15308555518/ seafile-admin-docs
1
0
Fork 0
mirror of https://github.com/haiwen/seafile-admin-docs.git synced 2025-12-29 14:02:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
seafile-admin-docs/deploy_pro/using_ldap_pro/index.html

4201 lines
97 KiB
HTML
Raw Blame History

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="author" content="seafile">
<link rel="canonical" href="https://haiwen.github.io/seafile-admin-docs/deploy_pro/using_ldap_pro/">
<link rel="prev" href="../../deploy/using_ldap/">
<link rel="next" href="../ldap_group_sync/">
<link rel="icon" href="../../media/favicon.ico">
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.5.39">
<title>LDAP Configuration for Seafile Pro - Seafile Admin Manual</title>
<link rel="stylesheet" href="../../assets/stylesheets/main.8c3ca2c6.min.css">
<link rel="stylesheet" href="../../assets/stylesheets/palette.06af60db.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<link rel="stylesheet" href="../../stylesheets/extra.css">
<script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="white" data-md-color-accent="indigo">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#configure-seafile-pro-edition-to-use-ldap" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header md-header--shadow" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../.." title="Seafile Admin Manual" class="md-header__button md-logo" aria-label="Seafile Admin Manual" data-md-component="logo">
<img src="../../media/seafile-transparent-1024.png" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Seafile Admin Manual
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
LDAP Configuration for Seafile Pro
</span>
</div>
</div>
</div>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://github.com/haiwen/seafile-admin-docs/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
</div>
<div class="md-source__repository">
haiwen/seafile-admin-docs
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../.." title="Seafile Admin Manual" class="md-nav__button md-logo" aria-label="Seafile Admin Manual" data-md-component="logo">
<img src="../../media/seafile-transparent-1024.png" alt="logo">
</a>
Seafile Admin Manual
</label>
<div class="md-nav__source">
<a href="https://github.com/haiwen/seafile-admin-docs/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
</div>
<div class="md-source__repository">
haiwen/seafile-admin-docs
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_1" >
<label class="md-nav__link" for="__nav_1" id="__nav_1_label" tabindex="0">
<span class="md-ellipsis">
Overview
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_1">
<span class="md-nav__icon md-icon"></span>
Overview
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../overview/components/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Components
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../overview/file_permission_management/" class="md-nav__link">
<span class="md-ellipsis">
File permission management
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../roadmap/" class="md-nav__link">
<span class="md-ellipsis">
Roadmap
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../contribution/" class="md-nav__link">
<span class="md-ellipsis">
Contribution
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/" class="md-nav__link">
<span class="md-ellipsis">
Changelog
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" >
<label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
<span class="md-ellipsis">
Seafile Community Setup on Linux
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_2">
<span class="md-nav__icon md-icon"></span>
Seafile Community Setup on Linux
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/using_mysql/" class="md-nav__link">
<span class="md-ellipsis">
Installation with MySQL
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/https_with_nginx/" class="md-nav__link">
<span class="md-ellipsis">
HTTPS with Nginx
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/https_with_apache/" class="md-nav__link">
<span class="md-ellipsis">
HTTPS with Apache
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" >
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
<span class="md-ellipsis">
Seafile Professional Setup on Linux
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
Seafile Professional Setup on Linux
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../download_and_setup_seafile_professional_server/" class="md-nav__link">
<span class="md-ellipsis">
Installation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../migrate_from_seafile_community_server/" class="md-nav__link">
<span class="md-ellipsis">
Migration from Seafile Community
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_4" >
<label class="md-nav__link" for="__nav_3_4" id="__nav_3_4_label" tabindex="0">
<span class="md-ellipsis">
Storage Backends
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_4">
<span class="md-nav__icon md-icon"></span>
Storage Backends
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../setup_with_amazon_s3/" class="md-nav__link">
<span class="md-ellipsis">
Amazon S3 Backend
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../setup_with_ceph/" class="md-nav__link">
<span class="md-ellipsis">
Ceph Backend
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../setup_with_swift/" class="md-nav__link">
<span class="md-ellipsis">
OpenStack Swift Backend
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../setup_with_oss/" class="md-nav__link">
<span class="md-ellipsis">
Alibaba OSS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../multiple_storage_backends/" class="md-nav__link">
<span class="md-ellipsis">
Multiple Storage Backends
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../migrate/" class="md-nav__link">
<span class="md-ellipsis">
Data migration
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_5" >
<label class="md-nav__link" for="__nav_3_5" id="__nav_3_5_label" tabindex="0">
<span class="md-ellipsis">
Cluster Deployment
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3_5">
<span class="md-nav__icon md-icon"></span>
Cluster Deployment
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../deploy_in_a_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Deploy in a cluster
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../enable_search_and_background_tasks_in_a_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Search and background tasks in a cluster
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../memcached_mariadb_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Memcache and MariaDB Cluster
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../setup_seafile_cluster_with_nfs/" class="md-nav__link">
<span class="md-ellipsis">
Setup Seafile cluster with NFS
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../seafile_professional_sdition_software_license_agreement/" class="md-nav__link">
<span class="md-ellipsis">
License
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" >
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0">
<span class="md-ellipsis">
Seafile Setup with Docker
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Seafile Setup with Docker
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../docker/deploy_seafile_with_docker/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Community Installation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/pro-edition/deploy_seafile_pro_with_docker/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Professional Installation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/cluster/deploy_seafile_cluster_with_docker/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Docker Cluster Deployment
