Zentyal Forum, Linux Small Business Server

Zentyal Server => Installation and Upgrades => Topic started by: obimichael on October 13, 2012, 10:23:09 pm

Title: Owncloud 4.5, LDAP and Zentyal
Post by: obimichael on October 13, 2012, 10:23:09 pm
I had some problems with Owncloud, Zentyal and LDAP but it is working now, so I wanted to share the Parameters.

Owncloud - LDAP Settings vs. Zentyal - LDAP Settings.

[LDAP-Basic]
Owncloud-ParameterZentyal-Parameter
Host127.0.0.1
Base-DNBase-DN
User-DNRoot-DN
PasswordPassword

[LDAP-Basic]
Owncloud-ParameterSettings
User Login Filteruid=%uid
User List FilterobjectClass=person
Group FilterobjectClass=posixGroup

[Advanced]
Owncloud-ParameterZentyal-Parameter
Base User TreeUser-DN
Base Group TreeGroups DN
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: ichat on October 14, 2012, 01:21:43 pm
first of all thank you for sharing this information...

there is however 1 small problem for those  who who use samba 4 and  organaisational units, (OU's)

witch changes the user directive from   ou=users    to ou=???     if im not mistaking?????

On behalf off many of those users facing this problem in the future i would like to ask how this can be solved.  or explained how big the impact is, 

i would hope to someday soon, see a complete ownclouwd intergration wiki page out there,  witch solves most of a number of issues people can come accross ... it really IS a beautyfull tool ... 

 
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: chymian on November 20, 2012, 08:13:05 pm
hi all,
I do have owncloud 4.5.2 successfully running on my "old" and live zentyal box 2.2. with ldap-integration

on an 3.0 testbox, I can't get ldap-users to work, besides that the ldap-port moved from standard to 390…
is that, what ichat mentioned?

can anybody point me into the right direction?

tia,
günter
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: mwellnitz on November 30, 2012, 11:16:50 am
HOWTO OwnCloud 4.5.X and Zentyal 3.0

You have to do some special adjustments with this combination and I want to give you the whole configuration to be done.
While there are no Ubuntu packages (PPA) available I will install plain OwnCloud Sources

Install Zentyal
I think you know how to install it ;-)

Install OwnCloud via plain tar.bz2 deploy
--> the actual Version is 4.5.3
Cleanup (if you did tests already)
Code: [Select]
aptitude purge owncloud
rm -r /var/lib/owncloud/config /var/lib/owncloud/data /etc/apache2/conf.d/owncloud.conf

mysql -p
  select * from mysql.user;
  DROP USER 'owncloud'@'localhost';
  FLUSH PRIVILEGES;
  drop database owncloud;
commit;
exit
Code: [Select]
TARFILE="owncloud-4.5.3.tar.bz2"
cd /tmp
wget http://mirrors.owncloud.org/releases/${TARFILE}
tar -xjvf ${TARFILE}
rm -r /var/www/owncloud
mv owncloud /var/www/
mkdir -p /var/www/owncloud/install/data
chown -R www-data:www-data /var/www/owncloud/install/data
chown -R www-data:www-data /var/www/owncloud/apps
mkdir /var/www/owncloud/data
chown -R www-data:www-data /var/www/owncloud/data
chown -R www-data:www-data /var/www/owncloud/config
cat >> /etc/apache2/conf.d/owncloud.conf << EOF
Alias /owncloud /var/www/owncloud

<Directory /var/www/owncloud/>
        Options +FollowSymLinks
        AllowOverride All
        order allow,deny
        allow from all
</Directory>
EOF

Zentyal Server pre configuration installations
Code: [Select]
aptitude install zip mp3info php5-mysql php5-gd php-xml-parser libt1-5 php5-ldap pwgen
a2enmod rewrite
a2enmod headers
apache2ctl graceful
MYSQL_PWD="$(pwgen -BC 12 -N 1)"
mysql -p << EOF
CREATE DATABASE owncloud;
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost'
  IDENTIFIED BY '${MYSQL_PWD}';
FLUSH PRIVILEGES;
EOF
echo "Your secure MySQL Password is ${MYSQL_PWD} write it down you will need it later!"
echo "For your OwnCloud admin user you can take this secure password: $(pwgen -BC 12 -N 1)"

