Koozali.org: home of the SME Server

pydio - lemonLDAP integration

Offline Stefano

  • *
  • 10,836
  • +2/-0
pydio - lemonLDAP integration
« on: August 31, 2016, 03:20:18 PM »
hi all


I'm testing pydio with lemonLDAP..


followed both wiki's pages (https://wiki.contribs.org/Pydio and https://wiki.contribs.org/LemonLDAP-NG), installing lemonLDAP before pydio


I successfully managed to add my virtualhost in lemonLDAP but when I authenticate an user and follow the link from the auth portal, I'm asked to insert my credentials again.. tried with the same user, I see "user not found"


so, please, is there anyone that can give me a 5-years old howto?
moreover (mainly to Daniel B.), is there a way to upgrade both pydio and lemonLDAP to the last releases or, at least, to something newer?
(tried to rebuild rpms both for pydio and lemonLDAP using latest sources and spec file coming from pws with no success)

TIA

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: pydio - lemonLDAP integration
« Reply #1 on: August 31, 2016, 03:33:35 PM »
as a side note, there's only an rpm coming from Dag's repo (which is offline in most of the mirrors and in the main site)
the package is perl-IPC-ShareLite which, AFAICS, is used by lemonLDAP.. pydio doesn't need any Dag's rpm

I'll amend the wiki pages (Pydio's one and Dag's repo one) accordingly

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: pydio - lemonLDAP integration
« Reply #2 on: August 31, 2016, 04:01:36 PM »
I successfully managed to add my virtualhost in lemonLDAP but when I authenticate an user and follow the link from the auth portal, I'm asked to insert my credentials again.. tried with the same user, I see "user not found"

This means for pydio, the auth is still internal. Please show

Code: [Select]
db configuration show pydio | grep -v Password

Quote
moreover (mainly to Daniel B.), is there a way to upgrade both pydio and lemonLDAP to the last releases or, at least, to something newer?
(tried to rebuild rpms both for pydio and lemonLDAP using latest sources and spec file coming from pws with no success)

For pydio, it should be possible but requires a big job to keep the integtration with SME (user auth, settings, integration with Shared Folders). I just haven't found the time yet. For Lemonldap::NG, no, it's not possible because it requires newer perl version (and modules). It'll stay on the 1.4.x branch (which is still maintained)
« Last Edit: August 31, 2016, 04:05:06 PM by Daniel B. »
C'est la fin du monde !!! :lol:

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: pydio - lemonLDAP integration
« Reply #3 on: August 31, 2016, 04:33:36 PM »
Code: [Select]
[root@test ~]# db configuration show pydio | grep -v Password
pydio=webapp
    AliasOnPrimary=disabled
    Authentication=LemonLDAP
    DbName=pydio
    DbUser=pydio
    DefaultLanguage=it
    HomeDir=enabled
    Title=My own web based file manager
    WelcomMessage=Powered by SME Server
    access=public
    status=enabled

about rebuilding, lemonLDAP is on 1.4.10, which I tried to rebuild without success

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: pydio - lemonLDAP integration
« Reply #4 on: August 31, 2016, 04:37:29 PM »
Hard to say what's wrong. Can you show the config of your vhost plz ? For the newer Lemonldap::NG, I missed the announcement. I'll update the rpm in my repo
C'est la fin du monde !!! :lol:

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: pydio - lemonLDAP integration
« Reply #5 on: August 31, 2016, 04:48:54 PM »
Doh!

my bad, I didn't see any reference to a custom template for the virtualhost..

so, re-reading the lemonLDAP page, I have to create a custom fragment for pydio pointing to /usr/share/pydio

are this example still valid?
Code: [Select]
<Directory /opt/myapp>
    AllowOverride None
    SSLRequireSSL on
    AddType application/x-httpd-php .php
    php_admin_value open_basedir /opt/myapp:/tmp
    order deny,allow
    deny from all
    allow from {"$localAccess $externalSSLAccess";}
    Satisfy all
</Directory>
?

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: pydio - lemonLDAP integration
« Reply #6 on: August 31, 2016, 04:54:26 PM »
well, I'm confused.. I already have pydio config in httpd.conf

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: pydio - lemonLDAP integration
« Reply #7 on: August 31, 2016, 04:58:55 PM »
Nop, there should be no custom template needed. But you should have a vhost (= domain) created, as detailed here: https://wiki.contribs.org/Pydio#Create_a_new_virtualhost_for_Pydio
C'est la fin du monde !!! :lol:

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: pydio - lemonLDAP integration
« Reply #8 on: August 31, 2016, 05:04:16 PM »
indeed, I have it

Code: [Select]
[root@test etc]# db domains show exchange.mycompany.local
exchange.mycompany.local=domain
    Authentication=LemonLDAP
    Content=Primary
    Description=Pydio
    DocumentRoot=/usr/share/pydio
    Nameservers=internet
    TemplatePath=WebAppVirtualHost

so, making a recap:
- installed lemonLDAP
- installed pydio and created its virtualhost and configured to be lemonLDAP protected
- in lemonLDAP, created a new virtualhost pointing to exchange.mycompany.local with only a rule, as per wiki page

what's wrong? :-)
is there any log/place to check for errors?

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: pydio - lemonLDAP integration
« Reply #9 on: August 31, 2016, 06:29:09 PM »
Can you check in /var/lib/pydio/plugins/boot.conf/bootstrap.json that you have "instance_name" : "auth.basic_http" under MASTER_INSTANCE_CONFIG (which is itself under core.auth)
C'est la fin du monde !!! :lol:

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: pydio - lemonLDAP integration
« Reply #10 on: August 31, 2016, 09:20:17 PM »
I have no file in /var/lib/pydio/plugins/boot.conf/

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: pydio - lemonLDAP integration
« Reply #11 on: August 31, 2016, 09:23:55 PM »
That's a problem. Fire a signal-event webapps-update and check in /var/log/messages why the templates are not being expanded
C'est la fin du monde !!! :lol:

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: pydio - lemonLDAP integration
« Reply #12 on: August 31, 2016, 09:25:04 PM »
Thank you Dani, will do tomorrow and report back

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: pydio - lemonLDAP integration
« Reply #13 on: September 01, 2016, 10:11:42 AM »
ok, did it and now it works as expected.. thank you Dani