Nextcloud Outlook Add-in - Active Directory integration

#1

I’m trying to implement Nexcloud Outlook Add-in in Windows Active Directory with Microsoft Outlook 2013. I want to be zero-touch for our customers.

  1. I install Nextcloud Add-in MSI through GPO installation
  2. I create in advance this registry by GPO preference for each user:

HKEY_CURRENT_USER \ Software \ NextcloudOutlookFE

URL = https://mysite.com
Username =% username%

It works well and the user has to enter only the password. Problems come when users change their AD account password.
Nextcloud Outlook Add-in does not immediately understand that the password has been changed. The users get in the Nextcloud server balck list for a brute force attack and the AD account get locked.

How the add-in understands that the password has been changed? Is there a way to avoid this password issue or a better implementetion for Active Directory integration? Does anyone have a similar problem?

#2

there sure is… and since you’re doing it fpr a company i think it would be ok to tell you to apply for paid support at @usselite - since he maintains the app… and tries to make a living of it.

#3

Hello,

Which version of Nextcloud and the add-in are you using?

With the web login flow that is possible in combination with SAML. In the background the add-in uses an IE wrapper (default .NET Framework) to achieve this. If SSO works in Internet Explorer it should work for you as well in the add-in. Yesterday I posted a new build of the add-in, 2.3.1.17 in the Outlook topic, that version does support web login flow.

When using the web login flow all ‘apps’ create an app password in the background, which (I could be wrong) are not prone to AD user password changes.

https://rephlex.de/blog/2018/04/05/how-to-connect-nextcloud-to-active-directory-using-ad-fs-without-losing-your-mind/

Let me know how this goes.

Kind regards,
Luc Pasmans