After reading several documentations,guide,tutorials, looking at online videos and the Nethserver Nextcloud AD implementation, i finally did it
For ldapsearch to work properly with -Z parameter (START/TLS)
I had to add "TLS_REQCERT never" to /etc/ldap/ldap.conf.
After that i could query my Active Directory with the following command :
- ldapsearch -H ldaps://192.168.10.10:636 -D "email@example.com" -W -b "cn=Users,dc=mydomain,dc=com"
Settings up the LDAP authentication in Nextcloud :
- ldaps://192.168.10.10 port 636
This was not enough for Nextcloud to authenticate via AD.
I also had to add these settings in the Advanced field :
- Connection Settings \ Turn off SSL certificate validation.
- Directory Settings \ 2nd User Display Name Field \ samaccountname
- Directory Settings \ Base User Tree \ dc=mydomain,dc=com
- Directory Settings \ Base Group Tree \ dc=mydomain,dc=com
- Directory Settings \ Group-Member association \ member (AD)
- Special Attributes \ Email Field \ userPrincipalname
Users tab :
- ldap query : (&(|(objectclass=person)))
Login attributes :
- ldap query : (&(&(|(objectclass=person)))(|(sAMAccountName=%uid)(userPrincipalName=%uid)))
- ldap query : (&(objectClass=group)(groupType:1.2.840.113518.104.22.1683:=2))
It is working, i am authenticating my Ubuntu Server Nextcloud to Nethserver AD.