owncloudeeadminmanual.pdf

ownCloud Enterprise Edition AdminManual

Release 7.0

ownCloud Inc.

November 07, 2014

CONTENTS

1 Introduction 11.1 Target audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

2 Whats New for Admins in ownCloud 7 32.1 New User Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32.2 External Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32.3 Object Stores as Primary Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32.4 Server to Server Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32.5 SharePoint Integration (Enterprise Edition only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32.6 Windows Network Drive Integration (Enterprise Edition only) . . . . . . . . . . . . . . . . . . . . . 42.7 Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42.8 SMTP Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42.9 Editable Email Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42.10 Active Directory and LDAP Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

3 ownCloud 7 Enterprise Edition Release Notes 53.1 Recommended Setup for Running ownCloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53.2 Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53.3 Shibboleth and WebDAV Incompatible . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63.4 Windows Network Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63.5 Sharepoint Drive App . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63.6 Antivirus App Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63.7 Enable Only for Specific Groups Fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73.8 Changes to File Previews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73.9 LDAP Home Connector Linux Only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73.10 4GB Limit on SFTP Transfers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73.11 Not Enough Space Available on File Upload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73.12 No More Expiration Date On Local Shares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

4 Installation 94.1 License Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94.2 Installing ownCloud Enterprise Edition on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94.3 Mac OS X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104.4 Installing ownCloud From Sources on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104.5 Supported ownCloud Enterprise Apps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154.6 Installing ownCloud Enterprise Edition on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . 164.7 Installation Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

5 Configuration 21

i

5.1 Configuring SharePoint Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215.2 Configuring S3 and OpenStack Swift Objects as Primary Storage . . . . . . . . . . . . . . . . . . . 235.3 Installing and Configuring the Windows Network Drive App . . . . . . . . . . . . . . . . . . . . . . 255.4 Oracle Database Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275.5 Microsoft IIS and SQL Server Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325.6 Jive Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395.7 Oracle Database Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475.8 Microsoft IIS and SQL Server Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515.9 LDAP Home Connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585.10 Theming ownCloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605.11 File Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705.12 Shibboleth Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 805.13 Using the Files Locking App . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 835.14 User Authentication with LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 835.15 Defining Background Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 965.16 Using Third Party Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 975.17 Configuring the ClamAV Antivirus Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 975.18 Asset Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1005.19 Defining Automatic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1015.20 Custom Client Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1035.21 Using Server-Side Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1045.22 File Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1095.23 Knowledge Base Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1115.24 Language Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1125.25 Logging Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1125.26 Mail Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1135.27 Preview Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1205.28 Reverse Proxy Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1225.29 User Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1235.30 Uploading big files > 512MB (as set by default) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1265.31 Enabling uploading big files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1265.32 Configuring the Collaborative Documents App . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1275.33 Enabling the Documents App . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1275.34 Configuring External Storage (GUI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1285.35 Configuring External Storage (Configuration File) . . . . . . . . . . . . . . . . . . . . . . . . . . . 1415.36 Custom User Backend Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1475.37 Configuring Server-to-Server Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1485.38 Serving static files via web server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1495.39 Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1525.40 Storage Backends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1525.41 Authentication Backends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1525.42 Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1535.43 Additional Enterprise Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1535.44 Customizing your Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

6 Maintenance 1556.1 Backing up ownCloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1556.2 Converting Database Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1566.3 Maintenance Mode Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1576.4 Restoring ownCloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1576.5 Upgrading Your ownCloud Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

7 Operations 1617.1 Providing Default Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

ii

7.2 Logging Apps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1627.3 Considerations on Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1727.4 Performance Tuning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

8 External APIs 179

9 Architecture 1819.1 Scaling Across Multiple Machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

iii

CHAPTER

ONE

INTRODUCTION

This is the administrators manual for ownCloud, a flexible, open source file sync and share solution. ownCloudincludes the ownCloud server, client applications for Microsoft Windows, Mac OS X and Linux, and mobile clientsfor the Android and Apple iOS operating system.

1.1 Target audience

This guide is targeted towards people who want to evaluate, deploy or administer optimize ownCloud EnterpriseEdition. If you want to learn how to use the Web UI, or how to install clients on the server, please refer to the UserManual or the Desktop Client Manual respectively.

1

http://doc.owncloud.com/server/7.0EE/user_manual/contents.htmlhttp://doc.owncloud.com/server/7.0EE/user_manual/contents.htmlhttp://doc.owncloud.org/desktop/1.7/

ownCloud Enterprise Edition Admin Manual, Release 7.0

2 Chapter 1. Introduction

CHAPTER

TWO

WHATS NEW FOR ADMINS INOWNCLOUD 7

2.1 New User Management

Admins can now view all ownCloud users in a single scrolling window, filter user lists by group, and search by userdisplay name using the new text filter. User attributes have also been added, included the file storage location for eachuser and the last time they logged in. New groups can be added with a click of a button.

2.2 External Storage

Major improvements to the external storage app include support for FTP, Dropbox, Google Drive, SFTP, Swift, S3,WebDAV, SMB/CIFS and more storage locations to the ownCloud instance. You can control which storage types yourusers can set up in their Personal tabs. Further performance improvements have made externally mounted storagefaster and more responsive.

2.3 Object Stores as Primary Storage

Primary storage in ownCloud is where all files and folders are stored by default. In contrast to secondary storage,primary storage is completely managed by the ownCloud application. With ownCloud 7, ownCloud can now leverageSWIFT and S3 (S3 is enterprise only) object stores as primary storage for ownCloud files. Now admins can choosethe best option for their specific need, including local storage, network file system mounts, and object stores.

2.4 Server to Server Sharing

ownCloud 7 servers can now connect shares with each other. With just a few clicks you can easily and securely createpublic shares that are available to other ownCloud 7 users on remote servers, and optionally allow your users to alsocreate their own public shares.

2.5 SharePoint Integration (Enterprise Edition only)

Native SharePoint support has been added to ownCloud 7 Enterprise Edition as a secondary storage location forSharePoint 2007, 2010 and 2013. When this is enabled, users can access and sync all of their SharePoint content

3


via ownCloud, whether in the desktop sync, mobile or Web interfaces. Updated files are bi-directionally syncedautomatically. SharePoint shares are created by the ownCloud admin, and optionally by any users who have SharePointcredentials. ownCloud preserves SharePoint ACLs to ensure content is restricted per SharePoint rules.

2.6 Windows Network Drive Integration (Enterprise Edition only)

ownCloud has always supported mounting Windows network drives, and in OC7 EE it is easier than ever for theadministrator to mount Windows Network Drives for a user, a group or the entire ownCloud instance, and allow eachuser to access the network drives and preserve their ACLs. The network drives appear as normal folders and files, andchanges are bi-directionally synced between user devices and the Windows network drives.

2.7 Sharing

Sharing has been dramatically enhanced and streamlined, making it more flexible, faster and accessible. Improvementsinclude:

Force Password: Admins can now force users to set a password when they create shared links. This ensuresthat files shared outside of ownCloud via a link are properly secured by users.

Share Link Default and Max Expiration: When sharing a file with a link, admins can now require users toset a specific expiration duration for the link.

Antivirus Action Updates: The Antivirus app has been enhanced to allow with some minor customization the use of external virus scanners (rather than the default ClamAV) in scanning files as they arrive on theserver.

The Shared folder has been removed from new installations of ownCloud 7: Shared files now appear in thetop level of your file tree on your Files page, and you can change the default shared folder to any folder withthe share_folder directive in config.php. If you are upgrading from older ownCloud versionsyou will still have your old Shared folder.

2.8 SMTP Configuration Wizard

The new graphical SMTP configuration connects to your mail server in just a few clicks, so that ownCloud can sendautomated messages to users. ownCloud connects via PHP, Sendmail, or standard SMTP.

2.9 Editable Email Templates

ownCloud admins can now edit the email templates that ownCloud uses for automatic notifications on the Adminpage.

2.10 Active Directory and LDAP Enhancements

Several improvements have been made to the LDAP and Active Directory plug-in application, improving both theperformance of the application as well as the compatibility with OpenLDAP and Active Directory.

