15308555518/ seafile-admin-docs
1
0
Fork 0
mirror of https://github.com/haiwen/seafile-admin-docs.git synced 2025-12-31 09:12:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
seafile-admin-docs/deprecated/deploy_pro/ldap_group_sync/index.html
2024-10-23 15:20:00 +08:00

3818 lines
85 KiB
HTML
Raw Blame History

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="author" content="seafile">
<link rel="canonical" href="https://haiwen.github.io/seafile-admin-docs/deploy_pro/ldap_group_sync/">
<link rel="prev" href="../using_ldap_pro/">
<link rel="next" href="../ldap_role_sync/">
<link rel="icon" href="../../media/favicon.ico">
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.5.39">
<title>Importing Groups from LDAP (Pro) - Seafile Admin Manual</title>
<link rel="stylesheet" href="../../assets/stylesheets/main.8c3ca2c6.min.css">
<link rel="stylesheet" href="../../assets/stylesheets/palette.06af60db.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<link rel="stylesheet" href="../../stylesheets/extra.css">
<script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="white" data-md-color-accent="indigo">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#importing-groups-from-ldapad" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header md-header--shadow" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../.." title="Seafile Admin Manual" class="md-header__button md-logo" aria-label="Seafile Admin Manual" data-md-component="logo">
<img src="../../media/seafile-transparent-1024.png" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Seafile Admin Manual
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Importing Groups from LDAP (Pro)
</span>
</div>
</div>
</div>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://github.com/haiwen/seafile-admin-docs/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
</div>
<div class="md-source__repository">
haiwen/seafile-admin-docs
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../.." title="Seafile Admin Manual" class="md-nav__button md-logo" aria-label="Seafile Admin Manual" data-md-component="logo">
<img src="../../media/seafile-transparent-1024.png" alt="logo">
</a>
Seafile Admin Manual
</label>
<div class="md-nav__source">
<a href="https://github.com/haiwen/seafile-admin-docs/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
</div>
<div class="md-source__repository">
haiwen/seafile-admin-docs
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_1" >
<label class="md-nav__link" for="__nav_1" id="__nav_1_label" tabindex="0">
<span class="md-ellipsis">
Overview
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_1">
<span class="md-nav__icon md-icon"></span>
Overview
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../overview/components/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Components
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../overview/file_permission_management/" class="md-nav__link">
<span class="md-ellipsis">
File permission management
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../roadmap/" class="md-nav__link">
<span class="md-ellipsis">
Roadmap
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../contribution/" class="md-nav__link">
<span class="md-ellipsis">
Contribution
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/" class="md-nav__link">
<span class="md-ellipsis">
Changelog
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" >
<label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
<span class="md-ellipsis">
Seafile Community Setup on Linux
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_2">
<span class="md-nav__icon md-icon"></span>
Seafile Community Setup on Linux
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/using_mysql/" class="md-nav__link">
<span class="md-ellipsis">
Installation with MySQL
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/https_with_nginx/" class="md-nav__link">
<span class="md-ellipsis">
HTTPS with Nginx
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/https_with_apache/" class="md-nav__link">
<span class="md-ellipsis">
HTTPS with Apache
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" >
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
<span class="md-ellipsis">
Seafile Professional Setup on Linux
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
Seafile Professional Setup on Linux
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../download_and_setup_seafile_professional_server/" class="md-nav__link">
<span class="md-ellipsis">
Installation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../migrate_from_seafile_community_server/" class="md-nav__link">
<span class="md-ellipsis">
Migration from Seafile Community
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_4" >
<label class="md-nav__link" for="__nav_3_4" id="__nav_3_4_label" tabindex="0">
<span class="md-ellipsis">
Storage Backends
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_4">
<span class="md-nav__icon md-icon"></span>
Storage Backends
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../setup_with_amazon_s3/" class="md-nav__link">
<span class="md-ellipsis">
Amazon S3 Backend
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../setup_with_ceph/" class="md-nav__link">
<span class="md-ellipsis">
Ceph Backend
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../setup_with_swift/" class="md-nav__link">
<span class="md-ellipsis">
OpenStack Swift Backend
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../setup_with_oss/" class="md-nav__link">
<span class="md-ellipsis">
Alibaba OSS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../multiple_storage_backends/" class="md-nav__link">
<span class="md-ellipsis">
Multiple Storage Backends
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../migrate/" class="md-nav__link">
<span class="md-ellipsis">
Data migration
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_5" >
