Hello, I try to replace my old seafile native server with a new seafile docker installation.
What config do I need to edit, to enable an LDAP Integration?
I read from different guides ccnet.conf or seahub_settings.py - I can’t find neither.
ChatGPT said, I need to edit this file inside the docker container, but from my understanding the container gets deleted when I pull a new version? So any configuration in the container is temporary, right?
The documentation in our manual for LDAP integration is the same for Docker based installation or binary installation.
What ChatGPT said is not right.
Hello, I found the file.
/opt/seafile-data/seafile/conf/ccnet.conf
I try to test the configuration, like they describe it.
cd seafile-server-latest
./pro/pro.py ldapsync --test
But I don’t have this folder.
sudo find / -type f -name "pro.py"
/var/lib/docker/overlay2/16ee6813da88847b270e0e764626789b3955e5566c0b0c05bb13e67fe97d9ce2/diff/opt/seafile/seafile-pro-server-10.0.13/seahub/scripts/pro.py
/var/lib/docker/overlay2/16ee6813da88847b270e0e764626789b3955e5566c0b0c05bb13e67fe97d9ce2/diff/opt/seafile/seafile-pro-server-10.0.13/pro/pro.py
/var/lib/docker/overlay2/ba0792e439ddca606c054c90172876488c4bbf3cf19cadb9dd95b7e1ee986485/diff/opt/seafile/seafile-pro-server-10.0.13/seahub/scripts/pro.py
/var/lib/docker/overlay2/ba0792e439ddca606c054c90172876488c4bbf3cf19cadb9dd95b7e1ee986485/diff/opt/seafile/seafile-pro-server-10.0.13/pro/pro.py
/var/lib/docker/overlay2/ba0792e439ddca606c054c90172876488c4bbf3cf19cadb9dd95b7e1ee986485/merged/opt/seafile/seafile-pro-server-10.0.13/seahub/scripts/pro.py
/var/lib/docker/overlay2/ba0792e439ddca606c054c90172876488c4bbf3cf19cadb9dd95b7e1ee986485/merged/opt/seafile/seafile-pro-server-10.0.13/pro/pro.py
I tried it with the pro.py inside the var directory, but get multiple errors. Is it even possible to test if the LDAP configuration works with docker?
With Docker deployment, you can use this command:
docker exec -it seafile /opt/seafile/seafile-server-latest/pro/pro.py ldapsync
We have updated the document accordingly.
Hi, thanks again - I have configured the file /opt/seafile-data/seafile/conf/ccnet.conf, and now I can see the users in my Docker seafile.
But I am not able to log in with these new synchronized users, do you have any idea why this could be, or is there possibly a log file where I can find any information why the user can’t log in?
/opt/seafile-data/seafile/conf/ccnet.conf
[General]
[Database]
ENGINE = mysql
HOST = db
PORT = 3306
USER = seafile
PASSWD = PASSWORD
DB = ccnet_db
CONNECTION_CHARSET = utf8
[LDAP]
HOST = ldap://IP-Address/
BASE = ou=ou01,dc=domain,dc=de;ou=ou02,dc=domain,dc=de
USER_DN = seafile_ldap@domain.com
PASSWORD = PASSWORD
LOGIN_ATTR = mail
FILTER = memberOf=CN=Seafile,OU=GROUP,OU=ou01,DC=domain,DC=de
[LDAP_SYNC]
ENABLE_USER_SYNC = true
DEACTIVE_USER_IF_NOTFOUND = true
ENABLE_GROUP_SYNC = true
SYNC_INTERVAL = 30
#GROUP_OBJECT_CLASS = Users
#GROUP_MEMBER_ATTR = Users
Hello, I am stuck on the problem that Seafile syncs the users via LDAP, but you can not log in with these LDAP users in Seafile.
I have made the configuration in /opt/seafile-data/seafile/conf/ccnet.conf.
I have now read through the documentation again and realized that the configuration was made in the documentation in seahub_settings.py.
I have now tried to configure the same configuration as described in the documentation in seahub_settings.py and to leave ccnet.conf alone.
Unfortunately the LDAP sync does not work at all, it does not seem to register this at all. Do you have any other ideas?
root@server:/opt/seafile# docker exec -it seafile /opt/seafile/seafile-server-latest/pro/pro.py ldapsync
[04/23/2024 16:33:06] [INFO] [seafevents] database: mysql, name: seahub_db
[04/23/2024 16:33:06] [INFO] LDAP section is not set, disable ldap sync.
