SeaFile Storage authentication via ForgeRock OpenDJ

Posted 2 years ago by Ondřej Fuchsík

Seafile and OpenDJ diagram

Welcome to this blog post. I will describe and explain how to set up own storage with file synchronization across multiple computers and platforms. Having a distributed and safe file storage is a fundamental requirement for enterprises of all sizes small, medium size or big. Seafile is nice in that it allows you to scale from small to big over time. The goal of my project was to set-up an internal storage system that will serve tens of users. All of them should be able to share their files via the storage safely and do a backup, when needed.

Seafile is an open source project based on server-client architecture. The core of this post will explain installation and configuration of Seafile server. The server has a nice feature, which allows to authenticate users through LDAP protocol and one part of this post will be about setting up OpenDJ LDAP server, which is also an open source project. It’s easy to install, administrate and has very nice documentation with lot of examples and active community, which is able to help in case of troubles.

Let proceed to Seafile server installation.

The server is able to run on Linux (Debian 7, Ubuntu 14.04, Centos 6.6), Windows and Raspberry Pi. Here I will explain installation on Linux Ubuntu 14.04.

Seafile and OpenDJ diagram
An abstract overview of target architecture.

Prerequisities:

  • MySQL server
  • Installed packages on your system:
    • python 2.7
    • python-setuptools
    • python-imaging
    • python-mysqldb

Steps to install OpenDJ 2.6.0 LDAP server:

This section is describing the procedure for the installation of OpenDJ directory server and creation of one user at step 8. This step can be repeated to add more users or you can import data.

  1. Download archive for Linux.
  2. Unzip the archive.
  3. Move to the created folder and run setup command like:
    • To install server with GUI run:
    • /path/to/opendj/setup
    • To install server in command line interactive mode run:
    • /path/to/opendj/setup --cli
  4. Provide necessary inputs like credentials, host name, base dn (let create just base entry) and choose start the server at the end of configuration.
  5. Run control-panel with credentials.
    • /path/to/opendj/bin/control-panel -D 'cn=directory manager' -w password
  6. Click on Manage entries on the left side (see Figure 1).

    GUI navigation
    Figure 1: Click on Manage Entries on the left.
  7. Create new Organizational Unit (On the top, click on Entries and choose New Organizational Unit and fill the form, see Figure 2).

    Create new org unit by clicking on Entries -> New Org...
    Figure 2: Creation of new Organization Unit – example data
  8. Create new user (On the top, click on Entries and choose New User and fill the form, see Figure 3)Documentation – Import users.

    Creating new entry - example data.
    Figure 3: Creating new entry – example data.
  9. You should have structure similar to following one (see Figure 4).

    Shows how an example structure should looks like.
    Figure 4: Shows how an example structure should looks like.

Steps to set up Seafile server:

  1.  Download archive for your system.
  2.  Prepare workspace on your system:
    1.  Create a folder, where the server will be deployed.
      • mkdir /path/to/seafile/
    2.  Copy the archive to this directory and unzip it.
      • cd /path/to/seafile
        cp /path/to/seafile.zip .
        unzip seafile.zip
    3.  As next is recommended to create a folder installed under this directory.
      • mkdir installed
    4.  Move your archive to this directory.
      • mv seafile.zip installed
  3.  Make sure your MySQL service is running.
    • sudo netstat -tap | grep mysql
  4.  Run the script under seafile-server folder setup-seafile-mysql.sh .
    • ./seafile-server/setup-seafile-mysql.sh
    1. You will be prompted for some informations like MySQL port number, server-name, domain (ip), port of seafile-server and port of http server.
    2. After you will need to provide administrator’s credentials.
    3. At the end you can let the script to create automatically SQL tables for you.
  5.  Start seafile.
    • ./seafile-server/seafile.sh start
  6.  Start seahub.
    • ./seafile-server/seahub.sh start
  7.  Now you should be able to access a login web page of your private Seafile server on http://domain:8000/ (see Figure 5).

    Figure 5: Seafile login web page.
    Figure 5: Seafile login web page.
  8. To authenticate through OpenDJ LDAP server add following lines into ccnet/ccnet.conf file.
    • echo "[LDAP]" >> ./seafile/ccnet/ccnet.conf
      echo "HOST = ldap://ondrej-personal:1389/" >> ./seafile/ccnet/ccnet.conf
      echo "BASE = ou=users,dc=example,dc=com" >> ./seafile/ccnet/ccnet.conf
      echo "USER_DN = cn=seafileadmin,dc=example,dc=com" >> ./seafile/ccnet/ccnet.conf
      echo "PASSWORD = secret" >> ./seafile/ccnet/ccnet.conf
      echo "LOGIN_ATTR = mail" >> ./seafile/ccnet/ccnet.conf

    Figure 6: Example setting of ccne.conf for LDAP authentication
    Figure 6: Example setting of ccne.conf for LDAP authentication
  9. Restart Seafile.
    • ./seafile-server/seahub.sh stop
      ./seafile-server/seafile.sh stop
      ./seafile-server/seafile.sh start
      ./seafile-server/seahub.sh start
  10. Add new user to OpenDJ under ou=users and try log in to Seafile.

At this point we have working directory and file server and we miss just a client application which allows us to synchronize files. Seafile provides support for lot of platforms. You can download Desktop client (Windows, Linux, Mac) or Mobile Client (Android, IOS). The installation for Linux is pretty straight forward, because Debian packages are available. The only thing you need to do is download package and install it like any other.

After installation process run the Seafile GUI client, provide folder which will be used for file synchronization from the server, server hostname with port and your credentials. Now the Seafile client is configured and you are ready to synchronize your files with server. If you are interested in command line client visit CLI manual web page.

We are at the end of the process, however this is not complete tutorial of all functions, it just explains basics of Seafile and also OpenDJ. These products provides a lot of nice features, so check them, if you are interested. I see these products very useful and easy to administrate and I think it’s very nice connection of two open source projects. I like that you can use Seafile on your mobile as good as on your MAC, Windows or Linux workstation.

Sources:

Ondřej Fuchsík

3 Responses to “SeaFile Storage authentication via ForgeRock OpenDJ”

  1. […] See the article here: http://www.profiq.com/seafile-storage-authentication-via-forgerock-opendj/ […]

  2. […] installation process of OpenDJ was described in our previous blog in detail, I only add a download link to the .zip distribution of […]

  3. […] you have installed the LDAP server; you can find simple install instructions in a previous blog of ours. […]

Leave a Reply

Related articles

Contact us now

Your message has been sent. Thank you!