<label class="md-nav__link" for="__nav_3_5" id="__nav_3_5_label" tabindex="0">
<span class="md-ellipsis">
Cluster Deployment
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_5">
<span class="md-nav__icon md-icon"></span>
Cluster Deployment
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../deploy_in_a_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Deploy in a cluster
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../enable_search_and_background_tasks_in_a_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Search and background tasks in a cluster
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../memcached_mariadb_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Memcache and MariaDB Cluster
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../setup_seafile_cluster_with_nfs/" class="md-nav__link">
<span class="md-ellipsis">
Setup Seafile cluster with NFS
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../seafile_professional_sdition_software_license_agreement/" class="md-nav__link">
<span class="md-ellipsis">
License
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" >
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0">
<span class="md-ellipsis">
Seafile Setup with Docker
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Seafile Setup with Docker
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../docker/deploy_seafile_with_docker/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Community Installation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/pro-edition/deploy_seafile_pro_with_docker/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Professional Installation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/cluster/deploy_seafile_cluster_with_docker/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Docker Cluster Deployment
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/deploy_with_k8s/" class="md-nav__link">
<span class="md-ellipsis">
Setup with Kubernetes (K8s)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/pro-edition/migrate_ce_to_pro_with_docker/" class="md-nav__link">
<span class="md-ellipsis">
Migration from Seafile Community
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/non_docker_to_docker/" class="md-nav__link">
<span class="md-ellipsis">
Migrate from non-docker deployment
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/seafile_docker_autostart/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Docker autostart
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" checked>
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
<span class="md-ellipsis">
Advanced Setup Options
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
Advanced Setup Options
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_1" checked>
<label class="md-nav__link" for="__nav_5_1" id="__nav_5_1_label" tabindex="0">
<span class="md-ellipsis">
LDAP/AD Integration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_1_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_5_1">
<span class="md-nav__icon md-icon"></span>
LDAP/AD Integration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy/using_ldap/" class="md-nav__link">
<span class="md-ellipsis">
LDAP Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../using_ldap_pro/" class="md-nav__link">
<span class="md-ellipsis">
LDAP Configuration for Seafile Pro
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
Importing Groups from LDAP (Pro)
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
Importing Groups from LDAP (Pro)
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#how-it-works" class="md-nav__link">
<span class="md-ellipsis">
How It Works
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#prerequisite" class="md-nav__link">
<span class="md-ellipsis">
Prerequisite
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#syncing-groups" class="md-nav__link">
<span class="md-ellipsis">
Syncing Groups
</span>
</a>
<nav class="md-nav" aria-label="Syncing Groups">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#configuration" class="md-nav__link">
<span class="md-ellipsis">
Configuration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example-configurations" class="md-nav__link">
<span class="md-ellipsis">
Example Configurations
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#sync-ou-as-departments" class="md-nav__link">
<span class="md-ellipsis">
Sync OU as Departments
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#periodical-and-manual-sync" class="md-nav__link">
<span class="md-ellipsis">
Periodical and Manual Sync
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../ldap_role_sync/" class="md-nav__link">
<span class="md-ellipsis">
Importing Roles from LDAP (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/ldap_in_11.0/" class="md-nav__link">
<span class="md-ellipsis">
LDAP in version 11.0
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../ldap_in_11.0/" class="md-nav__link">
<span class="md-ellipsis">
LDAP in version 11.0 (Pro)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_2" >
<label class="md-nav__link" for="__nav_5_2" id="__nav_5_2_label" tabindex="0">
<span class="md-ellipsis">
Single Sign On
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_2">
<span class="md-nav__icon md-icon"></span>
Single Sign On
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy/single_sign_on/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/oauth/" class="md-nav__link">
<span class="md-ellipsis">
OAuth Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/remote_user/" class="md-nav__link">
<span class="md-ellipsis">
Remote User Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/shibboleth_authentication/" class="md-nav__link">
<span class="md-ellipsis">
Shibboleth Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/auto_login_seadrive/" class="md-nav__link">
<span class="md-ellipsis">
Auto Login to SeaDrive on Windows
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../saml2_in_10.0/" class="md-nav__link">
<span class="md-ellipsis">
SAML 2.0 in version 10.0+ (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../adfs/" class="md-nav__link">
<span class="md-ellipsis">
SAML 2.0 (old) (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../cas/" class="md-nav__link">
<span class="md-ellipsis">
CAS Authentication (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/auth_switch/" class="md-nav__link">
<span class="md-ellipsis">
Switch authentication
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_3" >
<label class="md-nav__link" for="__nav_5_3" id="__nav_5_3_label" tabindex="0">
<span class="md-ellipsis">
Online Office
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_3">
<span class="md-nav__icon md-icon"></span>
Online Office
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy/libreoffice_online/" class="md-nav__link">
<span class="md-ellipsis">
LibreOffice Online Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/only_office/" class="md-nav__link">
<span class="md-ellipsis">
OnlyOffice Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../office_web_app/" class="md-nav__link">
<span class="md-ellipsis">
Office Online Server Integration (Pro)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../extra_setup/setup_seadoc/" class="md-nav__link">
<span class="md-ellipsis">
SeaDoc Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/notification-server/" class="md-nav__link">
<span class="md-ellipsis">
Notification Server
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../extension/webdav/" class="md-nav__link">
<span class="md-ellipsis">
WebDAV extension
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../extension/fuse/" class="md-nav__link">
<span class="md-ellipsis">
FUSE extension
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_8" >
<label class="md-nav__link" for="__nav_5_8" id="__nav_5_8_label" tabindex="0">
<span class="md-ellipsis">
Virus Scan (Pro)
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_8">
<span class="md-nav__icon md-icon"></span>
Virus Scan (Pro)
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../virus_scan/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../deploy_clamav_with_seafile/" class="md-nav__link">
<span class="md-ellipsis">
Deploy ClamAV with Seafile
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../virus_scan_with_kav4fs/" class="md-nav__link">
<span class="md-ellipsis">
Virus Scan With Kav4fs
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_9" >
<label class="md-nav__link" for="__nav_5_9" id="__nav_5_9_label" tabindex="0">
<span class="md-ellipsis">
Advanced User Management (Pro)
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_9">
<span class="md-nav__icon md-icon"></span>
Advanced User Management (Pro)
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../multi_institutions/" class="md-nav__link">
<span class="md-ellipsis">
Multi-Institutions Support
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../roles_permissions/" class="md-nav__link">
<span class="md-ellipsis">
Roles and Permissions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../admin_roles_permissions/" class="md-nav__link">
<span class="md-ellipsis">
Administrator Roles and Permissions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../multi_tenancy/" class="md-nav__link">
<span class="md-ellipsis">
Multi-Tenancy Support
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../details_about_file_search/" class="md-nav__link">
<span class="md-ellipsis">
Advanced File Search configuration (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/migrate_from_sqlite_to_mysql/" class="md-nav__link">
<span class="md-ellipsis">
Migrate From SQLite to MySQL
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_12" >
<label class="md-nav__link" for="__nav_5_12" id="__nav_5_12_label" tabindex="0">
<span class="md-ellipsis">
Others Deployment Notes
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_12_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_12">
<span class="md-nav__icon md-icon"></span>
Others Deployment Notes
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy/start_seafile_at_system_bootup/" class="md-nav__link">
<span class="md-ellipsis">
Start Seafile at System Bootup
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/using_logrotate/" class="md-nav__link">
<span class="md-ellipsis">
Logrotate
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/ocm/" class="md-nav__link">
<span class="md-ellipsis">
Open Cloud Mesh
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/deploy_seafile_behind_nat/" class="md-nav__link">
<span class="md-ellipsis">
Deploy Seafile behind NAT
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/deploy_seahub_at_non-root_domain/" class="md-nav__link">
<span class="md-ellipsis">
Deploy Seahub at Non-root domain or on custom port
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/fail2ban/" class="md-nav__link">
<span class="md-ellipsis">
Config fail2ban
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../real_time_backup/" class="md-nav__link">
<span class="md-ellipsis">
Real-time Backup Server
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6" >
<label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
<span class="md-ellipsis">
Configuration and Customization
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6">
<span class="md-nav__icon md-icon"></span>
Configuration and Customization
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../config/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/ccnet-conf/" class="md-nav__link">
<span class="md-ellipsis">
ccnet.conf
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seafile-conf/" class="md-nav__link">
<span class="md-ellipsis">
seafile.conf
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seahub_settings_py/" class="md-nav__link">
<span class="md-ellipsis">