A OwnCloud Installation without Internet-Access doesn't makes sense. If you are behind a Firewall you need Access (port-forwarding) to your zentyal instance. In my case I have an ubuntu 10.04 Server that act as a firewall. Also Zentyal needs Updates and I give directly internet access:
Code: [Select]
INET_IP="<TBD>"  # eg. 1.2.3.4/32
ZENTYAL_IP="<TBD>" # eg. 192.168.0.100
cat >> /etc/ufw/before.rules << EOF
# Forward traffic to Zentyal with OwnCloud
-A PREROUTING -d ${INET_IP} -p tcp --dport 443 -j DNAT --to ${ZENTYAL_IP}:443
-A POSTROUTING -p tcp -d ${ZENTYAL_IP} --dport 443 -j MASQUERADE
-A PREROUTING -d ${INET_IP} -p tcp --dport 25 -j DNAT --to ${ZENTYAL_IP}:25
-A POSTROUTING -p tcp -d ${ZENTYAL_IP} --dport 25 -j MASQUERADE
-A PREROUTING -d ${INET_IP} -p tcp --dport 8443 -j DNAT --to ${ZENTYAL_IP}:8443
-A POSTROUTING -p tcp -d ${ZENTYAL_IP} --dport 8443 -j MASQUERADE
-A PREROUTING -d ${INET_IP} -p tcp --dport 993 -j DNAT --to ${ZENTYAL_IP}:993
-A POSTROUTING -p tcp -d ${ZENTYAL_IP} --dport 993 -j MASQUERADE
-A PREROUTING -d ${INET_IP} -p tcp --dport 995 -j DNAT --to ${ZENTYAL_IP}:995
-A POSTROUTING -p tcp -d ${ZENTYAL_IP} --dport 995 -j MASQUERADE
-A PREROUTING -d ${INET_IP} -p tcp --dport 237 -j DNAT --to ${ZENTYAL_IP}:237
-A POSTROUTING -p tcp -d ${ZENTYAL_IP} --dport 237 -j MASQUERADE
EOF

iptables -f -t nat ; ufw disable ; ufw --force enable
Code: [Select]
INTERNAL_FW_IP="<TBD>" # eg. 192.168.0.1
route add default gw ${INTERNAL_FW_IP}

initial OwnCloud configuration
Now It's time to access your OwnCloud Installations for the first time:
https://ZENTYAL_IP/owncloud
You have to create a new administrative (owncloud only) account. This Account has nothing to do with your Zentyal accounts and won't be visible within your Zentyal frontend. Don't choose an already existing Zentyal account name here. If you do the Zentyal-LDAP Account won't be accessible within your OwnCloud instance.
I suggest you to take the account name 'ownadmin' and the password generated above via $(pwgen -BC 12 -N 1).
At the advanced tab you have to add the mysql connection parameters
usernameownadmin
passworduse secure password
Data Folder/var/www/owncloud
Database userowncloud
Database password(created during DB installation)
Database nameowncloud
mysql hostlocalhost
--> Finish Setup
Depending on your system performance It take about one minute to finish the setup precedure. You will be logged on as ownadmin afterwards.

