Author Topic: Owncloud 4.5, LDAP and Zentyal  (Read 27877 times)

obimichael

  • Zen Monk
  • **
  • Posts: 60
  • Karma: +3/-0
    • View Profile
Owncloud 4.5, LDAP and Zentyal
« on: October 13, 2012, 10:23:09 pm »
I had some problems with Owncloud, Zentyal and LDAP but it is working now, so I wanted to share the Parameters.

Owncloud - LDAP Settings vs. Zentyal - LDAP Settings.

[LDAP-Basic]
Owncloud-ParameterZentyal-Parameter
Host127.0.0.1
Base-DNBase-DN
User-DNRoot-DN
PasswordPassword

[LDAP-Basic]
Owncloud-ParameterSettings
User Login Filteruid=%uid
User List FilterobjectClass=person
Group FilterobjectClass=posixGroup

[Advanced]
Owncloud-ParameterZentyal-Parameter
Base User TreeUser-DN
Base Group TreeGroups DN
« Last Edit: October 13, 2012, 10:24:52 pm by obimichael »

ichat

  • Zen Hero
  • *****
  • Posts: 795
  • Karma: +28/-16
  • RTFM!
    • View Profile
Re: Owncloud 4.5, LDAP and Zentyal
« Reply #1 on: October 14, 2012, 01:21:43 pm »
first of all thank you for sharing this information...

there is however 1 small problem for those  who who use samba 4 and  organaisational units, (OU's)

witch changes the user directive from   ou=users    to ou=???     if im not mistaking?????

On behalf off many of those users facing this problem in the future i would like to ask how this can be solved.  or explained how big the impact is, 

i would hope to someday soon, see a complete ownclouwd intergration wiki page out there,  witch solves most of a number of issues people can come accross ... it really IS a beautyfull tool ... 

 
All tips hints and advices are based on my personal experience.
As I try my best to be as accurate as possible, following my advice is always at your own risk,
I claim absolutely NO responsibility in any way!

chymian

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +1/-0
    • View Profile
Re: Owncloud 4.5, LDAP and Zentyal
« Reply #2 on: November 20, 2012, 08:13:05 pm »
hi all,
I do have owncloud 4.5.2 successfully running on my "old" and live zentyal box 2.2. with ldap-integration

on an 3.0 testbox, I can't get ldap-users to work, besides that the ldap-port moved from standard to 390…
is that, what ichat mentioned?

can anybody point me into the right direction?

tia,
günter

mwellnitz

  • Zen Apprentice
  • *
  • Posts: 10
  • Karma: +2/-0
  • http://www.fragen-sie-ihren-administrator.de/
    • View Profile
    • Marcus Linux Blog
Re: Owncloud 4.5, LDAP and Zentyal
« Reply #3 on: November 30, 2012, 11:16:50 am »
HOWTO OwnCloud 4.5.X and Zentyal 3.0

You have to do some special adjustments with this combination and I want to give you the whole configuration to be done.
While there are no Ubuntu packages (PPA) available I will install plain OwnCloud Sources

Install Zentyal
I think you know how to install it ;-)
  • My actual version is 2.3.24 but it should work for 3.0
  • Configure your LDAP

Install OwnCloud via plain tar.bz2 deploy
--> the actual Version is 4.5.3
Cleanup (if you did tests already)
Code: [Select]
aptitude purge owncloud
rm -r /var/lib/owncloud/config /var/lib/owncloud/data /etc/apache2/conf.d/owncloud.conf

mysql -p
  select * from mysql.user;
  DROP USER 'owncloud'@'localhost';
  FLUSH PRIVILEGES;
  drop database owncloud;
commit;
exit
Code: [Select]
TARFILE="owncloud-4.5.3.tar.bz2"
cd /tmp
wget http://mirrors.owncloud.org/releases/${TARFILE}
tar -xjvf ${TARFILE}
rm -r /var/www/owncloud
mv owncloud /var/www/
mkdir -p /var/www/owncloud/install/data
chown -R www-data:www-data /var/www/owncloud/install/data
chown -R www-data:www-data /var/www/owncloud/apps
mkdir /var/www/owncloud/data
chown -R www-data:www-data /var/www/owncloud/data
chown -R www-data:www-data /var/www/owncloud/config
cat >> /etc/apache2/conf.d/owncloud.conf << EOF
Alias /owncloud /var/www/owncloud