seahub_settings.py
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seafevents-conf/" class="md-nav__link">
<span class="md-ellipsis">
seafevents.conf
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seahub_customization/" class="md-nav__link">
<span class="md-ellipsis">
Seahub customization
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/sending_email/" class="md-nav__link">
<span class="md-ellipsis">
Email Sending
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_7" >
<label class="md-nav__link" for="__nav_7" id="__nav_7_label" tabindex="0">
<span class="md-ellipsis">
Administration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_7">
<span class="md-nav__icon md-icon"></span>
Administration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../maintain/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/account/" class="md-nav__link">
<span class="md-ellipsis">
Account management
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/two_factor_authentication/" class="md-nav__link">
<span class="md-ellipsis">
Two-factor Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/security_features/" class="md-nav__link">
<span class="md-ellipsis">
Security features
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/auditing/" class="md-nav__link">
<span class="md-ellipsis">
Access logs and auditing
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/export_report/" class="md-nav__link">
<span class="md-ellipsis">
Export report
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/logs/" class="md-nav__link">
<span class="md-ellipsis">
Logs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/backup_recovery/" class="md-nav__link">
<span class="md-ellipsis">
Backup and Recovery
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/seafile_fsck/" class="md-nav__link">
<span class="md-ellipsis">
Seafile FSCK
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/seafile_gc/" class="md-nav__link">
<span class="md-ellipsis">
Seafile GC
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/clean_database/" class="md-nav__link">
<span class="md-ellipsis">
Clean database
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../seaf_import/" class="md-nav__link">
<span class="md-ellipsis">
Import Directory To Seafile (Pro)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_8" >
<label class="md-nav__link" for="__nav_8" id="__nav_8_label" tabindex="0">
<span class="md-ellipsis">
Upgrade Seafile Server
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_8">
<span class="md-nav__icon md-icon"></span>
Upgrade Seafile Server
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../upgrade/upgrade/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_docker/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade Seafile Docker
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_a_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade Seafile Cluster
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_a_cluster_docker/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade Seafile Cluster (Docker)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_7.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 7.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_7.1.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 7.1.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_8.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 8.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_9.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 9.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_10.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 10.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_11.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 11.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_12.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 12.0.x (In progress)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_9" >
<label class="md-nav__link" for="__nav_9" id="__nav_9_label" tabindex="0">
<span class="md-ellipsis">
Developing
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_9">
<span class="md-nav__icon md-icon"></span>
Developing
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../develop/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_9_2" >
<label class="md-nav__link" for="__nav_9_2" id="__nav_9_2_label" tabindex="0">
<span class="md-ellipsis">
How to Build Seafile
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_9_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_9_2">
<span class="md-nav__icon md-icon"></span>
How to Build Seafile
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../build_seafile/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/linux/" class="md-nav__link">
<span class="md-ellipsis">
Linux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/osx/" class="md-nav__link">
<span class="md-ellipsis">
macOS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/windows/" class="md-nav__link">
<span class="md-ellipsis">
Windows
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/server/" class="md-nav__link">
<span class="md-ellipsis">
Server development
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/rpi/" class="md-nav__link">
<span class="md-ellipsis">
Server binary package
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../develop/translation/" class="md-nav__link">
<span class="md-ellipsis">
Translation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../develop/web_api_v2.1/" class="md-nav__link">
<span class="md-ellipsis">
Web API V2.1
</span>
</a>
</li>
<li class="md-nav__item">
<a href="https://github.com/rene-s/Seafile-PHP-SDK" class="md-nav__link">
<span class="md-ellipsis">
PHP API
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../develop/data_model/" class="md-nav__link">
<span class="md-ellipsis">
Data Model
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_10" >