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/deploy_with_k8s/" class="md-nav__link">
<span class="md-ellipsis">
Setup with Kubernetes (K8s)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/pro-edition/migrate_ce_to_pro_with_docker/" class="md-nav__link">
<span class="md-ellipsis">
Migration from Seafile Community
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/non_docker_to_docker/" class="md-nav__link">
<span class="md-ellipsis">
Migrate from non-docker deployment
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../docker/seafile_docker_autostart/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Docker autostart
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" checked>
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
<span class="md-ellipsis">
Advanced Setup Options
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
Advanced Setup Options
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_1" checked>
<label class="md-nav__link" for="__nav_5_1" id="__nav_5_1_label" tabindex="0">
<span class="md-ellipsis">
LDAP/AD Integration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_1_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_5_1">
<span class="md-nav__icon md-icon"></span>
LDAP/AD Integration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy/using_ldap/" class="md-nav__link">
<span class="md-ellipsis">
LDAP Integration
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
LDAP Configuration for Seafile Pro
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
LDAP Configuration for Seafile Pro
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#how-does-ldap-user-management-works-with-seafile" class="md-nav__link">
<span class="md-ellipsis">
How does LDAP User Management works with Seafile
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#basic-ldapad-integration" class="md-nav__link">
<span class="md-ellipsis">
Basic LDAP/AD Integration
</span>
</a>
<nav class="md-nav" aria-label="Basic LDAP/AD Integration">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#connecting-to-active-directory" class="md-nav__link">
<span class="md-ellipsis">
Connecting to Active Directory
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#connecting-to-other-ldap-servers" class="md-nav__link">
<span class="md-ellipsis">
Connecting to other LDAP servers
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#testing-your-ldap-configuration" class="md-nav__link">
<span class="md-ellipsis">
Testing your LDAP Configuration
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#setting-up-ldapad-user-sync-optional" class="md-nav__link">
<span class="md-ellipsis">
Setting Up LDAP/AD User Sync (optional)
</span>
</a>
<nav class="md-nav" aria-label="Setting Up LDAP/AD User Sync (optional)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#active-directory" class="md-nav__link">
<span class="md-ellipsis">
Active Directory
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#other-ldap-servers" class="md-nav__link">
<span class="md-ellipsis">
Other LDAP servers
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#importing-users-without-activating-them" class="md-nav__link">
<span class="md-ellipsis">
Importing Users without Activating Them
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#reactivating-users" class="md-nav__link">
<span class="md-ellipsis">
Reactivating Users
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#manually-trigger-synchronization" class="md-nav__link">
<span class="md-ellipsis">
Manually Trigger Synchronization
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#advanced-ldapad-integration-options" class="md-nav__link">
<span class="md-ellipsis">
Advanced LDAP/AD Integration Options
</span>
</a>
<nav class="md-nav" aria-label="Advanced LDAP/AD Integration Options">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#multiple-base" class="md-nav__link">
<span class="md-ellipsis">
Multiple BASE
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#additional-search-filter" class="md-nav__link">
<span class="md-ellipsis">
Additional Search Filter
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#limiting-seafile-users-to-a-group-in-active-directory" class="md-nav__link">
<span class="md-ellipsis">
Limiting Seafile Users to a Group in Active Directory
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#using-tls-connection-to-ldapad-server" class="md-nav__link">
<span class="md-ellipsis">
Using TLS connection to LDAP/AD server
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#use-paged-results-extension" class="md-nav__link">
<span class="md-ellipsis">
Use paged results extension
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#follow-referrals" class="md-nav__link">
<span class="md-ellipsis">
Follow referrals
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#configure-multi-ldap-servers" class="md-nav__link">
<span class="md-ellipsis">
Configure Multi-ldap Servers
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../ldap_group_sync/" class="md-nav__link">
<span class="md-ellipsis">
Importing Groups from LDAP (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../ldap_role_sync/" class="md-nav__link">
<span class="md-ellipsis">
Importing Roles from LDAP (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/ldap_in_11.0/" class="md-nav__link">
<span class="md-ellipsis">
LDAP in version 11.0
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../ldap_in_11.0/" class="md-nav__link">
<span class="md-ellipsis">
LDAP in version 11.0 (Pro)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_2" >
<label class="md-nav__link" for="__nav_5_2" id="__nav_5_2_label" tabindex="0">
<span class="md-ellipsis">
Single Sign On
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_2">
<span class="md-nav__icon md-icon"></span>
Single Sign On
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy/single_sign_on/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/oauth/" class="md-nav__link">
<span class="md-ellipsis">
OAuth Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/remote_user/" class="md-nav__link">
<span class="md-ellipsis">
Remote User Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/shibboleth_authentication/" class="md-nav__link">
<span class="md-ellipsis">
Shibboleth Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/auto_login_seadrive/" class="md-nav__link">
<span class="md-ellipsis">
Auto Login to SeaDrive on Windows
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../saml2_in_10.0/" class="md-nav__link">
<span class="md-ellipsis">
SAML 2.0 in version 10.0+ (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../adfs/" class="md-nav__link">
<span class="md-ellipsis">
SAML 2.0 (old) (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../cas/" class="md-nav__link">
<span class="md-ellipsis">
CAS Authentication (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/auth_switch/" class="md-nav__link">
<span class="md-ellipsis">
Switch authentication
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_3" >
<label class="md-nav__link" for="__nav_5_3" id="__nav_5_3_label" tabindex="0">
<span class="md-ellipsis">
Online Office
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_3">
<span class="md-nav__icon md-icon"></span>
Online Office
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy/libreoffice_online/" class="md-nav__link">
<span class="md-ellipsis">
