External Nextcloud server connected with Active Directory

nextcloud
activedirectory
(devfx11) #1

Hi

I have an external Nextcloud instance set up and running already.
I would like to use Nethserver’s fantastic Active Directory setup to authenticate in Nextcloud.
I need to copy ca certificates onto the Nextcloud server ?

After installing Nextcloud on Nethserver i tryed to see how it is set up
I tryed adding DOMAIN\Nethserver$ as user and adding all other parameters like BaseDN the same way on myy own Nextcloud, but i do not know the password :slight_smile:

Could anyone share if it has done the same ?

I once managed to set up LDAP authentication with another Nextcloud but this seems more tricky and i can’t get it to work :frowning:

If anyone has already done this please share it with us :slight_smile:

(Giacomo Sanchietti) #2

No, it shouldn’t be necessary.

Create an ad-hoc nextcloud user without password expiration inside NethServer and use it for Nextcloud configuration.

(devfx11) #3

Hi

Oh i need password expiration ?
I didn’t tried that yet :slight_smile:

edit: i think need glasses :slight_smile: you wrote “without password expiraton”

(Giacomo Sanchietti) #4

No you don’t need it, make sure to have it disabled for the nextcloud user! :slight_smile:

(devfx11) #5

Okay

After reading several documentations,guide,tutorials, looking at online videos and the Nethserver Nextcloud AD implementation, i finally did it :smiley:

For ldapsearch to work properly with -Z parameter (START/TLS)
I had to add “TLS_REQCERT never” to /etc/ldap/ldap.conf.
After that i could query my Active Directory with the following command :

  • ldapsearch -H ldaps://192.168.10.10:636 -D "admin@mydomain.com" -W -b “cn=Users,dc=mydomain,dc=com”

Settings up the LDAP authentication in Nextcloud :

This was not enough for Nextcloud to authenticate via AD.
I also had to add these settings in the Advanced field :

  • Connection Settings \ Turn off SSL certificate validation.
  • Directory Settings \ 2nd User Display Name Field \ samaccountname
  • Directory Settings \ Base User Tree \ dc=mydomain,dc=com
  • Directory Settings \ Base Group Tree \ dc=mydomain,dc=com
  • Directory Settings \ Group-Member association \ member (AD)
  • Special Attributes \ Email Field \ userPrincipalname

Users tab :

  • ldap query : (&(|(objectclass=person)))

Login attributes :

  • ldap query : (&(&(|(objectclass=person)))(|(sAMAccountName=%uid)(userPrincipalName=%uid)))

Groups :

  • ldap query : (&(objectClass=group)(groupType:1.2.840.113556.1.4.803:=2))

It is working, i am authenticating my Ubuntu Server Nextcloud to Nethserver AD.

(Michael Träumner) #6

I know you solved your problem (Please mark the answer as solution), but I have an additional answer for your question

With

account-provider-test dump

you can find out your bindpassword.
Only if you have done a new installation of 7.4 it’s encrypted.

(devfx11) #7

Hi

I managed to connect my nextcloud with my AD users + homefolders + everything but … its slow
Samba on Nextcloud is terribly slow :slight_smile:

I think i will leave nextcloud for documents mostly and have samba for other stuff, or sync from samba to nextcloud what i need.