Owncloud-Parameter | Zentyal-Parameter |
Host | 127.0.0.1 |
Base-DN | Base-DN |
User-DN | Root-DN |
Password | Password |
Owncloud-Parameter | Settings |
User Login Filter | uid=%uid |
User List Filter | objectClass=person |
Group Filter | objectClass=posixGroup |
Owncloud-Parameter | Zentyal-Parameter |
Base User Tree | User-DN |
Base Group Tree | Groups DN |
aptitude purge owncloud
rm -r /var/lib/owncloud/config /var/lib/owncloud/data /etc/apache2/conf.d/owncloud.conf
mysql -p
select * from mysql.user;
DROP USER 'owncloud'@'localhost';
FLUSH PRIVILEGES;
drop database owncloud;
commit;
exit
TARFILE="owncloud-4.5.3.tar.bz2"
cd /tmp
wget http://mirrors.owncloud.org/releases/${TARFILE}
tar -xjvf ${TARFILE}
rm -r /var/www/owncloud
mv owncloud /var/www/
mkdir -p /var/www/owncloud/install/data
chown -R www-data:www-data /var/www/owncloud/install/data
chown -R www-data:www-data /var/www/owncloud/apps
mkdir /var/www/owncloud/data
chown -R www-data:www-data /var/www/owncloud/data
chown -R www-data:www-data /var/www/owncloud/config
cat >> /etc/apache2/conf.d/owncloud.conf << EOF
Alias /owncloud /var/www/owncloud
<Directory /var/www/owncloud/>
Options +FollowSymLinks
AllowOverride All
order allow,deny
allow from all
</Directory>
EOF
aptitude install zip mp3info php5-mysql php5-gd php-xml-parser libt1-5 php5-ldap pwgen
a2enmod rewrite
a2enmod headers
apache2ctl graceful
MYSQL_PWD="$(pwgen -BC 12 -N 1)"
mysql -p << EOF
CREATE DATABASE owncloud;
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost'
IDENTIFIED BY '${MYSQL_PWD}';
FLUSH PRIVILEGES;
EOF
echo "Your secure MySQL Password is ${MYSQL_PWD} write it down you will need it later!"
echo "For your OwnCloud admin user you can take this secure password: $(pwgen -BC 12 -N 1)"
INET_IP="<TBD>" # eg. 1.2.3.4/32
ZENTYAL_IP="<TBD>" # eg. 192.168.0.100
cat >> /etc/ufw/before.rules << EOF
# Forward traffic to Zentyal with OwnCloud
-A PREROUTING -d ${INET_IP} -p tcp --dport 443 -j DNAT --to ${ZENTYAL_IP}:443
-A POSTROUTING -p tcp -d ${ZENTYAL_IP} --dport 443 -j MASQUERADE
-A PREROUTING -d ${INET_IP} -p tcp --dport 25 -j DNAT --to ${ZENTYAL_IP}:25
-A POSTROUTING -p tcp -d ${ZENTYAL_IP} --dport 25 -j MASQUERADE
-A PREROUTING -d ${INET_IP} -p tcp --dport 8443 -j DNAT --to ${ZENTYAL_IP}:8443
-A POSTROUTING -p tcp -d ${ZENTYAL_IP} --dport 8443 -j MASQUERADE
-A PREROUTING -d ${INET_IP} -p tcp --dport 993 -j DNAT --to ${ZENTYAL_IP}:993
-A POSTROUTING -p tcp -d ${ZENTYAL_IP} --dport 993 -j MASQUERADE
-A PREROUTING -d ${INET_IP} -p tcp --dport 995 -j DNAT --to ${ZENTYAL_IP}:995
-A POSTROUTING -p tcp -d ${ZENTYAL_IP} --dport 995 -j MASQUERADE
-A PREROUTING -d ${INET_IP} -p tcp --dport 237 -j DNAT --to ${ZENTYAL_IP}:237
-A POSTROUTING -p tcp -d ${ZENTYAL_IP} --dport 237 -j MASQUERADE
EOF
iptables -f -t nat ; ufw disable ; ufw --force enable
INTERNAL_FW_IP="<TBD>" # eg. 192.168.0.1
route add default gw ${INTERNAL_FW_IP}
username | ownadmin |
password | use secure password |
Data Folder | /var/www/owncloud |
Database user | owncloud |
Database password | (created during DB installation) |
Database name | owncloud |
mysql host | localhost |
Host | localhost |
Base DN | dc=my,dc=company,dc=com |
User DN | cn=zentyal,dc=my,dc=company,dc=com |
Password | ndeifbwkwz46wnd82nb |
User Login Filter | (uid=%uid) |
User List Filter | (objectclass=inetOrgPerson) |
Group Filter | (objectClass=posixGroup) |
Port | 390 |
Base User Tree | ou=Users,dc=my,dc=company,dc=com |
Base Group Tree | ou=Groups,dc=my,dc=company,dc=com |
