LDAP user filter

Siemanymih · May 27, 2020, 11:17am

Hello everyone.
I have a strong feeling that this can be done, but this does not work.
The point is this. I linked nextcloud to ldap, users who are allowed to log in are selected using the filter:
(& (objectCategory = person) (objectClass = user) (mail = *) (! (userAccountControl: 1.2.840.113556.1.4.803: = 2)) (| (memberOf=CN=blabla, CN=blabla, DC=blabla , DC=local) (memberOf=CN=blabla, CN=blabla, DC=blabla, DC=local)))
Therefore, system accounts do not get there.

I thought that these are all users that the nextcloud “can see”.
It turned out that if you select a user search in the upper right corner, then you can see all the users that were found in ad, including system ones, etc.:

I tried different options in the settings, shoved the filter in all places, and it did not work out to filter the users I needed, which should be displayed in the list.

It would be ideal to apply a filter to LDAP users who appear in the list, but I did not find how to do this, or it is impossible. Maybe someone faced a similar problem and tell me how to implement this?

anon71540698 · May 28, 2020, 3:47am

You don’t need to link to all LDAP users, can just select a group or OU…
It is controlled by your “blabla” parameters
https://docs.nextcloud.com/server/stable/admin_manual/configuration_user/user_auth_ldap.html?highlight=ldap

hartmut001 · May 28, 2020, 8:10am

What is your Base DN?

Siemanymih · May 29, 2020, 12:22pm

This is exactly what I did, in BaseDN I entered the path to the OU I need, but anyway, the list displays the user outside of this OU

Siemanymih · May 29, 2020, 12:24pm

blabla this is exactly the OU that I need, but it is visible to all users of mydomain.local