Project

General

Profile

Feature #756

Setup LDAP Authentication for ownCloud

Added by Daniel Curtis about 8 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Authentication
Target version:
Start date:
02/25/2016
Due date:
% Done:

100%

Estimated time:
0.50 h
Spent time:

Description

This is a guide on how to setup LDAP authentication for users on ownCloud. The LDAP server is OpenLDAP on FreeBSD 9, but should work on any LDAP server.

Populate the LDAP Server

  • Create the People Organizational Unit ldif file:
    vi ~/people-ou.ldif
    
    • And add the following:
      dn: ou=People,dc=example,dc=com
      objectclass: organizationalUnit
      ou: People
      
  • Import the People OU file into the server:
    ldapadd -D "cn=Manager,dc=example,dc=com" -W -f ~/people-ou.ldif
    
  • Create the bob user ldif file:
    vi ~/bob.ldif
    
    • And add the following:
      dn: cn=Bob Guy,ou=People,dc=example,dc=com
      cn: Bob Guy
      givenname: Bob
      initials: BG
      mail: bob@example.com
      objectclass: inetOrgPerson
      objectclass: organizationalPerson
      objectclass: person
      sn: Guy
      uid: bob
      userpassword: {MD5}X03MO1qnZdYdgyfeuILPmQ==
      
    • NOTE: The password for bob is password.

Setup LDAP Authentication

NOTE: If using LDAP with SSL add the CA certificate used on the LDAP server, or else the connection will not succeed.

  • Edit the ldap config file and add the CA certificate used on the LDAP server
    vi /usr/local/etc/openldap/ldap.conf
    
    • And add the following:
      TLS_CACERT /usr/local/etc/bundle.pem
      
    • NOTE: Add the CA certificate bundle to the bundle.pem file

NOTE: Make sure to set the LDAP users uid to the group memberUid attribute, or else owncloud will not be able to match the LDAP user and groups.

  • Locate and enable LDAP user and group backend.
  • Next go to Username -> Admin and scroll to the LDAP section.
    1. Host: ldap.example.com
    2. Port: 389
    3. User DN: cn=Manager,dc=example,dc=com
    4. Password: SuperSecretPassword
    5. Base DN: dc=example,dc=com
  • Click Continue and select all of the Object Classes in the Users tab.
  • Then click Continue and select:
    1. LDAP / AD Username: [X]
    2. LDAP / AD Email Address: [X]
  • Next click the Advanced -> Directory Settings and select memberUid from the Group-Member association menu.
  • Finally enter in the bob username and test if the connection works. If it does, try logging out and logging into owncloud using the bob user.

NOTE: If you are not using Active Directory, then you may not be using the MemberOf attribute. To disable the use of the MemberOf attribute run the following from the owncloud installation directory:

sudo -u www ./occ ldap:set-config "" useMemberOfToDetectMembership 0

Resources

Also available in: Atom PDF