LibreOffice Online Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/only_office/" class="md-nav__link">
<span class="md-ellipsis">
OnlyOffice Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../office_web_app/" class="md-nav__link">
<span class="md-ellipsis">
Office Online Server Integration (Pro)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../extra_setup/setup_seadoc/" class="md-nav__link">
<span class="md-ellipsis">
SeaDoc Integration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/notification-server/" class="md-nav__link">
<span class="md-ellipsis">
Notification Server
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../extension/webdav/" class="md-nav__link">
<span class="md-ellipsis">
WebDAV extension
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../extension/fuse/" class="md-nav__link">
<span class="md-ellipsis">
FUSE extension
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_8" >
<label class="md-nav__link" for="__nav_5_8" id="__nav_5_8_label" tabindex="0">
<span class="md-ellipsis">
Virus Scan (Pro)
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_8">
<span class="md-nav__icon md-icon"></span>
Virus Scan (Pro)
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../virus_scan/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../deploy_clamav_with_seafile/" class="md-nav__link">
<span class="md-ellipsis">
Deploy ClamAV with Seafile
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../virus_scan_with_kav4fs/" class="md-nav__link">
<span class="md-ellipsis">
Virus Scan With Kav4fs
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_9" >
<label class="md-nav__link" for="__nav_5_9" id="__nav_5_9_label" tabindex="0">
<span class="md-ellipsis">
Advanced User Management (Pro)
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_9">
<span class="md-nav__icon md-icon"></span>
Advanced User Management (Pro)
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../multi_institutions/" class="md-nav__link">
<span class="md-ellipsis">
Multi-Institutions Support
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../roles_permissions/" class="md-nav__link">
<span class="md-ellipsis">
Roles and Permissions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../admin_roles_permissions/" class="md-nav__link">
<span class="md-ellipsis">
Administrator Roles and Permissions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../multi_tenancy/" class="md-nav__link">
<span class="md-ellipsis">
Multi-Tenancy Support
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../details_about_file_search/" class="md-nav__link">
<span class="md-ellipsis">
Advanced File Search configuration (Pro)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/migrate_from_sqlite_to_mysql/" class="md-nav__link">
<span class="md-ellipsis">
Migrate From SQLite to MySQL
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_12" >
<label class="md-nav__link" for="__nav_5_12" id="__nav_5_12_label" tabindex="0">
<span class="md-ellipsis">
Others Deployment Notes
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_12_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_12">
<span class="md-nav__icon md-icon"></span>
Others Deployment Notes
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../deploy/start_seafile_at_system_bootup/" class="md-nav__link">
<span class="md-ellipsis">
Start Seafile at System Bootup
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/using_logrotate/" class="md-nav__link">
<span class="md-ellipsis">
Logrotate
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/ocm/" class="md-nav__link">
<span class="md-ellipsis">
Open Cloud Mesh
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/deploy_seafile_behind_nat/" class="md-nav__link">
<span class="md-ellipsis">
Deploy Seafile behind NAT
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deploy/deploy_seahub_at_non-root_domain/" class="md-nav__link">
<span class="md-ellipsis">
Deploy Seahub at Non-root domain or on custom port
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/fail2ban/" class="md-nav__link">
<span class="md-ellipsis">
Config fail2ban
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../real_time_backup/" class="md-nav__link">
<span class="md-ellipsis">
Real-time Backup Server
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6" >
<label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
<span class="md-ellipsis">
Configuration and Customization
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6">
<span class="md-nav__icon md-icon"></span>
Configuration and Customization
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../config/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/ccnet-conf/" class="md-nav__link">
<span class="md-ellipsis">
ccnet.conf
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seafile-conf/" class="md-nav__link">
<span class="md-ellipsis">
seafile.conf
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seahub_settings_py/" class="md-nav__link">
<span class="md-ellipsis">
seahub_settings.py
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seafevents-conf/" class="md-nav__link">
<span class="md-ellipsis">
seafevents.conf
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/seahub_customization/" class="md-nav__link">
<span class="md-ellipsis">
Seahub customization
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../config/sending_email/" class="md-nav__link">
<span class="md-ellipsis">
Email Sending
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_7" >
<label class="md-nav__link" for="__nav_7" id="__nav_7_label" tabindex="0">
<span class="md-ellipsis">
Administration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_7">
<span class="md-nav__icon md-icon"></span>
Administration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../maintain/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/account/" class="md-nav__link">
<span class="md-ellipsis">
Account management
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/two_factor_authentication/" class="md-nav__link">
<span class="md-ellipsis">
Two-factor Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/security_features/" class="md-nav__link">
<span class="md-ellipsis">
Security features
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/auditing/" class="md-nav__link">
<span class="md-ellipsis">
Access logs and auditing
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/export_report/" class="md-nav__link">
<span class="md-ellipsis">
Export report
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/logs/" class="md-nav__link">
<span class="md-ellipsis">
Logs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/backup_recovery/" class="md-nav__link">
<span class="md-ellipsis">
Backup and Recovery
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/seafile_fsck/" class="md-nav__link">
<span class="md-ellipsis">
Seafile FSCK
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/seafile_gc/" class="md-nav__link">
<span class="md-ellipsis">
Seafile GC
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../maintain/clean_database/" class="md-nav__link">
<span class="md-ellipsis">
Clean database
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../seaf_import/" class="md-nav__link">
<span class="md-ellipsis">
Import Directory To Seafile (Pro)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_8" >
<label class="md-nav__link" for="__nav_8" id="__nav_8_label" tabindex="0">
<span class="md-ellipsis">
Upgrade Seafile Server
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_8">
<span class="md-nav__icon md-icon"></span>
Upgrade Seafile Server
