Currently, I’m trying to migrate to LDAP. I’d like to keep the existing users and this seems to be a kind of an issue. By default, nextcloud creates new nextcloud users for all these LDAP users. I’m on nextcloud 12.
Starting point
I’m running nextcloud 12. I’m using the default setup (more or less). I have a couple of users within nextcloud and they share a couple of files and calendars. The password is stored within nextcloud.
Goal
I’d like to keep most of the setup, I only want to authenticate against a LDAP server.
Default Behavior
When activating LDAP, the LDAP users tend to create new nextcloud accounts. Within these, the existing files and calendars don’t show up. Pretty bad…
“My Way”
Here is what I found out:
- Within LDAP, the field “uid” has the same value as the user name in nextcloud. For example, I do login with the user name “ernie” and within LDAP, the field “uid” has the value “ernie”
- I map the field “uid” to the internal username within the expert tab of the LDAP integration
- Next, I delete the records from oc_users
- Finally, I look at the user list within nextcloud
So far, things look pretty OK. Logging in with the LDAP password gives me the same group set as before.
Hopefully, things go on smoothly.
Questions
- Has someone experience with this kind of migration?
- Do I have a chance to reach my goals?
Thanks + best regards, Uli
More Details
OS … actions related to the operating system, NC … actions related to nextcloud, DB … actions related to the database
- LDAP: Make sure you have a field within LDAP which’s value contains the login names of your NC users
(for me, this is the field “uid”) - OS: Do a backup
- OS: Install the php ldap package: php7.0-ldap
- NC: Create an admin user who isn’t in LDAP - “uli-admin”
- NC: Login using this user
- NC: Activate the LDAP/AD integration
- NC: Configure the LDAP/AD integration
- NC: LDAP/AD integration expert:
- Internal username - internal attribute of user: uid
- Delete LDAP user relations
- Delete LDAP group relations
- DB: Delete all users from table “oc_users” except “uli-admin”
- NC: Show user list -> OK
- NC: Do a login with a LDAP user -> OK
Nextcloud - LDAP - Server
Nextcloud - LDAP - User
Nextcloud - LDAP - Login
Nextcloud - LDAP - Advanced
Nextcloud - LDAP - Expert
MYSQL - Delete Users
delete from oc_users where uid<>'uli-admin';
Nextcloud - UserList
Findings After A Week
Works perfectly in a test environment. Users don’t see any difference apart from using a different password.