4 Chapter 2. Whats New for Admins in ownCloud 7

CHAPTER

THREE

OWNCLOUD 7 ENTERPRISE EDITIONRELEASE NOTES

3.1 Recommended Setup for Running ownCloud

ownCloud runs on multiple operating systems and HTTP servers. For best performance, stability, support, and fullfunctionality we recommend:

Red Hat Enterprise Linux 7

MySQL/MariaDB

PHP 5.4 +

Apache 2.4

Red Hat plans to support PHP 5.4 in RHEL 6. Please see PHP 5.4 on RHEL-6 using RHSCL and Red Hat SoftwareCollections 1.0 Beta Now Available for more information.

CentOS 6 users, please consult The Software Collections ( SCL ) Repository for information on upgrading to PHP5.4.

3.2 Supported Platforms

Hypervisors: Hyper-V, VMware ESX, Xen, KVM

Server: Windows 2008R2; 2012, Linux (Debian 6, RHEL / Centos 6 and 7, Ubuntu 12 and 14, SLES 11,Univention Corporate Server 3.x)

Databases: MySQL 5.x; Microsoft SQL Server 2008R2; SQL Server 2012 R2; Oracle 11g

Desktop: Windows XP, Windows 7, Mac OS X 10.7+ (64-bit only), Linux (CentOS 6, Ubuntu 10.04 and 11.04+,Fedora 16+, openSUSE 11.4+)

Mobile apps: iOS 7+, Android 4+

Webserver: IIS (Windows) and Apache2 (Windows and Linux)

Web browser: IE8, IE9, Firefox v14+, Chrome v18+, Safari v5+

5

http://developerblog.redhat.com/2013/08/01/php-5-4-on-rhel-6-using-rhscl/http://www.redhat.com/en/about/blog/red-hat-software-collections-1.0-beta-now-availablehttp://www.redhat.com/en/about/blog/red-hat-software-collections-1.0-beta-now-availablehttp://wiki.centos.org/AdditionalResources/Repositories/SCL


3.3 Shibboleth and WebDAV Incompatible

Shibboleth and WebDAV are incompatible, and cannot be used together in ownCloud.

3.4 Windows Network Drive

Windows Network Drive runs only on Linux servers, because it requires libsmbclient.

libsmbclient 3.x seems to have a bug (check https://bugzilla.samba.org/show_bug.cgi?id=9038 ), so youllneed to set up the HOME variable in Apache to prevent a segmentation fault. This issue doesnt seems to happen withlibsmbclient 4.1.6 and higher.

To set up the HOME variable on Ubuntu, modify the /etc/apache2/envvars file:

unset HOMEexport HOME=/var/www

In openSUSE, modify the /usr/sbin/start_apache2 file:

export HOME=/var/lib/apache2

In CentOS, modify the /etc/sysconfig/httpd file and add the following line to set the HOME variable inApache:

export HOME=/usr/share/httpd

By default CentOS has activated SELinux, and the httpd process can not make outgoing network connections. Thiswill cause problems with curl, ldap and samba libraries. Youll need to get around this in CentOS in order to makethis work. First check the status:

getsebool -a | grep httpdhttpd_can_network_connect --> off

Then enable support for network connections:

setsebool -P httpd_can_network_connect o

3.5 Sharepoint Drive App

The SharePoint Drive app does not verify the SSL certificate of the SharePoint server or the ownCloud server, as it isexpected that both devices are in the same trusted environment.

3.6 Antivirus App Modes

The Antivirus App offers three modes for running the ClamAV anti-virus scanner: as a daemon on the ownCloudserver, a daemon on a remote server, or an executable mode that calls clamscan on the local server. We recommendusing one of the daemon modes, as they are the most reliable.

6 Chapter 3. ownCloud 7 Enterprise Edition Release Notes

https://bugzilla.samba.org/show_bug.cgi?id=9038/


3.7 Enable Only for Specific Groups Fails

Some ownCloud applications have the option to be enabled only for certain groups. However, when you select specificgroups they do not get access to the app.

3.8 Changes to File Previews

For security and performance reasons, file previews are available only for image files, covers of MP3 files, and textfiles, and have been disabled for all other filetypes. Files without previews are represented by generic icons accordingto their file types.

3.9 LDAP Home Connector Linux Only

The LDAP Home Connector application requires Linux (with SQLite, MySQL, MariaDB, or PostgreSQL) to operatecorrectly.

3.10 4GB Limit on SFTP Transfers

Because of limitations in phpseclib, you cannot upload files larger than 4GB over SFTP.

3.11 Not Enough Space Available on File Upload

Setting user quotas to unlimited on an ownCloud installation that has unreliable free disk space reporting forexample, on a shared hosting provider may cause file uploads to fail with a Not Enough Space Available error. Aworkaround is to set file quotas for all users instead of unlimited.

3.12 No More Expiration Date On Local Shares

In older versions of ownCloud, you could set an expiration date on both local and public shares. Now you can set anexpiration date only on public shares, and local shares do not expire when public shares expire.

3.7. Enable Only for Specific Groups Fails 7


8 Chapter 3. ownCloud 7 Enterprise Edition Release Notes

CHAPTER

FOUR

INSTALLATION

This chapter covers installation-related topics of ownCloud server:

4.1 License Keys

4.1.1 Introduction

ownCloud has implemented a license key in order to utilize ownCloud 7 Enterprise Edition. This section outlines howthe license key functions within ownCloud, and describes the impact that this license key has on your installation ofownCloud 7 Enterprise Edition.

4.1.2 Production ownCloud

By default, if no license key is present, ownCloud will create a new license key for that expires 30 days from the firsttime ownCloud is accessed. If no new license key is added, ownCloud will no longer function at the end of those 30days. Of course, ownCloud will still exist. Simply enter a new license key in the configuration file to re-enable yourownCloud instance and get back to work.

If you are a subscribing ownCloud customer, and once proper agreements have been signed, your full license key willbe provided by ownCloud during the initial phases of your support period. Additional license keys may be obtained byemailing [email protected] indicating the company name and your contact information so we may assist you.

4.1.3 Configuration

Once obtained from ownCloud, the license key should be placed in the ownCloud config file, found inside the own-Cloud root folder on your ownCloud application server(s) config/config.php file as follows:

license-key => test-20141231-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-YYYYYY,

Each running instance of ownCloud requires a license key to be installed. Keys will work across upgrades without is-sue, so new keys will not be required when upgrading your ownCloud Enterprise Edition from, for example, ownCloud6 Enterprise Edition to ownCloud 7 Enterprise Edition.

4.2 Installing ownCloud Enterprise Edition on Linux

The recommended method for installing and maintaining ownCloud Enterprise Edition is with your Linux packagemanager. Configure your package manager to use the ownCloud Enterprise Edition repository, import the signing key,

9

mailto:[email protected]


and then install and update ownCloud like any other software package. Please refer to the README - ownCloudPackage Installation.txt document in your account at Customer.owncloud.com account.

After you have completed your initial installation of ownCloud as detailed in the README, follow the instructions inInstallation Wizard to finish setting up ownCloud.

4.2.1 SELinux

Linux distributions that use SELinux need to take some extra steps so that ownCloud will operate correctly underSELinux. Please see installation_selinux for some recommended configurations.

4.3 Mac OS X

Note: Due to an issue with Mac OS Unicode support, installing ownCloud Server 7.0 on Mac OS is currently notsupported.

4.4 Installing ownCloud From Sources on Linux

This is how you setup ownCloud from scratch using a classic LAMP (Linux, Apache, MySQL, PHP) setup. Pleasereview the ownCloud 7 Enterprise Edition Release Notes for our recommended setup.

Installation packages and add-ons are available from the Files pages in your Customer.owncloud.com account. (If youare not yet an Enterprise customer, or have any questions please contact us at.)

This document provides a complete walk-through for installing ownCloud on Ubuntu 14.04 LTS Server with Apache,PHP and MySQL/MariaDB. MySQL and MariaDB use the same commands and PHP connector. If you prefer Post-greSQL, be sure to install the appropriate PHP connector, which is listed in the Prequisites.

[TODO: RHEL 7 and SLES]

4.4.1 Prerequisites

Note: This tutorial assumes you have root access to the machine you want to install ownCloud on. If you are using ahosting service, then they may have to install the required PHP modules and other software for for you.