LDAP integration -- now the topic starts :D
Login to your Zentyal web frontend and get informations about your LDAP at Office --> Users and Groups --> LDAP Settings
Let's assum your:

To connect your OwnCloud instance to your Zentyal LDAP do the following steps:
Your setup should look like:
LDAP Basic
Host localhost
Base DN dc=my,dc=company,dc=com
User DN cn=zentyal,dc=my,dc=company,dc=com
Password ndeifbwkwz46wnd82nb
User Login Filter (uid=%uid)
User List Filter (objectclass=inetOrgPerson)
Group Filter (objectClass=posixGroup)

Advanced
Port 390
Base User Tree ou=Users,dc=my,dc=company,dc=com
Base Group Tree ou=Groups,dc=my,dc=company,dc=com
User Display Name Field uid
Group Display Name Field cn
Email Field mail
--> SAVE

When you go to Users you should see all LDAP users. You can create additional users within your OwnCloud instance. That users won't be visible within your zentyal instance. In case of collisation the OwnCloud user will be visible in OwnCloud.
Quote
Beware: All LDAP Users can't change their password within OwnCloud. You need to activate UserCorner feature within Zentyal

Prospection
An advanced Setup with multiple OwnCloud instances and one Zentyal can be done with an advanced filtering

EDIT:
Enable your usercorner to be accessible via port 443 to ensure your OwnCloud user can change his password.
http://forum.zentyal.org/index.php/topic,16724.0.html (http://forum.zentyal.org/index.php/topic,16724.0.html)
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: stuartiannaylor on December 03, 2012, 03:12:41 am
I have been scratching my head with owncloud.

The main problem is it seems to work and then doesn't and I haven't a clue whats changed.

What is twisting my melon at the moment is that I can logon from the lan but wan side it just doesn't do anything no error just back to the blank logon screen.

Whats worse it did work and with no apparent change apart from a reboot it seems to be ****ed

Thinking I might try and run it in an lxc container or a vm ontop of zentyal.

Anyone any idea's before I give up
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: maki on December 03, 2012, 07:49:05 pm
My working setup step-by-step: zentyal 3 (core 3.0.7+all updates) + mysql 5.5 + phpmyadmin + owncloud 4.5.3 with Zentyal LDAP users
I'll just shoot all in one row, hopefully you will understand. Just copy-paste commands to your terminal...
--
apt-get update
apt-get install mysql-server
apt-get install phpmyadmin

sudo dpkg-reconfigure phpmyadmin
Connection method for MySQL database for phpmyadmin: unix socket
Name of the database's administrative user: root
Password of the database's administrative user: rootpassword
MySQL username for phpmyadmin: root
MySQL database name for phpmyadmin: phpmyadmin
Web server to reconfigure automatically: apache2
ERROR 1045
ignore
--
sudo nano or vi /etc/apache2/apache2.conf
add to end of file line:
Include /etc/phpmyadmin/apache.conf
service apache2 restart
--
sudo dpkg-reconfigure mysql-server-5.5
New password for the MySQL "root" user: rootpassword
Repeat password for the MySQL "root" user: rootpassword
After all this run following command on terminal to secure your mysql server:
sudo mysql_secure_installation

Enter current password for root (enter for none): rootpassword

Change the root password? [Y/n] n
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
--
sudo nano or vi /etc/apache2/mods-available/php5.conf
Add # in front of php_admin_value engine off to disable it
service apache2 restart

http://localhost/phpmyadmin/
--
OwnCloud:
apt-get install php5-ldap
apt-get install curl
apt-get install libcurl3-dev
apt-get install php5-curl

wget http://download.opensuse.org/repositories/isv:ownCloud:community/xUbuntu_12.10/Release.key
apt-key add - < Release.key

echo 'deb http://download.opensuse.org/repositories/isv:ownCloud:community/xUbuntu_12.10/ /' >> /etc/apt/sources.list.d/owncloud.list

apt-get update

apt-get install owncloud
--
http://localhost/phpmyadmin
Create owncloud database
http://localhost/owncloud
create admin user and connect to mysql with credentials you did earlier in dpkg-reconfigure
--
enable in owncloud Settings-Apps-LDAP user and group backend
--
Settings-Admin-Ldap Basic

Host: ldap://localhost:390
Base DN: dc=yourserver,dc=com
User DN: cn=zentyal,dc=yourserver,dc=com
Password: Zentyal LDAP password
User Login Filter: uid=%uid
User List Filter: objectClass=person
Group Filter: objectClass=posixGroup

Admin-LDAP Advanced:
Port: 390
Users DN:    ou=Users,dc=linex,dc=it
Groups DN:    ou=Groups,dc=linex,dc=it
---
voilà

Have phun!
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: robb on December 03, 2012, 09:08:20 pm
Just a small remark: owncloud can be installed from softwarecenter/apt since it is available in ubuntu (universe) repositories (see http://www.ubuntuupdates.org/package/core/precise/universe/base/owncloud)

Why install from tar?
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: stuartiannaylor on December 03, 2012, 09:19:36 pm
The owncloud ubuntu repo lags in version quite a bit behind security and updates.

