[SOLVED] How do I configure Nextcloud to use Freedombox as an LDAP server?

Problem Description
I have installed the Nextcloud snap on my Freedombox, and added the offical “LDAP user and group backend” plug-in to Nextcloud.

I want to configure Nextcloud to use Freedombox’s built in LDAP server, however I need to know:

  • the DN of the client user to bind with
  • the base DN for users and groups

(Note, I don’t yet fully understand LDAP concepts like DNs.)

I’ve tried a few things but I’m basically guessing, and I can’t find any information searching - I’ve looked on this site or any other freedombox resources. However it looks like it should be simple to do if I know the right identifiers. See https://docs.nextcloud.com/server/16/admin_manual/configuration_user/user_auth_ldap.html

Questions:

  1. Can anyone point me in the right direction to obtaining correct settings for this?
  2. Also: is Nextcloud likely to work acceptably with my hardware? (Initial experiments suggest it might.)

Steps to Reproduce
Labels starting with $ indicate values you need to provide. Do not insert these labels literally!

  1. Log onto the freedombox terminal via ssh (with sudo)
  2. sudo apt install snapd
  3. sudo snap install nextcloud
  4. sudo /snap/bin/nextcloud.manual-install admin $password
  5. sudo snap set nextcloud ports.http=$random_port
  6. sudo /snap/bin/nextcloud.occ config:system:set overwritehost --value="$hostname"
  7. sudo /snap/bin/nextcloud.occ config:system:set overwritewebroot --value="/nextcloud"
  8. insert the following file in /etc/apache2/conf-available/nextcloud-plinth_custom.conf, symlink it into the sibling directory conf-enabled and sudo service apache2 restart

Content of nextcloud-plinth_custom.conf:

<Location /nextcloud>
    ProxyPass        http://localhost:$random_port/
    ## Send the scheme from user's request to enable Transmission to                                                                                                                                                                                                           
    ## redirect URLs, set cookies, set absolute URLs (if any)                                                                                                                                                                                                                  
    ## properly.                                                                                                                                                                                                                                                               
    RequestHeader    set X-Forwarded-Proto 'https' env=HTTPS
</Location>

Expected Results
I expect to see Nextcloud and Freedom box user authentication synchronised, such that I can manage them from both.

Actual results
I cannot find LDAP settings which the Nextcloud plugin will accept and work with.

Information

  • FreedomBox version: Debian GNU/Linux 10 (buster) and FreedomBox version 19.24
  • Nextcloud version: v16.0.5
  • Nextcloud LDAP backend plugin version: 1.6.0
  • Hardware: Pioneer-FreedomBox-HSK, i.e. an A20-OLinuXino-LIME2
  • How did you install FreedomBox?: I bought pre-installed hardware.
1 Like

Did you manage to solve this problem?

I would also really appreciate to get to know what the credentials of the FB’s LDAP server are. Diagnosis of the users-App shows the port 389 of dc=thisbox but that’s not much :slight_smile:

Is there a config one could look for this?

I guess to use the LDAP from another machine in the network I would have to adjust the firewalld-rule accordingly …

I don’t have a precise answer, only remember to have come accross some LDAP references in conjunction with the following issue.

The config may be inferrable from the /usr/share/plinth/actions/users scripts.

Unfortunately, freedombox does not seem to be using the LDAP scheme that is described in the debian wiki, and pitiable, not even a debian compatible private user group scheme.

1 Like

Some precise info on the LDAP user details would be great to ease manual installing and trying out new things.

For example, the latest GNU Jami release now introduced support to run as a video-conference server (meeting points) and Jami Account Management Server that can be connected to an LDAP server.

Another request for LDAP info was: LDAP support and configuration

From the Jami Account Management Server docs:

I managed to set the correct values:




In the last screenshot, you can modify ‘freedombox-share’ to any of the FreedomBox groups. Just copy-paste the desired group from the Permissions section in parentheses: