From 2e0d65e665ab856ddffe869b331a2a6c63269ece Mon Sep 17 00:00:00 2001 From: Cherryblue Date: Sat, 16 Dec 2023 09:08:30 +0100 Subject: [PATCH] example_configs: Update seafile.md for v11 Updating the guide for Seafile v11+, to mention the differences. --- example_configs/seafile.md | 37 ++++++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/example_configs/seafile.md b/example_configs/seafile.md index 6ea4876..53f241c 100644 --- a/example_configs/seafile.md +++ b/example_configs/seafile.md @@ -1,7 +1,38 @@ # Configuration for Seafile -Seafile's LDAP interface requires a unique, immutable user identifier in the format of `username@domain`. Since LLDAP does not provide an attribute like `userPrincipalName`, the only attribute that somewhat qualifies is therefore `mail`. However, using `mail` as the user identifier results in the issue that Seafile will treat you as an entirely new user if you change your email address through LLDAP. If this is not an issue for you, you can configure LLDAP as an authentication source in Seafile directly. A better but more elaborate way to use Seafile with LLDAP is by using Authelia as an intermediary. This document will guide you through both setups. +Seafile can be bridged to LLDAP directly, or by using Authelia as an intermediary. This document will guide you through both setups. + +## Configuring Seafile v11.0+ to use LLDAP directly +Starting Seafile v11.0 : +- CCNET module doesn't exist anymore +- More flexibility is given to authenticate in seafile : ID binding can now be different from user email, so LLDAP UID can be used. + +Add the following to your `seafile/conf/seahub_settings.py` : +``` +ENABLE_LDAP = True +LDAP_SERVER_URL = 'ldap://192.168.1.100:3890' +LDAP_BASE_DN = 'ou=people,dc=example,dc=com' +LDAP_ADMIN_DN = 'uid=admin,ou=people,dc=example,dc=com' +LDAP_ADMIN_PASSWORD = 'CHANGE_ME' +LDAP_PROVIDER = 'ldap' +LDAP_LOGIN_ATTR = 'uid' +LDAP_CONTACT_EMAIL_ATTR = 'mail' +LDAP_USER_ROLE_ATTR = '' +LDAP_USER_FIRST_NAME_ATTR = 'givenName' +LDAP_USER_LAST_NAME_ATTR = 'sn' +LDAP_USER_NAME_REVERSE = False +``` + +* Replace `192.168.1.100:3890` with your LLDAP server's ip/hostname and port. +* Replace every instance of `dc=example,dc=com` with your configured domain. + +After restarting the Seafile server, users should be able to log in with their UID and password. + +Note : There is currently no ldap binding for users' avatar. If interested, do [mention it](https://forum.seafile.com/t/feature-request-avatar-picture-from-ldap/3350/6) to the developers to give more credit to the feature. + +## Configuring Seafile (prior to v11.0) to use LLDAP directly +**Note for Seafile before v11:** Seafile's LDAP interface used to require a unique, immutable user identifier in the format of `username@domain`. This isn't true starting Seafile v11.0 and ulterior versions (see previous section Configuring Seafile v11.0+ ยง). +For Seafile instances prior to v11, since LLDAP does not provide an attribute like `userPrincipalName`, the only attribute that somewhat qualifies is therefore `mail`. However, using `mail` as the user identifier results in the issue that Seafile will treat you as an entirely new user if you change your email address through LLDAP. -## Configuring Seafile to use LLDAP directly Add the following to your `seafile/conf/ccnet.conf` file: ``` [LDAP] @@ -86,4 +117,4 @@ OAUTH_ATTRIBUTE_MAP = { } ``` -Restart both your Authelia and Seafile server. You should see a "Single Sign-On" button on Seafile's login page. Clicking it should redirect you to Authelia. If you use the [example config for Authelia](authelia_config.yml), you should be able to log in using your LLDAP User ID. \ No newline at end of file +Restart both your Authelia and Seafile server. You should see a "Single Sign-On" button on Seafile's login page. Clicking it should redirect you to Authelia. If you use the [example config for Authelia](authelia_config.yml), you should be able to log in using your LLDAP User ID.