Updated users to nextcloud_users, small grammar changes in oidc file.

This commit is contained in:
Norm Rasmussen 2022-11-14 16:10:22 -05:00
parent d6aeb0ab99
commit 18e4bac6b2
2 changed files with 14 additions and 14 deletions

View File

@ -5,9 +5,10 @@
This example is using following users & groups in lldap :
* A technical user (ex: `ro_admin`), member of `lldap_strict_readonly` or `lldap_password_manager`
* A group called `users`. Note: This is _not_ the same as the `Users` designation in the LLDAP Web UI. This must be a whole new group that you've created and called `users`.
* Members of `users` group will be authorized to log in Nextcloud (eg neither `admin` nor `ro_admin`, who are part of the `lldap_strict_readonly` or `lldap_password_manager` group.)
* Some "application" groups, let's say `friends` and `family`: users in Nextcloud will be able to share files and view people in dynamic lists only to members of their own group(s).
* A catch-all group called `nextcloud_users`. Note: This is _not_ the same as the `Users` designation in the LLDAP Web UI. This must be a whole new group that you've created and called `nextcloud_users`.
* Members of `nextcloud_users` group will be authorized to log in Nextcloud.
* Some "application" groups, let's say `friends` and `family`: users in Nextcloud will be able to share files and view people in dynamic lists only to members of their own group(s).
* Users in 'family' and 'friends' should also be users in 'nextcloud_users' group!
If you plan on following this tutorial line-by-line, you will now have the following:
* 6 groups:
@ -16,11 +17,13 @@ If you plan on following this tutorial line-by-line, you will now have the follo
3. `friends`
4. `lldap_strict_readonly`
5. `lldap_password_manager`
6. `admin`
6. 'lldap_admin'
7. `admin`
* 1 admin user in one or both of the following groups:
1. `lldap_password_manager`
2. `lldap_strict_readonly`
* (Atleast) 1 user in the `users` group
3. `lldap_admin`
* (Atleast) 1 user in the `nextcloud_users` group
* (Optional) Any number of users in the `friends` or `family` group.
## Nextcloud config : the cli way
@ -45,8 +48,8 @@ occ ldap:set-config s01 ldapBaseUsers "dc=example,dc=com"
occ ldap:set-config s01 ldapBaseGroups "dc=example,dc=com"
occ ldap:set-config s01 ldapConfigurationActive 1
occ ldap:set-config s01 ldapLoginFilter "(&(objectclass=person)(uid=%uid))"
# EDIT: users group, contains the users who can login to Nextcloud
occ ldap:set-config s01 ldapUserFilter "(&(objectclass=person)(memberOf=cn=users,ou=groups,dc=example,dc=com))"
# EDIT: nextcloud_users group, contains the users who can login to Nextcloud
occ ldap:set-config s01 ldapUserFilter "(&(objectclass=person)(memberOf=cn=nextcloud_users,ou=groups,dc=example,dc=com))"
occ ldap:set-config s01 ldapUserFilterMode 0
occ ldap:set-config s01 ldapUserFilterObjectclass person
occ ldap:set-config s01 turnOnPasswordChange 0
@ -95,10 +98,7 @@ We want only users from the `users` group to be allowed to log in Nextcloud :
(&(objectclass=person)(memberOf=cn=users,ou=groups,dc=example,dc=com))
```
_Note:_ The `cn=users` section of the LDAP query is the group you setup at the begining of this tutorial! It is _not_ the users section as seen in the LLDAP web ui. If you're using different group names in LLDAP, be sure to update the `cn=` to the appropriate group name.
![login configuration page](images/nextcloud_loginfilter.png)
You can check with `Verify settings and count users` that your filter is working properly (here your accounts `admin` and `ro_admin` will not be counted as users).
### Login attributes

View File

@ -4,9 +4,9 @@ Set up Authelia according to it's [documentation](https://www.authelia.com/overv
## LLDAP
Set up [LLDAP (Light Lightweight Directory Access Protocol](https://github.com/nitnelave/lldap) according to its standard documentation.
Set up [LLDAP](https://github.com/nitnelave/lldap) according to its standard documentation.
Add a group and note the name you use. For this tutorial, we're using the group `users`. Create a new user and add it to the `users` group.
Add a group and note the name you use. For this tutorial, we're using the group `users`. Create a new user and add it to the `nextcloud_users` group.
#### Optional:
Once setup, add an admin or config user and add to the `lldap_strict_readonly` group. This will be the config account used for Nextcloud to read your groups and users from the server.
@ -19,11 +19,11 @@ Once setup, add an admin or config user and add to the `lldap_strict_readonly` g
* **Client ID:** nextcloud
* **Client Secret:** nextcloud_client_secret
Login to your Nextcloud instance as an admin. Setup an LDAP server connection according to [LLDAP's Documentation](https://github.com/nitnelave/lldap/blob/main/example_configs/nextcloud.md).Once your configuration is setup and Nextcloud doesn't show any errors, you can move onto the next step. It's also a good idea to test this by logging into your Nextcloud instance with your LLDAP credentials. OpenID Connect won't work if you don't first have this working.
Login to your Nextcloud instance as an admin. Setup an LDAP server connection according to [LLDAP's Documentation](https://github.com/nitnelave/lldap/blob/main/example_configs/nextcloud.md). Once your configuration is setup and Nextcloud doesn't show any errors, you can move onto the next step. It's also a good idea to test this by logging into your Nextcloud instance with your LLDAP credentials. OpenID Connect won't work if you don't first have this working.
Next, navigate to the `Apps` section.
[![nextcloud_apps.png](images/nextcloud_apps.png)
![nextcloud_apps.png](images/nextcloud_apps.png)
Search for the Nextcloud app [Social Login](https://apps.nextcloud.com/apps/sociallogin). Enable the app.