I have seen several other posts about this. I am running ldap auth with a local Microsoft AD server and have external storage connected to a NAS .
I would love to add Azure SSO AND have the the SSO logins sync with the existing ldap user accounts so permissions flow to the NAS.
You might want to look at user_saml for this task.
I tried the SSO & SAML (I think this is user_saml?) but it created a new user instead of recognizing the LDAP user is the same account. And the SSO user does not have access to the external storage.
I would be fine with leaving LDAP and only using SSO if I could get the external storage to connect.
I just read this:
The Log-in credentials, save in database (what I am using) mechanism uses the Nextcloud login credentials of the user to connect to the storage. These are stored in the database encrypted with the shared secret. This allows to share files from within this mount point.
- The method cannot be used with SAML/SSO authentication, because Nextcloud does not get a hold of any credentials whatsoever
So maybe this is my problem. I haven’t tried the next option yet:
The User entered, store in database mechanism work in the same way as the “Username and password” mechanism but the credentials need to be specified by each user individually. Before the first access to that mount point the user will be prompted to enter the credentials.
If I set the external storage auth to User entered, store in database, and they enter the credentials, do you think that would be safe solution? Or is there a better auth method for my needs?
I tried User entered, store in database, and it worked after it prompted me for credentials.
But I also needed to add the SSO user to the ‘Available for’ box, and don’t see a way to add a group. It will be too tedious to manage all the users individually.
And the user needs to enter credentials for all the shares which is annoying.
Global Credentials, User Entered seems to fix this issue.
Hopefully there is a better way? Thanks.