To run ownCloud, your web server must have the following installed:

php5 (>= 5.3.8, minimum recommended 5.4)

PHP module ctype

PHP module dom

PHP module GD

PHP module iconv

PHP module JSON

PHP module libxml

PHP module mb multibyte

10 Chapter 4. Installation

http://customer.owncloud.com/https://github.com/owncloud/core/issues/2377https://customer.owncloud.com/https://owncloud.com/contact/


PHP module SimpleXML

PHP module zip

PHP module zlib

Database connectors for MariaDB/MySQL and PostgreSQL:

PHP module mysql

PHP module pgsql (requires PostgreSQL >= 9.0)

Recommended packages:

PHP module curl (highly recommended, some functionality, e.g. HTTP user authentication, depends on this)

PHP module fileinfo (highly recommended, enhances file analysis performance)

PHP module bz2 (recommended, required for extraction of apps)

PHP module intl (increases language translation performance and fixes sorting of non-ASCII characters)

PHP module mcrypt (increases file encryption performance)

PHP module openssl (required for accessing HTTPS resources)

Required for specific apps:

PHP module ldap (for ldap integration)

smbclient (for SMB storage)

PHP module ftp (for FTP storage)

PHP module exif (for image rotation in pictures app)

PHP module gmp (for SFTP storage)

For enhanced performance (optional) select only one of the following:

PHP module apc

PHP module apcu

PHP module xcache

For preview generation (optional):

PHP module imagick

avconv or ffmpeg

OpenOffice or LibreOffice

Special PHP Considerations:

Please check your distribution, operating system or hosting partner documentation on how to install and enablethese modules.

Make sure your distributions PHP version fulfills the version requirements specified above. If it doesnt, theremight be custom repositories you can use. If you are running Ubuntu 12.04 LTS, you can update your PHPusing a custom PHP PPA:

add-apt-repository ppa:ondrej/php5apt-get updateapt-get install php5

4.4. Installing ownCloud From Sources on Linux 11

https://launchpad.net/~ondrej/+archive/php5


Red Hat plans to support PHP 5.4 in RHEL 6. Please see PHP 5.4 on RHEL-6 using RHSCL and Red HatSoftware Collections 1.0 Beta Now Available for more information.

CentOS 6 users, please consult The Software Collections ( SCL ) Repository for information on upgrading toPHP 5.4.

Please note that the ownCloud Enterprise download repository has special versions for Red Hat and CentOSwith PHP 5.3, 5.4, 5.5, and 5.6.

4.4.2 Example installation on Ubuntu 14.04 LTS Server

On a machine running a pristine Ubuntu 14.04 LTS server, install the required and recommended modules for a typicalownCloud installation, using Apache, PHP and MySQL by issuing the following commands in a terminal:

apt-get install apache2 mysql-server php5 libapache2-mod-php5apt-get install php-common php5-gd php5-json php5-mysql php5-curlapt-get install php5-intl php5-mcrypt php5-imagick

Start Apache, and then point a Web browser to http://localhost to verify that it installed correctly:

service apache2 start

Remarks:

This installs the packages for the ownCloud core system. If you are planning on running additional apps, keepin mind that they might require additional packages. See the Prerequisites section (above) for details.

At the execution of each of the above commands you might be prompted whether you want to continue; pressY for Yes (that is if your system language is English. You might have to press a different key if you have adifferent system language).

At the installation of the MariaDB/MySQL server, you will be prompted for a root password. Be sure toremember the password you enter there for later use as you will need it during ownCloud database setup.

MariaDB is a drop-in replacement for MySQL, and you can install it instead of MySQL with apt-getinstall mariadb-server.

Now download your ownCloud .bz2 archive from your account on Customer.owncloud.com. Unpack it with thiscommand (substituting the correct filename, of course):

tar xf owncloud_enterprise-7.x.x.tar.bz2

Copy the ownCloud files to their final destination in the document root of your web server. The Ubuntu default is/var/www:

cp -r owncloud /var/www

4.4.3 Setting Stronger Directory Permissions

Your HTTP user must own at least the config/, data/ and apps/ directories in your ownCloud directory sothat you can configure ownCloud, create, modify and delete your data files, and install apps via the ownCloud Webinterface. We recommend setting the directory permissions as strictly as possible for stronger security.

You can find your HTTP user in your HTTP server configuration files. Or you can create a PHP page to find it for you.To do this, create a plain text file with a single line in it:


http://developerblog.redhat.com/2013/08/01/php-5-4-on-rhel-6-using-rhscl/http://www.redhat.com/en/about/blog/red-hat-software-collections-1.0-beta-now-availablehttp://www.redhat.com/en/about/blog/red-hat-software-collections-1.0-beta-now-availablehttp://wiki.centos.org/AdditionalResources/Repositories/SCLhttp://localhosthttps://customer.owncloud.com/


Name it whoami.php and place it in your /var/www/html directory, and then open it in a Web browser, forexample http://localhost/whoami.php. You should see a single line in your browser page with the HTTPuser name. On Ubuntu this is www-data.

Note: When using an NFS mount for the data directory, do not change ownership as above. The simple act ofmounting the drive will set proper permissions for ownCloud to write to the directory. Changing ownership as abovecould result in some issues if the NFS mount is lost.

For hardened security we highly recommend setting the permissions on your ownCloud directory as strictly as possible.These commands should be executed immediately after the initial installation:

chown -R root:root /var/www/owncloud/chown www-data:www-data /var/www/owncloud/config/config.phpchown -R www-data:www-data /var/www/owncloud/data/chown root:root /var/www/owncloud/data/.htaccesschown www-data:www-data /var/www/owncloud/apps/

4.4.4 Apache Web Server Configuration

Note: You can use ownCloud over plain http, but we strongly encourage you to use SSL/TLS to encrypt all of yourserver traffic, and to protect users logins and data in transit.

4.4.5 Enabling SSL

An Apache server installed under Ubuntu comes already setup with a simple self-signed certificate. All you have todo is to enable the SSL module and the configuration for your ownCloud site. Open a terminal and run:

a2enmod ssla2ensite default-sslservice apache2 reload

Note: Self-signed certificates are adequate for in-house use, but if you plan to make your ownCloud server publiclyaccessible you should consider buying a certificate signed by commercial signing authority. Check with your domainname registrar or hosting service for good deals on commercial certificates.

4.4.6 Configuring ownCloud

Apache 2.2 and 2.4 have slightly different configuration options for access control, so you need to know which versionyou are using. Run one of the following commands to find your Apache version:

apachectl -vapache2 -v

Example output:

Server version: Apache/2.4.7 (Ubuntu)Server built: Jul 22 2014 14:36:38

On Apache 2.2 use allow,deny statements for access control, like this example:

4.4. Installing ownCloud From Sources on Linux 13


Options Indexes FollowSymLinks MultiViewsAllowOverride AllOrder allow,denyallow from all

Apache 2.4 uses Require statements:

Options Indexes FollowSymLinks MultiViewsAllowOverride AllRequire all granted

This configuration entry needs to go into the configuration file of the site you want to use.

On a Ubuntu system, this typically is the default-ssl site (found in the/etc/apache2/sites-available/default-ssl.conf).

Add the entry shown above immediately before the line containing:

(this should be one of the last lines in the file).

A minimal site configuration file on Ubuntu 14.04 looks like this. Change the values in ServerName,ServerAdmin, DocumentRoot, SSLCertificateFile, SSLCertificateKeyFile, and to match your installation:

ServerName YourServerNameServerAdmin webmaster@localhostDocumentRoot /var/www

Options FollowSymLinksAllowOverride None

Options Indexes FollowSymLinks MultiViewsAllowOverride NoneOrder allow,denyallow from all

ErrorLog ${APACHE_LOG_DIR}/error.logLogLevel warnCustomLog ${APACHE_LOG_DIR}/ssl_access.log combinedSSLEngine onSSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pemSSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

SSLOptions +StdEnvVars

SSLOptions +StdEnvVars

BrowserMatch "MSIE [2-6]" \

nokeepalive ssl-unclean-shutdown \downgrade-1.0 force-response-1.0



BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

Options Indexes FollowSymLinks MultiViewsAllowOverride AllAllow from allRequire all grantedDav OffSatisfy Any

If you have not enabled mod_dav on your Apache server, omit the Dav Off directive. You do not need it forownCloud. If you are using mod_dav, then disable it for ownCloud only by entering Dav Off as in the aboveexample.

