chchang
/
hugo_backup
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '16f4228909'
${ noResults }
hugo_backup/public/article/e7-ad-86-e8-a8-98-owncloudl.../index.html

564 lines
20 KiB
Raw Blame History Escape

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<!doctype html>
<html class="no-js" lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="author" content="Lednerb">
<meta name="description" content="Bilberry Premium Theme for Hugo.">
<meta name="keywords" content="blog,personal,responsive,search,font awesome,pages,posts,multilingual,highlight.js,syntax highlighting,premium,shortcuts">
<meta name="generator" content="Hugo 0.50" />
<title> [筆記] CentOS 7&#43;OwnCloud&#43;LDAP&#43;AD 認證設定 | My cool new Blog</title>
<meta name="description" content="[筆記] CentOS 7&#43;OwnCloud&#43;LDAP&#43;AD 認證設定 - Bilberry Premium Theme for Hugo.">
<meta itemprop="name" content="[筆記] CentOS 7&#43;OwnCloud&#43;LDAP&#43;AD 認證設定">
<meta itemprop="description" content="[筆記] CentOS 7&#43;OwnCloud&#43;LDAP&#43;AD 認證設定 - Bilberry Premium Theme for Hugo.">
<meta property="og:title" content="[筆記] CentOS 7&#43;OwnCloud&#43;LDAP&#43;AD 認證設定">
<meta property="og:description" content="[筆記] CentOS 7&#43;OwnCloud&#43;LDAP&#43;AD 認證設定 - Bilberry Premium Theme for Hugo.">
<meta property="og:image" content="https://www.gravatar.com/avatar/88188b6cc451928eba90e8400bc68086?size=200">
<meta property="og:url" content="https://h.cowbay.org/article/e7-ad-86-e8-a8-98-owncloudldapad-e8-aa-8d-e8-ad-89-e8-a8-ad-e5-ae-9a/">
<meta property="og:site_name" content="My cool new Blog">
<meta property="og:type" content="article">
<link rel="icon" type="image/png" href="https://h.cowbay.org/favicon-32x32.png" sizes="32x32">
<link rel="icon" type="image/png" href="https://h.cowbay.org/favicon-16x16.png" sizes="16x16">
<link rel="stylesheet" href="https://h.cowbay.org/sass/combined.min.717098cb5503581e75f12e486a847ca410bf8367d4d8713f4c37affc868c5a1d.css">
</head>
<body class="bilberry-hugo-theme">
<nav>
<div class="container">
<ul class="topnav">
<li><a href="/page/about-bilberry/">About Bilberry</a></li>
<li><a href="https://github.com/Lednerb/bilberry-hugo-theme" target="_blank">Github</a></li>
</ul>
<div id="search-box" class="search">
<i class="fa fa-search"></i>
<input id="search" type="text" placeholder="Search ...">
</div>
</div>
</nav>
<header>
<div class="container">
<div class="logo">
<a href="/" class="logo">
<img src="https://www.gravatar.com/avatar/88188b6cc451928eba90e8400bc68086?d=mm&size=200" alt="">
<span class="overlay"><i class="fa fa-home"></i></span>
</a>
</div>
<div class="titles">
<h3 class="title"><a href="/">My cool new Blog</a></h3>
<span class="subtitle">Hello World! This is the most epic subtitle ever.</span>
</div>
<div class="languages">
<a href="/en" class="active">en</a>
<a href="/de">de</a>
</div>
<div class="toggler">
<i class="fa fa-bars" aria-hidden="true"></i>
</div>
</div>
</header>
<div class="main container">
<div class="article-wrapper u-cf single">
<a class="bubble" href="/article/e7-ad-86-e8-a8-98-owncloudldapad-e8-aa-8d-e8-ad-89-e8-a8-ad-e5-ae-9a/">
<i class="fa fa-fw fa-pencil"></i>
</a>
<article class="default article">
<div class="content">
<h3><a href="/article/e7-ad-86-e8-a8-98-owncloudldapad-e8-aa-8d-e8-ad-89-e8-a8-ad-e5-ae-9a/">[筆記] CentOS 7&#43;OwnCloud&#43;LDAP&#43;AD 認證設定</a></h3>
<div class="meta">
<span class="date moment">2015-01-05</span>
<span class="categories">
<a href="/categories/%E5%B7%A5%E4%BD%9C%E7%AD%86%E8%A8%98">工作筆記</a>
</span>
</div>
