CAS authentication with LDAP filter

#1

Hi,

First, I have configure nextcloud with LDAP filter to limit access and this work fine.

Then I try to configure CAS authentication for SSo.

But I don’t find good configuration for SSo CAS with LDAP filter.

Is it possible to configure LDAP filter with SSo CAS authentication ?

I use a 14.0.3 version of nextcloud with “CAS user and group backend” 1.5.6 and LDAP user and group backend 1.4.0.

cordialy

#2

Hi

I use this LDAP configuration :

sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapAgentName "MyUidAgent"
sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapAgentPassword PwdMyUidAgent
sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapBase "ou=****,ou=****,o=****,c=****"
sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapBaseGroups "ou=****,ou=****,o=****,c=****"
sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapBaseUsers "ou=****,ou=****,o=****,c=****"
sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapConfigurationActive "1"
sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapExperiencedAdmin "0"
sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapExpertUUIDUserAttr "uid"
sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapGroupFilter "(&(|(objectclass=posixGroup)))"
sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapGroupFilterObjectclass "posixGroup"
sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapGroupMemberAssocAttr "memberUid"
sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapHost "ldap.ac-caen.fr"
sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapLoginFilter "(&(|(uid=uid1)(uid=uid2))(uid=%uid))"
sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapPort "389"
sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapUserFilter "(|(uid=uid1)(uid=uid2))"
sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapUserFilterObjectclass "inetOrgPerson"
sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapEmailAttribute "mail"
sudo -u www-data php /var/www/html/nextcloud/occ ldap:set-config s01 ldapCacheTTL "3600"

And I use this CAS configuration :

sudo -u www-data php ${ROOT_DIR}/occ app:enable user_cas -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_access_allow_groups --value= -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_access_group_quotas --value= -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_autocreate --value=1 -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_cert_path --value= -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_debug_file --value= -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_default_group --value= -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_disable_logout --value=0 -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_displayName_mapping --value= -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_ecas_accepted_strengths --value= -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_ecas_assurance_level --value= -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_ecas_attributeparserenabled --value=0 -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_ecas_request_full_userdetails --value=0 -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_ecas_retrieve_groups --value= -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_email_mapping --value=email -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_force_login --value=1 -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_force_login_exceptions --value= -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_group_mapping --value= -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_handlelogout_servers --value= -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_link_to_ldap_backend --value=1 -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_php_cas_path --value= -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_protected_groups --value= -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_server_hostname --value=sso.monSso.fr -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_server_path --value= -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_server_port --value=443 -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_server_version --value=2.0 -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_service_url --value= -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_update_user_data --value=1 -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas enabled --value=yes -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas installed_version --value=1.5.6 -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas types --value=prelogin,authentication -q
sudo -u www-data php /var/www/html/nextcloud/occ config:app:set user_cas cas_use_proxy --value=0 -q

I want only uid1 et uid2 to connect to my nextcloud.

But the ldapUserFilter doesn’t seems to work because other user from ldapBase can connect to.

cordialy