diff --git a/admin_manual/configuration_user/user_auth_ldap.rst b/admin_manual/configuration_user/user_auth_ldap.rst index c7b15e2e2..93bfbf599 100644 --- a/admin_manual/configuration_user/user_auth_ldap.rst +++ b/admin_manual/configuration_user/user_auth_ldap.rst @@ -537,6 +537,14 @@ Compared to earlier ownCloud versions, no further tweaks need to be done to make ownCloud work with Active Directory. ownCloud will automatically find the correct configuration in the set-up process. +memberOf / Read MemberOf permissions +------------------------------------ + +If you want to use ``memberOf`` within your filter you might need to give your +querying user the permissions to use it. For Microsoft Active Directory this +is described `here `_. + Duplicating Server Configurations --------------------------------- @@ -559,7 +567,7 @@ ownCloud LDAP Internals Some parts of how the LDAP backend works are described here. User and Group Mapping ----------------------- +^^^^^^^^^^^^^^^^^^^^^^ In ownCloud the user or group name is used to have all relevant information in the database assigned. To work reliably a permanent internal user name and @@ -579,41 +587,15 @@ it into production. The mapping tables are filled early, but as long as you are testing, you can empty the tables any time. Do not do this in production. Caching -------- +^^^^^^^ The LDAP cache has changed in ownCloud 8.1. There is no more file cache, but only a memory cache, and you must install and configure the memory cache (see -:doc:`../configuration_server/caching_configuration`). The -simplest memory cache to use is APCu. This is supplied by the ``php5-apcu`` -package on Debian/Ubuntu/Mint, and by ``php-pecl-apcu`` on Red -Hat/CentOS/Fedora. - -After installing APCu you must modify ``config.php`` to select APCu as the -ownCloud cache:: - - 'memcache.local' => '\OC\Memcache\APCu', - -The ownCloud **Cache** helps to speed up user interactions and sharing. It is -populated on demand, and remains populated until the **Cache Time-To-Live** for -each unique request expires. User logins are not cached, so if you need to -improve login times set up a slave LDAP server to share the load. - -The Redis key-value cache and store is an excellent fast and robust cache, and -if you are using :doc:`Transaction File Locking -<../configuration_files/files_locking_transactional>`) then you must use Redis. -A Redis configuration looks like this:: - - 'filelocking.enabled' => 'true', - 'memcache.local' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => 'localhost', - 'port' => 6379, - 'timeout' => 0.0, - ), - -Redis is supplied by the ``redis-server`` and ``php5-redis`` packages on -Debian/Ubuntu/Mint, and on Red Hat/CentOS/Fedora by ``redis`` and -``php-pecl-redis`` from the EPEL repository. +:doc:`../configuration_server/caching_configuration`). The ownCloud **Cache** +helps to speed up user interactions and sharing. It is populated on demand, +and remains populated until the **Cache Time-To-Live** for each unique request +expires. User logins are not cached, so if you need to improve login times set +up a slave LDAP server to share the load. You can adjust the **Cache Time-To-Live** value to balance performance and freshness of LDAP data. All LDAP requests will be cached for 10 minutes by @@ -641,7 +623,7 @@ defunct, for example due to a server migration or unreachable server. In this case the other servers will also receive the request. Handling with Backup Server ---------------------------- +^^^^^^^^^^^^^^^^^^^^^^^^^^^ When ownCloud is not able to contact the main LDAP server, ownCloud assumes it is offline and will not try to connect again for the time specified in **Cache