<label class="md-nav__link" for="__nav_10" id="__nav_10_label" tabindex="0">
<span class="md-ellipsis">
ChangeLog
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_10_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_10">
<span class="md-nav__icon md-icon"></span>
ChangeLog
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../changelog/server-changelog/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Community Edition
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/changelog-for-seafile-professional-server/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Professional Edition
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/client-changelog/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Client
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/drive-client-changelog/" class="md-nav__link">
<span class="md-ellipsis">
Drive Client
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#how-it-works" class="md-nav__link">
<span class="md-ellipsis">
How It Works
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#prerequisite" class="md-nav__link">
<span class="md-ellipsis">
Prerequisite
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#syncing-groups" class="md-nav__link">
<span class="md-ellipsis">
Syncing Groups
</span>
</a>
<nav class="md-nav" aria-label="Syncing Groups">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#configuration" class="md-nav__link">
<span class="md-ellipsis">
Configuration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example-configurations" class="md-nav__link">
<span class="md-ellipsis">
Example Configurations
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#sync-ou-as-departments" class="md-nav__link">
<span class="md-ellipsis">
Sync OU as Departments
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#periodical-and-manual-sync" class="md-nav__link">
<span class="md-ellipsis">
Periodical and Manual Sync
</span>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1 id="importing-groups-from-ldapad">Importing Groups from LDAP/AD<a class="headerlink" href="#importing-groups-from-ldapad" title="Permanent link">&para;</a></h1>
<p>Since version 4.1.0, the Pro Edition supports importing (syncing) groups from LDAP or Active Directory.</p>
<p>For version 11.0, please follow the new document <a href="../ldap_in_11.0/#setting-up-ldap-group-sync-optional">LDAP in version 11.0</a>.</p>
<h2 id="how-it-works">How It Works<a class="headerlink" href="#how-it-works" title="Permanent link">&para;</a></h2>
<p>The importing or syncing process maps groups from LDAP directory server to groups in Seafile's internal database. This process is one-way.</p>
<ul>
<li>Any changes to groups in the database won't propagate back to LDAP;</li>
<li>Any changes to groups in the database, except for "setting a member as group admin", will be overwritten in the next LDAP sync operation. If you want to add or delete members, you can only do that on LDAP server.</li>
<li>The creator of imported groups will be set to the system admin.</li>
</ul>
<p>There are two modes of operation:</p>
<ul>
<li>Periodical: the syncing process will be executed in a fixed interval</li>
<li>Manual: there is a script you can run to trigger the syncing once</li>
</ul>
<h2 id="prerequisite">Prerequisite<a class="headerlink" href="#prerequisite" title="Permanent link">&para;</a></h2>
<p>You have to install python-ldap library in your system.</p>
<p>For Debian or Ubuntu</p>
<div class="codehilite"><pre><span></span><code>sudo apt-get install python-ldap
</code></pre></div>
<p>For CentOS or RedHat</p>
<div class="codehilite"><pre><span></span><code>sudo yum install python-ldap
</code></pre></div>
<h2 id="syncing-groups">Syncing Groups<a class="headerlink" href="#syncing-groups" title="Permanent link">&para;</a></h2>
<h3 id="configuration">Configuration<a class="headerlink" href="#configuration" title="Permanent link">&para;</a></h3>
<p>Before enabling LDAP group sync, you should have configured LDAP authentication. See <a href="../using_ldap_pro/">Configure Seafile to use LDAP</a> for details.</p>
<p>The following are LDAP group sync related options. They're in the "[ldap_sync]" section of <a href="../../config/ccnet-conf/">ccnet.conf</a>.</p>
<p>Below are summary of options for syncing groups:</p>
<ul>
<li><strong>ENABLE_GROUP_SYNC</strong>: set to "true" if you want to enable ldap group syncing</li>
<li><strong>GROUP_OBJECT_CLASS</strong>: This is the name of the class used to search for group objects. In Active Directory, it's usually "group"; in OpenLDAP or others, you may use "groupOfNames","groupOfUniqueNames" or "posixGroup", depends on your LDAP server. The default value is "group".</li>
<li><strong>SYNC_INTERVAL</strong>: The interval to sync. Unit is minutes. You can set it to 60, which means that data is synchronized from the LDAP/AD server every 60 minutes.</li>
<li><strong>GROUP_FILTER</strong>: An additional filter to use when searching group objects. If it's set, the final filter used to run search is "(&amp;(objectClass=GROUP_OBJECT_CLASS)(GROUP_FILTER))"; otherwise the final filter would be "(objectClass=GROUP_OBJECT_CLASS)".</li>
<li><strong>GROUP_MEMBER_ATTR</strong>: The attribute field to use when loading the group's members. For most directory servers, the attributes is "member", which is the default value.For "posixGroup", it should be set to "memberUid".</li>
<li><strong>USER_ATTR_IN_MEMBERUID</strong>: The user attribute set in 'memberUid' option, which is used in "posixGroup".The default value is "uid".</li>
<li><strong>DEL_GROUP_IF_NOT_FOUND</strong>: set to "true", will deleted the groups if not found it in LDAP/AD server; need Seafile-pro-6.3.0 and above version</li>
<li><strong>SYNC_GROUP_AS_DEPARTMENT</strong>: In 6.3.8 version, a new option SYNC_GROUP_AS_DEPARTMENT is added. If this option is set to "true", the groups will be synced as top-level departments in Seafile, instead of simple groups. Learn more about departments in Seafile <a href="https://help.seafile.com/sharing_collaboration/departments/">here</a>.</li>
