22 thoughts on “Setup Owncloud with OpenDJ excluding disabled accounts

  1. hello, i use openDJ 2.7, ownCLoud 7.0 with LDAP-Plugin 0,43
    My Seetings of ownCloud are:
    Servername: neuro1.informatik.uni-ulm.de
    UserDN: cn=Directory Manager,cn=Root DNs,cn=config
    Basic-DN: dc=neuroinformatik,dc=uni-ulm,dc=de

    User filter: (&(objectclass=inetOrgPerson)
    Login filter: (uid=%uid)
    Group filter: (&(|(objectclass=groupOfUniqueNames))(cn=owncloud))

    I have disabled SSL

    Why I get no connection to openDJ Server.
    Please help me.

    • Hello Hans-georg,

      -are they both setup on the same machine ? If not can you do a telnet on port 1389 (default port for opendj) from the owncloud machine ?
      -do you use some other tool like phpldapadmin to access to ldap ? if not can you query the ldap via command line ?

      Please also note that I used an external administrator user to bind (and not the default administrator) to LDAP, which is more correct for security purposes.

  2. Hello
    I have 2 instances of opendj.
    one on the same machine and one on another machine.
    I can test it with both.

    1) same machine:
    Servername: neuro.informatik.uni-ulm.de
    Port: 10389
    UserDN: cn=Directory Manager,cn=Root DNs,cn=config
    Basic-DN: dc=neuroinformatik,dc=uni-ulm,dc=de

    User filter: (&(objectclass=inetOrgPerson)
    Login filter: (uid=%uid)
    Group filter: (&(|(objectclass=groupOfUniqueNames))(cn=owncloud))

    I have installed it with the following command:
    /setup \
    –cli \
    –baseDN dc=neuroinformatik,dc=uni-ulm,dc=de \
    –ldifFile ../export140723 \
    –ldapPort 10389 \
    –adminConnectorPort 4444 \
    –rootUserDN cn=Directory\ Manager \
    –rootUserPassword \
    –enableStartTLS \
    –ldapsPort 636 \
    –usePkcs12keyStore /data/ci/keys/certifikate.p12 \
    –keyStorePassword 12345678 \
    –certNickname 1 \
    –trustAll \
    –no-prompt \
    –noPropertiesFile;

    //bin/manage-account -D “cn=Directory Manager” -w get-all –targetDN cn=hans-georg.gloeckler,ou=people,dc=neuroinformatik,dc=uni-ulm,dc=de
    The server is using the following certificate:
    Subject DN: CN=neuro.informatik.uni-ulm.de, O=Administration Connector Self-Signed Certificate
    Issuer DN: CN=neuro.informatik.uni-ulm.de, O=Administration Connector Self-Signed Certificate
    Validity: Thu Jul 24 12:53:40 CEST 2014 through Wed Jul 19 12:53:40 CEST 2034
    Do you wish to trust this certificate and continue connecting to the server?
    Please enter “yes” or “no”:yes
    Password Policy DN: cn=Default Password Policy,cn=Password Policies,cn=config
    Account Is Disabled: false
    Account Expiration Time:
    Seconds Until Account Expiration:
    Password Changed Time: 20140724111033.896Z
    Password Expiration Warned Time:
    Seconds Until Password Expiration:
    Seconds Until Password Expiration Warning:
    Authentication Failure Times:
    Seconds Until Authentication Failure Unlock:
    Remaining Authentication Failure Count:
    Last Login Time:
    Seconds Until Idle Account Lockout:
    Password Is Reset: false
    Seconds Until Password Reset Lockout:
    Grace Login Use Times:
    Remaining Grace Login Count: 0
    Password Changed by Required Time:
    Seconds Until Required Change Time:
    Password History:

    telnet localhost 10389
    Trying 127.0.0.1…
    Connected to localhost.
    Escape character is ‘^]’.

    2) another machine:
    Servername: neuro1.informatik.uni-ulm.de
    Port: 10389
    UserDN: cn=Directory Manager,cn=Root DNs,cn=config
    Basic-DN: dc=neuroinformatik,dc=uni-ulm,dc=de

    User filter: (&(objectclass=inetOrgPerson)
    Login filter: (uid=%uid)
    Group filter: (&(|(objectclass=groupOfUniqueNames))(cn=owncloud))

    I have installed it with the following command:
    //setup \
    –cli \
    –baseDN dc=neuroinformatik,dc=uni-ulm,dc=de \
    –ldifFile ../export140723 \
    –ldapPort 10389 \
    –adminConnectorPort 4444 \
    –rootUserDN cn=Directory\ Manager \
    –rootUserPassword 123:Lunifera \
    –no-prompt \
    –noPropertiesFile