<Directory /var/www/owncloud/>
        Options +FollowSymLinks
        AllowOverride All
        order allow,deny
        allow from all
</Directory>
EOF

Zentyal Server pre configuration installations
Code: [Select]
aptitude install zip mp3info php5-mysql php5-gd php-xml-parser libt1-5 php5-ldap pwgen
a2enmod rewrite
a2enmod headers
apache2ctl graceful
MYSQL_PWD="$(pwgen -BC 12 -N 1)"
mysql -p << EOF
CREATE DATABASE owncloud;
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost'
  IDENTIFIED BY '${MYSQL_PWD}';
FLUSH PRIVILEGES;
EOF
echo "Your secure MySQL Password is ${MYSQL_PWD} write it down you will need it later!"
echo "For your OwnCloud admin user you can take this secure password: $(pwgen -BC 12 -N 1)"

A OwnCloud Installation without Internet-Access doesn't makes sense. If you are behind a Firewall you need Access (port-forwarding) to your zentyal instance. In my case I have an ubuntu 10.04 Server that act as a firewall. Also Zentyal needs Updates and I give directly internet access:
  • firewall rules
Code: [Select]
INET_IP="<TBD>"  # eg. 1.2.3.4/32
ZENTYAL_IP="<TBD>" # eg. 192.168.0.100
cat >> /etc/ufw/before.rules << EOF
# Forward traffic to Zentyal with OwnCloud
-A PREROUTING -d ${INET_IP} -p tcp --dport 443 -j DNAT --to ${ZENTYAL_IP}:443
-A POSTROUTING -p tcp -d ${ZENTYAL_IP} --dport 443 -j MASQUERADE
-A PREROUTING -d ${INET_IP} -p tcp --dport 25 -j DNAT --to ${ZENTYAL_IP}:25
-A POSTROUTING -p tcp -d ${ZENTYAL_IP} --dport 25 -j MASQUERADE
-A PREROUTING -d ${INET_IP} -p tcp --dport 8443 -j DNAT --to ${ZENTYAL_IP}:8443
-A POSTROUTING -p tcp -d ${ZENTYAL_IP} --dport 8443 -j MASQUERADE
-A PREROUTING -d ${INET_IP} -p tcp --dport 993 -j DNAT --to ${ZENTYAL_IP}:993
-A POSTROUTING -p tcp -d ${ZENTYAL_IP} --dport 993 -j MASQUERADE
-A PREROUTING -d ${INET_IP} -p tcp --dport 995 -j DNAT --to ${ZENTYAL_IP}:995
-A POSTROUTING -p tcp -d ${ZENTYAL_IP} --dport 995 -j MASQUERADE
-A PREROUTING -d ${INET_IP} -p tcp --dport 237 -j DNAT --to ${ZENTYAL_IP}:237
-A POSTROUTING -p tcp -d ${ZENTYAL_IP} --dport 237 -j MASQUERADE
EOF

iptables -f -t nat ; ufw disable ; ufw --force enable
  • Zentyal Server adjustments
Code: [Select]
INTERNAL_FW_IP="<TBD>" # eg. 192.168.0.1
route add default gw ${INTERNAL_FW_IP}
  • If that works like a charm you can set the Gateway parameter at the Zentyal web frontend

initial OwnCloud configuration
Now It's time to access your OwnCloud Installations for the first time:
https://ZENTYAL_IP/owncloud
You have to create a new administrative (owncloud only) account. This Account has nothing to do with your Zentyal accounts and won't be visible within your Zentyal frontend. Don't choose an already existing Zentyal account name here. If you do the Zentyal-LDAP Account won't be accessible within your OwnCloud instance.
I suggest you to take the account name 'ownadmin' and the password generated above via $(pwgen -BC 12 -N 1).
At the advanced tab you have to add the mysql connection parameters
usernameownadmin
passworduse secure password
Data Folder/var/www/owncloud
Database userowncloud
Database password(created during DB installation)
Database nameowncloud
mysql hostlocalhost
--> Finish Setup
Depending on your system performance It take about one minute to finish the setup precedure. You will be logged on as ownadmin afterwards.