<li><strong>CREATE_DEPARTMENT_LIBRARY</strong>: If you decide to sync the group as a department, you can set this option to "true". In this way, when the group is synchronized for the first time, a library is automatically created for the department, and the library's name is the department's name.</li>
<li><strong>DEFAULT_DEPARTMENT_QUOTA</strong>: If you decide to sync the group as a department, you can set a default space quota for each department when you synchronize a group for the first time. The quota is set to unlimited if this option is not set. Unit is MB.</li>
<li><strong>DEPT_NAME_ATTR</strong>: Get the department name. You can set this configuration item to an AD field that represents the "department" name, such as "description". The name of the department created by Seafile will be the department name set in the AD field instead of the OU name. Requires Seafile-pro-7.0.11 and above.</li>
<li><strong>DEPT_REPO_PERM</strong>: Set the permissions of the department repo. The default permission is 'rw'. Set permissions for the department repo created during AD synchronization. Requires Seafile-pro-7.0.11 and above.</li>
<li><strong>USE_GROUP_MEMBER_RANGE_QUERY</strong>: When a group contains too many members, AD will only return part of them. Set this option to TRUE to make LDAP sync work with large groups.</li>
<li><strong>GROUP_UUID_ATTR</strong>: Since Seafile pro 8.0, UUID is used to identify groups in LDAP/AD servers. Before that, group DN is used. So when a group changes name, the old group will be deleted and a new group will be created. This is not a desirable behavior. With the new mechanism, the rename can be detected and the groups in Seafile remains intact. The default attribute is "ObjectGUID", which is available in AD. For other LDAP servers, please refer to https://ldapwiki.com/wiki/Universally%20Unique%20Identifier .</li>
</ul>
<p>The search base for groups is the "BASE_DN" set in "[ldap]" section of ccnet.conf.</p>
<p>Some LDAP server, such as Active Directory, allows a group to be a member of another group. This is called "group nesting". If we find a nested group B in group A, we should recursively add all the members from group B into group A. And group B should still be imported a separate group. That is, all members of group B are also members in group A.</p>
<p>In some LDAP server, such as OpenLDAP, it's common practice to use Posix groups to store group membership. To import Posix groups as Seafile groups, set GROUP_OBJECT_CLASS option to posixGroup . A posixGroup object in LDAP usually contains a multi-value attribute for the list of member UIDs. The name of this attribute can be set with the GROUP_MEMBER_ATTR option. It's MemberUid by default. The value of the MemberUid attribute is an ID that can be used to identify a user, which corresponds to an attribute in the user object. The name of this ID attribute is usually uid , but can be set via the USER_ATTR_IN_MEMBERUID option. Note that posixGroup doesn't support nested groups.</p>
<h3 id="example-configurations">Example Configurations<a class="headerlink" href="#example-configurations" title="Permanent link">&para;</a></h3>
<p>Here is an example configuration for syncing nested groups in Active Directory:</p>
<div class="codehilite"><pre><span></span><code><span class="k">[LDAP]</span>
<span class="na">HOST</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">ldap://192.168.1.123/</span>
<span class="na">BASE</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">cn=users,dc=example,dc=com</span>
<span class="na">USER_DN</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">administrator@example.local</span>
<span class="na">PASSWORD</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">secret</span>
<span class="na">LOGIN_ATTR</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">mail</span>
<span class="k">[LDAP_SYNC]</span>
<span class="na">ENABLE_GROUP_SYNC</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span>
<span class="na">SYNC_INTERVAL</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">60</span>
</code></pre></div>
<p>For AD, you usually don't need to configure other options except for "ENABLE_GROUP_SYNC". That's because the default values for other options are the usual values for AD. If you have special settings in your LDAP server, just set the corresponding options.</p>
<p>Here is an example configuration for syncing nested groups (but not PosixGroups) in OpenLDAP:</p>
<div class="codehilite"><pre><span></span><code><span class="k">[LDAP]</span>
<span class="na">HOST</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">ldap://192.168.1.123/</span>
<span class="na">BASE</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">ou=users,dc=example,dc=com</span>
<span class="na">USER_DN</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">cn=admin,dc=example,dc=com</span>
<span class="na">PASSWORD</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">secret</span>
<span class="na">LOGIN_ATTR</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">mail</span>
<span class="k">[LDAP_SYNC]</span>
<span class="na">ENABLE_GROUP_SYNC</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span>
<span class="na">SYNC_INTERVAL</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">60</span>
<span class="na">GROUP_OBJECT_CLASS</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">groupOfNames</span>
</code></pre></div>
<h2 id="sync-ou-as-departments">Sync OU as Departments<a class="headerlink" href="#sync-ou-as-departments" title="Permanent link">&para;</a></h2>
<p>A department in Seafile is a special group. In addition to what you can do with a group, there are two key new features for departments:</p>
<ul>
<li>Department supports hierarchy. A department can have any levels of sub-departments.</li>