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../upgrade/upgrade/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_docker/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade Seafile Docker
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_a_cluster/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade Seafile Cluster
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_a_cluster_docker/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade Seafile Cluster (Docker)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_7.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 7.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_7.1.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 7.1.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_8.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 8.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_9.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 9.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_10.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 10.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_11.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 11.0.x
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../upgrade/upgrade_notes_for_12.0.x/" class="md-nav__link">
<span class="md-ellipsis">
Upgrade notes for 12.0.x (In progress)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_9" >
<label class="md-nav__link" for="__nav_9" id="__nav_9_label" tabindex="0">
<span class="md-ellipsis">
Developing
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_9">
<span class="md-nav__icon md-icon"></span>
Developing
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../develop/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_9_2" >
<label class="md-nav__link" for="__nav_9_2" id="__nav_9_2_label" tabindex="0">
<span class="md-ellipsis">
How to Build Seafile
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_9_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_9_2">
<span class="md-nav__icon md-icon"></span>
How to Build Seafile
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../build_seafile/" class="md-nav__link">
<span class="md-ellipsis">
Outline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/linux/" class="md-nav__link">
<span class="md-ellipsis">
Linux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/osx/" class="md-nav__link">
<span class="md-ellipsis">
macOS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/windows/" class="md-nav__link">
<span class="md-ellipsis">
Windows
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/server/" class="md-nav__link">
<span class="md-ellipsis">
Server development
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../build_seafile/rpi/" class="md-nav__link">
<span class="md-ellipsis">
Server binary package
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../develop/translation/" class="md-nav__link">
<span class="md-ellipsis">
Translation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../develop/web_api_v2.1/" class="md-nav__link">
<span class="md-ellipsis">
Web API V2.1
</span>
</a>
</li>
<li class="md-nav__item">
<a href="https://github.com/rene-s/Seafile-PHP-SDK" class="md-nav__link">
<span class="md-ellipsis">
PHP API
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../develop/data_model/" class="md-nav__link">
<span class="md-ellipsis">
Data Model
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_10" >
<label class="md-nav__link" for="__nav_10" id="__nav_10_label" tabindex="0">
<span class="md-ellipsis">
ChangeLog
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_10_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_10">
<span class="md-nav__icon md-icon"></span>
ChangeLog
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../changelog/server-changelog/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Community Edition
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/changelog-for-seafile-professional-server/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Professional Edition
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/client-changelog/" class="md-nav__link">
<span class="md-ellipsis">
Seafile Client
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/drive-client-changelog/" class="md-nav__link">
<span class="md-ellipsis">
Drive Client
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#how-does-ldap-user-management-works-with-seafile" class="md-nav__link">
<span class="md-ellipsis">
How does LDAP User Management works with Seafile
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#basic-ldapad-integration" class="md-nav__link">
<span class="md-ellipsis">
Basic LDAP/AD Integration
</span>
</a>
<nav class="md-nav" aria-label="Basic LDAP/AD Integration">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#connecting-to-active-directory" class="md-nav__link">
<span class="md-ellipsis">
Connecting to Active Directory
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#connecting-to-other-ldap-servers" class="md-nav__link">
<span class="md-ellipsis">
Connecting to other LDAP servers
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#testing-your-ldap-configuration" class="md-nav__link">
<span class="md-ellipsis">
Testing your LDAP Configuration
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#setting-up-ldapad-user-sync-optional" class="md-nav__link">
<span class="md-ellipsis">
Setting Up LDAP/AD User Sync (optional)
</span>
</a>
<nav class="md-nav" aria-label="Setting Up LDAP/AD User Sync (optional)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#active-directory" class="md-nav__link">
<span class="md-ellipsis">
Active Directory
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#other-ldap-servers" class="md-nav__link">
<span class="md-ellipsis">
Other LDAP servers
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#importing-users-without-activating-them" class="md-nav__link">
<span class="md-ellipsis">
Importing Users without Activating Them
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#reactivating-users" class="md-nav__link">
<span class="md-ellipsis">
Reactivating Users
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#manually-trigger-synchronization" class="md-nav__link">
<span class="md-ellipsis">
Manually Trigger Synchronization
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#advanced-ldapad-integration-options" class="md-nav__link">
<span class="md-ellipsis">
Advanced LDAP/AD Integration Options
</span>
</a>
<nav class="md-nav" aria-label="Advanced LDAP/AD Integration Options">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#multiple-base" class="md-nav__link">
<span class="md-ellipsis">
Multiple BASE
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#additional-search-filter" class="md-nav__link">
<span class="md-ellipsis">
Additional Search Filter
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#limiting-seafile-users-to-a-group-in-active-directory" class="md-nav__link">
<span class="md-ellipsis">
Limiting Seafile Users to a Group in Active Directory
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#using-tls-connection-to-ldapad-server" class="md-nav__link">
<span class="md-ellipsis">
Using TLS connection to LDAP/AD server
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#use-paged-results-extension" class="md-nav__link">
<span class="md-ellipsis">
Use paged results extension
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#follow-referrals" class="md-nav__link">
<span class="md-ellipsis">
Follow referrals
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#configure-multi-ldap-servers" class="md-nav__link">