    //bin/manage-account -D “cn=Directory Manager” -w get-all –targetDN cn=hans-georg.gloeckler,ou=people,dc=neuroinformatik,dc=uni-ulm,dc=de
    The server is using the following certificate:
    Subject DN: CN=neuro.informatik.uni-ulm.de, O=Administration Connector Self-Signed Certificate
    Issuer DN: CN=neuro.informatik.uni-ulm.de, O=Administration Connector Self-Signed Certificate
    Validity: Thu Jul 24 12:53:40 CEST 2014 through Wed Jul 19 12:53:40 CEST 2034
    Do you wish to trust this certificate and continue connecting to the server?
    Please enter “yes” or “no”:yes
    Password Policy DN: cn=Default Password Policy,cn=Password Policies,cn=config
    Account Is Disabled: false
    Account Expiration Time:
    Seconds Until Account Expiration:
    Password Changed Time: 20140724111033.896Z
    Password Expiration Warned Time:
    Seconds Until Password Expiration:
    Seconds Until Password Expiration Warning:
    Authentication Failure Times:
    Seconds Until Authentication Failure Unlock:
    Remaining Authentication Failure Count:
    Last Login Time:
    Seconds Until Idle Account Lockout:
    Password Is Reset: false
    Seconds Until Password Reset Lockout:
    Grace Login Use Times:
    Remaining Grace Login Count: 0
    Password Changed by Required Time:
    Seconds Until Required Change Time:
    Password History:

    telnet 134.60.73.21 10389
    Trying 134.60.73.21…
    Connected to 134.60.73.21.
    Escape character is ‘^]’.

    • ok so I guess the problem is then with Owncloud only. Can you try to change the userDN property by using your user (cn=hans-georg.gloeckler,ou=people,dc=neuroinformatik,dc=uni-ulm,dc=de) in Owncloud instead of the “cn=Directory Manager” ?

      Just on the left of the “continue” button there should be a configuration status.

    • the server name, maybe using localhost or the ip address
      Another thing maybe it is login filter, can you use another attribute like cn ?
      Also considering that owncloud 7 is fresh, can you see if you have the same problem with owncloud 6 (which is the one i used) ?

  3. Can you tell me, why you use
    Bind user name: cn=myadmin,ou=users,dc=my,dc=website,dc=com

    How you have created this user, like another user under ou=users,dc=my,dc=website,dc=com
    or different

    • Yes I created like another user, it is the generic administrator that i use for other applications. I created simply with phpLDAPadmin.

      Did you solve the problem ?

  4. No I have not solved the problem.
    Which objcctClass do you user when yo create a user
    I use:
    inetOrgPerson
    person, organizationalPerson, top

    • Yes, see below the ldif:

      dn: cn=admin,ou=users,dc=csde,dc=mywebsite,dc=com
      cn: admin
      displayname: Administrator Administrator
      givenname: Administrator
      mail: admin@csde.int
      objectclass: person
      objectclass: organizationalPerson
      objectclass: inetOrgPerson
      objectclass: top
      sn: Administrator
      uid: admin
      userpassword: xxx

      • thanks;
        I don’t know why it doesn’t work at me.
        I have no idea.
        Have you any idea?

      • Hello Hans, can you try with a simple installation of opendj, without importing users, ldaps and certificates?

      • ups.
        Now i get the connect.
        I have installed opendj with
        /lunifera/opendj/setup \
        –cli \
        –baseDN dc=neuroinformatik,dc=uni-ulm,dc=de \
        –addBaseEntry \
        –ldapPort 10389 \
        –adminConnectorPort 4444 \
        –rootUserDN cn=Directory\ Manager \
        –rootUserPassword ****** \
        –no-prompt \
        –noPropertiesFile

        What you think about it.

      • Can not add users:
        i wanted to add the following account by ldif, but it don’t works

        dn: uid=johann,ou=people,dc=neuroinformatik,dc=uni-ulm,dc=de
        cn: haglo
        givenname: hansgeorg
        mail: hans-georg.gloeckler@uni-ulm.de
        objectclass: person
        objectclass: inetOrgPerson
        objectclass: organizationalPerson
        objectclass: top
        sn: gloeckler
        telephonenumber: 24193
        uid: johann
        userpassword: {SSHA}cu5ZxEs9NBFa6UjorR75+lXvrZG5iE+dTlgHdQ==

        I get the following error by phpopenldap
        Konnte Objekt nicht hinzufügen uid=johann,ou=people,dc=neuroinformatik,dc=uni-ulm,dc=de
        LDAP meldet: Constraint violation
        Fehlernummer: 0x13 (LDAP_CONSTRAINT_VIOLATION)
        Beschreibung: Some constraint would be violated by performing the action. This can happen when you try to add a second value to a single-valued attribute, for example.

      • Hello Hans,

        for the problem of the server then i think you need to go step by step (I would check between importing ldif, certificate, ldaps)

        For the importing of ldif, is the group ou=people already existing or not ? are you importing the password already encrypted ?

  5. Hello Hans,

    for the problem of the server then i think you need to go step by step (I would check between importing ldif, certificate, ldaps)

    For the importing of ldif, is the group ou=people already existing or not ? are you importing the password already encrypted ?

    • i Have solved the problem.
      I can not import in ldif
      userpassword: {SSHA}cu5ZxEs9NBFa6UjorR75+lXvrZG5iE+dTlgHdQ==

      I have to write the password in text
      userpassword: secret

      then i can import the ldif and all works.

      in owncloud i have to write
      a) in User-Filter
      (&(objectclass=inetOrgPerson)(isMemberOf=cn=owncloud,ou=groups,dc=neuroinformatik,dc=uni-ulm,dc=de))

      => here is important to write “isMemberOf” and not “MemberOf”
      => openDJ use isMemberOf, OpenLDAP use MemberOf
      =>

      b) in Login-Filter
      (&(&(objectclass=inetOrgPerson)(isMemberOf=cn=owncloud,ou=groups,dc=neuroinformatik,dc=uni-ulm,dc=de))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))(|(uid=%uid))))

      c) in Group-Filter
      (&(|(objectclass=organizationalUnit))(|(cn=owncloud)))

      Thats all

      A lot thanks for your help

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s