LDAP integration -- now the topic starts :D
Login to your Zentyal web frontend and get informations about your LDAP at Office --> Users and Groups --> LDAP Settings
Let's assum your:
  • Base-DN:    dc=my,dc=company,dc=com
  • Root DN:    cn=zentyal,dc=my,dc=company,dc=com
  • Password:    ndeifbwkwz46wnd82nb
  • Users DN:    ou=Users,dc=my,dc=company,dc=com
  • Groups DN:    ou=Groups,dc=my,dc=company,dc=com

To connect your OwnCloud instance to your Zentyal LDAP do the following steps:
  • Login to your owncloud instance as user ownadmin.
  • Go to: Settings --> Apps --> Ldap user and group backend --> Enable
  • Go to: Settings --> Admin
Your setup should look like:
LDAP Basic
Host localhost
Base DN dc=my,dc=company,dc=com
User DN cn=zentyal,dc=my,dc=company,dc=com
Password ndeifbwkwz46wnd82nb
User Login Filter (uid=%uid)
User List Filter (objectclass=inetOrgPerson)
Group Filter (objectClass=posixGroup)

Advanced
Port 390
Base User Tree ou=Users,dc=my,dc=company,dc=com
Base Group Tree ou=Groups,dc=my,dc=company,dc=com
User Display Name Field uid
Group Display Name Field cn
Email Field mail
--> SAVE

When you go to Users you should see all LDAP users. You can create additional users within your OwnCloud instance. That users won't be visible within your zentyal instance. In case of collisation the OwnCloud user will be visible in OwnCloud.
Quote
Beware: All LDAP Users can't change their password within OwnCloud. You need to activate UserCorner feature within Zentyal

Prospection
An advanced Setup with multiple OwnCloud instances and one Zentyal can be done with an advanced filtering

EDIT:
Enable your usercorner to be accessible via port 443 to ensure your OwnCloud user can change his password.
http://forum.zentyal.org/index.php/topic,16724.0.html
« Last Edit: July 11, 2013, 03:39:38 pm by mwellnitz »
Marcus Wellnitz

stuartiannaylor

  • Zen Monk
  • **
  • Posts: 67
  • Karma: +1/-6
    • View Profile
Re: Owncloud 4.5, LDAP and Zentyal
« Reply #4 on: December 03, 2012, 03:12:41 am »
I have been scratching my head with owncloud.

The main problem is it seems to work and then doesn't and I haven't a clue whats changed.

What is twisting my melon at the moment is that I can logon from the lan but wan side it just doesn't do anything no error just back to the blank logon screen.

Whats worse it did work and with no apparent change apart from a reboot it seems to be ****ed

Thinking I might try and run it in an lxc container or a vm ontop of zentyal.

Anyone any idea's before I give up

maki

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Owncloud 4.5, LDAP and Zentyal
« Reply #5 on: December 03, 2012, 07:49:05 pm »
My working setup step-by-step: zentyal 3 (core 3.0.7+all updates) + mysql 5.5 + phpmyadmin + owncloud 4.5.3 with Zentyal LDAP users
I'll just shoot all in one row, hopefully you will understand. Just copy-paste commands to your terminal...
--
apt-get update
apt-get install mysql-server
apt-get install phpmyadmin

sudo dpkg-reconfigure phpmyadmin
Connection method for MySQL database for phpmyadmin: unix socket
Name of the database's administrative user: root
Password of the database's administrative user: rootpassword
MySQL username for phpmyadmin: root
MySQL database name for phpmyadmin: phpmyadmin
Web server to reconfigure automatically: apache2
ERROR 1045
ignore
--
sudo nano or vi /etc/apache2/apache2.conf
add to end of file line:
Include /etc/phpmyadmin/apache.conf
service apache2 restart
--
sudo dpkg-reconfigure mysql-server-5.5
New password for the MySQL "root" user: rootpassword
Repeat password for the MySQL "root" user: rootpassword
After all this run following command on terminal to secure your mysql server:
sudo mysql_secure_installation

