External Nextcloud server connected with Active Directory

devfx11 · November 14, 2017, 9:39am

Hi

I have an external Nextcloud instance set up and running already.
I would like to use Nethserver’s fantastic Active Directory setup to authenticate in Nextcloud.
I need to copy ca certificates onto the Nextcloud server ?

After installing Nextcloud on Nethserver i tryed to see how it is set up
I tryed adding DOMAIN\Nethserver$ as user and adding all other parameters like BaseDN the same way on myy own Nextcloud, but i do not know the password

Could anyone share if it has done the same ?

I once managed to set up LDAP authentication with another Nextcloud but this seems more tricky and i can’t get it to work

If anyone has already done this please share it with us

giacomo · November 15, 2017, 9:34am

No, it shouldn’t be necessary.

Create an ad-hoc nextcloud user without password expiration inside NethServer and use it for Nextcloud configuration.

devfx11 · November 15, 2017, 10:08am

Hi

Oh i need password expiration ?
I didn’t tried that yet

edit: i think need glasses you wrote “without password expiraton”

giacomo · November 15, 2017, 10:30am

No you don’t need it, make sure to have it disabled for the nextcloud user!

devfx11 · November 15, 2017, 7:49pm

Okay

After reading several documentations,guide,tutorials, looking at online videos and the Nethserver Nextcloud AD implementation, i finally did it

For ldapsearch to work properly with -Z parameter (START/TLS)
I had to add “TLS_REQCERT never” to /etc/ldap/ldap.conf.
After that i could query my Active Directory with the following command :

ldapsearch -H ldaps://192.168.10.10:636 -D "admin@mydomain.com" -W -b “cn=Users,dc=mydomain,dc=com”

Settings up the LDAP authentication in Nextcloud :

ldaps://192.168.10.10 port 636
admin@mydomain.com
password
dc=mydomain,dc=com

This was not enough for Nextcloud to authenticate via AD.
I also had to add these settings in the Advanced field :

Connection Settings \ Turn off SSL certificate validation.
Directory Settings \ 2nd User Display Name Field \ samaccountname
Directory Settings \ Base User Tree \ dc=mydomain,dc=com
Directory Settings \ Base Group Tree \ dc=mydomain,dc=com
Directory Settings \ Group-Member association \ member (AD)
Special Attributes \ Email Field \ userPrincipalname

Users tab :

ldap query : (&(|(objectclass=person)))

Login attributes :

ldap query : (&(&(|(objectclass=person)))(|(sAMAccountName=%uid)(userPrincipalName=%uid)))

Groups :

ldap query : (&(objectClass=group)(groupType:1.2.840.113556.1.4.803:=2))

It is working, i am authenticating my Ubuntu Server Nextcloud to Nethserver AD.

m.traeumner · November 16, 2017, 8:13am

I know you solved your problem (Please mark the answer as solution), but I have an additional answer for your question

With

account-provider-test dump

you can find out your bindpassword.
Only if you have done a new installation of 7.4 it’s encrypted.

devfx11 · November 16, 2017, 10:40pm

Hi

I managed to connect my nextcloud with my AD users + homefolders + everything but … its slow
Samba on Nextcloud is terribly slow

I think i will leave nextcloud for documents mostly and have samba for other stuff, or sync from samba to nextcloud what i need.