Nextcloud LDAP AD Authentication

TJerez · April 14, 2021, 12:28am

I tried it but still does not work. I have also disabled firewall on Nextcloud machine while i test.

I found 2 entries in the logs at /var/www/html/nextcloud/data/nextcloud.log

{“reqId”:“YHY11YZaz55jUmJOLs4yTwAAANc”,“level”:2,“time”:“2021-04-14T00:22:45+00:00”,“remoteAddr”:“10.0.6.200”,“user”:“admin”,“app”:“user_ldap”,“method”:“GET”,“url”:“/nextcloud/ocs/v2.php/apps/notifications/api/v2/notifications”,“message”:“Configuration Error (prefix s01): No LDAP Login Filter given!”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.75”,“version”:“20.0.9.1”}

{“reqId”:“YHY11YZaz55jUmJOLs4yTwAAANc”,“level”:2,“time”:“2021-04-14T00:22:45+00:00”,“remoteAddr”:“10.0.6.200”,“user”:“admin”,“app”:“user_ldap”,“method”:“GET”,“url”:“/nextcloud/ocs/v2.php/apps/notifications/api/v2/notifications”,“message”:“Configuration Error (prefix s01): login filter does not contain %uid place holder.”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.75”,“version”:“20.0.9.1”}

I get this error multiple times

mrmarkuz · April 14, 2021, 12:34am

LDAP filter for AD should look like this:

(&(&(|(objectclass=person)))(|(sAMAccountName=%uid)(userPrincipalName=%uid)))

TJerez · April 14, 2021, 8:29pm

I think i will take a break from this for a while. Still didn’t work, now I can’t even log in to nextcloud.

did 3 fresh installs, 2 with centOS 8, one with Ubuntu and get this same error after i try to set up ldap.

Thanks @mrmarkuz, but if i continue i will definitely punch my screen.

mrmarkuz · April 15, 2021, 12:19am

Seems really hard to get it to work…what does the nextcloud.log tell us?

I think the easiest way is to compare with the Nextcloud settings on a Nethserver and just change the port to 636 or 389 with TLS…

Vitor_Hugo_Barbosa · April 15, 2021, 10:02pm

yes yes …YEAHHHHHHHHHHHHHH DONE MANY THANKS
first i try to allow on nethserver the ports 636 and 389
on the nextcloud container i allowed with ufw installed (debian 10 no gui obviously)
ufw allow 636
ufw allow 389

Nextcloud :
so on nextcloud go to ldap parameters (user admin settings–>install ldap module first and on ldap configuration put the following):
(this ip is fictif)
1str line: ldaps://192.168.4.30 (nethserver side info go to: ip active directory "users and groups --> active directory local–> click details -> 6th line “IP active directory”“the ad sssd ip container”)--------------- port 636
2nd line: ldapservice@ad.job.local
3rd line: bind password from your nethserver (users and groups --> active directory local–> click details -> 2nd line ( Bind password))
save the information of authentication (button)
4th line: dc=ad,dc=job,dc=local detect if you have green light you have already contacted the server

on the pane users
i had selected: computer, person,user

change request LDAP:

SELECT THE AD GROUPS NAME THAT YOU HAVE CREATED ON NETHSERVER USERS AND GROUPS, AND USERS (CHOICE showed on the nextcloud LDAP filter)

login attributs :
user LDAP/AD (selected)

change LDAP request:
select domain users, nethserver user AD groups, etc (as you like) …

Groups
only this object classes: group, top

only on this groups: Administrators, account operators, domain users, users, “nethserver ad group. created on nethserver users and groups”

click the button
verify the settings …

Green Light approved connection

done

log off from your nextcloud user account

nextcloud web login

login user: ad user exemple: vitor (only user name ad)
password: your ad user password

and there you go

after that will show to you as the first nextcloud login landing page

Vitor_Hugo_Barbosa · April 15, 2021, 10:12pm

You need to put also ad.mynamedomain.local instead of mynamedomain.local