I have a Nextcloud insance with a LDAP backend. All my users are stored in a Windows AD server which is connected to Nextcloud.
However I want to change this to SAML/SSO Authentication with AzureAD. I setup an app in AzureAD and connected Nextcloud with it. It works but with one big downside…
My users are stored with the UID attribute: cn. That is Name_Surname. But when I use SAML/SSO it’s trying to use the mail attribute. When I log in with an existing account I get an error message that the account is not provisioned.
When I turn off the setting “Only allow authentication if an account exists on some other backend (e.g. LDAP).” I can login but it creates a new account with the UID email@example.com and not Name_Surname.
Does anyone know how to change this?
this are my settings. The first link in General is the setting: 'Attribute to map the UID to". All online tutorials give me this link and I cant just choose an attribute myself, like cn of sAMAccountName