I cheated slightly and did apt-get install owncloud so I could copy the dependent ancillary files.

Irrespective from spending some time on the owncloud forums and google the new tar should work perfectly well on ubuntu.

It doesn't seem to work all that well on zentyal though.

I have all my sites in /srv/www and I like to keep control but it shouldn't matter really with web technologies such as owncloud as there are no binaries that would make apt-get or untar any different.

There is something very weird going on with zentyal as why it works lan wise but not wan wise is a mystery to me.
It doesn't even seem to be providing a log.

I am going to do my usual and start knocking out services until hopefully it works and see if it is clashing with something.
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: robb on December 03, 2012, 09:34:48 pm
btw... the quantal repo has a much newer version of owncloud available...
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: stuartiannaylor on December 03, 2012, 10:03:35 pm
Rob, thanks for that but considering zentyal is a precise release it has no use for me.

I always wonder why you include such tangental infomation.

Do you have any idea's why a client lan wise should be able to log on whilst a client wan wise doesn't?

Its a strange one and I doubt a scripting problem, in fact actually I am unsure where to look.
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: robb on December 04, 2012, 03:44:03 am
I have several webappliances running on a Zentyal box. For instance Chamilo (an electronic learning environment) And by adding an entry in both local DNS and DNS of my registrar I can reach those externally and internally. Howver, I must add this is a Zentyal 2.2 box. But DNS is still DNS so this should work on Zentyal 3.0 too.
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: stuartiannaylor on December 04, 2012, 12:59:42 pm
Rob thank you again, I can reach the owncloud logon page externally and internally.

Zentyal makes dns and lan and wan apps childs play.

Internally I get the owncloud logon page and can logon. If I enter wrong credentials it tells me so.

Externally I get the owncloud logon page and can't logon. It just goes back to the blank logon page no error, no logs.

That is what I don't understand.
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: keld on January 03, 2013, 04:20:47 pm
Hello everyone,

Sorry for my english, i'll try to explain my problem.

I have following "mwellnitz" tutorial for the LDAP connection, but I have this messages:
Error   user_ldap   Search: no result resource, LDAP error message: (32) No such object, search filter: objectclass=inetOrgPerson   
Error   user_ldap   Search: no result resource, LDAP error message: (32) No such object, search filter: objectClass=posixGroup

And I can't see zentyal users in owncloud.
Do you have any ideas?

Thank
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: thorsten on January 27, 2013, 03:44:48 pm
Hi,

has anybody managed to made the local /home/user directories available to owncloud? I just can log in with all Zentyal users perfectly, but I would like to provide their home drives.

THX
Thorsten
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: thorsten on February 23, 2013, 12:51:55 am
Hi,

Quote from: mwellnitz on November 30, 2012, 11:16:50 am
LDAP Basic
Host localhost
Base DN dc=my,dc=company,dc=com
User DN cn=zentyal,dc=my,dc=company,dc=com
Password ndeifbwkwz46wnd82nb
User Login Filter (uid=%uid)
User List Filter (objectclass=inetOrgPerson)
Group Filter (objectClass=posixGroup)

Advanced
Port 390
Base User Tree ou=Users,dc=my,dc=company,dc=com
Base Group Tree ou=Groups,dc=my,dc=company,dc=com
User Display Name Field uid
Group Display Name Field cn
Email Field mail

just a little improvment


LDAP Basic
Host localhost
Base DN dc=my,dc=company,dc=com
User DN cn=zentyalro,dc=my,dc=company,dc=com
Password my secret password
User Login Filter (uid=%uid)
User List Filter memberOf=cn=Cloud,ou=Groups,dc=ebbinghaus,dc=dyndns,dc=org
Group Filter leave empty

