Owncloud Authentication against FreeIPA

Template:Draft 

HOWTO: Owncloud Authentication against FreeIPA

This document describes how to setup owncloud (7.0.4) against FreeIPA (4.1.2) demo1 server.

This howto was tested by deploying owncloud to openshift.com as capsule and demo1 ipa server.

For the purpose of this document, the following information is given

 Server: ipa.demo1.freeipa.org
 base dn: dc=demo1,dc=freeipa,dc=org

Prerequisite:

We will need to create a bind account for owncloud to authenticate to IPA as a service account. For this purpose I use admin account. Owncloud needs to be able to connect to IPA server on port 389 or 636 to LDAP sync works.

Owncloud Authentication

• Login to owncloud
• Go to Apps (left corner)
• Enable LDAP user and group backend
• Go to Admin page (right corner)
• Server

 Server: ldap://ipa.demo1.freeipa.org
 Port: 389
 User DN: uid=admin,cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org
 Password: Secret123
 Base DN: dc=demo1,dc=freeipa,dc=org

• User Filter

 Edit raw filter instead: (objectclass=*)

• Login Filter

 LDAP Username: checked
 Edit raw filter instead: (&(objectclass=*)(uid=%uid))

• Group filter (it depends on which user group you want allow to access owncloud)

 Edit raw filter instead: (|(cn=ipausers))

• Advanced
  • Connection Settings

 Configuration Active: checked

• • Directory Settings

 User Display Name Field: displayname
 Base User Tree: cn=users,cn=accounts,dc=demo1,dc=freeipa,dc=org
 Group Display Name Field: cn
 Base Group Tree: cn=groups,cn=accounts,dc=demo1,dc=freeipa,dc=org
 Group-Member association: uniqueMember
 Paging chunksize: 500

• • Special Attributes

 Email Field: mail
 User Home Folder Naming Rule: cn

• Expert

 nothing