For ownCloud to work correctly, you need to enable the Apache module mod_rewrite. Enable it by runningthis command:

a2enmod rewrite

In order for the maximum upload size to be configurable, the .htaccess in the ownCloud folder needs to bemade writable by the server (this should already be done, see section Setting Secure Directory Permissions_).

You must disable any server-configured authentication for ownCloud, as it uses Basic authentication internallyfor DAV services. If you have turned on authentication on a parent folder (via e.g. an AuthType Basicdirective), you can turn off the authentication specifically for the ownCloud entry. Following the above exampleconfiguration file, add the following line directly after the allow from all / Require all grantedline in the


Antivirus app for files (Files_Antivirus)

Deleted Files (Files_Trashbin)

Encryption (Files_Encryption)

Enterprise Key (Enterprise_key)

External storage support (External)

External Storage Support (Files_External)

External user support (User_external)

Files (Files)

File Locking (Files_locking)

File Shared access logging app (Files_sharing_log)

Firewall (Firewall)

First Run Wizard (Firstrunwizard)

LDAP Home Connector (Files_LDAP_Home)

LDAP user and group backend (User_ldap)

Log audit info (Admin_audit)

Mail Template Editor (Templateeditor)

object store support (objectstore)

Provisioning API (Provisioning_API)

Share Files (Files_Sharing)

SharePoint (Files_SharePoint)

SharePoint (SharePoint)

Shibboleth user backend (User_shibboleth)

Text Editor (files_texteditor)

Versions (Files_Versions)

WebDAV user backend (User_webdavauth)

Windows Network Drive (Files_Windows_Network_Drives)

Windows Network Drive (Windows_network_drive)

3rd party and unsupported apps must be disabled before performing a system upgrade. Then find and install theupgraded versions, and after the upgrade is complete re-enable them.

4.6 Installing ownCloud Enterprise Edition on Windows

Please refer to the README document in your account at Customer.owncloud.com account for instructions on installingor upgrading ownCloud Enterprise Edition on a Windows server.

After you have completed your initial installation of ownCloud as detailed in the README, follow the instructions inInstallation Wizard to finish setting up ownCloud.


http://customer.owncloud.com/


Figure 4.1: The ownCloud apps page, which displays installed applications.

Note: While ownCloud will run in any standard PHP environment, including IIS or Apache on Windows, thereare known issues. For the basic sync and share capabilities of ownCloud, Windows web servers (Apache and IIS)will function properly. However, as apps like external storage are added, particularly SMB mounts, and non-Englishcharacters are used in filenames, some of the known Windows and IIS/Apache challenges start to appear as bugs.

ownCloud is not supported on the Internet Server Application Programming Interface (ISAPI).

For these reasons, while ownCloud server will run on Windows, it is not recommended at this time.

4.7 Installation Wizard

When your ownCloud prerequisites are fulfilled and all ownCloud files are installed on the server, the last step isrunning the Installation Wizard. This initiates your database, creates the ownCloud admin user, and sets your datastorage directory.

Point your Web browser to your new ownCloud installation. If you are working directly on your ownCloud server,use https://localhost/owncloud. If you are administering it from a remote PC then use its hostname or IP address, forexample https://example.com/owncloud.

If you are using a self-signed certificate, you will get a security warning about the issuer of the certificate not beingtrusted, which you can ignore.

Then you will be presented with the setup screen:

4.7. Installation Wizard 17

https://localhost/owncloudhttps://example.com/owncloud


4.7.1 Required Settings

First create your admin user and password under Create an admin account. You may use any name andpassword you want.

Next, enter the path to your ownCloud data directory. The default is /var/www/owncloud/data on Red HatEnterprise Linux (RHEL), and /srv/www/owncloud/data on SUSE Linux Enterprise Server (SLES). You mayuse any directory that your HTTP user can read and write to. Make sure that it is outside of your HTTP server root sothat it is not accessible to the world.

Now select the database you want to use. Only the supported database options are presented: MariaDB/MySQL,PostgreSQL, MSSQL, and Oracle Call Interface (OCI). Your database must already be installed on your ownCloudserver. Enter the name and password of the database root user, or any database user that you wish to use that hassufficient permissions to create and manage databases, and enter any name you want for your new ownCloud database.

Leave the hostname at the default localhost. Click the Finish Setup button, and the wizard will create yournew data directory, ownCloud admin user, and your new ownCloud database. When it is finished it will present theownCloud login screen. Enter your new admin login, and it opens your ownCloud Web GUI to the Files page.

4.7.2 Trusted Domains

ownCloud takes the URL used to access the Installation Wizard and inserts it into the config.php file as thetrusted_domain setting. All domain names used to access the ownCloud server must be entered here, becauseonly these domains will allow access to the server. This example allows users to login via localhost, the servers IPaddress, and the servers fully-qualified domain name with a custom port number:

trusted_domains =>array (0 => localhost,1 => ocserver.example.com,2 => 192.168.10.101:8080

),

In the event that a load balancer is in place, there will be no issues, as long as it sends the correct X-Forwarded-Hostheader.

When you try to login to your ownCloud server with a URL that has not been whitelisted in config.php, you willsee this error message:

You are accessing the server from an untrusted domain. Please contact your administrator. If you are anadministrator of this instance, configure the trusted_domain setting in config/config.php. An exampleconfiguration is provided in config/config.sample.php

4.7.3 Setting Stronger Directory Permissions

For hardened security we highly recommend setting the permissions on your ownCloud directory as strictly as possible.These commands should be executed immediately after the initial installation. This example is for Red Hat EnterpriseLinux, using the default directories and Apache user:

chown -R root:root /var/www/owncloud/chown apache:apache /var/www/owncloud/config/config.phpchown -R apache:apache /var/www/owncloud/data/chown root:root /var/www/owncloud/data/.htaccesschown apache:apache /var/www/owncloud/apps/

This example is for SUSE Linux Enterprise Server:

4.7. Installation Wizard 19


chown -R root:root /srv/www/owncloud/chown wwwrun:www /srv/www/owncloud/config/config.phpchown -R apache:apache /srv/www/owncloud/data/chown root:root /srv/www/owncloud/data/.htaccesschown wwwrun:www /srv/www/owncloud/apps/

Your HTTP user must own at least the config/, data/ and apps/ directories in your ownCloud directory sothat you can configure ownCloud, create, modify and delete your data files, and install apps via the ownCloud Webinterface.

You can find your HTTP user in your HTTP server configuration files. Or you can create a PHP page to find it for you.To do this, create a plain text file with a single line in it:

Name it whoami.php and place it in your /var/www/html directory, and then open it in a Web browser, forexample http://localhost/whoami.php. You should see a single line in your browser page with the HTTPuser name. On Ubuntu this is apache.

Note: When using an NFS mount for the data directory, do not change ownership as above. The simple act ofmounting the drive will set proper permissions for ownCloud to write to the directory. Changing ownership as abovecould result in some issues if the NFS mount is lost.

Now your ownCloud installation is complete. Please refer to the Configuration section of this manual to learn how toadminister your ownCloud server.


CHAPTER

FIVE

CONFIGURATION

5.1 Configuring SharePoint Integration

Native SharePoint support has been added to ownCloud 7 Enterprise Edition as a secondary storage location forSharePoint 2007, 2010 and 2013. When this is enabled, users can access and sync all of their SharePoint contentvia ownCloud, whether in the desktop sync, mobile or Web interfaces. Updated files are bi-directionally syncedautomatically. SharePoint shares are created by the ownCloud admin, and optionally by any users who have SharePointcredentials.

The ownCloud SharePoint plugin uses SharePoint document lists as remote storage folders. ownCloud respects Share-Point access control lists (ACLs), so ownCloud sharing is intentionally disabled for SharePoint mountpoints. This isto preserve SharePoint ACLs and ensure content is properly accessed as per SharePoint rules.

The plugin uses the Simple Object Access Protocol (SOAP) and WebDAV for the uploads and downloads to talk toSharePoint servers. Your ownCloud server must have php-soap or php5-soap installed. Most Linux distribu-tions and Windows call the installation package php-soap, though there may be some Linux variants that call itphp5-soap. Starting with ownCloud 7.0.2 EE, Linux packages and ownCloud appliances will install php5-soapas a required dependency.

The supported authentication methods are:

Basic Auth

NTLM (Recomended)

5.1.1 Enabling the SharePoint Plugin

The SharePoint plugin is a native plugin in ownCloud 7 EE, so the first step is to enter the Apps administration pageand enable it.

