The string 1.2.840.113522.214.171.1241 specifies LDAP_MATCHING_RULE_IN_CHAIhttp://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx
N. This applies only to DN attributes. This is an extended match operator that walks the chain of ancestry in objects all the way to the root until it finds a match. This reveals group nesting. It is available only on domain controllers with Windows Server 2003 SP2 or Windows Server 2008 (or above).
E.g. All members of specified group, including due to group nesting
.4.1941:= cn=Test,ou=East,dc=Domain, dc=com)
Many times you can take advantage of the fact that only one class of object in Active Directory has a particular attribute. For example, only group objects have the groupType and member attributes. This allows you to filter on groupType with a clause like (groupType=2) without using a second clause restricting the query to group objects, like (objectCategory=group). However, if your query only has the one filter, it will be checked against all objects in Active Directory. It turns out that if you also use the second clause (to restrict the query to groups), it runs faster. The results will be the same, and in most cases the time difference doesn't matter much, but a filter like (&(objectCategory=group)(m
ember=cn=J im Smith,ou=West,dc=MyDomain, dc=com)) is much faster than simply (member=cn=Jim Smith,ou=West,dc=MyDomain, dc=com).
E.g. All groups specified user belongs to, including due to group nesting
.1941:= cn=Jim Smith,ou=West,dc=Domain,dc =com)
User Search Attributes: If an attribute is not available on a user object, the user will not be listed, and will be unable to login. This also affects the display name attribute. If you override the default you must specify the display name attribute here. Example:
Internal Username:Also, it is stated there is a "Test Configuration" button on the bottom of the LDAP settings section.
The internal username is the identifier in ownCloud for LDAP users. By default it will be created from the UUID attribute. The UUID attribute ensures that the username is unique, and that characters do not need to be converted....You can override all of this with the Internal Username setting. Leave it empty for default behaviour. Changes will affect only newly mapped LDAP users. Example:
Override UUID detection
By default, ownCloud auto-detects the UUID attribute. The UUID attribute is used to uniquely identify LDAP users and groups. The internal username will be created based on the UUID, if not specified otherwise.
You can override the setting and pass an attribute of your choice. You must make sure that the attribute of your choice can be fetched for both users and groups and it is unique. Leave it empty for default behaviour. Changes will have effect only on newly mapped LDAP users and groups. It also will have effect when a user’s or group’s DN changes and an old UUID was cached, which will result in a new user.
Because of this, the setting should be applied before putting ownCloud in production use and clearing the bindings (see the User and Group Mapping section below). Example: cn
In case the configuration fails, you can see details in ownCloud’s log, which is in the data directory and called owncloud.log or on the bottom the Settings – Admin page. You must refresh the Admin page to see the new log entries.
User and Group Mapping
In ownCloud the user or group name is used to have all relevant information in the database assigned. To work reliably a permanent internal user name and group name is created and mapped to the LDAP DN and UUID. If the DN changes in LDAP it will be detected, and there will be no conflicts.
It will always check the values as currently given in the input fields. You do not need to save before testing. By clicking on the button, ownCloud will try to bind to the ownCloud server with the settings currently given in the input fields.https://doc.owncloud.org/server/7.0/admin_manual/configuration/user_auth_ldap.html