Advanced
Port 390
Base User Tree ou=Users,dc=my,dc=company,dc=com
Base Group Tree ou=Groups,dc=my,dc=company,dc=com
User Display Name Field uid
Group Display Name Field cn
Email Field mail

Hints:
Take care when making copy paste of "my secret password" for user zentyalro from Zentyal webinterface, Firefox copies a tab in front and a space at the end - which you do not see due to the wildcard. Paste to e.g. windows notepad to check if its transferred correctly to clipboard.
Do not forget to create and populate a group called "Cloud" within "Users and Groups" module of Zentyal - this will be the group having access to owncloud.

Best regards
Thorsten
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: Gerick on April 08, 2013, 05:39:03 pm
thanks guys....
this configuration work with owncloud 5.

best regards,
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: henfri on July 01, 2013, 07:53:28 pm
Hello,

thanks for your instructions.
I have a problem with Owncloud on Zentyal 3.0:
Browsing to https://homeserver/owncloud brings me to the zentyal web-interface. But I would like https with owncloud (for obvious reasons)

Do you have one (or two) hints for me?

Greetings,
Hendrik
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: christian on July 01, 2013, 07:58:11 pm
Regarding your first point: you should first change default port of Zentyal admin so that 443 can be used for your web sites.
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: henfri on July 01, 2013, 08:08:21 pm
Hi,

thanks for your reply. I had hoped that I only need to tell Apache to use some Folders without running the Zentyal Interface for them.

Anyway: I've been struggeling all evening to change the port. For the http (without s) port it works:
Code: [Select]
cat ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost *:81
Listen 81

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 444
</IfModule>

<IfModule mod_gnutls.c>
    Listen 444
</IfModule>

But the https port of the Web-Interface stays 443.
Where is the port of the Web-IF configured?

It is also not in confs-enabled:
Code: [Select]
/etc/apache2/sites-enabled# cat *
<VirtualHost *:81>
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride All
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>

and not here:
Code: [Select]
cat /var/lib/zentyal/conf/user-apache2.conf

Timeout 300
KeepAlive On
MaxKeepAliveRequests 500
KeepAliveTimeout 15
AddDefaultCharset utf-8

PidFile /var/lib/zentyal-usercorner/user-apache.pid

<IfModule mpm_prefork_module>
    StartServers             1
    MinSpareServers          1
    MaxSpareServers          5
    MaxClients              10
    MaxRequestsPerChild  10000
</IfModule>

# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
    StartServers             1
    MinSpareThreads          5
    MaxSpareThreads         15
    ThreadLimit             16
    ThreadsPerChild         25
    MaxClients              30
    MaxRequestsPerChild  10000
</IfModule>

PerlInterpMaxRequests 10000

Include /etc/apache2/mods-available/auth_basic.load
Include /etc/apache2/mods-available/authn_file.load
Include /etc/apache2/mods-available/authz_default.load
Include /etc/apache2/mods-available/authz_groupfile.load
Include /etc/apache2/mods-available/authz_host.load
Include /etc/apache2/mods-available/authz_user.load
Include /etc/apache2/mods-available/autoindex.load
Include /etc/apache2/mods-available/cgi.load
Include /etc/apache2/mods-available/deflate.conf
Include /etc/apache2/mods-available/deflate.load
Include /etc/apache2/mods-available/dir.conf
Include /etc/apache2/mods-available/dir.load
Include /etc/apache2/mods-available/env.load
Include /etc/apache2/mods-available/mime.load
Include /etc/apache2/mods-available/negotiation.load
Include /etc/apache2/mods-available/setenvif.load
Include /etc/apache2/mods-available/rewrite.load
Include /etc/apache2/mods-available/ssl.conf
Include /etc/apache2/mods-available/ssl.load
Include /etc/apache2/mods-available/status.load
Include /etc/apache2/mods-available/perl.load

