Help for ldap interation

Hi, all, I want to integrate nc with my ldap server, and here is my ldap like:

And I want only user have these two attribute can login nc:
the inetUserStatus is active(in the example is Inacvite)
and the memberOf is CN=JZG,ou=Groups,dc=… just like the example.

So, how can I write the filter?

I write the query string like this:


And in still all users in my ldap server can login to nextcloud(

So, how it the string happen?

PS, when I search the docs, I found this:

There are 4 ( in the string, and 3 ) in it, is this right?


This filter will not do any good.


No such objectclass: InetUserStatus=Active

And I suppose you do not enter the uid as logon name. Probably you would use CN instead…?

1 Like

Thanks. So how can I filter my users in ldap server which:

  • inetUserStatus=Active
  • memberOf=cn=JZG,ou=Groups,Dc=…
    Seems inetUserStatus and memberOf are not objectClass, so where can I using them in ldap plugin?

Hi @baalchina

To filter user group go to Advanced → Directory Settings → Group Search Attributes use

Have no way to test it but I think “inactive users” don’t show in NC.


well, I tried this, in group search attribute, I simplely typed a wrong attribute, like “cn=12345,ou=Groups,dc=nau,dc=edu,dc=cn”, but a new user which have memberOf=cn=JZG,ou=Groups,dc=nau,dc=edu,dc=cn can still login to nc…

how about under the LDAP USER tab use


then run occ ldap:show-remnants to see who has a user but is outside of the NC settings?

I think once users have been created or synced with LDAP they will be allowed to sign in.

Plus, there’s this

Which could be why you can login with a user already in the synced LDAP.

Each attribute in its own bracket.

Under USERS tab:


However this one makes no sense in regards to YOUR setup, as uid is a unique generated UID and not the login username. My bet is that your LDAP logon username is cn.


You should use a dedicated group which can login into nextcloud instead of an attribute.

1 Like