<li>Department can have storage quota.</li>
</ul>
<p>Seafile supports syncing OU (Organizational Units) from AD/LDAP to departments. The sync process keeps the hierarchical structure of the OUs.</p>
<p>Options for syncing departments from OU:</p>
<ul>
<li><strong>SYNC_DEPARTMENT_FROM_OU</strong>: set to "true" to enable syncing departments from OU.</li>
<li><strong>SYNC_INTERVAL</strong>: The interval to sync. Unit is minutes. You can set it to 60, which means that data is synchronized from the LDAP/AD server every 60 minutes.</li>
<li><strong>DEL_DEPARTMENT_IF_NOT_FOUND</strong>: If set to "true", sync process will delete a department if the corresponding OU is not found in AD/LDAP server.</li>
<li><strong>CREATE_DEPARTMENT_LIBRARY</strong>: set to "true", if you want to automatically create a department library with the OU name.</li>
<li><strong>DEFAULT_DEPARTMENT_QUOTA</strong>: default quota for the imported departments in MB. The quota is set to unlimited if this option is not set.</li>
<li><strong>DEPT_NAME_ATTR</strong>: Get the department name. You can set this configuration item to an AD field that represents the "department" name, such as "description". The name of the department created by Seafile will be the department name set in the AD field instead of the OU name. Requires Seafile-pro-7.0.11 and above.</li>
<li><strong>DEPT_REPO_PERM</strong>: Set the permissions of the department repo. The default permission is 'rw'. Set permissions for the department repo created during AD synchronization. Requires Seafile-pro-7.0.11 and above.</li>
<li><strong>GROUP_UUID_ATTR</strong>: Since Seafile pro 8.0, UUID is used to identify groups in LDAP/AD servers. Before that, OU DN is used. So when an OU changes name, the old group will be deleted and a new group will be created. This is not a desirable behavior. With the new mechanism, the rename can be detected and the groups in Seafile remains intact. The default attribute is "ObjectGUID", which is available in AD. For other LDAP servers, please refer to https://ldapwiki.com/wiki/Universally%20Unique%20Identifier .</li>
</ul>
<p><strong>NOTE</strong>: Before 6.3.8, an old configuration syntax is used for syncing OU as departments. That syntax is no long supported. The old syntax cannot support syncing both groups and OU from AD/LDAP at the same time. However this is necessary for many situations. With the new syntax, you can sync both.</p>
<h2 id="periodical-and-manual-sync">Periodical and Manual Sync<a class="headerlink" href="#periodical-and-manual-sync" title="Permanent link">&para;</a></h2>
<p>Periodical sync won't happen immediately after you restart seafile server. It gets scheduled after the first sync interval. For example if you set sync interval to 30 minutes, the first auto sync will happen after 30 minutes you restarts. To sync immediately, you need to manually trigger it.</p>
<p>After the sync is run, you should see log messages like the following in logs/seafevents.log. And you should be able to see the groups in system admin page.</p>
<div class="codehilite"><pre><span></span><code><span class="o">[</span><span class="n">2015-03-30 18:15:05,109</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">DEBUG</span><span class="o">]</span><span class="w"> </span><span class="k">create</span><span class="w"> </span><span class="k">group</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="k">add</span><span class="w"> </span><span class="n">dn</span><span class="w"> </span><span class="n">pair</span><span class="w"> </span><span class="n">CN</span><span class="o">=</span><span class="n">DnsUpdateProxy</span><span class="p">,</span><span class="n">CN</span><span class="o">=</span><span class="n">Users</span><span class="p">,</span><span class="n">DC</span><span class="o">=</span><span class="n">Seafile</span><span class="p">,</span><span class="n">DC</span><span class="o">=</span><span class="k">local</span><span class="o">&lt;-&gt;</span><span class="mi">1</span><span class="w"> </span><span class="n">success</span><span class="p">.</span>
<span class="o">[</span><span class="n">2015-03-30 18:15:05,145</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">DEBUG</span><span class="o">]</span><span class="w"> </span><span class="k">create</span><span class="w"> </span><span class="k">group</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="k">add</span><span class="w"> </span><span class="n">dn</span><span class="w"> </span><span class="n">pair</span><span class="w"> </span><span class="n">CN</span><span class="o">=</span><span class="k">Domain</span><span class="w"> </span><span class="n">Computers</span><span class="p">,</span><span class="n">CN</span><span class="o">=</span><span class="n">Users</span><span class="p">,</span><span class="n">DC</span><span class="o">=</span><span class="n">Seafile</span><span class="p">,</span><span class="n">DC</span><span class="o">=</span><span class="k">local</span><span class="o">&lt;-&gt;</span><span class="mi">2</span><span class="w"> </span><span class="n">success</span><span class="p">.</span>
<span class="o">[</span><span class="n">2015-03-30 18:15:05,154</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">DEBUG</span><span class="o">]</span><span class="w"> </span><span class="k">create</span><span class="w"> </span><span class="k">group</span><span class="w"> </span><span class="mi">3</span><span class="p">,</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="k">add</span><span class="w"> </span><span class="n">dn</span><span class="w"> </span><span class="n">pair</span><span class="w"> </span><span class="n">CN</span><span class="o">=</span><span class="k">Domain</span><span class="w"> </span><span class="n">Users</span><span class="p">,</span><span class="n">CN</span><span class="o">=</span><span class="n">Users</span><span class="p">,</span><span class="n">DC</span><span class="o">=</span><span class="n">Seafile</span><span class="p">,</span><span class="n">DC</span><span class="o">=</span><span class="k">local</span><span class="o">&lt;-&gt;</span><span class="mi">3</span><span class="w"> </span><span class="n">success</span><span class="p">.</span>