User Display Name Field | uid |
Group Display Name Field | cn |
Email Field |
Beware: All LDAP Users can't change their password within OwnCloud. You need to activate UserCorner feature within Zentyal
LDAP Basic
Host localhost Base DN dc=my,dc=company,dc=com User DN cn=zentyal,dc=my,dc=company,dc=com Password ndeifbwkwz46wnd82nb User Login Filter (uid=%uid) User List Filter (objectclass=inetOrgPerson) Group Filter (objectClass=posixGroup)
Advanced
Port 390 Base User Tree ou=Users,dc=my,dc=company,dc=com Base Group Tree ou=Groups,dc=my,dc=company,dc=com User Display Name Field uid Group Display Name Field cn Email Field
Host | localhost |
Base DN | dc=my,dc=company,dc=com |
User DN | cn=zentyalro,dc=my,dc=company,dc=com |
Password | my secret password |
User Login Filter | (uid=%uid) |
User List Filter | memberOf=cn=Cloud,ou=Groups,dc=ebbinghaus,dc=dyndns,dc=org |
Group Filter | leave empty |
Port | 390 |
Base User Tree | ou=Users,dc=my,dc=company,dc=com |
Base Group Tree | ou=Groups,dc=my,dc=company,dc=com |
User Display Name Field | uid |
Group Display Name Field | cn |
Email Field |
cat ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz
NameVirtualHost *:81
Listen 81
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 444
</IfModule>
<IfModule mod_gnutls.c>
Listen 444
</IfModule>
/etc/apache2/sites-enabled# cat *
<VirtualHost *:81>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
cat /var/lib/zentyal/conf/user-apache2.conf
Timeout 300
KeepAlive On
MaxKeepAliveRequests 500
KeepAliveTimeout 15
AddDefaultCharset utf-8
PidFile /var/lib/zentyal-usercorner/user-apache.pid
<IfModule mpm_prefork_module>
StartServers 1
MinSpareServers 1
MaxSpareServers 5
MaxClients 10
MaxRequestsPerChild 10000
</IfModule>
# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
StartServers 1
MinSpareThreads 5
MaxSpareThreads 15
ThreadLimit 16
ThreadsPerChild 25
MaxClients 30
MaxRequestsPerChild 10000
</IfModule>
PerlInterpMaxRequests 10000
Include /etc/apache2/mods-available/auth_basic.load
Include /etc/apache2/mods-available/authn_file.load
Include /etc/apache2/mods-available/authz_default.load
Include /etc/apache2/mods-available/authz_groupfile.load
Include /etc/apache2/mods-available/authz_host.load
Include /etc/apache2/mods-available/authz_user.load
Include /etc/apache2/mods-available/autoindex.load
Include /etc/apache2/mods-available/cgi.load
Include /etc/apache2/mods-available/deflate.conf
Include /etc/apache2/mods-available/deflate.load
Include /etc/apache2/mods-available/dir.conf
Include /etc/apache2/mods-available/dir.load
Include /etc/apache2/mods-available/env.load
Include /etc/apache2/mods-available/mime.load
Include /etc/apache2/mods-available/negotiation.load
Include /etc/apache2/mods-available/setenvif.load
Include /etc/apache2/mods-available/rewrite.load
Include /etc/apache2/mods-available/ssl.conf
Include /etc/apache2/mods-available/ssl.load
Include /etc/apache2/mods-available/status.load
Include /etc/apache2/mods-available/perl.load
Listen 8888
User ebox-usercorner
Group ebox-usercorner
ServerAdmin webmaster@localhost
ServerName localhost
DocumentRoot /usr/share/zentyal/www/
<Directory />
Options SymLinksIfOwnerMatch
AllowOverride None
</Directory>
<Directory /usr/share/zentyal/www/>
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory /var/lib/zentyal/dynamicwww>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
UseCanonicalName Off
TypesConfig /etc/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