<p>今年的工作,列了一項建立公司內部私有雲的計畫,之前就有玩過免費的 OwnCloud ,這次拿來在公司環境試試看。</p>
<p>底下簡單描述操作的步驟</p>
<h1 id="centos-7-owncloud-ldap-ad-認證設定"> CentOS 7+OwnCloud+LDAP+AD 認證設定</h1>
<p>&nbsp;</p>
<h3 id="安裝-centos-7">安裝 CentOS 7</h3>
<p>下載ISO  <a href="http://www.centos.org/download/">http://www.centos.org/download/</a></p>
<p>把ISO丟上 esxi ,開一台新的 VM</p>
<p>配置大概如下很簡單想說主機上的RAM還有多就配4G給這台</p>
<p><a href="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-05_14-47-48.png"><img src="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-05_14-47-48.png" alt="2015-01-05_14-47-48" /></a></p>
<p>如果選最小安裝,會碰到很多指令不支援的問題,要一個個手動裝回來,這點要特別注意。</p>
<p>另外,我的習慣是會關閉 SELINUX另外設定 iptables ,這部分就看個人。</p>
<p>為了之後要把Google Drive 拿來當作外部儲存空間用,所以之後都要用 hostname連線</p>
<h2 id="記得要修改dns對應-span-style-color-ff0000-如果用ip連線-google-drive-的api-不接受-span">記得要修改DNS對應<span style="color: #ff0000;">如果用IP連線Google Drive 的API 不接受!</span></h2>
<h3 id="安裝-owncloud">安裝 OwnCloud</h3>
<p><pre>CentOS 安裝好了之後,參考底下頭城國小資訊組的文章</pre>
PS 我雖說是礁溪人,不過老家親戚大部分都在頭城!硬要牽關係這樣 <img src="http://www.cowbay.org/wp-content/plugins/wp-emoji-one/icons/1F600.png" alt="" /></p>
<p>參考 <a href="http://blog.ilc.edu.tw/blog/blog/25793/post/79900/512903">http://blog.ilc.edu.tw/blog/blog/25793/post/79900/512903</a></p>
<p>資料儲存空間要修改成自己機器上的路徑</p>
<h3 id="啟用-owncloud-的-ldap">啟用 OwnCloud 的 LDAP</h3>
<p>進入 OwnCloud 後,在左上角的雲的旁邊有個下拉選單,裡面有個應用程式,點進去</p>
<p>P.S 不知道為什麼進入應用程式要等很久是VM不給力還是給雙核CPU太少</p>
<p>之前在另一台FreeBSD的實體機上測試也會有這個問題..</p>
<p>Update 2015/01/06</p>
<p>早上翻了一堆 owncloud 論壇的文章,管理介面緩慢的問題滿多人碰到的</p>
<p>有說是DNS 解析的問題,有說是進入 admin 介面時,會去檢查一些像是系統更新、網際網路連線能力之類,所以會跑比較久。</p>
<p>有跟著說明修改了一些config裡面的值「感覺」似乎有變快..</p>
<p>&nbsp;</p>
<p><a href="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-05_14-54-52.png"><img src="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-05_14-54-52.png" alt="2015-01-05_14-54-52" /></a></p>
<p>進入應用程式後,啟用 LDAP user and group backend </p>
<p>這部分可以參考頭城國小資訊組的文章 <a href="http://blog.ilc.edu.tw/blog/blog/25793/post/79900/531268">http://blog.ilc.edu.tw/blog/blog/25793/post/79900/531268</a></p>
<p>&nbsp;</p>
<p><a href="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-05_14-57-05.png"><img src="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-05_14-57-05.png" alt="2015-01-05_14-57-05" /></a></p>
<p>&nbsp;</p>
<p>成功啟用之後再管理者介面就會看到多出設定LDAP的TAB就可以繼續設定LDAP了</p>
<p><a href="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-05_15-00-27.png"><img src="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-05_15-00-27-1024x515.png" alt="2015-01-05_15-00-27" /></a></p>
<p>設定 LDAP</p>
<p>參考 <a href="http://blog.miniasp.com/post/2012/01/03/CollabNet-Subversion-Edge-Installation-Notes-Part-2-Active-Directory-Integration.aspx">http://blog.miniasp.com/post/2012/01/03/CollabNet-Subversion-Edge-Installation-Notes-Part-2-Active-Directory-Integration.aspx</a></p>
<p>先在自己AD 的 Domain Controller 上,找出相關的資訊
&gt; <pre id="codeSnippet" class="csharpcode">dsquery user -samid <span class="str">&ldquo;administrator&rdquo;</span></pre>
&gt;
&gt; 透過上述指令執行後,會直接查出帳號 administrator 的 DN 位址,如下範例:
&gt;
&gt; &ldquo;<span style="color: #0000ff; font-family: Consolas;">CN=Administrator,CN=example,DC=com,DC=tw</span>&ldquo;
&nbsp;</p>
<p>CN=帳號,CN=Users,DC=example,DC=com,DC=tw</p>
<p>BASE DN: DC=example,DC=com,DC=tw</p>
<p>後面的Filter 視情況而定,我公司帳號不多,所以沒有刻意去下條件,下方繼續按鈕旁邊會顯示燈號,看到綠燈才代表設定正確唷!</p>
<p><a href="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-05_14-24-06.jpg"><img src="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-05_14-24-06-1024x586.jpg" alt="2015-01-05_14-24-06" /></a></p>