Listen 8888
User ebox-usercorner
Group ebox-usercorner

ServerAdmin webmaster@localhost
ServerName localhost

DocumentRoot /usr/share/zentyal/www/

<Directory />
    Options SymLinksIfOwnerMatch
    AllowOverride None
</Directory>


<Directory /usr/share/zentyal/www/>
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

<Directory /var/lib/zentyal/dynamicwww>
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>



UseCanonicalName Off
TypesConfig /etc/mime.types
DefaultType text/plain

<IfModule mod_mime_magic.c>
    MIMEMagicFile /usr/share/misc/file/magic.mime
</IfModule>

HostnameLookups Off

ErrorLog /var/log/zentyal-usercorner/error.log
LogLevel warn

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{forensic-id}n\"" combined

CustomLog /var/log/zentyal-usercorner/access.log combined

<IfModule mod_backtrace.c>
 EnableExceptionHook On
</IfModule>

<IfModule mod_whatkilledus.c>
 EnableExceptionHook On
</IfModule>

ServerSignature Off
ServerTokens Min
AddDefaultCharset on

<IfModule mod_ssl.c>
SSLEngine on
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM

SSLCertificateFile /var/lib/zentyal-usercorner/ssl/ssl.pem
</IfModule>

<IfModule mod_setenvif.c>
    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
    BrowserMatch "RealPlayer 4\.0" force-response-1.0
    BrowserMatch "Java/1\.0" force-response-1.0
    BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>

PerlWarn On

PerlModule EBox::UserCorner::Auth
PerlSetVar EBoxPath /
PerlSetVar EBoxLoginScript /Login/Index
PerlSetVar EBoxSatisfy Any
PerlSetVar AuthCookieDebug 0

<Files LOGIN>
        AuthType EBox::UserCorner::Auth
        AuthName EBox
        SetHandler perl-script
        PerlHandler EBox::UserCorner::Auth->login
</Files>

<Directory /usr/share/zentyal/cgi/>
    <IfModule mod_ssl.c>
       SSLOptions +StdEnvVars
    </IfModule>

        AuthType EBox::UserCorner::Auth
        AuthName EBox
        PerlAuthenHandler EBox::UserCorner::Auth->authenticate
        PerlAuthzHandler  EBox::UserCorner::Auth->authorize
        require valid-user
    SetHandler perl-script
    PerlHandler ModPerl::Registry
    PerlSendHeader On
    AllowOverride None
    Options +ExecCGI
    Order allow,deny
    Allow from all
</Directory>

RewriteEngine On

# Compatibility with old URLs
RewriteRule ^/ebox(.*) /$1
RewriteRule ^/zentyal(.*) /$1

# skip rewrites for favicon and login
RewriteCond %{REQUEST_FILENAME} ^/favicon.ico$ [OR]
RewriteCond %{REQUEST_FILENAME} ^/LOGIN$
RewriteRule .? - [S=100]
# Map /ebox.cgi to the right Perl CGI and redirect
RewriteRule ^/ebox.cgi$ /
# From /data/ to / and finish
RewriteRule ^/data(.*) $1 [L]
# From /dynamic-data/ to the right directory in FS and finish
RewriteRule ^/dynamic-data(.*) /var/lib/zentyal/dynamicwww$1 [L]
RewriteRule ^/(.*) /usr/share/zentyal/cgi/user-ebox.cgi [E=script:$1,L]

And not in one of the includes:
Code: [Select]
grep  443 /etc/apache2/mods-available/*
Greetings,
Hendrik
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: christian on July 01, 2013, 08:15:41 pm
Quote from: henfri on July 01, 2013, 08:08:21 pm
But the https port of the Web-Interface stays 443.
Where is the port of the Web-IF configured?

Using Zentyal web interface:
Core => System => General => Administration interface TCP port
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: henfri on July 01, 2013, 08:30:44 pm
Uff, thanks. And I had been searching for the location in config files for AGES..

