dockerfiles
dockerfiles copied to clipboard
[nextcloud] LDAP support
I have a running owncloud container with external LDAP support.
When I cut-and-paste the values from the container into wonderfall/nextcloud it does not work. This happens when I try:
- set my base
ldaps://URL:636
URL - automatic port detection: does not work (does with owncloud image)
- testing of base dn: does not work (does with owncloud image)
I'd like to help you but unfortunately I don't use LDAP auth myself. As far as I know php ldap extension is the main requirement, isn't it?
https://docs.nextcloud.com/server/11.0/admin_manual/configuration_user/user_auth_ldap.html
I have pretty much the same information as you do ... I guess so. If that is not in the current image that would be a great first step I think ;) .
if you want to test - you can make a test account on a hosted LDAP service and test with this. (googling "hosted ldap" gives JumpCloud and FoxPass, both seem to have a free offering with a limited user set)
https://github.com/Wonderfall/dockerfiles/blob/master/nextcloud/11.0/Dockerfile#L63 I thought it'd be enough.
Well I'll try LDAP myself
For me LDAP auth works with an unencrypted connection only. Ldap with TLS (ldaps) does not work. I'm not sure what is missing exactly but for sure some kind of ssl/tls libraries are missing.
@dasmaeh
Maybe Nextcloud doesn't accept your LDAP's certificate. Have you imported it into Nextcloud?
Alternatively, you could temporarily disable certificate checking by setting turnOffCertCheck to 1:
occ ldap:set-config <configID> turnOffCertCheck 1
That way you could at least eliminate the certificate being the cause for your connection problems.
@Mansarde the thing is, it works just like that with the original owncloud container (value copy-and-paste between the running instances images). also the certificate of the service I use is correctly signed (otherwise all my other connections to this LDAPS would break as well).
@Mansarde Sure I could do that. But it should not be necessary as the certificate is a letsencrypt certificate working well in all other services as well as in Apache Directory Studio I can see the following in my LDAP server's debug log, when trying to connect via ldaps on port 636:
59133997 conn=3814 fd=15 ACCEPT from IP=172.xx.xx.xx:49496 (IP=0.0.0.0:636)
TLS: can't accept: A TLS fatal alert has been received..
59133997 conn=3814 fd=15 closed (TLS negotiation `failure)
That leads me to the conclusion that some library is missing or there is no cipoher suite supported by both servers.
I use JumpCloud for my home Wifi authentication and a few other minor projects - it's free up to a certain number of accounts (I think 5 or 10), so it would be a good testing option.
@dasmaeh We are experiencing the same issue did you get a solution to it?
I know I've gotten it connected over LDAP, not sure if something is missing for LDAPS.