MIMEMagicFile /usr/share/misc/file/magic.mime
</IfModule>
HostnameLookups Off
ErrorLog /var/log/zentyal-usercorner/error.log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{forensic-id}n\"" combined
CustomLog /var/log/zentyal-usercorner/access.log combined
<IfModule mod_backtrace.c>
EnableExceptionHook On
</IfModule>
<IfModule mod_whatkilledus.c>
EnableExceptionHook On
</IfModule>
ServerSignature Off
ServerTokens Min
AddDefaultCharset on
<IfModule mod_ssl.c>
SSLEngine on
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile /var/lib/zentyal-usercorner/ssl/ssl.pem
</IfModule>
<IfModule mod_setenvif.c>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>
PerlWarn On
PerlModule EBox::UserCorner::Auth
PerlSetVar EBoxPath /
PerlSetVar EBoxLoginScript /Login/Index
PerlSetVar EBoxSatisfy Any
PerlSetVar AuthCookieDebug 0
<Files LOGIN>
AuthType EBox::UserCorner::Auth
AuthName EBox
SetHandler perl-script
PerlHandler EBox::UserCorner::Auth->login
</Files>
<Directory /usr/share/zentyal/cgi/>
<IfModule mod_ssl.c>
SSLOptions +StdEnvVars
</IfModule>
AuthType EBox::UserCorner::Auth
AuthName EBox
PerlAuthenHandler EBox::UserCorner::Auth->authenticate
PerlAuthzHandler EBox::UserCorner::Auth->authorize
require valid-user
SetHandler perl-script
PerlHandler ModPerl::Registry
PerlSendHeader On
AllowOverride None
Options +ExecCGI
Order allow,deny
Allow from all
</Directory>
RewriteEngine On
# Compatibility with old URLs
RewriteRule ^/ebox(.*) /$1
RewriteRule ^/zentyal(.*) /$1
# skip rewrites for favicon and login
RewriteCond %{REQUEST_FILENAME} ^/favicon.ico$ [OR]
RewriteCond %{REQUEST_FILENAME} ^/LOGIN$
RewriteRule .? - [S=100]
# Map /ebox.cgi to the right Perl CGI and redirect
RewriteRule ^/ebox.cgi$ /
# From /data/ to / and finish
RewriteRule ^/data(.*) $1 [L]
# From /dynamic-data/ to the right directory in FS and finish
RewriteRule ^/dynamic-data(.*) /var/lib/zentyal/dynamicwww$1 [L]
RewriteRule ^/(.*) /usr/share/zentyal/cgi/user-ebox.cgi [E=script:$1,L]
grep 443 /etc/apache2/mods-available/*
But the https port of the Web-Interface stays 443.
Where is the port of the Web-IF configured?
How would i filter the members of a certain groups to only be allowed to login?
Just installed owncloud 6 and wanted to configure LDAP Connection with Zentyal 3.3.
I added 2 Groups (AdminHomeUser, HomeUser) and 5 Users.
Following worked:
Server:
ServerIP: Server IP of Zentyal Server (for example: ldap://127.0.0.1)
Port: 390
DN of Client User: Root DN of Zentyal
Password: Password of ldap
Base DN: Zentyal Base DN
User Filter:
only those object classes: inetOrgPerson
only from those groups: AdminHomeUser, HomeUser
Login Filter:
LDAP Username: checked
Group Filter:
only those object classes: posixGroup
only from those groups: AdminHomeUser, HomeUser
Advanced - Directory Settings:
User Display Name Field: uid
2014-05-24T23:20:43+00:00"}
{"app":"core","message":"Login failed: user 'myuser@zentyal-domain.lan' , wrong password, IP:set log_authfailip=true in conf","level":2,"time":"2014-05-24T23:20:59+00:00"}
{"app":"core","message":"Login failed: user 'zentyal-domain.lan\\myuser' , wrong password, IP:set log_authfailip=true in conf","level":2,"time":"2014-05-24T23:21:13+00:00"}
{"app":"core","message":"Login failed: user 'myuser' , wrong password, IP:set log_authfailip=true in conf","level":2,"time":"2014-05-24T23:22:24+00:00"}
ServerIP: Server IP of Zentyal Server (for example: 127.0.0.1)
Port: 390
DN of Client User: ldap@example.lan
Password: Password of ldap
Base DN: DC=example,DC=lan