Next, enter the Admin panel to set up SharePoint connections in the SharePoint Drive Configurationsection.

First, enter your SharePoint Listing credentials. These credentials are not stored in the database, but are usedonly during plugin setup to list the Document Libraries available per SharePoint site.

Global credentials is an optional field. If you fill in this field, these credentials will be used on on allSharePoint mounts where you select: Use global credentials as the Authentication credentials

Enter your ownCloud mount point in the Local Folder Name column. This is the name of the folder thateach user will see on the ownCloud filesystem. You may use an existing folder, or enter a name to create a newmount point

Select who will have access to this mountpoint, by default All users, or a user or a group

21


22 Chapter 5. Configuration


Enter your SharePoint server URL

Then click the little refresh icon to the left of the Document Library field. If your credentials and URL arecorrect youll get a dropdown list of available SharePoint libraries

Select the document library you want to mount

Select which kind of Authentication credentials you want to use for this mountpoint. If you select use customcredentials, you will have to enter the the credentials on this line. Otherwise, the global credentials or theusers own credentials will be used

Click Save, and youre done

Please see Connecting to SharePoint in the User Manual to learn how to use your new SharePoint connec-tions.

5.1.2 Note

Speed up load times by disabling file previews in config.php, because the previews are generated by down-loading the remote files to a temp file. This means ownCloud will spend a lot of time creating previews for allof your SharePoint content. To disable file previews, add the following line to the ownCloud config file found in/owncloud/config/config.php:

enable_previews => false,

5.1.3 Troubleshooting

Global mount points cant be accessed: You have to fill out your SharePoint credentials as User on the personal settingspage, or in the popup menu. These credentials are used to mount all global mount points.

Personal mount points cant be accessed: You have to fill your SharePoint credentials as User on the personal settingspage in case your personal mount point doesnt have its own credentials.

A user cant update the credentials: Verify that the correct credentials are configured, and the correct type, either globalor custom.

5.2 Configuring S3 and OpenStack Swift Objects as Primary Storage

In ownCloud 7 Enterprise Edition, you can configure S3 objects as primary storage. This replacesthe default data directory, which is /var/www/owncloud/data on default Linux installations, andC:\inetpub\wwwroot\owncloud\data on Windows servers. However, you may need to keep the data/directory for these reasons:

The ownCloud log file and the SQLite database are saved in the data directory

Legacy apps may not support using anything but the data/ directory

You can move your logfile by changing its location in config.php, and SQLite is not suitable for enterprise instal-lations. You may still need data/ for backwards compatibility with some apps.

5.2.1 Implications

It is important to note that ownCloud in object store mode will expect exclusive access to the object store container,because it only stores the binary data for each file. The metadata is currently kept in the local database for performancereasons.

5.2. Configuring S3 and OpenStack Swift Objects as Primary Storage 23


The current implementation is incompatible with any app that uses direct file I/O and circumvents the ownCloudvirtual filesystem. That includes Encryption and Gallery. Gallery stores thumbnails directly in the filesystem, andEncryption causes severe overhead because key files need to be fetched in addition to any requested file.

5.2.2 Configuration

Look in config.sample.php for a example configurations. Copy the relevant part to your config.php file.Any objectstore needs to implement \\OCP\\Files\\ObjectStore\\IObjectStore and can be passed pa-rameters in the constructor with the arguments key:

objectstore => array(class => Implementation\\Of\\OCP\\Files\\ObjectStore\\IObjectStore,arguments => array(

...),

),

Amazon S3

The S3 backend mounts a bucket of the Amazon S3 object store into the virtual filesystem. The class to be used isOCA\ObjectStore\S3:

objectstore => array(class => OCA\ObjectStore\S3,

arguments => array(key => yourkey,secret => yoursecret,bucket => your-oc-bucket,

),),

Ceph S3

The S3 backend can also be used to mount the bucket of a ceph object store via the s3 API into the virtual filesystem.The class to be used is OCA\ObjectStore\S3:

objectstore => array(class => OCA\ObjectStore\S3,

arguments => array(key => GEZ550B06Z2ZDB52CT21,secret => 6Vdo7ObSMBlI4TMRw0jpRE75K6qS9QNTk6nBboxP,bucket => devobjectstore,base_url => http://ceph/,hostname => ceph,// you must use this region or the amazon lib will overwrite// the path style when resetting the regionregion => s3-eu-west-1.amazonaws.com

),),

OpenStack Swift

The Swift backend mounts a container on an OpenStack Object Storage server into the virtual filesystem. The class tobe used is \\OC\\Files\\ObjectStore\\Swift:



objectstore => array(class => OC\\Files\\ObjectStore\\Swift,arguments => array(

username => demo,password => password,container => owncloud,autocreate => true,region => RegionOne,url => http://devstack:5000/v2.0,tenantName => demo,serviceName => swift,

),),

5.3 Installing and Configuring the Windows Network Drive App

The Windows Network Drive app creates a control panel on your Admin page for seamless mounting of SMB/CIFSfile shares on ownCloud servers that run on Linux. It does not work on Windows IIS or Windows Apache setups, butonly Linux servers, because it requires the Samba client. (Samba is the free software implementation of the SMB/CIFSnetworking protocol.)

Any Windows file share, and Samba servers on Linux and other Unix-type operating systems use the SMB/CIFS file-sharing protocol. The files and directories on the SMB/CIFS server will be visible on your Files page just like yourother ownCloud files and folders. They are labeled with a little four-pane Windows-style icon, and the left pane ofyour Files page includes a Windows Network Drive filter.

Files are synchronized bi-directionally, and you can create, upload, and delete files and folders. You have the option

5.3. Installing and Configuring the Windows Network Drive App 25


of allowing users to create personal mounts of their own SMB/CIFS shares, and controlling whether they can sharethem.

5.3.1 Installation

Enable the Windows Network Drive app on your ownCloud Apps page. Then there are a few dependencies to install.

You need to install the SMB client on your Linux system. This is included in all Linux distributions; on Debian,Ubuntu, and other Debian derivatives this is smbclient. On Red Hat, CentOS, and other Red Hat derivatives it issamba-client.

You need the ownCloud php5-libsmbclient binary, which you can download from the the ownCloud repo onSUSE Build service.

Alternatively, you may build it from sources, which you can get from github.com/eduardok . Both code and instructionsare there. The source build is called libsmbclient-php, which works fine. Youll need to install some additionaldependencies for the source build. On Debian, Ubuntu, and other Debian derivatives you need:

libsmbclient

libsmbclient-dev

On Red Hat, CentOS, and derivatives:

libsmbclient

libsmbclient-devel

5.3.2 Additional Installation Steps

If your Linux distribution ships with libsmbclient 3.x, you may need to set up the HOME variable in Apacheto prevent a segmentation fault. If you have libsmbclient 4.1.6 and higher it doesnt seem to be an issue, soyou wont have to change your HOME variable.

To set up the HOME variable on Ubuntu, modify the /etc/apache2/envvars file:

unset HOMEexport HOME=/var/www

In Red Hat/CentOS, modify the /etc/sysconfig/httpd file and add the following line to set the HOME variablein Apache:

export HOME=/usr/share/httpd

By default CentOS has activated SELinux, and the httpd process can not make outgoing network connections. Thiswill cause problems with the curl, ldap and sambalibraries. Youll need to get around this in order to make thiswork. First check the status:

getsebool -a | grep httpdhttpd_can_network_connect --> off

Then enable support for network connections:

setsebool -P httpd_can_network_connect 1

In openSUSE, modify the /usr/sbin/start_apache2 file:

export HOME=/var/lib/apache2

Restart Apache, open your ownCloud Admin page and start creating SMB/CIFS mounts.


https://build.opensuse.org/package/show/isv:ownCloud:community:testing/php5-libsmbclient/https://build.opensuse.org/package/show/isv:ownCloud:community:testing/php5-libsmbclient/https://github.com/eduardok/libsmbclient-php/


5.3.3 Admin-created SMB Mounts

When you create a new SMB share you need the login credentials for the share, the server address, the share name,and the folder you want to connect to.

