How to Import / synchronize a group of Cloudron's users to Nextcloud ?
-
Hi everyone, sorry if my question has already been answered. It's about moving from LDAP to OIDC user authentication and user list provisioning.
I want to synchronise Nextcloud's user list with a group of Cloudron's users. The users are members of the group "abc" in Cloudron. This group has access to the Nextcloud application.
OIDC "Login with Cloudron" already works for these users. Users will appear in the Nextcloud user list when they manually log in to Nextcloud for the first time.
Many users have not yet logged in. Is there a way to import/synchronise Nextcloud's user list with the members of "abc" group one before they log in for the first time? I would like to add them to Nextcloud's groups and shared folders to set everything up beforehand.
I understand it may be related to the Cloudron provider extra setting in NextCloud OIDC app, but what should be the correct syntax?
Thanks a lot for your support.
Best wishes -
The answer may be related to this ?
https://github.com/nextcloud/user_oidc?tab=readme-ov-file#pre-provisioning
Second question : If only using Cloudron OIDC to login to Nextcloud is it possible to remove the email / login field on the login screen windows (to avoid confusion) and if yes how ?
-
Since OpenID does not have a good way to list users who have access to resources (in this case apps) We likely can't support some automatic pre-provisioning based on that from a platform side. Users have to login once to create the user record within the app.
If some pre-provisioning is required, I guess one has to write some custom script calling the Nextcloud API as they suggest in their docs which you have linked.
The alternative would be to keep ldap for user sync around, but I am not sure how well this will be supported in the future. Already there is a warning icon in the nextcloud docs for that.
All in all I am not sure if we do us any favor here to automate that, especially given that most apps behave that way that one needs to login once.
-
@osobo for hiding the login form, see https://forum.cloudron.io/topic/13188/nextcloud-oidc-integration
@joseph Thanks. I've added the code below in Nextcloud's config.php and it works fine.
'social_login_auto_redirect' => true, 'hide_login_form' => true,Now I just wish to know if there is a way to remove or change the default text on the login window (?)
"The Nextcloud login form is disabled. Use another login option if available or contact your administration."
No big deal if not possible.
Best wishes -
@joseph Thanks. I've added the code below in Nextcloud's config.php and it works fine.
'social_login_auto_redirect' => true, 'hide_login_form' => true,Now I just wish to know if there is a way to remove or change the default text on the login window (?)
"The Nextcloud login form is disabled. Use another login option if available or contact your administration."
No big deal if not possible.
Best wishes@osobo Pretty sure that's hardcoded. But you can simply bypass the screen by running
occ config:app:set --value=0 user_oidc allow_multiple_user_backendsin the terminal -
@osobo Pretty sure that's hardcoded. But you can simply bypass the screen by running
occ config:app:set --value=0 user_oidc allow_multiple_user_backendsin the terminal -
@andreasdueren That worked. Thank you for your help!
@madrush no problem
-
Amazing—this is a huge help @andreasdueren! It really improves the user experience. I'd love to see this kind of direct login option on more Cloudron apps, without the confusion of multiple options. Maybe this should be added to the official docs?
-
@osobo Pretty sure that's hardcoded. But you can simply bypass the screen by running
occ config:app:set --value=0 user_oidc allow_multiple_user_backendsin the terminal@andreasdueren said in How to Import / synchronize a group of Cloudron's users to Nextcloud ?:
@osobo Pretty sure that's hardcoded. But you can simply bypass the screen by running
occ config:app:set --value=0 user_oidc allow_multiple_user_backendsin the terminalI was wondering exactly what that'd do and so I gave it a go...
In short:
-
If you're logged into your Cloudron in the same browser session -> completely bypasses the need to login and you just arrive into Nextcloud - great!
-
If you're not logged into your Cloudron you end up at a Cloudron login screen a bit like this:
-
-
@andreasdueren said in How to Import / synchronize a group of Cloudron's users to Nextcloud ?:
@osobo Pretty sure that's hardcoded. But you can simply bypass the screen by running
occ config:app:set --value=0 user_oidc allow_multiple_user_backendsin the terminalI was wondering exactly what that'd do and so I gave it a go...
In short:
-
If you're logged into your Cloudron in the same browser session -> completely bypasses the need to login and you just arrive into Nextcloud - great!
-
If you're not logged into your Cloudron you end up at a Cloudron login screen a bit like this:
@jdaviescoates said in How to Import / synchronize a group of Cloudron's users to Nextcloud ?:
@andreasdueren said in How to Import / synchronize a group of Cloudron's users to Nextcloud ?:
@osobo Pretty sure that's hardcoded. But you can simply bypass the screen by running
occ config:app:set --value=0 user_oidc allow_multiple_user_backendsin the terminalI was wondering exactly what that'd do and so I gave it a go...
In short:
-
If you're logged into your Cloudron in the same browser session -> completely bypasses the need to login and you just arrive into Nextcloud - great!
-
If you're not logged into your Cloudron you end up at a Cloudron login screen a bit like this:
One downside: preview links in Signal/ WhatsApp etc become OpenID Connect Error
:
-
