Hello I am at my wit's end with the OwnCloud and LDAP integration. I have been configuring and reconfiguring the LDAP app in owncloud 9.1.5. The LDAP configuration test works, yet I cannot log in with an account configured on my FreeIPA server. The users do not populate into OwnCloud but everything shows green and OwnCloud tells me "Confguration OK" with a green traffic light.
Steps to reproduce
configure LDAP app
Verify configuration works via "Test Configuration" button in Expert tab
Attempt to log in with LDAP account
Expected behaviour
Tell us what should happen
successful login with FreeIPA/LDAP account
Actual behaviour
Tell us what happens instead cannot login, also OwnCloud database not populated with users
Server configuration
Operating system: Centos 7 Web server: Apache 2.4.6 Database:
PHP version: 7.0.24 ownCloud version: (see ownCloud admin page) 9.1.5 Updated from an older ownCloud or fresh install: fresh Where did you install ownCloud from: epel repo Signing status (ownCloud 9.0 and above): ? ` ldap config:
ldaps://servername port 636 no username or password
Screenshots, no problem! Please see below, and thank you for your help. I admit I am not very knowledgeable with LDAP but just trying to implement a centralized authentication mechanism for some workstations and web applications on a private network. Note that I can login to my CentOS workstations as well as a web mail application using LDAP without any problems. I marked over the domain information, but other than that what you see is what is there.
Sorry about image size, but the message board will not let new users post more than one image. If you make it full size in your image viewer it will be clear.
Yeah, you have to have the bind dn and password fields filled out to connect to the ldap server. I don't know why it's "green" but it should not be. You have to tell the LDAP app in owncloud with which credentials it can log in to the LDAP server in order to get the informations about the users.
here is the documentation about LDAP in owncloud, please have a look:
The green light means in this case that you can contact the LDAP server, but he is not giving you any information. You could check in the loginfilter tab if you can enter the user cn and if it finds a user with that cn.
Ok, thanks! That is really weird that they allow you to believe everything is ok without authentication. I actually tried to put the credentials in for an account with no success. Maybe I am just not specifying the correct way. I will work more on this, thanks!
You have to enter a user in your LDAP server who has the right permissions. An admin for example should have the permissions. Also you have to enter it in the right format, like in the documentation.
Thanks, so I tried both a new account I created as well as the admin account: Here is an example:
User field: uid=admin,cn=admins,dc=(mydomain),dc=(mytld) Password field: (the password)
That gave me an error, so I tried again with a user account I created new:
User Field: uid=ldapuser,cn=ipausers,dc=(mydomain),dc=(mytld) Password Field: (the password)
I get an error for both entries when I click "test DN" that the LDAP connection could not be established and the base DN might be wrong, but I did not change the base DN after adding credentials? I don't see why the DN I specified without the credentials worked but it does not work when I add credentials?
All of a sudden it worked fine. By the way, I came up with this after performing an nmap scan against my installation with the ldap-search script enabled. It was able to detect this and query my LDAP server without any problems, I just used its output as an example. I don't understand why adding cn=compat made the difference though, but hopefully it will be useful to someone else with the same problem.