Inspired by discussion on WordPress Bridge / SSO:
How difficult would it be to add basic LDAP to a personal Nextcloud for maybe 5 - 10 users? Or even less. Not clear on documentation for this, but I’ve heard it described as too difficult to maintain.
Checkout the external user app, there are other interfaces you can use to authenticate users:
https://apps.nextcloud.com/apps/user_external
I wouldn’t run a LDAP server for this.
Single Sign on is more tricky, there is an app but no public documentation:
https://apps.nextcloud.com/apps/user_saml
saml is more tricky than LDAP? I don’t know much about it either.
I have never looked into it, and the official links go to enterprise documentation which is not publicly visible. Not sure if it is tricky or doable, perhaps someone tried that already (I didn’t put any effort in looking for other tutorials).
I believe the notion about LDAP being hard to make work comes from this discussion
https://help.nextcloud.com/t/can-i-create-multiple-users-from-a-text-file
The first time - maybe, but after that it’s easy. Especially considering that many apps capable of using an LDAP/AD user database use a very similar interface… Lots of examples…
SAML in my opinion is definitely more complicated to setup than LDAP…
Here is an interesting guide to setup SSO using the open source privacyIDEA 2FA engine with Keycloak and non-Windows LDAP
https://www.privacyidea.org/versatile-2fa-single-sign-on-with-keycloak-and-privacyidea/
It should work with Nextcloud using SAML/OIDC just as well. Wordpress can be added into the mix…
Unfortunately this kind of “compartmentalized” setup is enterprise territory in Nextcloud-land, including documentation…