[Solved] Error in integrating Univention with external Nextcloud

tacioandrade · May 24, 2021, 5:54pm

Good evening! A client in which I have Univention running as Domain Controller and other features, hired a nextcloud in cloud from another outsourced company (not the solution approved by Univention) and we are trying to configure LDAP authentication through OpenVPN, but we are not getting it!

We install all PHP-LDAP and other necessary modules and when we are going to do the integration, either with port 389, or with other ports using ldaps, etc., they all give the following error in the log file:

“message”: "Configuration Error (prefix s01): No LDAP Login Filter given!
“message”: “Configuration Error (prefix s01): login filter does not contain% uid place holder.”

Here are the data we used to try to integrate:

We also tried other doors, but in all cases, the same error. The DN Base is correct because I copied directly from RSAT as well as the Administrator, I don’t know what else to do.

Thank you in advance for any help from someone who has done this.

chrissib · May 24, 2021, 6:01pm

Try port 7389
In my configuration with UCS is LDAP Server and Nextcloud on a ubuntu-server it works
Dont forget yout firewall

tacioandrade · May 24, 2021, 6:21pm

Tried ports 389, 7389, 3268, 636, etc.

{“reqId”:“PB0H0AmGLEJLaM6026JC”,“level”:2,“time”:“May 24, 2021 15:18:44”,“remoteAddr”:“138.xxx.xxx.xxx”,“user”:“uni”,“app”:“user_ldap”,“method”:“POST”,“url”:"/apps/user_ldap/ajax/wizard.php",“message”:“Configuration Error (prefix s01): login filter does not contain %uid place holder.”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36”,“version”:“21.0.2.1”}
{“reqId”:“PB0H0AmGLEJLaM6026JC”,“level”:2,“time”:“May 24, 2021 15:18:44”,“remoteAddr”:“138.xxx.xxx.xxx”,“user”:“uni”,“app”:“user_ldap”,“method”:“POST”,“url”:"/apps/user_ldap/ajax/wizard.php",“message”:“Configuration Error (prefix s01): No LDAP Login Filter given!”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36”,“version”:“21.0.2.1”}
{“reqId”:“PB0H0AmGLEJLaM6026JC”,“level”:2,“time”:“May 24, 2021 15:18:44”,“remoteAddr”:“138.xxx.xxx.xxx”,“user”:“uni”,“app”:“user_ldap”,“method”:“POST”,“url”:"/apps/user_ldap/ajax/wizard.php",“message”:“Configuration Error (prefix s01): login filter does not contain %uid place holder.”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36”,“version”:“21.0.2.1”}

tacioandrade · May 24, 2021, 6:22pm

tacioandrade · May 24, 2021, 7:00pm

I managed to make it work! For this I had to enable unsecured authentication:

ucr set samba/ldap/server/require/strong/auth=‘no’

After that I went to the Advanced tab and selected the option “Turn off SSL certificate validation”, with that the authentication worked!