1. First enter the ownCloud mountpoint for your new SMB share. This must not be an existing folder.

2. Then enter which ownCloud users or groups get access to the share

3. Next, enter the address of the server that contains the SMB share

4. Then the Windows share name

5. Then the root folder of the share

You have three options for login credentials:

Global credentials, which are set in the Global credentials fields

Credentials only for this mount, which are set in the fields to the right of the Credentialsdropdown menu

Let users use their credentials requires users to configure their logins on their Personal pages,or enter them the first time they access the share

5.3.4 Personal SMB Mounts

Users create their own personal SMB mounts on their Personal pages. These are created the same way as Admin-created shares. Users have only two options for login credentials:

Use personal credentials, which are entered in the Personal credentials fields.

Use credentials only for this mount, which are entered in the fields to the right of the Creden-tials dropdown menu

5.4 Oracle Database Support

This document will cover the setup and preparation of the ownCloud server to support the use or Oracle as a backenddatabase. For the purposes of testing, we are setting up using Oracle Enterprise Linux as both the web server that willhost ownCloud and as a host for the Oracle Database.

5.4. Oracle Database Support 27


5.4.1 Outline of Steps

This document will cover the following steps:

Setup of the ownCloud user in Oracle: This involves setting up a user space in oracle for setting up the ownClouddatabase.

Installing the Oracle Instant Client on the web server (facilitating the connection to the Oracle Database).

Compiling and installing the Oracle PHP Plugin oci8 module

Pointing ownCloud at the Oracle database in the initial setup process

The document assumes that you already have your Oracle instance running, and have provisioned the needed resources.It also assumes that you have installed ownCloud with all of the prerequisites.

5.4.2 Configuring Oracle

Setting up the User Space for ownCloud

Step one, if it has not already been completed by your DBA (DataBase Administrator), provision a user space on theOracle instance for ownCloud. This can be done by logging in as a DBA and running the script below:

CREATE USER owncloud IDENTIFIED BY password;ALTER USER owncloud DEFAULT TABLESPACE users TEMPORARY TABLESPACE temp QUOTA unlimited ON users;GRANT create session, create table, create procedure, create sequence, create trigger, create view, create synonym, alter session TO owncloud;

Substitute an actual password for password. Items like TableSpace, Quota etc. will be determined by your DBA.

Downloading and Installing the Oracle Instant Client

As was mentioned in the outset of this document, the example in this document involves the Web servers being OracleEnterprise Linux, in this case it is necessary to go to the Oracle site and download the Oracle Instant Client for yourOS Distribution.


http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html


Note: Download the instant client and the instant client SDK and place them in a directory on the server, in thisexample they were RPM packages.

Install the basic client from the RPM. Use the rpm -ivh command

Install the SDK RPM package. Use the rpm -ivh command

At this point, the Oracle Instant client is installed on the ownCloud Host (in the home directory).

Install the OCI8 PHP Extension:

The next step is to compile and install the OCI8 PHP extension for connectivity to the Oracle Database.

Creating a folder for these bits on your server.

Download the latest version of the extension from http://pecl.php.net/package/oci8.

Unpack the OCI8 PHP extension obtained above and copy it over to the server.

There should be two things in the folder:

package.xml file

oci8-*.*.* folder (folder will change based on version of the extension you downloaded).

Build the OCI8 module.

Change (cd) to the folder where you have copied the downloaded and uncompressed OCI8 bits.

Run the following command (there will be a significant amount of output):

pecl build

Eventually the output will stop and ask for the Oracle Home Directory, just press enter.

Change directory:

cd oci8-

Type the following command:

./configure -with-oci8=instantcleint,/usr/lib/oracle//client64/lib

Again, there will be significant output

Enter the following command to compile: make

At this time there should be a folder called modules in the oci8- folder. Within this folderexists the oci8.so file.

Copy this to the directory where the modules are stored in the PHP install. It depends on your distribution. Thisis the path for RHEL 6 and OEL 6:

cp oci8.so /usr/lib64/php/modules

Create an .ini file

Navigate to the php.d directory: cd /etc/php.d

Edit a file called oci8.ini: vi oci8.ini

Make the file look as follows:


http://pecl.php.net/package/oci8


; Oracle Instant Client Shared Objectextension=oci8.so

Save the document

5.4.3 Configure ownCloud

The next step is to configure the ownCloud instance to point to the Oracle Database, again this document assumes thatownCloud has previously been installed.



Configuration Wizard

Database user

This is the user space created in step 2.1. In our Example this would be owncloud.



Database password

Again this is defined in the script from section 2.1 above, or pre-configured and provided to you by your DBA.

Database Name

Represents the database or the service that has been pre-configured on the TSN Listener on the Database Server. Thisshould also be provided by the DBA. In this example, the default setup in the Oracle install was orcl (there is a TSNListener entry for orcl on our database server).

This is not like setting up with MySQL or SQL Server where a database based on the name you give the form is created.The oci8 code will call this specific service and it must be active on the TSN Listener on your Oracle Database server.

Database Table Space

Provided by the DBA. In this example the users table space (as is seen in the user creation script above), was used.

Configuration File

Assuming all of the steps have been followed to completion, The first run wizard should complete and have an oper-ating instance of ownCloud should appear.

The configuration file should look something like this:


Navigate to the Products tab:

5.5. Microsoft IIS and SQL Server Support 33


And install the following by selecting Add next to the instance.

Server

IIS Recommended Configuration

IIS Static Content

IIS Default Document

IIS Directory Browsing

IIS HTTP Errors

IIS HTTP Redirection

IIS CGI

IIS ISAPI Extensions

IIS ISAPI Filters

IIS Server Side Includes

IIS HTTP Logging

IIS Logging Tools

IIS Request Monitor

IIS Tracing



IIS Custom Logging

IIS Client Certificate Mapping Authentication

IIS URL Authorization

IIS Request Filtering

IIS IP Domain Restrictions

IIS Static Content Compression

IIS Dynamic Content Compression

IIS Management Console

IIS Management Scripts and Tools

IIS Management Service

Frameworks

PHP 5.4.14

Windows Cache Extension 1.3 for PHP 5.4

Database

Microsoft Drivers for PHP v5.4 for SQL Server IIS

Tools

PHP Manager for IIS

Installation

Once these selections have been made, click the install button and allow the web platform installer to lay down theneeded code to configure the web server.

Verbs

It is important to enable all verbs in the PHP FastCGI settings in order for the sync to work properly.

In the IIS Management application, double click Handler Mappings.



Then double-click on the PHP FastCGI Settings.

Select Request Restrictions.



Navigate to the Verbs tab and verify that All Verbs is selected.

The following error may appear when this value is set and OK is selected.



The resolution is to put quotes around the exe name as follows.

When prompted to create a FastCGI application, select Yes.

Restart the IIS service to make sure all settings are applied.

5.5.2 Install ownCloud

Once the prerequisites have been installed, the system is ready for the ownCloud installation

To install ownCloud simply copy the ownCloud code to the IIS root directory, change the permissions on the folder tomake sure that the user that IIS will use for access can indeed access the files.

Data directory

Verify the desired storage directory has proper permissions for the user IIS is using to access. For example, if IIS usersanonymous access, the user is webusr. Make certain webusr has access to the directory or share.

Run ownCloud

At this time, ownCloud is installed. Navigate to the ownCloud web interface in the browser and initialize the instance.Select MSSQL option for the database under the Advanced tab. Provide the location for the database server as well asthe login and password for the database.



5.6 Jive Integration

The ownCloud Jive application allows Jive users to access files stored in Jive from a mobile device, tablet, or desktopclient. Users have complete access through ownCloud to upload, edit or download their files.

Jive can be configured as a data storage location for ownCloud, which means files saved in Jive appear in folderswithin ownCloud. Jive remains the system of record while ownCloud acts as a proxy, providing end-to-end file accessfor users at their desks and on the go.

5.6.1 Configuration

The Jive application is installed under the owncloud/apps directory on the server and enabled via the ownCloud adminscreen. This app is only available for ownCloud EE v6 or higher. Go to the ownCloud admin screen section Jivebackend parameters to configure the app to match your Jive server system parameters.

