mirror/lldap
1
0
Fork 0
mirror of https://github.com/nitnelave/lldap.git synced 2023-04-12 14:25:13 +00:00
Code Issues Projects Releases Wiki Activity

Updated users to nextcloud_users, small grammar changes in oidc file.

Browse Source
This commit is contained in:
Norm Rasmussen 2022-11-14 16:10:22 -05:00
parent d6aeb0ab99
commit 18e4bac6b2
2 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
example_configs/nextcloud.md
View File

@ -5,9 +5,10 @@
This example is using following users & groups in lldap :
* A technical user (ex: `ro_admin`), member of `lldap_strict_readonly` or `lldap_password_manager`
* A group called `users`. Note: This is _not_ the same as the `Users` designation in the LLDAP Web UI. This must be a whole new group that you've created and called `users`.
* Members of `users` group will be authorized to log in Nextcloud (eg neither `admin` nor `ro_admin`, who are part of the `lldap_strict_readonly` or `lldap_password_manager` group.)
* A catch-all group called `nextcloud_users`. Note: This is _not_ the same as the `Users` designation in the LLDAP Web UI. This must be a whole new group that you've created and called `nextcloud_users`.
* Members of `nextcloud_users` group will be authorized to log in Nextcloud.
* Some "application" groups, let's say `friends` and `family`: users in Nextcloud will be able to share files and view people in dynamic lists only to members of their own group(s).
* Users in 'family' and 'friends' should also be users in 'nextcloud_users' group!
If you plan on following this tutorial line-by-line, you will now have the following:
* 6 groups:
@ -16,11 +17,13 @@ If you plan on following this tutorial line-by-line, you will now have the follo
3. `friends`
4. `lldap_strict_readonly`
5. `lldap_password_manager`
6. `admin`
6. 'lldap_admin'
7. `admin`
* 1 admin user in one or both of the following groups:
1. `lldap_password_manager`
2. `lldap_strict_readonly`
* (Atleast) 1 user in the `users` group
3. `lldap_admin`
* (Atleast) 1 user in the `nextcloud_users` group
* (Optional) Any number of users in the `friends` or `family` group.
## Nextcloud config : the cli way
@ -45,8 +48,8 @@ occ ldap:set-config s01 ldapBaseUsers "dc=example,dc=com"
occ ldap:set-config s01 ldapBaseGroups "dc=example,dc=com"
occ ldap:set-config s01 ldapConfigurationActive 1
occ ldap:set-config s01 ldapLoginFilter "(&(objectclass=person)(uid=%uid))"
# EDIT: users group, contains the users who can login to Nextcloud
occ ldap:set-config s01 ldapUserFilter "(&(objectclass=person)(memberOf=cn=users,ou=groups,dc=example,dc=com))"
# EDIT: nextcloud_users group, contains the users who can login to Nextcloud
occ ldap:set-config s01 ldapUserFilter "(&(objectclass=person)(memberOf=cn=nextcloud_users,ou=groups,dc=example,dc=com))"
occ ldap:set-config s01 ldapUserFilterMode 0
occ ldap:set-config s01 ldapUserFilterObjectclass person
occ ldap:set-config s01 turnOnPasswordChange 0
@ -95,10 +98,7 @@ We want only users from the `users` group to be allowed to log in Nextcloud :
(&(objectclass=person)(memberOf=cn=users,ou=groups,dc=example,dc=com))
```
_Note:_ The `cn=users` section of the LDAP query is the group you setup at the begining of this tutorial! It is _not_ the users section as seen in the LLDAP web ui. If you're using different group names in LLDAP, be sure to update the `cn=` to the appropriate group name.
![login configuration page](images/nextcloud_loginfilter.png)
You can check with `Verify settings and count users` that your filter is working properly (here your accounts `admin` and `ro_admin` will not be counted as users).
### Login attributes

6
example_configs/nextcloud_oidc_authelia.md
View File

@ -4,9 +4,9 @@ Set up Authelia according to it's [documentation](https://www.authelia.com/overv
## LLDAP
Set up [LLDAP (Light Lightweight Directory Access Protocol](https://github.com/nitnelave/lldap) according to its standard documentation.
Set up [LLDAP](https://github.com/nitnelave/lldap) according to its standard documentation.
Add a group and note the name you use. For this tutorial, we're using the group `users`. Create a new user and add it to the `users` group.
Add a group and note the name you use. For this tutorial, we're using the group `users`. Create a new user and add it to the `nextcloud_users` group.
#### Optional:
Once setup, add an admin or config user and add to the `lldap_strict_readonly` group. This will be the config account used for Nextcloud to read your groups and users from the server.
@ -23,7 +23,7 @@ Login to your Nextcloud instance as an admin. Setup an LDAP server connection ac
Next, navigate to the `Apps` section.
[![nextcloud_apps.png](images/nextcloud_apps.png)
![nextcloud_apps.png](images/nextcloud_apps.png)
Search for the Nextcloud app [Social Login](https://apps.nextcloud.com/apps/sociallogin). Enable the app.