Koozali.org: home of the SME Server
Obsolete Releases => SME 8.x Contribs => Topic started by: jojodid on November 18, 2013, 06:26:04 PM
-
Hi!
I install owncloud 5 on sme-server 8. now i'm trying to configurate LDAP athentification but it return an error message when i press testing configuraation button: " configuration is valide but link could not be etablished. check up server parametters and user connexion identites."
below is my configuratons:
Host : localhost
DN Racine : dc=xxxxxxxxx,dc=ci
DN User (Autorisé à consulter l'annuaire) : uid=Users,dc=sudconstruction,dc=ci
password : xxxxxxxxxxx
Modèle d'authentification utilisateurs : uid=%uid
users filter: objectClass=person
groupes filter : objectClass=posixGroup
-
Remove DN User and password (LDAP can be looked up anonymously) and change users filter to objectClass=inetOrgPerson or objectClass=sambaSamAccount
-
Remove DN User and password (LDAP can be looked up anonymously) and change users filter to objectClass=inetOrgPerson or objectClass=sambaSamAccount
I try your solution but i style get the same error.
-
So you should take a look at /var/log/ldap/current
ldap logs are not easy to read but will show what's wrong
-
you cand find configuration for other software here ( http://wiki.contribs.org/LDAP_Authentication )
Maybe one of those give you a correct config or an idea.
After you solve it, post here the correct config and I'll update the above wiki page.
Good luck.
Jáder
-
I used this command at a shell prompt as root to confirm the correct value for 'base dn':
ldapsearch -x -h localhost -s base |grep 'dn'
After entering the settings as described on the Owncloud page:
http://wiki.contribs.org/OwnCloud#LDAP_Authentication
The Owncloud 'Test Configuration' button then reports:
The configuration is valid, but the Bind failed. Please check the server settings and credentials.
I *also* needed to:
- Select Advanced
- Add a check-box to 'Turn off SSL certificate validation'
Now, the 'Test Configuration' button reports:
The configuration is valid and the connection could be established!
It still doesn't seem to let me login, but that could be due to a conflict with the IMAP authentication I already have configured, or it could be due to the ldap user account delay mentioned in the Owncloud wiki page linked above.
I did notice that my SME groups all appeared in the 'groups' pull-down when creating new users, so the LDAP connection is working.
When I look at the LDAP settings on my server using the command below it looks like the the following items may need to be set as shown (however, even with these settings my system doesn't let me login...):
ldapsearch -x -h localhost |less -S
[Basic Settings]
- User List Filter should be objectClass=inetOrgPerson or objectClass=posixAccount instead of objectClass=person(?)
[Advanced Settings]
- Base User Tree may need to include ou=Users
- Group-Member association should be set to memberUid
- Email Field mail
Finally, I'm debugging by watching the ldap log in one window while attempting logins from a browser:tail -S /var/log/ldap/current...then pressing an upper case 'F' to show new lines as they're added to the file.
IMPORTANT NOTE:
I have had ldap enabled since early SME 8 beta; if any of the settings changed between then and SME 8.0 release, my settings may be incorrect. Be sure to verify the appropriate settings on your own server.
-
Side note:
I use imap instead of ldap because I developed some patches that make it much easier to manage than is implied on the Owncloud wiki pages.
My patches can be found here:
https://github.com/owncloud/apps/issues/302
[edit]
I've added a note about the IMAP Auth patches in the wiki:
http://wiki.contribs.org/OwnCloud#Enable_Automatic_IMAP_User_Creation
[/edit]
-
I try your solution but i style get the same error.
What _exact_ error please.