5.6. Jive Integration 39


Parameter Description ValuesHttps Verify the https server certificate. Certificate must be installed on the

system.Checkbox enabled/disable

Authentication Chose the Authentication mechanism to use against Jive basic OR oAuthJive api url URL string pointing to the Jive API Example:

https://mycompany.jiveon.com/api/core/v3/Jive FS mountpoint

Folder where the Jive File share will be mounted String value up to 10characters max

Jive categoryfilter

List of categories that files have to be shown Jive categories list, orblank

Jive categoryseparator

Separator for Jive catagories list Comma by default orany single character

Jive tag filter Tag to use for private stuff in jive Jive tag or blankJive forbiddenextensions

List of forbidden extensionsThese will not be allowed for upload or download with Jive.

Examples include:.exe,.zip

Jive forbiddenextensionsseparator

Use this character to separate the list of extensions Comma by default orany single character

Jive maximumupload filesize

Maximum file size allowed in MB. This includes upload anddownloads.

Numeric value

Jive privatefolder

Folder name for private stuff in Jive String value up to250 characters max

Activate largefile sharing forJive

Enable the large file sharing subsystem. This allows storage of filesthat are too large for Jive to be stored on the ownCloud server andavailable via the ownCloud web, mobile and desktop interfaces.

Checkbox enable/disable

Jive large filesharing FSmount point

Folder where the Jive large sharing File Share will be mounted String value up to 10characters max

Show groups ofwhich you are amember

If this is not checked, the plugin will show all available groups foryou matching the filter, even groups that you are not a member

Enable/disable

5.6.2 Use Cases

The ownCloud Jive plugin can be used in various ways to extend the access to the Jive content across multiple devices.


https://mycompany.jiveon.com/api/core/v3/


Web Client Use Cases

Create a folder in the Jive File Share Web Client folder to create a new Jive Group.

Verify the Group is created in Jive.

Create a new Group in Jive and upload a file to that Group.

Check the Web Client and download the file.

Verify that file is the same as the uploaded file.

Upload a file in the Too Big For Jive folder, and create the link in a Jive document.

Verify that file link is in Jive.

Download the file via the link, and verify it is the same as the uploaded file.

Upload a file to the private My Jive Web Client folder.

Check your Jive content and make sure the file has been uploaded.

Download the file and verify it is the same as the uploaded file.

Mobile Client Use Cases (iOs and Android)

Create a new folder in the Mobile Client to create a new Jive Group.

Upload a file in the Web Client folder, and see that file in the corresponding Jive Group.

Desktop Client Use Cases

Create a folder in the Desktop Client to create a new Jive Group.

Upload a file in the Desktop Client folder, and see that file in the corresponding Jive Group.

The ownCloud folder structure hierarchy matches the Jive Groups the user can access. Sub folders under the JiveGroup folders that are created on the desktop will not sync to ownCloud or Jive because they will not match the JiveGroup view. If a sub folder is created under the Jive Group desktop folder, the desktop client will display an error



that this operation is not allowed. For example; if the folder structure is JiveFileShare/GroupA, any sub folder underGroupA will not be synced to ownCloud or Jive.

5.6.3 Configuring the Jive app

This section explains how each configuration parameter changes the behavior of the app.

Verify https certificate

If your Jive server is under https, it must provide a https certificate when a client connects to it. Curl (the client thatownCloud is using to connect to Jive) usually verify that certificate, but to do that you must somehow supply a CAcert so curl can verify against.

This feature is usually turn off to make the Jive app easier to use, because in this case curl wont verify the certificate,so you dont need to have installed the CA cert. However, turning this off could be a security issue: you could beconnecting to a fake Jive server without notice.

If you want to turn on this feature, you must get the CA cert of the server (check http://curl.haxx.se/docs/sslcerts.html for more information about how you can get the file you need) and install it in your ownCloud server.

In order to know where you should install the CA cert, you can run

curl -v https://yourserver.com/

You should look the output for a line with the CA path:

successfully set certificate verify locations:

CAfile: none

CApath: /etc/ssl/certs

Thats the place where you should install the CA cert.

Once you have installed the CA cert, you should run again the same curl:

curl -v https://yourserver.com/

And look for:

Server certificate:

subject: *****

start date: *******

expire date: *****

subjectAltName: *******

issuer: ******

SSL certificate verify ok.

If the SSL is verified correctly (SSL certificate verify ok.), you just need to activate the checkbox.

Curl usually comes installed with some CA certs by default, so all the previous steps might not be needed. Just checkthat curl can connect to your Jive server, and if so, activate this feature.


http://curl.haxx.se/docs/sslcerts.htmlhttps://yourserver.com/https://yourserver.com/


Authentication mechanism to use against Jive

To be able to access to Jive, the ownCloud plugin needs to use some kind of authentication. At this time, the pluginsupports basic and oAuth authentication.

Basic authentication

In order to use basic authentication, you should take into account the following things:

The credentials used to access to ownCloud must match the ones used to connect to Jive. This means that if youaccess to ownCloud with a user PeterP and password PeterPassword, the same user must exist in Jive withthe same password. Otherwise, the user wont be able to access to Jive.

If the credentials (typically the password) changes in one side, it must change in the other. Youll need to thismanually.

The usage of basic authentication isnt recommended due to the following reasons:

We need to store the password and be able to recover it. Although the password is stored encrypted, this is notstrictly secure.

Passwords are sent to the server in almost plain text. In fact its a base64 encoded string of user and password,but thats all the security the authentication provides.

If you plan to use basic authentication, at least make sure you connect through HTTPS protocol and inside a localLAN if possible.

oAuth authentication

First of all, make sure Jive is prepared to support this authentication.

The usage of this authentication method solves the issue of having the same credentials in both ownCloud and Jiveserver. This means that the ownCloud user PeterP with password PeterPassword can access to the contents ofthe Jive user John with password John007. Its also possible that another ownCloud user AliceK access to thecontents of the Jive user John too at the same time.

Keep in mind that this isnt insecure: any ownCloud user that wants to access to Johns Jive content (following thislittle example) MUST know his Jive password.

If this authentication method is set, we dont store passwords BUT we still need to store some other things. Thesethings are stored in plain text.

These are the steps to make it work (if your Jive server support this authentication):

1. Activate the oAuth authentication in the ownCloud admin settings (just the admin can do this)

2. Go to the ownCloud web interface, in the files app. A popup will appear.

3. Click on the link that appear in the popup

4. Youll get redirected to a Jive page asking for your Jive credentials. If this is not the case, its recommended toclean the browser cache and start again (to point 2) because you might be accessing to Jive with another user.

5. After entering your Jive credentials, you get redirected a page with an activation code. If you entered the wrongcredentials, you might not get redirected to that page. If this is the case click in the link again in the ownCloudpopup (point 3) which will redirect you to the activation code page.

6. Copy the activation code into the ownCloud popup, and click in the send code button. If there is no error,youre done.



WARNING:

Not all the oAuth flows are covered by the plugin. The expiration of the access token is handled automatically by theplugin, so it will request a new access token if needed. HOWEVER, the expiration of the refresh token isnt covered,so the plugin will likely stop working for that user (we wont be able to get more access tokens)

[Ask for info to know how to solve this issue?]

Its very important that the user access to ownCloud through the web interface first, so the user goes through the oAuthflow for the first time (as described with the steps above) to get an access token. Otherwise, the plugin wont get anaccess token and the user wont be able to get the files from Jive.

Jive API URL

Youll need to enter the full URL of the Jive API. This includes the protocol (HTTP or HTTPS) and the port (if any).

An example of API URL could be: https://myjiveserver.com/api/core/v3/

Notice the following things:

You must specify a protocol that is understandable by curl. Under normal circumstances, the protocol is limitedto HTTP or HTTPS.

If your server is under a port different than the 80, youll need to specify it. Take https://jserver.prv:9999/api/core/v3/ as an example

If your server isnt under the root URL, you can also specify the correct path: https://myserver.prv:8888/path/to/jive/api/core/v3/

The API URL should end with /api/core/v3/ (be careful with the slash at the end)

Filters

The Jive plugin comes with a set of filters that the admin can set to filter the content the users can access throughownCloud. The drawback of using filters is that there isnt any performance gain because the filtering is mainly donein the ownCloud side, and even can degrade performance in some cases. Well explain the filters one by one, and tellyou what consequences have each one.

Category filter and separator

You can filter files using one or several categories. This filter applies only to groups and files inside those groups. Yourprivate files wont be affected by this filter.

In order to set this filter, you can provide a list of categories, all in one line. In order to separate the different categories,you must use the separator set in the category separator text box.