Enter current password for root (enter for none): rootpassword

Change the root password? [Y/n] n
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
--
sudo nano or vi /etc/apache2/mods-available/php5.conf
Add # in front of php_admin_value engine off to disable it
service apache2 restart

http://localhost/phpmyadmin/
--
OwnCloud:
apt-get install php5-ldap
apt-get install curl
apt-get install libcurl3-dev
apt-get install php5-curl

wget http://download.opensuse.org/repositories/isv:ownCloud:community/xUbuntu_12.10/Release.key
apt-key add - < Release.key

echo 'deb http://download.opensuse.org/repositories/isv:ownCloud:community/xUbuntu_12.10/ /' >> /etc/apt/sources.list.d/owncloud.list

apt-get update

apt-get install owncloud
--
http://localhost/phpmyadmin
Create owncloud database
http://localhost/owncloud
create admin user and connect to mysql with credentials you did earlier in dpkg-reconfigure
--
enable in owncloud Settings-Apps-LDAP user and group backend
--
Settings-Admin-Ldap Basic

Host: ldap://localhost:390
Base DN: dc=yourserver,dc=com
User DN: cn=zentyal,dc=yourserver,dc=com
Password: Zentyal LDAP password
User Login Filter: uid=%uid
User List Filter: objectClass=person
Group Filter: objectClass=posixGroup

Admin-LDAP Advanced:
Port: 390
Users DN:    ou=Users,dc=linex,dc=it
Groups DN:    ou=Groups,dc=linex,dc=it
---
voilà

Have phun!

robb

  • Guest
Re: Owncloud 4.5, LDAP and Zentyal
« Reply #6 on: December 03, 2012, 09:08:20 pm »
Just a small remark: owncloud can be installed from softwarecenter/apt since it is available in ubuntu (universe) repositories (see http://www.ubuntuupdates.org/package/core/precise/universe/base/owncloud)

Why install from tar?
« Last Edit: December 03, 2012, 09:10:22 pm by robb »

stuartiannaylor

  • Zen Monk
  • **
  • Posts: 67
  • Karma: +1/-6
    • View Profile
Re: Owncloud 4.5, LDAP and Zentyal
« Reply #7 on: December 03, 2012, 09:19:36 pm »
The owncloud ubuntu repo lags in version quite a bit behind security and updates.

I cheated slightly and did apt-get install owncloud so I could copy the dependent ancillary files.

Irrespective from spending some time on the owncloud forums and google the new tar should work perfectly well on ubuntu.

It doesn't seem to work all that well on zentyal though.

I have all my sites in /srv/www and I like to keep control but it shouldn't matter really with web technologies such as owncloud as there are no binaries that would make apt-get or untar any different.

There is something very weird going on with zentyal as why it works lan wise but not wan wise is a mystery to me.
It doesn't even seem to be providing a log.

I am going to do my usual and start knocking out services until hopefully it works and see if it is clashing with something.

robb

  • Guest
Re: Owncloud 4.5, LDAP and Zentyal
« Reply #8 on: December 03, 2012, 09:34:48 pm »
btw... the quantal repo has a much newer version of owncloud available...

stuartiannaylor

  • Zen Monk
  • **
  • Posts: 67
  • Karma: +1/-6
    • View Profile
Re: Owncloud 4.5, LDAP and Zentyal
« Reply #9 on: December 03, 2012, 10:03:35 pm »
Rob, thanks for that but considering zentyal is a precise release it has no use for me.

I always wonder why you include such tangental infomation.

