Nextcloud version :12
Operating system and version :Ubuntu 16.04
PHP version :PHP 7.0
I cannot configure ldap authentication. I’m using Active Directory on Windows Server 2012
when click on Detect Base DN, I got “Base DN could not be auto-detected, please revise credentials, Host and port” message error, while this setting worked on owncloud.
The output of your Nextcloud log in Admin > Logging:
Configuration Error (prefix ): login filter does not contain %uid place holder.
Warning user_ldap Configuration Error (prefix ): No LDAP Login Filter given!
#The output of your config.php file information
$CONFIG = array (
'instanceid' => '********',
'passwordsalt' => '**********',
'secret' => '*********',
0 => '192.168.0.50'',
'datadirectory' => '/var/www/html/nextcloud/data',
'overwrite.cli.url' => 'https://192.168.0.50',
'dbtype' => 'mysql',
'version' => '126.96.36.199',
'dbname' => 'nextcloud',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => '***************',
'dbpassword' => '****************',
'logtimezone' => 'UTC',
'installed' => true,
'ldapIgnoreNamingRules' => false,
'ldapProviderFactory' => '\OCA\User_LDAP\LDAPProviderFactory',
I found what’s problem but i don’t know how can i resolve it.
In our environment we used Microsoft certificate authority service
In our laborator i installed other domain without Microsoft Certificate Authority Service and ldap from Nextcloud connected to the new domain.
Do you use Kerberos internally?
yes I do
Sounds like that is the problem then. If your network is Kerberos and LDAP isn’t setup for basic authentication (rather is expecting a cert) then it makes sense connection is refused.
I don’t know if NC supports Kerberos, might be one for @jospoortvliet. But that would potentially explain the problem and why it works on another LDAP likely just using basic authentication.
I installed ldap-utils package and then test bellow command.
ldapsearch -x -b “dc=hedco,dc=com” -D "firstname.lastname@example.org" -h 192.168.0.1 -W ‘(&(proxyAddresses=smtp*)(!(userAccountControl:1.2.840.1135188.8.131.523:=2)))’
ldap_bind: Strong(er) authentication required (8)
additional info: 00002028: LdapErr: DSID-0C090202, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v2580
We support Kerberos and all I know about it is that it works via apache modules using the user_saml app… That’s where my knowledge ends, sorry. We have implemented it for the TU Berlin, though, so the techies know how/what and if this is for a university or company I suggest to contact email@example.com for a support contract. We’ve got very low prices for education
Then verify that’s problem I found a problem in our active directory registry server
ldapserverintegrity key value set is 2.
when ldapserverintegrity valus set is 2,That means enforces all LDAP authentication to be secured with SSL.
know please tell me how can I configure ldaps in nextcloud.
I could connect from Nextcloud to ldap server via 389 port.
know I want connect to 636 port
Our ldaps configuration is worked on our PaperCut App (It’s a print management Application)
But in Nextcloud it’s not worked.
Have you tried detecting the baseDN instead? Have you checked the logs on the LDAP server to confirm connections are being made?