Here is the configuration in seahub_settings.py:
cat seahub_settings.py
# -*- coding: utf-8 -*-
SECRET_KEY = "b''"
SERVICE_URL = "http://URL"
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': '',
'USER': '',
'PASSWORD': '',
'HOST': 'db',
'PORT': '3306',
'OPTIONS': {'charset': 'utf8mb4'},
}
}
CACHES = {
'default': {
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
'LOCATION': 'memcached:11211',
},
'locmem': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
},
}
COMPRESS_CACHE_BACKEND = 'locmem'
TIME_ZONE = 'Europe/Berlin'
FILE_SERVER_ROOT = "http://URL"
# LDAP Configuration
ENABLE_LDAP = True
LDAP_SERVER_URL = 'ldap://IP of LDAP Server' # The URL of LDAP server
LDAP_BASE_DN = 'ou=XXX,dc=XXXXXX,dc=XX;ou=XXXXXXXX,dc=XXXXXX,dc=XX' # The root node of users who can
# log in to Seafile in the LDAP server
LDAP_ADMIN_DN = 'USER@DOMAIN.COM' # DN of the administrator used
# to query the LDAP server for information.
# For OpenLDAP, it maybe cn=admin,dc=example,dc=com
LDAP_ADMIN_PASSWORD = 'PASSWORD' # Password of LDAP_ADMIN_DN
LDAP_PROVIDER = 'ldap' # Identify the source of the user, used in
# the table social_auth_usersocialauth, defaults to 'ldap'
LDAP_LOGIN_ATTR = 'mail' # User's attribute used to log in to Seafile.
# It should be a unique identifier for the user in LDAP server.
# Learn more about this id from the descriptions at begining of this section.
LDAP_CONTACT_EMAIL_ATTR = '' # LDAP user's contact_email attribute
LDAP_USER_ROLE_ATTR = '' # LDAP user's role attribute
LDAP_USER_FIRST_NAME_ATTR = 'givenName' # For update user's first name when login
LDAP_USER_LAST_NAME_ATTR = 'sn' # For update user's last name when login
LDAP_USER_NAME_REVERSE = False # Whether to reverse the user's first and last name
LDAP_FILTER = 'memberOf=CN=XXXXXXXXX,OU=XXXXXXX,OU=XXX,DC=XXXXX,DC=XX' # Additional filter conditions,
# users who meet the filter conditions can log in, otherwise they cannot log in
# Basic configuration items
ENABLE_LDAP = True
# ldap user sync options.
LDAP_SYNC_INTERVAL = 30 # LDAP sync task period, in minutes
ENABLE_LDAP_USER_SYNC = True # Whether to enable user sync
LDAP_USER_OBJECT_CLASS = 'person' # This is the name of the class used to search for user objects.
# In Active Directory, it's usually "person". The default value is "person".
LDAP_DEPT_ATTR = '' # LDAP user's department info
LDAP_UID_ATTR = '' # LDAP user's login_id attribute
# In Active Directory, it's usually "sAMAccountName".
LDAP_AUTO_REACTIVATE_USERS = True # Whether to auto activate deactivated user
LDAP_USE_PAGED_RESULT = False # Whether to use pagination extension
# It is useful when you have more than 1000 users in LDAP server.
IMPORT_NEW_USER = True # Whether to import new users when sync user
ACTIVATE_USER_WHEN_IMPORT = True # Whether to activate the user when importing new user
DEACTIVE_USER_IF_NOTFOUND = True # Set to "true" if you want to deactivate a user
# when he/she was deleted in AD server.
ENABLE_EXTRA_USER_INFO_SYNC = True # Whether to enable sync of additional user information,
# including user's full name, department, and Windows login name, etc.
What Seafile version do you use? LDAP sync is pro edition only feature, you need to use Seafile pro edition 11.0.x version (which is now still a beta version).
Hello,
right now I’m using seafile-pro-server SEAFILE_VERSION=10.0.13.
I will pull the Seafile Docker Version 11 and try again.
I have taken a look at the version.
In Seafile I have the version “latest”.
On github I couldn’t find a version 11 that I can manually add to the .yml file?
The link you posted is not official Seafile docker image.
For latest version of 11.0, you can use seafile-pro-mc:11.0-latest for pro edition.
You are a godsend! Thank you, it works!!