Currently using Active Directory as a user back end, but wish to move to LLDAP. I have LLDAP setup and working with Nextcloud, but users in LLDAP are treated as new in Nextcloud. Does anyone have any guidance how I can use LLDAP but maintain the user mapping? Presumably I need to update some anchor attribute in Nextcloud somewhere?
This article may have the answer for me, but disappointingly is behind a paywall - appears you must be a customer to read it: Migrating to another LDAP server
I don’t know if this is safe or not, but I did the following to get this working without issue (apparently). Note that my install is small and at home so I just logged in with the duplicate accounts to get the appropriate
ldap_dn_hash values, but you could get these yourself from the new LDAP server to script this out (hash is S256). Credit to: LDAP Migration with different DN - Support - Nextcloud community. Users in the old and new LDAP server have the same username/uid/sAMAccountName/etc.
If the users on the new LDAP server have logged in, they will have accounts created in the
oc_ldap_user_mapping table. We need to replace some values in the
ldap_dn_hash fields as they have
UNIQUE KEY constraints - this step isn’t required if the users have not logged in from the new server:
UPDATE oc_ldap_user_mapping SET directory_uuid = 'TEMP_<new ldap server directory_uuid>', ldap_dn_hash = '_<new ldap server ldap_dn_hash (remove first charater due to field length constraint)>' WHERE owncloud_name = 'erin_<random int for new directory user>';
We can then populate the entries for the old LDAP server with the new server details:
UPDATE oc_ldap_user_mapping SET ldap_dn = '<new ldap server dn>', directory_uuid = '<new ldap server directory_uuid>', ldap_dn_hash = '<new ldap server ldap_dn_hash>' WHERE owncloud_name = '<username>';