Blog Jurišić

To content | To menu | To search

Tag - ldap

Entries feed

Friday, March 31 2017

How to install Openfire server on Debian 8 Jessie

Openfire is a real time collaboration (RTC) server licensed under the Open Source Apache License. It uses the only widely adopted open protocol for instant messaging, XMPP (also called Jabber). Openfire is incredibly easy to setup and administer, but offers rock-solid security and performance.

If you looking for an alternative to public IM and VOIP services Openfire is great solution.

 

Settings about host before installation

Before installation of Openfire, I set settings as in my example:

  • System name: openfire.test.com 
  • Domain name: test.com
  • System IP: 192.168.22.202

LDAP settings (if don't have LDAP server check How to Install and configure a Basic LDAP Server on an Debian 8 Jessie):

  • Base DN: dc=test,dc=com
  • Bind user: cn=nextcloud,ou=groups,dc=test,dc=com
  • Server IP: 192.168.22.202

 

Install Java

Openfire need Java for running, I personal using Java 8 from my repository , first install java:

apt-get install oracle-java8-jre

 

Download and install Openfire package

First need to download Debian package, and install package

wget --no-check-certificate https://github.com/igniterealtime/Openfire/releases/download/v4.1.3/openfire_4.1.3_all.deb
dpkg -i openfire_4.1.3_all.deb

 

Setup for Openfire

Now open web browser to start setup of Openfire ( http://192.168.22.202:9090 - replace IP with Your address of host )

Select language and press "Continue"

Input network settings:

  • XMPP Domain Name: test.com
  • Server Host Name (FQDN): openfire.test.com
  • Admin Console Port:9090
  • Secure Admin Console Port: 9091

If wish can set "Property Encryption Key" for Encryption password in configuration files of Openfire, in this example I don't use that. Admin Console Port using 9090 and Secure Admin Console Port 9091 but in some case good idea to change this ports in non-standard.

Next click on "Continue"

If don't have lots of users select "Embedded Database" and click on "Continue"

Select "Directory Server (LDAP) and click on "Continue"

Connection Settings:

  • Server Type: OpenLDAP
  • Host: 192.168.22.202
  • Port: 389
  • Base DN: dc=test,dc=com
  • Administration DN: cn=admin,dc=test,dc=com
  • Password: <Your password>

Click on "Test Settings" and if all ok, You will see message "Status: Success!"

Close message and click on "Save & Continue"

Click on "Save & Continue"

 

I my example I don't wont to mapping all group from LDAP. My choice is only group "cn=nextcloud,ou=groups,dc=test,dc=com".

Group Mapping:

  • Group Field: cn
  • Member Field: memberUid
  • Description Field: description
  • Posix Mode: Yes
  • Group Filter: (&(|(objectclass=posixGroup))(|(cn=nextcloud)))

Click on "Save & Continue"

Now choose one or more users from your LDAP to be adminstratos, in my case I select user1 and press "Add", then click on "Continue"

Now Your Openfire server is ready for using.

Recommendation read : http://www.igniterealtime.org/projects/openfire/documentation.jsp

Desktop clients :

Android clients:

 

 

Tuesday, February 21 2017

How to configure Nextcloud server with LDAP

Nextcloud have excelent Apps for integration user and group by LDAP / AD. If don't have LDAP server check "How to Install and configure a Basic LDAP Server on an Debian 8 Jessie" and continue reading this short example of integration LDAP and Nextcloud.

 

Activate LDAP user and group backend for Nextcloud

Login in Nextcloud as Administrator and click on top left dropdown list and select "Apps", then click on "Not enabled" and search " LDAP user and group backend".

Click on button "Enable" and wait 5-10 sec, then click on top right dropdown list.

Click on "Admin", and select "LDAP / AD integration"

Enter LDAP connection data and go in section Users.

Hostname:            localhost
LDAP bind user:  cn=admin,dc=test,dc=com
Password:            The password that you have choosen.
Base DN:              dc=test,dc=com

Under selection "Only these object class" select "inetOrgPerson". Now go in section Login Attributes.