Ok.

Last question (I hope):
How do I now get apache to run on 443 aswell and serve the contents of /var/www/ ?

Greetings and thanks,
Hendrik
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: thorsten on July 11, 2013, 09:52:05 am
Hi,

I moved my admin interface to 444, so 443 is free for https redirection. My router forwared 80 and 443 to my zentyal apache web server, the rest is done by vhosts.

Best regards
Thorsten
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: mwellnitz on July 11, 2013, 03:33:21 pm
Maybe you want to enhance your setup.

Each LDAP user can access the usercorner via port 443
Read my new howto:

http://forum.zentyal.org/index.php/topic,16724.0.html (http://forum.zentyal.org/index.php/topic,16724.0.html)
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: tilllt on September 17, 2013, 10:10:38 am
Hey sorry to dig out this old thread, but since the settings discussed here also work with OC5 i guess we can continue.

I applied the UserList Group Filter suggested in one of the last posts here and it works. When Sharing Stuff, only Users from a certain group appear in the autocomplete function.

What i am still missing now is that i only want to allow access to owncloud for users that are part of on specific group i.e. owncloud_users. What would be great also is different defaults for different groups.

i.e. 
- users that are member of "owncloudTeam" group get 20GB of Quota
- users that are member of "owncloudOthers" group get 1GB of quota...

etc. is that possible? How would i filter the members of a certain groups to only be allowed to login?

cheers,
t.
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: christian on September 17, 2013, 10:34:47 am
Quote from: tilllt on September 17, 2013, 10:10:38 am
How would i filter the members of a certain groups to only be allowed to login?

that's the basic purpose of the "login search filter"  ;)
Set it to what matches your needs.
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: tilllt on September 17, 2013, 01:49:17 pm
i created a user "test" who is not member of any group.
i tried to create a filter as described here: https://confluence.atlassian.com/display/DEV/How+to+write+LDAP+search+filters

i tried a user login filter like this:
(&(uid=%uid)(memberOf=cn=owncloudTeam,ou=Groups,dc=domain,dc=tld)(memberOf=cn=owncloudAndere,ou=Groups,dc=domain,dc=tld))

still, user "test" can log in... what did i do wrong here?
cheers,
t.
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: christian on September 17, 2013, 02:31:33 pm
Did you check that memberof attribute exists  ;) (at least in the LDAP schema you're look at)
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: tilllt on September 17, 2013, 04:27:39 pm
hmm ok, of course i referring to the Zentyal (v3) LDAP Schema.

Ok, so there is no memberOf but a "member" attribute in
OU=Groups, CN=OwncloudTeam, DC=domain, DC=tld

member consists of
uid=username, ou=Users, dc=Domain, dc=tld

what i cannot figure out is how to build a query to figure out if the login user uid is listed in the member attribute of the group...

all the examples i found for owncloud are for active directory or other ldap servers that have an memberOf attribute... which is not the case with zentyal.

Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: christian on September 17, 2013, 04:54:02 pm
Unless I'm wrong, you have a truncated understanding of what Zentyal LDAP schema is (but as I don't have any 3.0 Zentyal installed any more, I can't check).

1 - Example you will find on internet about OwnCloud are for AD that embeds "memberof" attribute at user entry level
2 - Same attribute should exist in Zentyal implementation but not in the LDAP server you can access on port 390  :-X  it exists only for LDAP server used by Samba.

Well check this twice, I might be wrong... but would not be surprised if I'm correct.
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: tilllt on September 17, 2013, 05:23:42 pm
Well, my "understanding" or rather "attempts to understand" come from Apache Directory Studio being connected to Zentyal LDAP on Port 390, so you are correct. I didnt know that there was a another ways to access Zentyals LDAP. On the other hand, it should also be possible to query for the Attribute i mentioned in my earlier post, no?
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: christian on September 17, 2013, 05:35:18 pm
This is not "another way to access LDAP".
Zentyal embeds 2 different LDAP servers (that are however synchronized but with slightly different content, at least for what I understand):
- One, listening on port 389, is dedicated to Samba 4
- another one, listening on port 390 is what I would call "general purpose" LDAP server.

