-
I did some experimenting today by setting up a Nextcloud ldap profile to a windows server domain controller via ldap. After Nextcloud connected to the DC, the groups received over LDAP were populated in Nextcloud as expected. Here's a difference I noticed between the Cloudron LDAP server and the Windows DC.
In Nextcloud -> LDAP/AD integration -> tab Groups -> "Only these object classes":
- When connected to the DC, this drop down has an object class named "group", when that is selected, the groups are populated in Nextcloud.
- When connected to the Cloudron LDAP server, this drop down does NOT have an object class named "group", just inetorgperson, organizationalperson, person, top, and user. I did try manually creating the LDAP query for objectclass=group. Nextcloud does get the count of groups correct, however they do not auto populate.
How do we get the Cloudron LDAP server to feed up the "group" object class?
I also noticed that the Server Tab, the Base DN is set to ou=users,dc=cloudron. Since Groups are at ou=groups,dc=cloudron, I would expect the Base DN to just be dc=cloudron as the Base user tree and Base group tree are set in the advanced tab. However when I try to set the Base DN to dc=cloudron, nextcloud does not like the config anymore.
-
I did some experimenting today by setting up a Nextcloud ldap profile to a windows server domain controller via ldap. After Nextcloud connected to the DC, the groups received over LDAP were populated in Nextcloud as expected. Here's a difference I noticed between the Cloudron LDAP server and the Windows DC.
In Nextcloud -> LDAP/AD integration -> tab Groups -> "Only these object classes":
- When connected to the DC, this drop down has an object class named "group", when that is selected, the groups are populated in Nextcloud.
- When connected to the Cloudron LDAP server, this drop down does NOT have an object class named "group", just inetorgperson, organizationalperson, person, top, and user. I did try manually creating the LDAP query for objectclass=group. Nextcloud does get the count of groups correct, however they do not auto populate.
How do we get the Cloudron LDAP server to feed up the "group" object class?
I also noticed that the Server Tab, the Base DN is set to ou=users,dc=cloudron. Since Groups are at ou=groups,dc=cloudron, I would expect the Base DN to just be dc=cloudron as the Base user tree and Base group tree are set in the advanced tab. However when I try to set the Base DN to dc=cloudron, nextcloud does not like the config anymore.
@jfergus1 said in LDAP Group support in Nextcloud:
How do we get the Cloudron LDAP server to feed up the "group" object class?
I think the issue here might be that we don't seem to be setting
objectcategory=groupfor the group objects in the LDAP server. Testing this out now. -
I did some experimenting today by setting up a Nextcloud ldap profile to a windows server domain controller via ldap. After Nextcloud connected to the DC, the groups received over LDAP were populated in Nextcloud as expected. Here's a difference I noticed between the Cloudron LDAP server and the Windows DC.
In Nextcloud -> LDAP/AD integration -> tab Groups -> "Only these object classes":
- When connected to the DC, this drop down has an object class named "group", when that is selected, the groups are populated in Nextcloud.
- When connected to the Cloudron LDAP server, this drop down does NOT have an object class named "group", just inetorgperson, organizationalperson, person, top, and user. I did try manually creating the LDAP query for objectclass=group. Nextcloud does get the count of groups correct, however they do not auto populate.
How do we get the Cloudron LDAP server to feed up the "group" object class?
I also noticed that the Server Tab, the Base DN is set to ou=users,dc=cloudron. Since Groups are at ou=groups,dc=cloudron, I would expect the Base DN to just be dc=cloudron as the Base user tree and Base group tree are set in the advanced tab. However when I try to set the Base DN to dc=cloudron, nextcloud does not like the config anymore.
-
N nebulon referenced this topic on
-
@jfergus1 Just editing the LDAP query directly does the trick.
That said, I don't really know how to make LDAP groups appear in sharing.
-
P perler referenced this topic on
-
@jfergus1 Just editing the LDAP query directly does the trick.
That said, I don't really know how to make LDAP groups appear in sharing.
-
To update this thread, the Nextcloud app required some fixes, see https://git.cloudron.io/cloudron/nextcloud-app/-/commit/ad9adf70f5a6b13ce30ed272c369ae0109b0443d
Once we have released Cloudron version 7.3.0 then groups should as expected in Nextcloud.
Just a heads up though, in order to use groups, they have to be explicitly selected in the LDAP plugin settings UI within Nextcloud.
-
N nebulon marked this topic as a question on
-
G girish has marked this topic as solved on
-
To update this thread, the Nextcloud app required some fixes, see https://git.cloudron.io/cloudron/nextcloud-app/-/commit/ad9adf70f5a6b13ce30ed272c369ae0109b0443d
Once we have released Cloudron version 7.3.0 then groups should as expected in Nextcloud.
Just a heads up though, in order to use groups, they have to be explicitly selected in the LDAP plugin settings UI within Nextcloud.
@nebulon said in LDAP Group support in Nextcloud:
in order to use groups, they have to be explicitly selected in the LDAP plugin settings UI within Nextcloud.
This (and info about taking advantage of LDAP Groups generally) should be added to the docs (I'd go submit a PR myself but I'm on my phone)
-
Groups kinda work but no fully in my experience.
In the list of active users in Nextcloud, I can see users being part of the correct LDAP groups (under the fourth column "Groups"), but when I click on a group in the left hand side column, they're all empty.
Anyone else experiencing this behaviour?
-
D David 0 referenced this topic on
-
To update this thread, the Nextcloud app required some fixes, see https://git.cloudron.io/cloudron/nextcloud-app/-/commit/ad9adf70f5a6b13ce30ed272c369ae0109b0443d
Once we have released Cloudron version 7.3.0 then groups should as expected in Nextcloud.
Just a heads up though, in order to use groups, they have to be explicitly selected in the LDAP plugin settings UI within Nextcloud.
@nebulon said in LDAP Group support in Nextcloud:
Just a heads up though, in order to use groups, they have to be explicitly selected in the LDAP plugin settings UI within Nextcloud.
Please, can you provide the correct query to use? Just using (|(objectclass=group)) validates but shows 0 groups when it should show 11.
Otherwise, is there a way to specify a group to allow users access from?