<span class="md-ellipsis">
Configure Multi-ldap Servers
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1 id="configure-seafile-pro-edition-to-use-ldap">Configure Seafile Pro Edition to use LDAP<a class="headerlink" href="#configure-seafile-pro-edition-to-use-ldap" title="Permanent link">&para;</a></h1>
<p>For version 11.0, please follow the new document <a href="../ldap_in_11.0/">LDAP in version 11.0</a>.</p>
<h2 id="how-does-ldap-user-management-works-with-seafile">How does LDAP User Management works with Seafile<a class="headerlink" href="#how-does-ldap-user-management-works-with-seafile" title="Permanent link">&para;</a></h2>
<p>When Seafile is integrated with LDAP/AD, users in the system can be divided into two tiers:</p>
<ul>
<li>Users within Seafile's internal user database. Some attributes are attached to these users, such as whether it's a system admin user, whether it's activated. This tier includes two types of users:</li>
<li>Native users: these users are created by the admin on Seafile's system admin interface and are stored in the <code>EmailUser</code> table of the <code>ccnet</code> database.</li>
<li>Users imported from LDAP/AD server: When a user in LDAP/AD logs into Seafile, its information will be imported from LDAP/AD server into Seafile's database. These users are stored in the <code>LDAPUsers</code> table of the <code>ccnet</code> database.</li>
<li>Users in LDAP/AD server. These are all the intended users of Seafile inside the LDAP server. Seafile doesn't manipulate these users directly. It has to import them into its internal database before setting attributes on them.</li>
</ul>
<p>When Seafile counts the user number in the system, it only counts the <strong>activated</strong> users in its internal database.</p>
<p>When Seafile is integrated with LDAP/AD, it'll look up users from both the internal database and LDAP server. As long as the user exists in one of these two sources, he/she can log into the system.</p>
<h2 id="basic-ldapad-integration">Basic LDAP/AD Integration<a class="headerlink" href="#basic-ldapad-integration" title="Permanent link">&para;</a></h2>
<p>The only requirement for Seafile to use LDAP/AD for authentication is that there must be a unique identifier for each user in the LDAP/AD server. Seafile can only use email-address-format user identifiers. So there are usually only two options for this unique identifier:</p>
<ul>
<li>Email address: this is the most common choice. Most organizations assign a unique email address for each member.</li>
<li>UserPrincipalName: this is a user attribute only available in Active Directory. It's format is <code>user-login-name@domain-name</code>, e.g. <code>john@example.com</code>. It's not a real email address, but it works fine as the unique identifier.</li>
</ul>
<h3 id="connecting-to-active-directory">Connecting to Active Directory<a class="headerlink" href="#connecting-to-active-directory" title="Permanent link">&para;</a></h3>
<p>To use AD to authenticate a user, please add the following lines to ccnet.conf.</p>
<p>If you choose email address as unique identifier:</p>
<div class="codehilite"><pre><span></span><code><span class="k">[LDAP]</span>
<span class="na">HOST</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">ldap://192.168.1.123/</span>
<span class="na">BASE</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">cn=users,dc=example,dc=com</span>
<span class="na">USER_DN</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">administrator@example.local</span>
<span class="na">PASSWORD</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">secret</span>
<span class="na">LOGIN_ATTR</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">mail</span>
</code></pre></div>
<p>If you choose UserPrincipalName as unique identifier:</p>
<div class="codehilite"><pre><span></span><code><span class="k">[LDAP]</span>
<span class="na">HOST</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">ldap://192.168.1.123/</span>
<span class="na">BASE</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">cn=users,dc=example,dc=com</span>
<span class="na">USER_DN</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">administrator@example.local</span>
<span class="na">PASSWORD</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">secret</span>
<span class="na">LOGIN_ATTR</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">userPrincipalName</span>
</code></pre></div>
<p>Meaning of each config options:</p>
<ul>
<li>HOST: LDAP URL for the host. ldap://, ldaps:// and ldapi:// are supported. You can also include port number in the URL, like ldap://ldap.example.com:389. To use TLS, you should configure the LDAP server to listen on LDAPS port and specify ldaps:// here. More details about TLS are covered below.</li>
<li>BASE: The distinguished name (DN) of the search base when running queries against the directory server. If you want to use the root DN as search base (e.g. dc=example,dc=com), you need to add <code>FOLLOW_REFERRALS = false</code> to the configuration. The meaning of this option will be explained in following sections.</li>
<li>USER_DN: The distinguished name of the user that Seafile will use when connecting to the directory server. This user should have sufficient privileges to access all the nodes under BASE. It's recommended to use a user in the administrator group.</li>
<li>PASSWORD: Password of the above user.</li>
<li>LOGIN_ATTR: The attribute used for user's unique identifier. Use <code>mail</code> or <code>userPrincipalName</code>.</li>
</ul>
<p>Tips for choosing BASE and USER_DN:</p>
<ul>
<li>To determine the BASE, you first have to navigate your organization hierachy on the domain controller GUI.</li>
<li>If you want to allow all users to use Seafile, you can use 'cn=users,dc=yourdomain,dc=com' as BASE (with proper adjustment for your own needs).</li>
<li>If you want to limit users to a certain OU (Organization Unit), you run <code>dsquery</code> command on the domain controller to find out the DN for this OU. For example, if the OU is 'staffs', you can run 'dsquery ou -name staff'. More information can be found <a href="https://technet.microsoft.com/en-us/library/cc770509.aspx">here</a>.</li>
<li>AD supports 'user@domain.name' format for the USER_DN option. For example you can use administrator@example.com for USER_DN. Sometimes the domain controller doesn't recognize this format. You can still use <code>dsquery</code> command to find out user's DN. For example, if the user name is 'seafileuser', run <code>dsquery user -name seafileuser</code>. More information <a href="https://technet.microsoft.com/en-us/library/cc725702.aspx">here</a>.</li>
</ul>
<h3 id="connecting-to-other-ldap-servers">Connecting to other LDAP servers<a class="headerlink" href="#connecting-to-other-ldap-servers" title="Permanent link">&para;</a></h3>
<p>Please add the following options to ccnet.conf:</p>
<div class="codehilite"><pre><span></span><code><span class="k">[LDAP]</span>
<span class="na">HOST</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">ldap://192.168.1.123/</span>
<span class="na">BASE</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">ou=users,dc=example,dc=com</span>
<span class="na">USER_DN</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">cn=admin,dc=example,dc=com</span>
<span class="na">PASSWORD</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">secret</span>
<span class="na">LOGIN_ATTR</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">mail</span>
</code></pre></div>
