ownCloud LDAP

Configuring ownCloud to work with Foxpass's LDAP server

ownCloud is an open-source cloud file hosting system. It supports using LDAP as an authentication mechanism into its interface. General instructions for setting up LDAP with ownCloud can be found here:

Detailed instructions on how to use Foxpass's LDAP with ownCloud are below.

Create an LDAP Binder

Note your Base DN on the dashboard page and mark it down.

Create an LDAP Binder account with the name 'owncloud' (or easily identifiable) on the LDAP binders page. Copy/paste the generated password! It is only displayed once.

Also make a note of the binder's CN (i.e. cn=owncloud,dc=≪example≫,dc=≪com≫).

Configure ownCloud

First, install the LDAP Integration app in ownCloud:

Then, configure the LDAP connection tab by tab. Per ownCloud's documentation, "The LDAP configuration panel has four tabs. A correctly completed first tab ("Server") is mandatory to access the other tabs. A green indicator lights when the configuration is correct. Hover your cursor over the fields to see some pop-up tooltips."

Server Tab


Server settings

Enter the following values, inserting your own information where marked by the double arrows:
Host: ldaps://ldap.foxpass.com
Port: 636
User DN: cn=owncloud,dc=≪example≫,dc=≪com≫
Password: ≪owncloud binder password≫
Base DN: dc=≪example≫,dc=≪com≫

Users Tab


User settings

You can select 'organizationalPerson', 'person', and 'inetOrgPerson' as the object class. If you would like to restrict access to specific groups, you can do so using the second dropdown.

If you're comfortable specifying a custom LDAP query to pull users, you can do so as pictured in the example screenshot.

You can use the verify button at the bottom to quickly check that your settings are configured properly.

Login Attributes Tab


Login settings

Next, you can configure whether users are allowed to log in with their username, email address, both. You can also specify a custom LDAP query to use when logging a user in. In the example in the screenshot, users can only log in using their usernames.

Groups Tab

You can use these settings to restrict ownCloud access to members of specific group or just to Posix groups. All groups have the 'group' object class, but only Posix groups have the 'posixGroup'object class.

Advanced Settings


Advanced settings

You may also want to configure some more advanced settings. For example, you can set the User Display Name Field as 'cn' to show the user's actual name instead of their username or email. Additionally, you can set your Base User Tree as ou=people,dc=≪example≫,dc=≪com≫ to more efficiently search for users. The same standards apply for groups. Use 'cn' for the Group Display Name Field and ou=people,dc=≪example≫,dc=≪com≫ for the Base Group Tree.

Lastly, the Group Member Association should be set to 'member' if it is not detected automatically.

After that you're ready to start using ownCloud with Foxpass!