How to Force LDAP Update to Get a New User ASAP?

I’m writing a tool that automates the creation of folders and sharing them with users. The users in my system are defined in an LDAP. The integration of LDAP into Nextcloud works already.

However, I run into a problem: when I create a new user in the LDAP, it takes a good while until Nextcloud notices that this user exists. To my understanding, the user needs to login first, or Nextcloud checks the LDAP once a day or so… (Source: User authentication with LDAP — Nextcloud latest Administration Manual latest documentation)

Is there any way how I can force Nextcloud to lookup the user in the LDAP or trigger updating the LDAP on demand?

This is exactly how it’s documented:

The LDAP backend will update user information that is used within Nextcloud with the values provided by the LDAP server. For instance these are email, quota or the avatar. This happens on every login, the first detection of a user from LDAP and regularly by a background job.
The interval value determines the time between updates of the values and is used to avoid frequent overhead, including time-expensive write actions to the database.
The interval is described in seconds and it defaults to 86400 equalling a day. It is not a per-configuration option.

did you try setting a lower value?

I’m aware of this option. But - at least from my understanding - I fear it won’t help me. The idea is to create a script that

  • creates a user in the LDAP
  • immediately shares folders with that user in Nextcloud

OK; I could set the LDAP refresh rate to 30 minutes and the second part of the script has a timeout >30 minutes … But probably there’s an option to remotely trigger the refresh.

An option that just came into my mind is that the script logs in as the new user which also might trigger Nextcloud to query the LDAP. Need to test this tomorrow…

I got your request but didn’t spend time into searching as adjustable sync cycle sounds good enough for me. Don’t forget implications described in the docs - without knowing implementation details it could be “dangerous” to initiate sync for thousands of users just because you created new one… depending on the infrastructure a sync cycle might cause high load on the components. If you know what you are doing just run the sync often enough…

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.