<p>The meaning of these options is the same as described in the previous section. With other LDAP servers, you can only use <code>mail</code> attribute as user's unique identifier.</p>
<h3 id="testing-your-ldap-configuration">Testing your LDAP Configuration<a class="headerlink" href="#testing-your-ldap-configuration" title="Permanent link">&para;</a></h3>
<p>Since 5.0.0 Pro Edition, we provide a command line tool for checking your LDAP configuration.</p>
<p>To use this tool, make sure you have <code>python-ldap</code> package installed on your system.</p>
<div class="codehilite"><pre><span></span><code>sudo apt-get install python-ldap
</code></pre></div>
<p>Then you can run the test:</p>
<div class="codehilite"><pre><span></span><code>cd seafile-server-latest
./pro/pro.py ldapsync --test
</code></pre></div>
<p>The test script checks your LDAP settings under the <code>[LDAP]</code> section of ccnet.conf. If everything works, it'll print the first ten users of the search results. Otherwise, it'll print out possible errors in your config.</p>
<h2 id="setting-up-ldapad-user-sync-optional">Setting Up LDAP/AD User Sync (optional)<a class="headerlink" href="#setting-up-ldapad-user-sync-optional" title="Permanent link">&para;</a></h2>
<p>In Seafile Pro, except for importing users into internal database when they log in, you can also configure Seafile to periodically sync user information from LDAP/AD server into the internal database.</p>
<ul>
<li>User's full name, department and contact email address can be synced to internal database. Users can use this information to more easily search for a specific user.</li>
<li>User's Windows or Unix login id can be synced to the internal database. This allows the user to log in with its familiar login id.</li>
<li>When a user is removed from LDAP/AD, the corresponding user in Seafile will be deactivated. Otherwise, he could still sync files with Seafile client or access the web interface.</li>
</ul>
<p>After synchronization is complete, you can see the user's full name, department and contact email on its profile page.</p>
<h3 id="active-directory">Active Directory<a class="headerlink" href="#active-directory" title="Permanent link">&para;</a></h3>
<p>If you're using Active Directory, add the following options to ccnet.conf:</p>
<div class="codehilite"><pre><span></span><code><span class="k">[LDAP]</span>
<span class="na">......</span>
<span class="k">[LDAP_SYNC]</span>
<span class="na">ENABLE_USER_SYNC</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span>
<span class="na">DEACTIVE_USER_IF_NOTFOUND</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span>
<span class="na">SYNC_INTERVAL</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">60</span>
<span class="na">USER_OBJECT_CLASS</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">person</span>
<span class="na">ENABLE_EXTRA_USER_INFO_SYNC</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span>
<span class="na">FIRST_NAME_ATTR</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">givenName</span>
<span class="na">LAST_NAME_ATTR</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">sn</span>
<span class="na">UID_ATTR</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">sAMAccountName</span>
</code></pre></div>
<p>Meaning of each options:</p>
<ul>
<li><strong>ENABLE_USER_SYNC</strong>: set to "true" if you want to enable ldap user synchronization</li>
<li><strong>DEACTIVE_USER_IF_NOTFOUND</strong>: set to "true" if you want to deactivate a user when he/she was deleted in AD server.</li>
<li><strong>SYNC_INTERVAL</strong>: The interval to sync. Unit is minutes. Defaults to 60 minutes.</li>
<li><strong>USER_OBJECT_CLASS</strong>: This is the name of the class used to search for user objects. In Active Directory, it's usually "person". The default value is "person".</li>
<li><strong>ENABLE_EXTRA_USER_INFO_SYNC</strong>: Enable synchronization of additional user information, including user's full name, department, and Windows login name, etc.</li>
<li><strong>FIRST_NAME_ATTR</strong>: Attribute for user's first name. It's "givenName" by default.</li>
<li><strong>LAST_NAME_ATTR</strong>: Attribute for user's last name. It's "sn" by default.</li>
<li><strong>USER_NAME_REVERSE</strong>: In some languages, such as Chinese, the display order of the first and last name is reversed. Set this option if you need it.</li>
<li><strong>UID_ATTR</strong>: Attribute for Windows login name. If this is synchronized, users can also log in with their Windows login name. In AD, the attribute <code>sAMAccountName</code> can be used as <code>UID_ATTR</code>.</li>
</ul>
<p>If you choose <code>userPrincipalName</code> as the unique identifier for user, Seafile cannot use it as real email address to send notification emails to user. If the users in AD also have an email address attribute, you can sync these email addresses into Seafile's internal database. Seafile can then use them to send emails. The configuration option is:</p>
<ul>
<li><strong>CONTACT_EMAIL_ATTR</strong>: usually you can set it to the <code>mail</code> attribute.</li>
</ul>
<h3 id="other-ldap-servers">Other LDAP servers<a class="headerlink" href="#other-ldap-servers" title="Permanent link">&para;</a></h3>
<p>Add the following options to ccnet.conf:</p>
<div class="codehilite"><pre><span></span><code><span class="k">[LDAP]</span>
<span class="na">......</span>
<span class="k">[LDAP_SYNC]</span>
<span class="na">ENABLE_USER_SYNC</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span>
<span class="na">DEACTIVE_USER_IF_NOTFOUND</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span>
<span class="na">SYNC_INTERVAL</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">60</span>
<span class="na">USER_OBJECT_CLASS</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">userOfNames</span>
<span class="na">ENABLE_EXTRA_USER_INFO_SYNC</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">true</span>
<span class="na">FIRST_NAME_ATTR</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">givenName</span>
<span class="na">LAST_NAME_ATTR</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">sn</span>
<span class="na">UID_ATTR</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">uid</span>
</code></pre></div>
<p>Meaning of each option:</p>
<ul>
<li><strong>ENABLE_USER_SYNC</strong>: set to "true" if you want to enable ldap user synchronization</li>
<li><strong>DEACTIVE_USER_IF_NOTFOUND</strong>: set to "true" if you want to deactivate a user when he/she was deleted in LDAP server.</li>
<li><strong>SYNC_INTERVAL</strong>: The synchronization interval. Unit is minutes. Defaults to 60 minutes.</li>
<li><strong>USER_OBJECT_CLASS</strong>: This is the name of the class used to search for user objects. In OpenLDAP, you can use "userOfNames". The default value is "person".</li>
<li><strong>ENABLE_EXTRA_USER_INFO_SYNC</strong>: Enable synchronization of additional user information, including user's full name, department, and Windows/Unix login name, etc.</li>
<li><strong>FIRST_NAME_ATTR</strong>: Attribute for user's first name. It's "givenName" by default.</li>
<li><strong>LAST_NAME_ATTR</strong>: Attribute for user's last name. It's "sn" by default.</li>
<li><strong>USER_NAME_REVERSE</strong>: In some languages, such as Chinese, the display order of the first and last name is reversed. Set this option if you need it.</li>
<li><strong>UID_ATTR</strong>: Attribute for Windows/Unix login name. If this is synchronized, users can also log in with their Windows/Unix login name. In OpenLDAP, the attribute <code>uid</code> or something similar can be used.</li>
