Im working on a project to make software for groups to make groups stronger to build a better world bottom up.
I binded. wordpress nextcloud discord and home assistant together.
using a discordauth/LDAP interface when preferred. (I got a discord bot that replicates discord to mysql and LDAP)
there is a discord bot that is a chat agent for home assistant
Home assistant entites can be shown in wordpress or logic can be made.
Wordpress uploads are stored in nextcloud.
I use this for nextcloud over the standard discord oath so that user settings can be changes using LDAP while the user is loged in.
but now i am doing administration work and a password check pops up if im logged in for some time. I intended not using passwords in LDAP at all. forcing a random password. because i use discord auth. Now i made a php script that sets a random password for 5 min and shows the password.
the password is correct in LDAP. but Nextcloud does not accept the password. Does someone know what is going on.
I can hardly follow you explanations but from my experience changing password in LDAP such frequently is not common - so definitely applications would not expect such changes. On the other side I would only expect an application only performs LDAP bind() once during user login to check the current password and later on rely on own logic to maintain the session.
It seems you goal is to prevent applications from knowing the current user password - if this is the key I would review OpenID Connect/OAuth2 - with this protocol applications don’t need to know the user password at all - short-lived access tokens are used and rotation is build into the protocol. The technology is well-known and mature so chances exist all your applications support it and the protocol itself might be better designed/maintained than some self-made implementation.
When a session is connected and authenticated, the cookie and token is then active for as long as the session is active and authentication is not done again, until session expires. This is no different than any other application or web-based service.
Using an LDAP backend, will usually ensure that whenever an authentication attempt is made, it will always check password against the LDAP.
It seems, though, that there is nothing typical about your setup, so I would suggest to use LDAP only as a source for “importing” users and groups and then use OAuth2/OpenID or SAML with a service that can work with your discord bot layer seemlessly. That way, you will not do authentication in Nextcloud and even in your LDAP directly, hence you will be “safe” from random re-auths.
I DONT WANT PASSWORD. I use discord oath how hard is that to understand.
I use discord/LDAP the same way kerberous/LDAP is used and that is a very practical approach.
First of all, then if you think that just because none of us has so far understood 1: the context (you have not filled in the support template. You have not added anything remotely usefull to understand how and what you do other than vague hints.) is not really context and thus we have nothing to go with. 2: Your post are not structured in a way that a descriptive format apparently has made any sense to us - that it certifies you to be that disrespectfull, it is all on you. I am out of this thread.
To be clear - and with that answer you sent me I should not be helping you anymore - then everytime you do ADMINISTRATIVE tasks, Nextcloud WILL ask for your password. This is for security reasons, and usually you would use the build in Admin user - which is NOT in your LDAP hence is a local-only user with a local password. In a federation scenario especially, you will need to have a local password (an app password can be used…!) if you are using a federated user as administrator. This is unavoidable.