<span class="o">[</span><span class="n">2015-03-30 18:15:05,164</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">DEBUG</span><span class="o">]</span><span class="w"> </span><span class="k">create</span><span class="w"> </span><span class="k">group</span><span class="w"> </span><span class="mi">4</span><span class="p">,</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="k">add</span><span class="w"> </span><span class="n">dn</span><span class="w"> </span><span class="n">pair</span><span class="w"> </span><span class="n">CN</span><span class="o">=</span><span class="k">Domain</span><span class="w"> </span><span class="n">Admins</span><span class="p">,</span><span class="n">CN</span><span class="o">=</span><span class="n">Users</span><span class="p">,</span><span class="n">DC</span><span class="o">=</span><span class="n">Seafile</span><span class="p">,</span><span class="n">DC</span><span class="o">=</span><span class="k">local</span><span class="o">&lt;-&gt;</span><span class="mi">4</span><span class="w"> </span><span class="n">success</span><span class="p">.</span>
<span class="o">[</span><span class="n">2015-03-30 18:15:05,176</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">DEBUG</span><span class="o">]</span><span class="w"> </span><span class="k">create</span><span class="w"> </span><span class="k">group</span><span class="w"> </span><span class="mi">5</span><span class="p">,</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="k">add</span><span class="w"> </span><span class="n">dn</span><span class="w"> </span><span class="n">pair</span><span class="w"> </span><span class="n">CN</span><span class="o">=</span><span class="n">RAS</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">IAS</span><span class="w"> </span><span class="n">Servers</span><span class="p">,</span><span class="n">CN</span><span class="o">=</span><span class="n">Users</span><span class="p">,</span><span class="n">DC</span><span class="o">=</span><span class="n">Seafile</span><span class="p">,</span><span class="n">DC</span><span class="o">=</span><span class="k">local</span><span class="o">&lt;-&gt;</span><span class="mi">5</span><span class="w"> </span><span class="n">success</span><span class="p">.</span>
<span class="o">[</span><span class="n">2015-03-30 18:15:05,186</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">DEBUG</span><span class="o">]</span><span class="w"> </span><span class="k">create</span><span class="w"> </span><span class="k">group</span><span class="w"> </span><span class="mi">6</span><span class="p">,</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="k">add</span><span class="w"> </span><span class="n">dn</span><span class="w"> </span><span class="n">pair</span><span class="w"> </span><span class="n">CN</span><span class="o">=</span><span class="n">Enterprise</span><span class="w"> </span><span class="n">Admins</span><span class="p">,</span><span class="n">CN</span><span class="o">=</span><span class="n">Users</span><span class="p">,</span><span class="n">DC</span><span class="o">=</span><span class="n">Seafile</span><span class="p">,</span><span class="n">DC</span><span class="o">=</span><span class="k">local</span><span class="o">&lt;-&gt;</span><span class="mi">6</span><span class="w"> </span><span class="n">success</span><span class="p">.</span>
<span class="o">[</span><span class="n">2015-03-30 18:15:05,197</span><span class="o">]</span><span class="w"> </span><span class="o">[</span><span class="n">DEBUG</span><span class="o">]</span><span class="w"> </span><span class="k">create</span><span class="w"> </span><span class="k">group</span><span class="w"> </span><span class="mi">7</span><span class="p">,</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="k">add</span><span class="w"> </span><span class="n">dn</span><span class="w"> </span><span class="n">pair</span><span class="w"> </span><span class="n">CN</span><span class="o">=</span><span class="n">dev</span><span class="p">,</span><span class="n">CN</span><span class="o">=</span><span class="n">Users</span><span class="p">,</span><span class="n">DC</span><span class="o">=</span><span class="n">Seafile</span><span class="p">,</span><span class="n">DC</span><span class="o">=</span><span class="k">local</span><span class="o">&lt;-&gt;</span><span class="mi">7</span><span class="w"> </span><span class="n">success</span><span class="p">.</span>
</code></pre></div>
<p>To trigger LDAP sync manually,</p>
<div class="codehilite"><pre><span></span><code><span class="nb">cd</span><span class="w"> </span>seafile-server-latest
./pro/pro.py<span class="w"> </span>ldapsync
</code></pre></div>
<p>For Seafile Docker</p>
<div class="codehilite"><pre><span></span><code>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>-it<span class="w"> </span>seafile<span class="w"> </span>/opt/seafile/seafile-server-latest/pro/pro.py<span class="w"> </span>ldapsync
</code></pre></div>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
<div class="md-copyright__highlight">
Copyright &copy; 2023 Seafile Ltd.
</div>
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
<div class="md-social">
<a href="https://github.com/haiwen/seafile-admin-docs/" target="_blank" rel="noopener" title="github.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8M97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg>
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../..", "features": [], "search": "../../assets/javascripts/workers/search.6ce7567c.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../../assets/javascripts/bundle.525ec568.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink