Cool Solution - Install Pydio and setup ldap authentication

From Univention Wiki

Jump to: navigation, search
Produktlogo UCS Version 4.0

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.

This article describes how to install Pydio and how to setup the LDAP connection.

Installation

There are two ways to install Pydio:

  1. Manual installation
  2. Installation using a repository

Both need the following dependencies installed:

univention-install php5 php5-mcrypt php5-gd php5-mysql php5-ldap

Manual installation

Download Pydio from the product's download page and follow the installation instructions. After the installation is finished, continue with the chapter Configuration.

Installation using a repository

Add the following line to a new source.list-file:

echo "deb http://dl.ajaxplorer.info/repos/apt stable main" > /etc/apt/sources.list.d/pydio.list

Download and install the GPG key to prevent warnings during package downloading:

wget -O - http://dl.ajaxplorer.info/repos/charles@ajaxplorer.info.gpg.key | apt-key add -

Next, install pydio from the repository:

univention-install pydio

Copy the sample Apache configuration to Apache:

cp /usr/share/doc/pydio/apache2.sample.conf /etc/apache2/sites-available/pydio.conf
a2ensite pydio.conf

Reload the Apache webserver to make Pydio available:

invoke-rc.d apache2 reload

After the installation is finished, continue with the chapter Configuration.

Configuration

Open the Pydio configuration assistant by navigating to https://<your server>/pydio. The wizard is interactive and will guide through the configuration process.

Hint: When creating the Pydio administrator user it is recommended to use a username other than "Administrator" to prevent confusion with the UCS domain administrator.

When creating the connection to the database chose MySQL and create a database and user as described below. After that the wizard can be finished.

MySQL

Pydio can be connected to a MySQL database. First, MySQL must be installed:

univention-install mysql-server

Create a new database and user for Pydio:

mysql -uroot -p$(cat /etc/mysql.secret)

## In MySQL
CREATE DATABASE pydio;
CREATE USER 'pydio_dbuser' IDENTIFIED BY '<SECRET PASSWORD>';
GRANT ALL ON pydio.* TO 'pydio_dbuser';
FLUSH PRIVILEGES;
quit

Hint: Change "<SECRET PASSWORD>" to a secure value!

LDAP configuration

To configure the LDAP authentication for Pydio, log in as the pydio administrator, hover over the username in the top right corner and select Settings. Next, click on "Application Core", double click on "Authentication" and navigate to the section "Secondary Instance" at the bottom of the page. Set the following example settings for successfully enabling LDAP users to log in to Pydio.

Hint: These example settings require Pydio to be installed on a system with a copy of the LDAP.

Hint: To get the correct value for LDAP_BASE run the command ucr get ldap/base on the command line of your server.

Option Value
MODE Master/Slave
CACHE MASTERS USERS Yes
USER LISTING Master only
INSTANCE TYPE LDAP/AD Directory
LDAP URL localhost
PROTOCOL SSL (ldaps)
LDAP PORT 7636
LDAP BIND USERNAME uid=Administrator,cn=users,LDAP_BASE
LDAP BIND PASSWORT Administrator password
PEOPLE DN cn=users,LDAP_BASE
LDAP SERVER PAGE SIZE 500
LDAP FILTER objectClass=person
USER ATTRIBUTE uid
SEARCH USERS BY ATTRIBUTE uid
GROUPS DN cn=groups,LDAP_BASE
LDAP GROUPS FILTER objectClass=group
GROUP ATTRIBUTE cn
FAKE MEMBER FROM... <empty>
FAKE MEMBEROF. VALUE OF MEMBER/MEMBERUID ATTRIBUTE OF GROUP Yes
ROLE PREFIX (FOR MEMBEROF) <empty>
LDAP ATTRIBUTE <empty>
MAPPING TYPE <empty>
PLUGIN PARAMETER <empty>
CACHE USER COUNT (HOURS) 1
TEST USER <empty>
AUTO CREATE USER Yes
LOGIN REDIRECT <empty>
ADMIN LOGIN <empty>
AUTO APPLY ROLE <empty>

After applying the above settings, click on "Save" in the top right corner. Now all users available in the LDAP can log in to Pydio.

UCS overview

To configure the UCS start site to provide a link to Pydio, the UCR variables ucs/web/overview/entries/service must be set:

ucr set \
ucs/web/overview/entries/service/pydio/description/de="Pydio Dateifreigabe und -synchronisierung" \
ucs/web/overview/entries/service/pydio/description="Pydio file sharing and synchronization" \
ucs/web/overview/entries/service/pydio/label/de="Pydio" \
ucs/web/overview/entries/service/pydio/label="Pydio" \
ucs/web/overview/entries/service/pydio/link="/pydio"

Known Issues

If the app "Active Directory-compatible Domain Controller" is installed, Pydio cannot contact the LDAP server over LDAPS. Either configure Pydio to use the unsecure LDAP connection or to connect to a system not having the app "Active Directory-compatible Domain Controller" installed.

Personal tools