIVE VALUE***",
                "s02ldap_attributes_for_group_search": "",
                "s02ldap_attributes_for_user_search": "",
                "s02ldap_backup_host": "",
                "s02ldap_backup_port": "",
                "s02ldap_base": "dc=owncloud,dc=com",
                "s02ldap_base_groups": "dc=owncloud,dc=com",
                "s02ldap_base_users": "dc=owncloud,dc=com",
                "s02ldap_cache_ttl": "600",
                "s02ldap_configuration_active": "1",
                "s02ldap_display_name": "displayName",
                "s02ldap_dn": "cn=admin,dc=owncloud,dc=com",
                "s02ldap_dynamic_group_member_url": "",
                "s02ldap_email_attr": "mail",
                "s02ldap_experienced_admin": "0",
                "s02ldap_expert_username_attr": "",
                "s02ldap_expert_uuid_group_attr": "",
                "s02ldap_expert_uuid_user_attr": "entryuuid",
                "s02ldap_group_display_name": "cn",
                "s02ldap_group_filter": "",
                "s02ldap_group_filter_mode": "0",
                "s02ldap_group_member_assoc_attribute": "uniqueMember",
                "s02ldap_groupfilter_groups": "",
                "s02ldap_groupfilter_objectclass": "",
                "s02ldap_host": "172.17.0.3",
                "s02ldap_login_filter": "(&(|(objectclass=inetOrgPerson))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))(|(displayName=%uid))))",
                "s02ldap_login_filter_mode": "0",
                "s02ldap_loginfilter_attributes": "displayName",
                "s02ldap_loginfilter_email": "1",
                "s02ldap_loginfilter_username": "1",
                "s02ldap_nested_groups": "0",
                "s02ldap_network_timeout": "2",
                "s02ldap_override_main_server": "",
                "s02ldap_paging_size": "500",
                "s02ldap_port": "389",
                "s02ldap_quota_attr": "",
                "s02ldap_quota_def": "",
                "s02ldap_tls": "0",
                "s02ldap_turn_off_cert_check": "0",
                "s02ldap_user_display_name_2": "",
                "s02ldap_user_filter_mode": "0",
                "s02ldap_user_name": "samaccountname",
                "s02ldap_userfilter_groups": "",
                "s02ldap_userfilter_objectclass": "inetOrgPerson",
                "s02ldap_userlist_filter": "(|(objectclass=inetOrgPerson))",
                "s02use_memberof_to_detect_membership": "1",
                "types": "authentication"
            }
        },

[voroyam]

Need to set following parameters:

ldap_expert_username_attr": "samaccountname",