For Authentication purpose we have enabled and configured ldap.
currently we are having users in the internal/private network and also public users, who can access from the internet.
Now we want to restrict the internal users connecting to the own cloud from the internet. And provide only to specific users/group to access from the internet.
operating systems : ubuntu 16.0.4 database : mariaDB LDAP : openldap and windows 2008 AD
Networks : private network and one natted public network to access to owncloud.
Add an "require_once 'apps/extrasecurity/lib/spy.php';" line in owncloud/remote.php file after first line (<?php tag) in order to intercept webdav/cardav. If you get blocked by misconfigured rules you can define 'disable-xs' => '1' in owncloud config.php file to get web access.
Nextcloud (it's a fork of owncloud) implemented this feature in their open-source edition. You want to take a look at this instead of re-developing old code on your own: https://github.com/nextcloud/files_accesscontrol (both projects are still quite similar so that many apps work in both environments, not sure about this one though)
The app was written for Nextcloud and is shipped by default with Nextcloud. It could work on owncloud as well (you could start a fork based on that for owncloud rather than trying to update an old app from OC 8.0). For installation, you have probably to download the repo and extract it into your apps/-folder. I haven't tried it and I don't know if it works right away. If you go for this solution, keep in mind that code can change over versions and probably must be updated. As this app is not developed for ownCloud, it would be up to you to keep this working.