Cannot keep OIDC user to local group

ℹ️ Support
,
1
Support intro

Sorry to hear you’re facing problems. :slightly_frowning_face:

The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.

If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.

Getting help

In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.

Before clicking submit: Please check if your query is already addressed via the following resources:

(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can. :heart:

The Basics

  • Nextcloud Server version (e.g., 29.x.x):
    • 31.0.5
  • Operating system and version (e.g., Ubuntu 24.04):
    • Debian 12
  • Web server and version (e.g, Apache 2.4.25):
    • Apache
  • Reverse proxy and version _(e.g. nginx 1.27.2)
    • HAProxy
  • PHP version (e.g, 8.3):
    • 8.2
  • Is this the first time you’ve seen this error? (Yes / No):
    • no
  • When did this problem seem to first start?
    • everytime i try to add an oidc user to a local group
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • replace me
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • no

Summary of the issue you are facing:

We use OpenID connect user backend app to authenticate our users, everyting works but when i add an OIDC user to a local nextcloud group it works only for the time of his session

Steps to replicate it (hint: details matter!):

  1. add an OIDC user to a local nextcloud group (for access to a team folder as example)
  2. give access to the team folder to this group
  3. connect the user
  4. Disconnect the user
  5. Reconnect and see the user is now longer in the local group

if someone has an idea, i want to use local group and be able to add my OpenID user inside
thanks

2

hi @jothoma1 please review your provisioning settings. sounds you activated group provisioning for the users which result in all groups a reset to a value provided by the IdP.

3

Hi @wwe
Thanks for your response, it’s not possible to have both : group provisionning and local group management also ?
thanks again

4

there are some settings - please read the docs. but at the end I don’t think it makes sense to utilize both local and IdP based group management e.g. what should be source of truth in case of conflicts?

1 Like
5

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.