Cannot login after PR #1390

[wkloucek]

Describe the bug

When updating a pre #1390 oCIS (eg. v1.1.0) to a post #1390 oCIS (eg. latest), you can not login in oCIS web.

This seems to be due the missing "idp" system user which should replace the "konnectd" system user

{"level":"error","service":"glauth","error":"{\"id\":\"com.owncloud.api.accounts\",\"code\":401,\"detail\":\"account not found or invalid credentials\",\"status\":\"Unauthorized\"}","handler":"ocis","username":"idp","binddn":"cn=idp,ou=sysusers,dc=example,dc=org","src":{"IP":"::1","Port":49670,"Zone":""},"time":"2021-01-29T17:51:36.20527641+01:00","message":"Login failed"}
{"level":"error","service":"idp","error":"ldap identifier backend logon connect error: LDAP Result Code 49 \"Invalid Credentials\": ","time":"2021-01-29T17:51:36.205953665+01:00","message":"identifier failed to logon with backend"}

Steps to reproduce

Steps to reproduce the behavior:

1. set up pre Rename Konnectd to IDP #1390 oCIS (eg. v1.1.0)
2. update it to post Rename Konnectd to IDP #1390 oCIS (eg. latest)
3. see that you can not log in anymore
4. remove /var/tmp/ocis (fully reset oCIS) and you can log in again

Expected behavior

An automatic migration should happen or at least the user must be informed about that breaking change and the manual migration steps. This must be prominently placed in the changelog.

Actual behavior

User cannot log in anymore. There is no information that this will happen and how to resolve it

Setup

Affects all seupts

Additional context

[wkloucek]

@IljaN I did not think about this when I did the review :-(

[C0rby]

If no custom accounts were manually added you can run rm -rf /var/tmp/ocis/storage/metadata/nodes/root/accounts as a quick fix. WARNING: You will lose non standard accounts

[wkloucek]

@IljaN @C0rby Minimal non destructive migration method:

Find file in /var/tmp/ocis/storage/metadata/nodes/root/accounts wich contains the following content, where xxxxxxxxxxxxxxxx is an unique id (varies between installations of oCIS).

This can be done with following command: grep --exclude=\*.REV\* -rnw /var/tmp/ocis -e '"onPremisesSamAccountName":"konnectd"'

{"id":"xxxxxxxxxxxxxxxx","accountEnabled":true,"displayName":"Kopano Konnectd","preferredName":"konnectd","uidNumber":"10000","gidNumber":"15000","mail":"[email protected]","passwordProfile":{"password":"$2a$11$ntoTP2W/kyQIuoYpH5mRBuNzaEERYWSwn/zCsY5rtffen4d41y9.6"},"memberOf":[{"id":"34f38767-c937-4eb6-b847-1c175829a2a0"}],"onPremisesSamAccountName":"konnectd"}

In this file:

• password must be set to $2y$12$ywfGLDPsSlBTVZU0g.2GZOPO8Wap3rVOpm8e3192VlytNdGWH7x72
• onPremisesSamAccountName must be set to idp
• preferredName must be set to idp