<p><a href="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-05_14-24-15.jpg"><img src="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-05_14-24-15-1024x611.jpg" alt="2015-01-05_14-24-15" /></a></p>
<p>&nbsp;</p>
<p>這邊是設定使用者可以用哪些屬性登入</p>
<p>預設有 Username 和 Email (必須在AD內有登記)</p>
<p>如果覺得不夠可以從下拉選單中勾選其他AD支援的屬性</p>
<p>Update : 2015/1/6</p>
<p>後來玩了一下這部分的設定發現不知道是我DC上的帳號群組亂掉了還是怎樣</p>
<p>會發生明明USER A 屬於 A群組我也勾選了A群組但是 User A就是無法登入的情況</p>
<p>為了解決這個問題我在DC上建立了一個owncloud群組把所有要開放的使用者都拉進這個群組</p>
<p><a href="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-06_16-44-30.png"><img src="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-06_16-44-30.png" alt="2015-01-06_16-44-30" /></a></p>
<p>這樣設定之後就沒有再發生使用者無法登入的狀況</p>
<p>接著修改了群組的過濾原則,把 &ldquo;group&rdquo;選起來</p>
<p><a href="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-06_16-46-24.png"><img src="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-06_16-46-24.png" alt="2015-01-06_16-46-24" /></a></p>
<p>在指派 external Storage 的時候就可以用DC上的群組去分配不必一個一個帳號拉</p>
<p><a href="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-06_16-49-10.png"><img src="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-06_16-49-10.png" alt="2015-01-06_16-49-10" /></a></p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>測試用 AD內登記的 帳號/ EMAIL登入 OK下面這張圖我是用AD內登記的EMAIL登入右上角顯示的是AD內的 Display Name</p>
<p><a href="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-05_15-06-42.png"><img src="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-05_15-06-42-1024x300.png" alt="2015-01-05_15-06-42" /></a></p>
<p>&nbsp;</p>
<p>在本機設定好OwnCloud Client 之後,當然也會自動同步</p>
<p><a href="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-05_15-11-14.png"><img src="http://www.cowbay.org/wp-content/uploads/2015/01/2015-01-05_15-11-14.png" alt="2015-01-05_15-11-14" /></a></p>
<p>更新</p>
<p>External Storage 可以配合 Amazon S3 / Google Drive</p>
<p>Google Drive 要先去開通 API ,挺麻煩的一件事,有很多小細節要注意</p>
<p>參考這篇 <a href="http://doc.owncloud.org/server/6.0/user_manual/external_storage/google_drive.html">http://doc.owncloud.org/server/6.0/user_manual/external_storage/google_drive.html</a></p>
<p>特別特別注意,複製 Client Secret時建議先貼到記事本不要從瀏覽器直接貼過來會多一個&rdquo; &ldquo;空白</p>
<p>我在這邊卡關一個多小時 <img src="http://www.cowbay.org/wp-content/plugins/wp-emoji-one/icons/1F621.png" alt="" /></p>
<p>&nbsp;</p>
<p>設定成功之後在OwnCloud 會多一個目錄,指向到 Google Drive</p>
<p>這樣本機就不必有太大的儲存空間,也能提供「雲端空間」的服務了!</p>
<p>&nbsp;</p>
</div>
<div class="footer">
<div class="tags">
<i class="fa fa-tags"></i>
<div class="links">
<a href="/tags/centos7">centos7</a>
<a href="/tags/ldap">LDAP</a>
<a href="/tags/woncloud">woncloud</a>
</div>
</div>
</div>
</article>
</div>
<div id="disqus_thread"></div>
<script type="application/javascript">
var disqus_config = function () {
};
(function() {
if (["localhost", "127.0.0.1"].indexOf(window.location.hostname) != -1) {
document.getElementById('disqus_thread').innerHTML = 'Disqus comments not available by default when the website is previewed locally.';
return;
}
var d = document, s = d.createElement('script'); s.async = true;
s.src = '//' + "bilberry-hugo-theme" + '.disqus.com/embed.js';
s.setAttribute('data-timestamp', +new Date());
(d.head || d.body).appendChild(s);
})();
</script>
<noscript>Please enable JavaScript to view the <a href="https://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
<a href="https://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>
</div>
<footer>
<div class="container">
<div class="recent-posts">
<strong>Latest posts</strong>
<ul>
<li>
<a href="/article/google-550-5-7-1-sloution/">寄信給google被退信 錯誤 550-5.7.1的解法</a>
