Duo integration with Seafile (seafile has ldap integration), can it be done?

Socrates1 · ‎04-09-2019

Seafile is a on-prem cloud solution, and has an option to integrate LDAP users for the UI login.
Google 2FA can be integrated with Seafile as well
https://manual.seafile.com/deploy_pro/two_factor_authentication.html

I have been using ldap based authentication with duo 2fa for a couple of applications successfully, but its not working with Seafile.
Need help, am i doing wrong?

DuoKristina · ‎04-11-2019

Hi @Socrates,

Sorry to hear you’re having trouble getting Duo LDAP authentication to work with Seafile. I’m not sure there’s enough info in your post to tell if you configured it wrong or what might be happening.

Did you try enabling debug logging on your Duo authentication proxy to see what happens during an authentication attempt? Please don’t post any debug log output with sensitive information here in this public forum.

Looking at https://manual.seafile.com/deploy/using_ldap.html, it says the username attribute must be the email address or userPrincipalName. Did you set the username_attribute to userPrincipalName or mail (whichever one you set in Seafile) in the [ad_client] section of your authproxy.cfg? If you already have an [ad_client] section that must use a different username attribute, you can basically duplicate it as [ad_client2] and update the username_attribute, and then specify client=ad_client2 in the Seafile application’s [ldap_server_auto] config.

For in-depth troubleshooting assistance, you should contact Duo Support.

Duo, not DUO.