dockerfiles icon indicating copy to clipboard operation
dockerfiles copied to clipboard

Published 20 hours ago verified publisher icon Wonderfall

[nextcloud] LDAP support

Open flypenguin opened this issue 7 years ago • 10 comments

I have a running owncloud container with external LDAP support.

When I cut-and-paste the values from the container into wonderfall/nextcloud it does not work. This happens when I try:

  • set my base ldaps://URL:636 URL
  • automatic port detection: does not work (does with owncloud image)
  • testing of base dn: does not work (does with owncloud image)

flypenguin avatar Jan 13 '17 10:01 flypenguin

I'd like to help you but unfortunately I don't use LDAP auth myself. As far as I know php ldap extension is the main requirement, isn't it?

https://docs.nextcloud.com/server/11.0/admin_manual/configuration_user/user_auth_ldap.html

Wonderfall avatar Jan 18 '17 08:01 Wonderfall

I have pretty much the same information as you do ... I guess so. If that is not in the current image that would be a great first step I think ;) .

if you want to test - you can make a test account on a hosted LDAP service and test with this. (googling "hosted ldap" gives JumpCloud and FoxPass, both seem to have a free offering with a limited user set)

flypenguin avatar Jan 18 '17 09:01 flypenguin

https://github.com/Wonderfall/dockerfiles/blob/master/nextcloud/11.0/Dockerfile#L63 I thought it'd be enough.

Well I'll try LDAP myself

Wonderfall avatar Jan 18 '17 20:01 Wonderfall

For me LDAP auth works with an unencrypted connection only. Ldap with TLS (ldaps) does not work. I'm not sure what is missing exactly but for sure some kind of ssl/tls libraries are missing.

jckoester avatar May 09 '17 20:05 jckoester

@dasmaeh Maybe Nextcloud doesn't accept your LDAP's certificate. Have you imported it into Nextcloud? Alternatively, you could temporarily disable certificate checking by setting turnOffCertCheck to 1: occ ldap:set-config <configID> turnOffCertCheck 1

That way you could at least eliminate the certificate being the cause for your connection problems.

Mansarde avatar May 10 '17 14:05 Mansarde

@Mansarde the thing is, it works just like that with the original owncloud container (value copy-and-paste between the running instances images). also the certificate of the service I use is correctly signed (otherwise all my other connections to this LDAPS would break as well).

flypenguin avatar May 10 '17 14:05 flypenguin

@Mansarde Sure I could do that. But it should not be necessary as the certificate is a letsencrypt certificate working well in all other services as well as in Apache Directory Studio I can see the following in my LDAP server's debug log, when trying to connect via ldaps on port 636:

59133997 conn=3814 fd=15 ACCEPT from IP=172.xx.xx.xx:49496 (IP=0.0.0.0:636)
TLS: can't accept: A TLS fatal alert has been received..
59133997 conn=3814 fd=15 closed (TLS negotiation `failure)

That leads me to the conclusion that some library is missing or there is no cipoher suite supported by both servers.

jckoester avatar May 10 '17 16:05 jckoester

I use JumpCloud for my home Wifi authentication and a few other minor projects - it's free up to a certain number of accounts (I think 5 or 10), so it would be a good testing option.

benyanke avatar Sep 21 '17 13:09 benyanke

@dasmaeh We are experiencing the same issue did you get a solution to it?

jai3091 avatar Aug 27 '18 11:08 jai3091

I know I've gotten it connected over LDAP, not sure if something is missing for LDAPS.

benyanke avatar Aug 29 '18 04:08 benyanke