Hi, all, I want to integrate nc with my ldap server, and here is my ldap like:
And I want only user have these two attribute can login nc:
the inetUserStatus is active(in the example is Inacvite)
and the memberOf is CN=JZG,ou=Groups,dc=… just like the example.
So, how can I write the filter?
I write the query string like this:
And in still all users in my ldap server can login to nextcloud(https://docs.nextcloud.com/server/25/admin_manual/configuration_user/user_auth_ldap.html).
So, how it the string happen?
PS, when I search the docs, I found this:
There are 4 ( in the string, and 3 ) in it, is this right?
This filter will not do any good.
No such objectclass: InetUserStatus=Active
And I suppose you do not enter the uid as logon name. Probably you would use CN instead…?
Thanks. So how can I filter my users in ldap server which:
Seems inetUserStatus and memberOf are not objectClass, so where can I using them in ldap plugin?
To filter user group go to Advanced → Directory Settings → Group Search Attributes use
Have no way to test it but I think “inactive users” don’t show in NC.
well, I tried this, in group search attribute, I simplely typed a wrong attribute, like “cn=12345,ou=Groups,dc=nau,dc=edu,dc=cn”, but a new user which have memberOf=cn=JZG,ou=Groups,dc=nau,dc=edu,dc=cn can still login to nc…
how about under the LDAP USER tab use
occ ldap:show-remnants to see who has a user but is outside of the NC settings?
I think once users have been created or synced with LDAP they will be allowed to sign in.
Plus, there’s this https://docs.nextcloud.com/server/25/admin_manual/configuration_user/user_auth_ldap.html#attribute-update-interval
Which could be why you can login with a user already in the synced LDAP.
Each attribute in its own bracket.
Under USERS tab:
However this one makes no sense in regards to YOUR setup, as uid is a unique generated UID and not the login username. My bet is that your LDAP logon username is cn.
You should use a dedicated group which can login into nextcloud instead of an attribute.