I have NextCLOUD running nicely in a freebsd jail on our FreeNAS, everything is going well but i am finding it hard to get the the LDAP module to do what i need. We are an Apple shop and our identity management is all through apple “Open Directory” as you probably know, in its wisdom Apple does not include the overlay that gives us memberOf and group membership is listed by memberUid. The users who will be allowed to use the NextCLOUD service are in an (apple) group, from the command line on our NC server i can query the LDAP server and get the members of the group… but i am stuck getting from this command line success into getting the settings in the UI to get nexcloud limiting access to users in the group in OD.
SO
ldapsearch -h 10.0.100.23 -x -b "dc=ldap,dc=org,dc=tld" "(cn=ncusers)" memberUid
gives me
"# extended LDIF
#
# LDAPv3
# base <dc=ldap,dc=org,dc=tld> with scope subtree
# filter: (cn=ncusers)
# requesting: memberUid
#
# ncusers, groups, ldap.domain.tld
dn: cn=ncusers,cn=groups,dc=ldap,dc=org,dc=tld
memberUid: oneuser
memberUid: twouser
memberUid: threeuser
memberUid: fouruser
# search result
search: 2
result: 0 Success
I CAN get it to use our whole userbase and so have done that for testing purposes, but this memberOf / memberUid issue is annoying me - i do not want to mess with the Apple Open Directory LDAP server.
I would be very grateful for any pointers on this issue.
FreeBSD 11.2-STABLE + NextCloud stable version: 15.0.2