LDAP Authenticated Bind uid as User DN without special LDAP search user

Hi,

how is it possible to use the user id which is logging in as the User DN instead of using a special user for nextcloud?

Like the auth method LDAP_AUTH=“user” for
https://docs.bigbluebutton.org/greenlight/gl-config.html#ldap-auth

Uses the user’s own credentials to search for his data, enabling authenticated login to LDAP without the need for a user with global read privileges.

https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html

User DN:
The name as DN of a user who has permissions to do searches in the LDAP directory. Leave it empty for anonymous access. We recommend that you have a special LDAP system user for this.
Example: uid=nextcloudsystemuser,cn=sysusers,dc=my-company,dc=com

I would want to use the uid of the user who is logging in instead of nextcloudsystemuser.

Kind Regards,

I think you misunderstood something, can you explain more clearly what you want?
The field you copied is for filling the DN to use for Nextcloud to connect to your LDAP and make searches. It is not what users will use to connect to Nextcloud.

I want that the user id is used as Bind DN by Nextcloud. So that there is no special user for the application(Nextcloud) which has access to all LDAP entries.
Instead a LDAP user can query only its own LDAP entry.
I know this is a special setup, but there are Applications like BigBlueButton and Gitea which support that setup out of the box.

This is not possible with Nextcloud, it needs to pre-fetch user list and group membership.
The existing ldap user backend caches a lot of stuff in DB and is not designed in a way that would make what you want easy to implement.

Also, in your setup does it mean each user is allowed to list other users in the ldap? Otherwise how could a user share with other Nextcloud users?
It would also mean depending on who logged in Nextcloud would not see the same list of users, with no way of knowing if a missing user was deleted or is just not visible by current user. Seems quite complicated to handle, I would be interested to see how Gitea manage it.