</ul>
<h3 id="importing-users-without-activating-them">Importing Users without Activating Them<a class="headerlink" href="#importing-users-without-activating-them" title="Permanent link">&para;</a></h3>
<p>The users imported with the above configuration will be activated by default. For some organizations with large number of users, they may want to import user information (such as user full name) without activating the imported users. Activating all imported users will require licenses for all users in AD/LDAP, which may not be affordable.</p>
<p>Seafile provides a combination of options for such use case. First, you have to add below option to [ldap_sync] section of ccnet.conf:</p>
<div class="codehilite"><pre><span></span><code>ACTIVATE_USER_WHEN_IMPORT = false
</code></pre></div>
<p>This prevents Seafile from activating imported users. Second, add below option to <code>seahub_settings.py</code>:</p>
<div class="codehilite"><pre><span></span><code>ACTIVATE_AFTER_FIRST_LOGIN = True
</code></pre></div>
<p>This option will automatically activate users when they login to Seafile for the first time.</p>
<h3 id="reactivating-users">Reactivating Users<a class="headerlink" href="#reactivating-users" title="Permanent link">&para;</a></h3>
<p>When you set the `<strong>DEACTIVE_USER_IF_NOTFOUND</strong>` option, a user will be deactivated when it's not found in LDAP server. By default, even after this user reappears in the LDAP server, it won't be reactivated automatically. This is to prevent auto reactivating a user that was manually deactivated by the system admin.</p>
<p>However, sometimes it's desirable to auto reactivate such users. So in version 7.1.8 we added a new option to provide this behavior.</p>
<div class="codehilite"><pre><span></span><code>AUTO_REACTIVATE_USERS = True
</code></pre></div>
<h3 id="manually-trigger-synchronization">Manually Trigger Synchronization<a class="headerlink" href="#manually-trigger-synchronization" title="Permanent link">&para;</a></h3>
<p>To test your LDAP sync configuration, you can run the sync command manually.</p>
<p>To trigger LDAP sync manually,</p>
<div class="codehilite"><pre><span></span><code><span class="nb">cd</span><span class="w"> </span>seafile-server-latest
./pro/pro.py<span class="w"> </span>ldapsync
</code></pre></div>
<p>For Seafile Docker</p>
<div class="codehilite"><pre><span></span><code>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>-it<span class="w"> </span>seafile<span class="w"> </span>/opt/seafile/seafile-server-latest/pro/pro.py<span class="w"> </span>ldapsync
</code></pre></div>
<h2 id="advanced-ldapad-integration-options">Advanced LDAP/AD Integration Options<a class="headerlink" href="#advanced-ldapad-integration-options" title="Permanent link">&para;</a></h2>
<h3 id="multiple-base">Multiple BASE<a class="headerlink" href="#multiple-base" title="Permanent link">&para;</a></h3>
<p>Multiple base DN is useful when your company has more than one OUs to use Seafile. You can specify a list of base DN in the "BASE" config. The DNs are separated by ";", e.g. <code>ou=developers,dc=example,dc=com;ou=marketing,dc=example,dc=com</code></p>
<h3 id="additional-search-filter">Additional Search Filter<a class="headerlink" href="#additional-search-filter" title="Permanent link">&para;</a></h3>
<p>Search filter is very useful when you have a large organization but only a portion of people want to use Seafile. The filter can be given by setting "FILTER" config. The value of this option follows standard LDAP search filter syntax (<a href="https://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx">https://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx</a>).</p>
<p>The final filter used for searching for users is <code>(&amp;($LOGIN_ATTR=*)($FILTER))</code>. <code>$LOGIN_ATTR</code> and <code>$FILTER</code> will be replaced by your option values.</p>
<p>For example, add the following line to LDAP config:</p>
<div class="codehilite"><pre><span></span><code>FILTER = memberOf=CN=group,CN=developers,DC=example,DC=com
</code></pre></div>
<p>The final search filter would be <code>(&amp;(mail=*)(memberOf=CN=group,CN=developers,DC=example,DC=com))</code></p>
<p>Note that the cases in the above example is significant. The <code>memberOf</code> attribute is only available in Active Directory.</p>
<h3 id="limiting-seafile-users-to-a-group-in-active-directory">Limiting Seafile Users to a Group in Active Directory<a class="headerlink" href="#limiting-seafile-users-to-a-group-in-active-directory" title="Permanent link">&para;</a></h3>
<p>You can use the FILTER option to limit user scope to a certain AD group.</p>
<ol>
<li>First, you should find out the DN for the group. Again, we'll use <code>dsquery</code> command on the domain controller. For example, if group name is 'seafilegroup', run <code>dsquery group -name seafilegroup</code>.</li>
<li>Add following line to LDAP config:</li>
</ol>
<div class="codehilite"><pre><span></span><code>FILTER = memberOf={output of dsquery command}
</code></pre></div>
<h3 id="using-tls-connection-to-ldapad-server">Using TLS connection to LDAP/AD server<a class="headerlink" href="#using-tls-connection-to-ldapad-server" title="Permanent link">&para;</a></h3>
<p>To use TLS connection to the directory server, you should install a valid SSL certificate on the directory server.</p>
<p>To make sure Seafile server successfully connect to the directory server with TLS, you have to choose the right version of Seafile Pro servers.</p>
<ul>
<li>If you're using Seafile 9.0 or newer, you should use Docker to run Seafile. There should be no problem connecting with TLS as long as SSL certificate on the directory server is valid.</li>
<li>If you're using older version of Seafile, you should choose Seafile package based on your OS. For CentOS/RHEL, choose the package for CentOS; for Ubuntu/Debian, choose the package for Ubuntu.</li>
</ul>
<p>The Seafile server package bundles the version of libldap from the OS where it's built. So libldap will try to locate OpenSSL library in the same path as the buidling OS. Since different Linux distributions have different path or configuration for OpenSSL library, sometimes Seafile is unable to connect to the directory server with TLS.</p>
<p>When Seafile fails to connect with TLS, you may try to install ldap client libraries on your OS and ask Seafile to use them instead.</p>
<p>On Ubuntu and Debian, moving the bundled ldap related libraries out of the library path should make TLS connection work.</p>
<div class="codehilite"><pre><span></span><code>cd<span class="w"> </span><span class="cp">${</span><span class="n">SEAFILE_INSTALLATION_DIR</span><span class="cp">}</span>/seafile-server-latest/seafile/lib
mkdir<span class="w"> </span>disabled_libs_use_local_ones_instead
mv<span class="w"> </span>liblber-2.4.so.2<span class="w"> </span>libldap-2.4.so.2<span class="w"> </span>libsasl2.so.2<span class="w"> </span>libldap_r-2.4.so.2<span class="w"> </span>disabled_libs_use_local_ones_instead/
</code></pre></div>
<p>On some CentOS systems, you may have to move the libnssutil library as well:</p>
<div class="codehilite"><pre><span></span><code>cd<span class="w"> </span><span class="cp">${</span><span class="n">SEAFILE_INSTALLATION_DIR</span><span class="cp">}</span>/seafile-server-latest/seafile/lib
mkdir<span class="w"> </span>disabled_libs_use_local_ones_instead
mv<span class="w"> </span>libnssutil3.so<span class="w"> </span>disabled_libs_use_local_ones_instead/
</code></pre></div>
<p>This effectively removes the bundled libraries from the library search path.