Do you have any idea's why a client lan wise should be able to log on whilst a client wan wise doesn't?

Its a strange one and I doubt a scripting problem, in fact actually I am unsure where to look.

robb

  • Guest
Re: Owncloud 4.5, LDAP and Zentyal
« Reply #10 on: December 04, 2012, 03:44:03 am »
I have several webappliances running on a Zentyal box. For instance Chamilo (an electronic learning environment) And by adding an entry in both local DNS and DNS of my registrar I can reach those externally and internally. Howver, I must add this is a Zentyal 2.2 box. But DNS is still DNS so this should work on Zentyal 3.0 too.

stuartiannaylor

  • Zen Monk
  • **
  • Posts: 67
  • Karma: +1/-6
    • View Profile
Re: Owncloud 4.5, LDAP and Zentyal
« Reply #11 on: December 04, 2012, 12:59:42 pm »
Rob thank you again, I can reach the owncloud logon page externally and internally.

Zentyal makes dns and lan and wan apps childs play.

Internally I get the owncloud logon page and can logon. If I enter wrong credentials it tells me so.

Externally I get the owncloud logon page and can't logon. It just goes back to the blank logon page no error, no logs.

That is what I don't understand.
« Last Edit: December 04, 2012, 01:01:52 pm by stuartiannaylor »

keld

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: Owncloud 4.5, LDAP and Zentyal
« Reply #12 on: January 03, 2013, 04:20:47 pm »
Hello everyone,

Sorry for my english, i'll try to explain my problem.

I have following "mwellnitz" tutorial for the LDAP connection, but I have this messages:
Error   user_ldap   Search: no result resource, LDAP error message: (32) No such object, search filter: objectclass=inetOrgPerson   
Error   user_ldap   Search: no result resource, LDAP error message: (32) No such object, search filter: objectClass=posixGroup

And I can't see zentyal users in owncloud.
Do you have any ideas?

Thank

thorsten

  • Guest
Re: Owncloud 4.5, LDAP and Zentyal
« Reply #13 on: January 27, 2013, 03:44:48 pm »
Hi,

has anybody managed to made the local /home/user directories available to owncloud? I just can log in with all Zentyal users perfectly, but I would like to provide their home drives.

THX
Thorsten

thorsten

  • Guest
Re: Owncloud 4.5, LDAP and Zentyal
« Reply #14 on: February 23, 2013, 12:51:55 am »
Hi,

LDAP Basic
Host localhost
Base DN dc=my,dc=company,dc=com
User DN cn=zentyal,dc=my,dc=company,dc=com
Password ndeifbwkwz46wnd82nb
User Login Filter (uid=%uid)
User List Filter (objectclass=inetOrgPerson)
Group Filter (objectClass=posixGroup)

Advanced
Port 390
Base User Tree ou=Users,dc=my,dc=company,dc=com
Base Group Tree ou=Groups,dc=my,dc=company,dc=com
User Display Name Field uid
Group Display Name Field cn
Email Field mail

just a little improvment


LDAP Basic
Host localhost
Base DN dc=my,dc=company,dc=com
User DN cn=zentyalro,dc=my,dc=company,dc=com
Password my secret password
User Login Filter (uid=%uid)
User List Filter memberOf=cn=Cloud,ou=Groups,dc=ebbinghaus,dc=dyndns,dc=org
Group Filter leave empty

Advanced
Port 390
Base User Tree ou=Users,dc=my,dc=company,dc=com
Base Group Tree ou=Groups,dc=my,dc=company,dc=com
User Display Name Field uid
Group Display Name Field cn
Email Field mail

Hints:
Take care when making copy paste of "my secret password" for user zentyalro from Zentyal webinterface, Firefox copies a tab in front and a space at the end - which you do not see due to the wildcard. Paste to e.g. windows notepad to check if its transferred correctly to clipboard.
Do not forget to create and populate a group called "Cloud" within "Users and Groups" module of Zentyal - this will be the group having access to owncloud.

Best regards
Thorsten