Jive category filter : syncWithMe,sync,syncMe

Jive category separator : ,

You can also achieve the same behavior with:

Jive category filter : syncWithMe#sync#syncMe

Jive category separator : #

The plugin will show all groups which have ALL those categories set. If there is a group with any of the categoriesmissing, that group wont be shown. Anyway, you should only need to set one category.


https://myjiveserver.com/api/core/v3/https://jserver.prv:9999/api/core/v3/https://myserver.prv:8888/path/to/jive/api/core/v3/


Its important to notice that, although you can set only one category or leave the text box empty, the category separatorMUST always be set. In fact, you shouldnt need to change the default value of the category separator.

Files shown inside those groups will be also affected by this filter. This means that all the files shown inside thosegroups must have all the categories too.

Files uploaded through ownCloud to those groups will have all the categories set in Jive automatically. If you want toadd more categories to those files, youll need to do it manually through Jive.

The usage of the category filter can degrade the performance a lot. We need to make extra calls to Jive to get thecategories for each group, one extra call per group returned by Jive in the first place. There is also the limitation of nothaving more than 25 categories set per group. Use this filter with extreme caution.

You can disable this filter just by setting the category filter empty. This will prevent the extra call from being made,and will show all available groups.

Tag filter

This filter works only for private files. Files inside groups wont be affected by this filter.

You can only set one tag for the files that will be shown in ownCloud. Make sure you set one of the tags from Jiveas theyre shown there. Its highly recommended to use only lowercase letters to set the tag to prevent possible issueswhen the tag is set in Jive.

The usage of this filter wont alter significantly the performance

Its important to notice that the filter will be applied to all users. Users wont be able to set their own tag to sync theirown files.

This filter can also be disabled by setting the filter empty.

Forbidden extensions filter and separator

This filter is set the same way as the category filter: you provide a list of extensions that are separated by the char setin the separator text box.

Jive forbidden extensions: .exe,.zip,.tar.gz

Jive forbidden extensions separator : ,

You can also achieve the same behavior with:

Jive forbidden extensions: .exe#.zip#.tar.gz

Jive forbidden extensions separator: #

Keep in mind that the filter is performed against the end of the filename, thats why the . is important. Ifyou set exe as a forbidden extension, a file named texe or f1.lexe will be affected by this filter.

You must also take into account that, by using only the filename, we avoid to download the file, so the performanceisnt significantly degraded. On the other hand, we cannot verify that a .png file is what it claims to be.

This filter works for any file, and for uploads and downloads through ownCloud. This means that you wont be ableto upload a file with any of those extensions from onwCloud and the Jive files which have those extensions wont beshown (and consequently they wont be downloaded). Of course, you can still upload the files from Jive (if Jive allowsit) and have them there.



Maximum upload file size

This filter allows you to limit the size of the files that will go through ownCloud. All files uploads and downloads willbe affected by this filter. You wont be able to upload files bigger than the file size limit and the Jive files bigger thanthe limit wont be shown in ownCloud (and consequently they wont be downloaded)

Under normal circumstances, you want to match the limit with the one Jive has. This way you can notify errorsregarding the file size faster because the files wont reach the Jive server, and at the same time you allow the usersto upload up to the maximum limit that Jive allows. (Note: we cant know this limit from ownCloud, so we cantprovide a sensitive default value, plus the value can change among Jive instances. You might need to adjust the valuemanually).

You can also set the limit to a lower value than what its in Jive, so only small files will be delivered from ownCloud.

Show groups of which you are member

Under normal circumstances, you can see all available groups in Jive, including open, member-only and private groups,only secrets groups are outside. Even if youre not a member of those groups, you can still see their contents.

For small Jive installations (less than 100 available groups per user) this is usually enough, and it has an acceptableperformance. However, for larger installations, with more than 500 groups available per user, the performance isdegraded a lot.

For these larger installations, this checkbox comes in handy.

Again, under normal circumstances, its common that a user is member of just a few groups (lets say less than 25)even if there are thousand of groups available that the user can see. It usually makes sense to show the contents of onlythose 25 groups, not every group available.

By activating this checkbox, the user will see only those 25 groups instead of all available groups. This will increasethe performance a lot, specially for larger installations, as long as each user isnt member of too many groups. Anyway,if there are user who are member of too many groups, the performance will still be degraded.

FS mount points

This Jive plugin mounts one (or two) virtual filesystems on the normal one in a transparent way.

From a user point of view, these virtual filesystems appear as new folders inside the root one.

From the settings page, you can change the mount points names. The folders will change accordingly.

Jive FS mount point

The name of the folder that will hold the Jive virtual FS. The name shouldnt collide with any existing name in theroot folder to prevent possible issues. The virtual FS will be mounted inside the root folder of the ownCloud FS.

As said, the contents of the folder will be the groups that the user can access through ownCloud (recheck the filterssection).

Jive private folder

The folder where your private Jive files will be stored. The name of the folder will be the same for all users, althoughthe contents will likely differ.

This private folder will be inside the Jive mount point, as if it were another group.



Files inside this folder will be only visible to you, but they will be stored in Jive. They wont be visible neither forownCloud users nor Jive users.

In order to prevent collisions with other groups, the folder name might be changed automatically by adding (private)to the end of the folder name if its needed .

Large file sharing subsystem

The large file sharing allow you to share files over the Jive limits (typically size limits). You can enable or disable thissubsystem by checking or un-checking the checkbox, and provide the corresponding mount point. Use a non-existentfolder name to prevent issues.

Files inside that folder will be stored inside the ownCloud server. However those files can be shared by link to Jive.

The process is like the following:

1. Upload a file (or folder) inside the large file sharing folder (by default named as Too Big For)

2. Once the file is uploaded, click in the share action, and then click in the Share link checkbox

3. By default the share link will expire after 1 week. You can change the value and / or protect the link by password

4. Click the Submit to Jive button (the name can be changed depending on the actual Jive folder name)

5. A new browser tab should appear with the Jive draft ready to be edited (you might need to enter your Jivecredentials first). The draft will have some predefined text, but you can edit it to your needs. Once you publishthe document, its done.

Notifications

This Jive plugin runs a connectivity check between ownCloud and Jive whenever the web page is loaded. This checkallows you to know some potential issues between the ownCloud Jive connection.

When a potential issue is detected, a notification will be shown, so youll know whats happening.

You can control the time the notification is shown in the notification time for the connectivity check configuration.The time is in seconds.

5.7 Oracle Database Support

This document will cover the setup and preparation of the ownCloud server to support the use or Oracle as a backenddatabase. For the purposes of testing, we are setting up using Oracle Enterprise Linux as both the web server that willhost ownCloud and as a host for the Oracle Database.

5.7.1 Outline of Steps

This document will cover the following steps:

Setup of the ownCloud user in Oracle: This involves setting up a user space in oracle for setting up the ownClouddatabase.

Installing the Oracle Instant Client on the web server (facilitating the connection to the Oracle Database).

Compiling and installing the Oracle PHP Plugin oci8 module

Pointing ownCloud at the Oracle database in the initial setup process



The document assumes that you already have your Oracle instance running, and have provisioned the needed resources.It also assumes that you have installed ownCloud with all of the prerequisites.

5.7.2 Configuring Oracle

Setting up the User Space for ownCloud

Step one, if it has not already been completed by your DBA, provision a user space on the Oracle instance forownCloud. This can be done by logging in as a DBA and running the script below:

CREATE USER owncloud IDENTIFIED BY password;ALTER USER owncloud DEFAULT TABLESPACE users TEMPORARY TABLESPACE temp QUOTA unlimited ON users;GRANT create session, create table, create procedure, create sequence, create trigger, create view, create synonym, alter session TO owncloud;

Substitute an actual password for password. Items like TableSpace, Quota etc. will be determined by your DBA.

Downloading and Installing the Oracle Instant Client

As was mentioned in the outset of this document, the example in this document involves the Web servers being OracleEnterprise Linux, in this case it is necessary to go to the Oracle site and download the Oracle Instant Client for yourOS Distribution.

Note: Download the instant client and the instant client SDK and place them in a directory on the server, in thisexample they were RPM packages.

Install the basic client from the RPM.

owncloudeeadminmanual.pdf

Documents

owncloud server

restoring owncloud

theming owncloud

automatic configuration

mail configuration

configuration 21i5

language configuration

web server