Select checkbox "LDAP / AD Username" and "LDAP / AD Email Address" (users can login with username or e-mail), then go in section Groups.

Under selection "Only these object class" select "posixGroup" and under "Only from these groups" select "nextcloud" then go in Advanced settings.

Under Advanced set Special Attributes. 

Email Field:             mail
User Home Folder: uid

Now can check users, click on top-right dropdown list and select "Users"

 

LDAP Expert

Under Username system generate UUID attribute automatically and that value need to be unique. You can change Internal Username from UUID to uid but that option is open only for expert users.

You can change "Internal Username" for example in "uid", and result is:

That is all, enjoy in Nextcloud with LDAP integration.

 

 

 

 

Friday, February 17 2017

How to Install and configure a Basic LDAP Server on an Debian 8 Jessie

Lightweight Directory Access Protocol (LDAP), is a protocol for managing related information from a centralized location through the use of a file and directory hierarchy.

It functions in a similar way to a relational database in certain ways, and can be used to organize and store any kind of information. LDAP is commonly used for centralized authentication.

 

Settings about host before installation

Before installation of LDAP, I set settings as in my example:

  • System name: ldap.test.com 
  • Domain name: test.com
  • System IP: 192.168.22.200

Configuration files:

cat /etc/hostname

ldap

cat /etc/hosts

127.0.0.1      localhost
127.0.1.1      ldap.test.com ldap

cat /etc/network/interfaces

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.168.22.200
netmask 255.255.255.0
gateway 192.168.22.1

 

Install LDAP server and utils packages

Install packages with:

apt-get install slapd ldap-utils

Choose "Y" to start the installation.

Enter strong password and press enter, then confirm password,

Set BASE and URI in config file /etc/ldap/ldap.conf

BASE    dc=test,dc=com
URI     ldap://localhost:389

Now configure slapd package with:

dpkg-reconfigure slapd

Choose "No" and press enter

Just press enter

Enter organization name, or leave default

Enter strong password and press enter, then confirm password

Select database backend, in my case MDB

Select "No"

Select "Yes"

Select "No", and Your LDAP is complete configured.

 

Start LDAP service

Start LDAP service with:

systemctl restart slapd

Check LDAP with:

ldapsearch -x 

 

Very basic LDAP tree

Now we can create groups, users in LDAP

 

Create groups

make file: nano groups.ldif

version: 1

dn: ou=groups,dc=test,dc=com
objectClass: top
objectClass: organizationalUnit
ou: groups

dn: cn=nextcloud,ou=groups,dc=test,dc=com
objectClass: top
objectClass: posixGroup
cn: nextcloud
gidNumber: 500
memberUid: user1
memberUid: user2

Now add groups (groups and nextcloud):

ldapadd -x -W -D "cn=admin,dc=test,dc=com" -f groups.ldif

make file: nano users.ldif

version: 1

dn: ou=users,dc=test,dc=com
objectClass: top
objectClass: organizationalUnit
ou: users

dn: cn=First User,ou=users,dc=test,dc=com
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
cn: First User
gidNumber: 500
homeDirectory: /home/user1
sn: User
uid: user1
uidNumber: 2000
givenName: First
loginShell: /bin/bash
mail: user1@test.com
userPassword: {CRYPT}$1$58hxEKLS$ypZarETITIXH4WMotxS2k/

dn: cn=Second User,ou=users,dc=test,dc=com
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
cn: Second User
gidNumber: 500
homeDirectory: /home/user2
sn: User
uid: user2
uidNumber: 2001
givenName: Second
loginShell: /bin/bash
mail: user2@test.com
userPassword: {CRYPT}$1$a1ade9eu$zEAzuj1nO5FU4Hx.BE3cq1

Now add users (user1 and user2, password is crypted ad value is test123):

ldapadd -x -W -D "cn=admin,dc=test,dc=com" -f users.ldif

 

Test LDAP 

Simple test of LDAP service:

Search all users in ou=users,dc=test,dc=com :

ldapsearch -x -W -D cn=admin,dc=test,dc=com -b "ou=users,dc=test,dc=com" inetOrgPerson