When the server starts, it'll instead find and use the system libraries (if they are installed).
This change has to be repeated after each update of the Seafile installation.</p>
<h3 id="use-paged-results-extension">Use paged results extension<a class="headerlink" href="#use-paged-results-extension" title="Permanent link">&para;</a></h3>
<p>LDAP protocol version 3 supports "paged results" (PR) extension. When you have large number of users, this option can greatly improve the performance of listing users. Most directory server nowadays support this extension.</p>
<p>In Seafile Pro Edition, add this option to LDAP section of ccnet.conf to enable PR:</p>
<div class="codehilite"><pre><span></span><code>USE_PAGED_RESULT = true
</code></pre></div>
<h3 id="follow-referrals">Follow referrals<a class="headerlink" href="#follow-referrals" title="Permanent link">&para;</a></h3>
<p>Starting from Pro Edition 4.0.4, Seafile supports auto following referrals in LDAP search. This is useful for partitioned LDAP or AD servers, where users may be spreaded on multiple directory servers. For more information about referrals, you can refer to <a href="https://technet.microsoft.com/en-us/library/cc978014.aspx">this article</a>.</p>
<p>To configure, add following option to ccnet.conf in the [ldap] section:</p>
<div class="codehilite"><pre><span></span><code>FOLLOW_REFERRALS = true
</code></pre></div>
<h3 id="configure-multi-ldap-servers">Configure Multi-ldap Servers<a class="headerlink" href="#configure-multi-ldap-servers" title="Permanent link">&para;</a></h3>
<p>Since seafile 5.1.4 pro edition, we support multi-ldap servers, that is besides base ldap server info in [ldap] section, you can set other ldap servers info in [ldap_multi_1], [ldap_multi_2] ... [ldap_multi_9] sections, so you can configure ten ldap servers to work with seafile. Multi-ldap servers mean that, when get or search ldap user, it will iterate all configured ldap servers until a match is found; When listing all ldap users, it will iterate all ldap servers to get all users; For Ldap sync it will sync all user/group info in all configured ldap servers to seafile.</p>
<p>For example I have configured base ldap server in <code>ccnet.conf</code> as follow:</p>
<div class="codehilite"><pre><span></span><code><span class="k">[LDAP]</span>
<span class="na">HOST</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">ldap://192.168.1.123/</span>
<span class="na">BASE</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">ou=users,dc=example,dc=com</span>
<span class="na">USER_DN</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">cn=admin,dc=example,dc=com</span>
<span class="na">PASSWORD</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">secret</span>
<span class="na">LOGIN_ATTR</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">mail</span>
</code></pre></div>
<p>Then I can configure another ldap server in <code>ccnet.conf</code> as follow:</p>
<div class="codehilite"><pre><span></span><code><span class="k">[LDAP_MULTI_1]</span>
<span class="na">HOST</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">ldap://192.168.1.124/</span>
<span class="na">BASE</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">ou=users,dc=example,dc=com</span>
<span class="na">USER_DN</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">cn=admin,dc=example,dc=com</span>
<span class="na">PASSWORD</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">secret</span>
</code></pre></div>
<p>Before 6.3.8, all ldap servers share LOGIN_ATTR, USE_PAGED_RESULT, FOLLOW_REFERRALS attributes in [ldap] section; For ldap user/group sync, all ldap servers share all ldap sync related attributes in [ldap_sync] section.</p>
<p>Since seafile 6.3.8 pro, we support more independent config sections for each ldap server. The LOGIN_ATTR, USE_PAGED_RESULT, FOLLOW_REFERRALS options can be set independently in each [ldap_multi_x] section. Furthermore, independent [ldap_sync_multi_x] sections can be set for each LDAP server. That is, each LDAP server can use different LDAP sync options.</p>
<p>There are still some shared config options that can only be set in [ldap_sync] section, which is used for all LDAP servers.</p>
<ul>
<li>SYNC_INTERVAL</li>
<li>DEACTIVE_USER_IF_NOTFOUND</li>
<li>ACTIVATE_USER_WHEN_IMPORT</li>
<li>IMPORT_NEW_USER</li>
<li>DEL_GROUP_IF_NOT_FOUND</li>
</ul>
<p>These options are used to control synchronization behaviors, so they're shared for all LDAP servers.</p>
<p>NOTE: It is recommended to have a [ldap_sync_multi_x] section for each [ldap_multi_x] section. Otherwise the LDAP sync process will use the options in [ldap_sync] section for that LDAP server.</p>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
<div class="md-copyright__highlight">
Copyright &copy; 2023 Seafile Ltd.
</div>
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
<div class="md-social">
<a href="https://github.com/haiwen/seafile-admin-docs/" target="_blank" rel="noopener" title="github.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8M97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg>
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../..", "features": [], "search": "../../assets/javascripts/workers/search.6ce7567c.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../../assets/javascripts/bundle.525ec568.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink