The last week I was trying to establish a secure connection between LDAP server and clients. I first tried STARTTLS but could not configure it properly. The connection didn't look to be secure between the clients and the server but between LDAP server and OwnCloud server only.

So, I decided to try connection over TLS or SSL. To do this used self-signed certificates. After some time I succeeded on making a secure connection. The connection goes via an alternative port 636 and is encrypted using TLS. Below is the screenshot of wireshark software screening the connection. You can see the encrypted messages between the server (192.168.19.170) and the client (192.168.19.123).

Then I was setting up OwnCloud again, so that it could use LDAP over TLS.

Also, I had to change some of the phpLDAPadmin settings since it does not use ldaps:/// by default.

I spent some time on learning about user and group filters' syntax in OwnCloud. Group filters didn't work, so I think we can use user filters by objectClass if we ever need those filters. I then added a couple of more test users (Damir and Raushan) to LDAP so that they could help us to test OwnCloud. Group mapping of OwnCloud doesn't work. LDAP users are not members of their LDAP groups when screened in OwnCloud.

Comments