If you'd like to authenticate your Nextcloud users to an OpenLDAP server, the task is made easy, thanks to a handy Nextcloud app.
Why not make this a much more efficient dance and have Nextcloud communicate with OpenLDAP, so that all those users in your LDAP directory can log into Nextcloud (without you providing them with a local Nextcloud account)? It makes an outstanding combination that any Nextcloud admin should leverage.
I'm going to walk you through the process of setting this up.
SEE: Disaster recovery and business continuity plan (Tech Pro Research)
What you need
I'm going to demonstrate this process using the latest release of Nextcloud (15), running on a Ubuntu Server 18.04 host. You don't have to work with Ubuntu 18.04, but you do need a recent release of Nextcloud up and running. Also, I'll demonstrate OpenLDAp running on a Ubuntu 18.04 server. I'll assume you have both Nextcloud and OpenLDAP up and running (See: How to install OpenLDAP on Ubuntu 18.04).
Install the lone dependency
Before you install the Nextcloud LDAP app on your Nextcloud server, there is a lone dependency that must be installed. Log into that machine and issue the command:
sudo apt-get install php-ldap -y
Once that installation completes, you'll want to restart Apache with the command:
sudo systemctl restart apache2
With that out of the way, let's get to work on Nextcloud.
Installing the app
Log into your Nextcloud instance with an admin user and click on the profile image in the upper right corner. From that pop-up menu, select Apps. In the Search bar (at the top of the page), type LDAP. You should see an entry appear (Figure A).
Click the Enable button and the app will be downloaded and installed.
The LDAP connection needs to be configured. Click on your profile image once again and select Settings. From the left navigation, click LDAP/AD Integration. In the resulting window (Figure B), type the IP address of your OpenLDAP server and then click the Detect Port.
The LDAP port should auto-populate. Once that happens, you can then type the DN of your OpenLDAP server. You will need to include a user that has permission to search the directory (such as admin), and the form of the address will be cn=admin,dc=example,dc=com. Next type the password for the OpenLDAP admin user and click Save Credentials. Next click the Detect Base DN button. Once that auto-populates, click the Test Base DN. Everything should test out so far. Click the Continue button to move to the Users tab.
In the LDAP Users tab (Figure C), make sure inetOrgPerson is selected from the Only these object classes dropdown.
Click Verify settings and count users. You shouldn't see any errors at this point. Click Continue to move to the Login Attributes tab (Figure D).
In the Login Attributes tab, type a username found on your OpenLDAP server (in the Test Loginname text area) and click the Verify settings button. You should see a pop-up notification at the top of the Nextcloud window stating that the user was found. Click Continue to move to the final tab, Groups.
In the final tab (Figure E), you'll need to choose Select object classes from the Only these object classes dropdown and then select the correct LDAP group from the Only from these groups dropdown. The groups dropdown should populate with the groups found on your OpenLDAP server. Make sure to select the correct group that you want to include for login purposes.
At this point, the connection between Nextcloud and OpenLDAP is ready to test. Log out from your Nextcloud instance and log in as a user found on your OpenLDAP directory. Nextcloud should log you in and you're ready to work.
You now have Nextcloud authenticating users from your OpenLDAP directory. Even though those users are found on a remote server, you can still control certain aspects of their Nextcloud accounts (such as roles, quotas, groups, etc.). Just log in as your Nextcloud admin user, click your user profile, click Users, and then configure those users as needed.
- How to create a Kanban Board in Nextcloud (TechRepublic)
- How to install and connect the new Nextcloud desktop client (TechRepublic)
- How to configure SMTP for Nextcloud (TechRepublic)
- How to use App Bundles on Nextcloud (TechRepublic)
- Nextcloud 14 rolls out with two major security features (ZDNet)
- Executive's guide to the software defined data center (TechRepublic download)
- The data center is dead: Here's what comes next (ZDNet)
- DevOps: More must-read coverage (TechRepublic on Flipboard)