I have banged my head with this long enough to swallow my pride and write an actual question about it. I couldn’t find exact same question from here so hopefully this isn’t already asked.
I need to create an simple web page which shows some information from a database. The information shown however, should be tailored on the group the user belongs.
- First I tried with LDAP. Currently it works fine, but the problem is that the people who should be responsible of maintaining the LDAP are not so technological aware hence LDAP management need to be very simple and browser based. I tried several LDAP web GUIs but all of them had some drawbacks.
- Nextcloud LDAP Write app looked like a nice solution but it had problems with group handling and ended screwing up the database multiple times.
- In whole LDAP would create too much extra work in many levels (OS, network, security, consistency)
- Next one was SQL user backend app. Problem was that you can only edit users not add them.
- With SQL raw backend app you can manage users yes, but there seems not to be any group management available.
- Even thought using Nextcloud database user information directly for login in my web application, but too risky in a long run and had no idea how the Nextcloud encrypts the passwords in db.
- Oauth2 would be one solution but as users mainly use Nextcloud, accessing our web page (external service) would mean extra authorization (login screen) step via Nextcloud when opening it.
Nextcloud’s internal user management functions are just good enough for our needs and all external authentication methods would create just extra work and hassle.
So it seems that the best way to achieve this would be writing an own custom app. The question from a guy who have never written a single Nextcloud app (installed the notestutorial though): How to check the groups user belongs to when she/he opens the app? The user provisioning api seems to require admin rights for queries.