</li>
<li>
<a href="/article/netdata-linux-system-performance-monitor-dashboard/">Netdata Linux System Performance Monitor Dashboard</a>
</li>
<li>
<a href="/article/linux-performance-monitor-dashboard-netdata-md/">Linux 底下極其詳細的System performace Monitor Dashboard - Netdata</a>
</li>
<li>
<a href="/article/syntax-test/">Syntax Test</a>
</li>
<li>
<a href="/article/psql-create-role-and-assign-priviledges/">psql create role and assign priviledges</a>
</li>
<li>
<a href="/article/study-url/">Study URL</a>
</li>
<li>
<a href="/article/rsync-time-backup/">[筆記] Linux 底下好用的備份工具 rsync-time-backup</a>
</li>
</ul>
</div>
<div class="categories">
<a href="/categories/"><strong>Categories</strong></a>
<ul>
<li>
<a href="/categories/%E6%9C%AA%E5%88%86%E9%A1%9E">未分類 (86)</a>
</li>
<li>
<a href="/categories/%E5%B7%A5%E4%BD%9C%E7%AD%86%E8%A8%98">工作筆記 (68)</a>
</li>
<li>
<a href="/categories/%E5%85%B6%E4%BB%96">其他 (46)</a>
</li>
<li>
<a href="/categories/%E7%AD%86%E8%A8%98">筆記 (30)</a>
</li>
<li>
<a href="/categories/%E5%89%AA%E5%A0%B1">剪報 (18)</a>
</li>
<li>
<a href="/categories/starting">Starting (5)</a>
</li>
<li>
<a href="/categories/blog">Blog (4)</a>
</li>
</ul>
</div>
<div class="right">
<div class="external-profiles">
<strong>Social media</strong>
<a href="https://twitter.com/TheRealLednerb" target="_blank"><i class="fa fa-twitter-adblock-proof"></i></a>
<a href="https://github.com/Lednerb" target="_blank"><i class="fa fa-github"></i></a>
</div>
<div class="languages">
<strong>Other languages</strong>
<a href="/en" class="active">en</a>
<a href="/de">de</a>
</div>
</div>
</div>
</footer>
<div class="credits">
<div class="container">
<div class="copyright">
<a href="https://github.com/Lednerb" target="_blank">
&copy;
2017
by Lednerb
</a>
</div>
<div class="author">
<a href="https://github.com/Lednerb/bilberry-hugo-theme" target="_blank">Bilberry Hugo Theme</a>
</div>
</div>
</div>
<script type="text/javascript" src="https://h.cowbay.org/js/externalDependencies.39c47e10e241eae2947b3fe21809c572.js" integrity="md5-OcR&#43;EOJB6uKUez/iGAnFcg=="></script>
<script type="text/javascript" src="https://h.cowbay.org/js/theme.ff50ae6dc1bfc220b23bf69dbb41b54e.js" integrity="md5-/1CubcG/wiCyO/adu0G1Tg=="></script>
<script>
$(".moment").each(function() {
$(this).text(
moment( $(this).text() )
.locale( "en" )
.format('LL')
);
});
$(".footnote-return sup").html("");
</script>
<script>
var client = algoliasearch("Y2C4RWMPXW", "50ea7f8c41c0ad233926e0be2b769ed1");
var index = client.initIndex("default-content");
$('#search').autocomplete({ hint: false, autoselect: true, debug: false },
[
{
source: $.fn.autocomplete.sources.hits(index, { hitsPerPage: 5, filters: 'language: en' }),
displayKey: function(suggestion) {
return suggestion.title || suggestion.author
},
templates: {
suggestion: function(suggestion) {
return "<span class='entry " + suggestion.type + "'>"
+ "<span class='title'>" + suggestion.title + "</span>"
+ "<span class='fa fa-fw " + suggestion.iconClass + "'></span>"
+ "</span>"
;
},
empty: function() {
return "<span class='empty'>Nothing found.</span>"
},
footer: function() {
return '<div class="branding">Powered by <img src="https:\/\/h.cowbay.org\/dist\/algolia-logo-light.svg" /></div>'
}
},
}
])
.on('autocomplete:selected', function(event, suggestion, dataset) {
window.location = (suggestion.url);
})
.keypress(function (event, suggestion) {
if (event.which == 13) {
window.location = (suggestion.url);
}
});
</script>
</body>
</html>
Reference in new issue View Git Blame Copy Permalink