If memberof attribute is maintained in the "general purpose" LDAP server, then you can obviously use it, otherwise you will have to rely on another attribute.
The point is that LDAP protocol doesn't permit to "join" requests. You have to perform one single request that will target one single entry (meaning, e.g. you can't in same LDAP request, check for uid and look at groups content (BTW that's why memberof has been invented  ;))
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: obimichael on December 27, 2013, 02:06:45 pm
Just installed owncloud 6 and wanted to configure LDAP Connection with Zentyal 3.3.
I added 2 Groups (AdminHomeUser, HomeUser) and 5 Users.
Following worked:

Server:
ServerIP: Server IP of Zentyal Server (for example: ldap://127.0.0.1)
Port: 390
DN of Client User: Root DN of Zentyal
Password: Password of ldap
Base DN: Zentyal Base DN

User Filter:
only those object classes: inetOrgPerson
only from those groups: AdminHomeUser, HomeUser


Login Filter:
LDAP Username: checked


Group Filter:
only those object classes: posixGroup
only from those groups: AdminHomeUser, HomeUser

Advanced - Directory Settings:
User Display Name Field: uid



Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: hj on May 25, 2014, 01:34:15 am
Quote from: obimichael on December 27, 2013, 02:06:45 pm
Just installed owncloud 6 and wanted to configure LDAP Connection with Zentyal 3.3.
I added 2 Groups (AdminHomeUser, HomeUser) and 5 Users.
Following worked:

Server:
ServerIP: Server IP of Zentyal Server (for example: ldap://127.0.0.1)
Port: 390
DN of Client User: Root DN of Zentyal
Password: Password of ldap
Base DN: Zentyal Base DN

User Filter:
only those object classes: inetOrgPerson
only from those groups: AdminHomeUser, HomeUser


Login Filter:
LDAP Username: checked


Group Filter:
only those object classes: posixGroup
only from those groups: AdminHomeUser, HomeUser

Advanced - Directory Settings:
User Display Name Field: uid

Worked for me to the point where I can see my Zentyal users in Owncloud menu, but when I login with the correct username and password I get this error:

In /var/log/owncloud.log I see only:
Code: [Select]
2014-05-24T23:20:43+00:00"}
{"app":"core","message":"Login failed: user 'myuser@zentyal-domain.lan' , wrong password, IP:set log_authfailip=true in conf","level":2,"time":"2014-05-24T23:20:59+00:00"}
{"app":"core","message":"Login failed: user 'zentyal-domain.lan\\myuser' , wrong password, IP:set log_authfailip=true in conf","level":2,"time":"2014-05-24T23:21:13+00:00"}
{"app":"core","message":"Login failed: user 'myuser' , wrong password, IP:set log_authfailip=true in conf","level":2,"time":"2014-05-24T23:22:24+00:00"}

The password is definitely correct as I can login into roundcube, openchange webmail,user corner and into vcenter which is linked to my AD. Im using Zentyal 3.4 and Owncloud 6.0.3+dfsg-2 (Debian) (stable)

Any ideas?
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: jbahillo on May 25, 2014, 06:47:48 pm
Make sure that your user is fulfilling filter expressions
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: Laurent Dinclaux on September 17, 2014, 11:59:44 pm
How about plugin it to Zentyal 3.5 which uses Samba as LDAP ?
Title: Re: Owncloud 4.5, LDAP and Zentyal
Post by: schmel on August 12, 2015, 09:28:54 am
zentyal 4.0
owncloud 8.1

Work LDAP Settings:

MyDomain: example.lan
Ldap user: ldap

Code: [Select]
ServerIP: Server IP of Zentyal Server (for example: 127.0.0.1)
Port: 390
DN of Client User: ldap@example.lan
Password: Password of ldap
Base DN: DC=example,DC=lan