如何配置nextCloud LDAP?
- By : Will
- Category : Cloud storage
- Tags: LDAP, NextCloud
Cloud storage
1 基础知识
nextCloud企业化很重要的一步就是配置LDAP,这便于企业用户使用与登录系统相同的密码登录并使用应用。
2 最佳实践
2.1 环境概述
本章需要nexCloud环境,如果你尚未具备,烦请按如下章节配置,
本章需要LDAP环境,如果你尚未具备,烦请按如下章节配置,
2.3 理解LDAP客户端查询
In nexCloud Server,
2.3.1 安装ldap客户端
dnf install -y openldap-clients
2.3.2 使用客户端验证LDAP查询
ldapsearch -x -h 10.168.0.155 -p 389 -W -D "cn=Directory Manager" -b "ou=people,dc=cmdschool,dc=org" "(objectclass=person)" ldapsearch -x -h 10.168.0.155 -p 389 -W -D "cn=Directory Manager" -b "ou=people,dc=cmdschool,dc=org" "(&(|(objectclass=person))(|(uid=myuid)(|(mailPrimaryAddress=myuid)(mail=myuid))))"
注:以上命令用于调试用户过滤规则,匹配成功后再在后面的步骤中使用
2.4 配置nextCloud的LDAP
2.4.1 启用ldap控件
sudo -u apache php /var/www/nextcloud/occ app:enable user_ldap
2.4.2 创建空配置
sudo -u apache php /var/www/nextcloud/occ ldap:create-empty-config
2.4.3 命令行配置LDAP
sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 hasMemberOfFilterSupport "0" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 homeFolderNamingRule "" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 lastJpegPhotoLookup "0" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapAgentName "cn=Directory Manager" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapAgentPassword "***" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapAttributesForGroupSearch "deptname" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapAttributesForUserSearch "uid" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapBackupHost "" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapBackupPort "" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapBase "ou=DG,ou=people,dc=cmdschool,dc=org;ou=HK,ou=people,dc=cmdschool,dc=org" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapBaseGroups "ou=DG,ou=people,dc=cmdschool,dc=org;ou=HK,ou=people,dc=cmdschool,dc=org" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapBaseUsers "ou=DG,ou=people,dc=cmdschool,dc=org;ou=HK,ou=people,dc=cmdschool,dc=org" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapCacheTTL "600" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapConfigurationActive "1" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapDefaultPPolicyDN "" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapDynamicGroupMemberURL "" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapEmailAttribute "mail" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapExperiencedAdmin "1" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapExpertUUIDGroupAttr "" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapExpertUUIDUserAttr "" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapExpertUsernameAttr "uid" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapExtStorageHomeAttribute "" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapGidNumber "gidNumber" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapGroupDisplayName "cn" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapGroupFilter "(&((objectclass=person)))" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapGroupFilterGroups "" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapGroupFilterMode "0" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapGroupFilterObjectclass "person" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapGroupMemberAssocAttr "" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapHost "ldap://10.168.0.155" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapIgnoreNamingRules "" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapLoginFilter "(&(objectclass=person)(|(uid=%uid)(mail=%uid)))" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapLoginFilterAttributes "" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapLoginFilterEmail "1" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapLoginFilterMode "0" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapLoginFilterUsername "1" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapMatchingRuleInChainState "unknown" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapNestedGroups "0" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapOverrideMainServer "" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapPagingSize "500" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapPort "389" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapQuotaAttribute "" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapQuotaDefault "1G" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapTLS "0" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapUserAvatarRule "default" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapUserDisplayName "uid" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapUserDisplayName2 "cn" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapUserFilter "((objectclass=person))" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapUserFilterGroups "" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapUserFilterMode "0" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapUserFilterObjectclass "person" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapUuidGroupAttribute "auto" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 ldapUuidUserAttribute "auto" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 turnOffCertCheck "0" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 turnOnPasswordChange "0" sudo -u apache php /var/www/nextcloud/occ ldap:set-config s01 useMemberOfToDetectMembership "1"
以上设置只做参考,建议你使用界面配置完毕后使用以上命令行修正,然后你可以使用如下命令查看配置,
sudo -u apache php /var/www/nextcloud/occ ldap:show-config
2.4.4 测试LDAP配置
sudo -u apache php /var/www/nextcloud/occ ldap:test-config s01
可见如下提示,
The configuration is valid and the connection could be established!
没有评论