Hi, I want to create my own system based on NextCloud user management module. There is a feature called labor contract management. With labor contract management, the admin can create, update, read and delete contracts on database. So I wonder how I can do this? Since user management only has LDAP.
Please help meeee. 
-
your post is just one hour old
-
Please describe in more detail to what feature you’re refering to, maybe post a link, and what exactly your goal is. Otherwise, it’s very unlikely that anyone will be able to help you.
Thank you. With labor contract management, the admin can create, update, read and delete contracts on database.
I have checked this module User management — Nextcloud latest Administration Manual latest documentation. I just found that there is a feature to configure shared files using LDAP.
Yes, I know what labor contract management is. But I couldn’t find anything related to Nextcloud… Is this a specific app you’re talking about? Or are you asking if there is a dedicated app for nextcloud in order to do this? If so, I don’t know and I couldn’t find such an app on apps.nextcloud.com.
This has nothing to do with a specific file type or application. It is only about the user management of your Nextcloud instance. You can either manage the users of your Nextcloud “standalone” directly in the admin interface of your Nextcloud or you can connect Nextcloud to an existing LDAP server in order to manage the users.
I have installed NextCloud server. I have a project that need to customize the user management module in NextCloud as human resource management module. So first, I conduct functional analysis of the human resource management system.
Most bigger companies I know do use a dedicated system / application and LDAP respectively Windows Active Directory for this.
I’m not an expert, but simply put, it usually works like this:
- Humen Rescources employee adds the data of a new employee to some HR system / application.
- HR system passes the data to LDAP,
- Nextcloud and other applications are connecting to the LDAP server in order to get the user data.
I have a little bit of confusing. So where is my data stored? I thought it was in the database.
I am also confused. What exactly do you want to do? Do you want to use Nextcloud to manage your employee data and contracts or is your post about managing user accounts for Nextcloud.
Nextcloud is probably not suitable for the former, except maybe if you are a very small company. But I’m not an HR professional and don’t know what the requirements for an HR tool are. What I do know, though, is that Nextcloud is mainly meant to replace groupware solutions like M365 or Google Workspace. it isn’t supposed to replace the entire IT infrastructure of a company or to be a solution for every possible use case this company might have.
If this is about the user account management for Nextcloud, you don’t necessarily need LDAP. You can add and manage user accounts directly in Nextcloud, which then will store the account data in it’s database. But LDAP has advantages if you are using many applications, because it allows you to store and manage the user accounts in a central place, instead of having to manage them in each application separately. However Nextcloud itself isn’t designed to act as an LDAP server or to manage an existing LDAP server, and I am not aware of any extensions for Nextcloud that could do that.
I am confused to. What is it you are trying to achieve?
There is LDAP user backend and LDAP Write App for creating the users in LDAP from Nextcloud.
There is Apps for virtually any kind of method to manage users inside Nextcloud. But there is no external app or service for allowing using Nextcloud for user management if using “just” the database. There is an actual API, and Nextcloud can work as both IDP and SP with various modules, so there is ways to this “both ways”, but I still have not understood what you try to achieve…?
1 Like
LDAP write app.
I have a little bit of confusing. So where is my data stored? I thought it was in the database.
If you setup Nextcloud your data will be stored inside the databse you have configured within the initial setup. Mostly it’s a local database on the same server like MySQL, MariaDB or PostgreSQL.
That database will also be used to store all settings regarding the Nextcloud, shares, files etc.
LDAP is a protocoll (and nothing more!) which is used to query another Server - for example a Windows Server having the Domain Controller Role with installed Active Directory. That Windows Server manages all users and groups for a company. (Windows Login and a lot more) Nextcloud can query that server using LDAP (Protocol) to fetch users based on their group membership. So if the user managed by Active Directory is a member of “NextCloud-User” Group, that user can login to your Nextcloud without creating the user inside Nextcloud directly. By default Nextcloud cannot create users inside the Active Directory using LDAP because that is a major security risk. Also you would have to create a user with permission to write into your Active Drectory inside your Active Directory which is then used by the LDAP Write Support App.
You never EVER want a system which is reachable from the outer world (WWW) to be able to create users within your Active Directory using LDAP. There is other Services like Open LDAP which are used on True NAS but the risk your are facing is the same.
You can manage your users using Active Directory or any other Usermanagement that
can present those users using LDAP Protocol to another server. But you should not use the LDAP write Support App because it is a heavy risk.
2 Likes
I agree. I dont use that app myself, however it answers the question.
What? This is true if you do not spend the time needed for proper delegation and scoping. I can guarantee you that there is so many organizations out there, which offers services in B2B, where the customers themselves, can create their own users - on the serviceproviders system. Do you think they use a VPN to connect to the serviceproviders infrastructure to use “Active Directory User and Computers” desktop client, and is allowed to create users directly? Or are the service provider offering this through selfservice WEB portals served over the internet? Who says that the LDAP capable User management system serving the Nextcloud, is the same as the internal enterprise directory service?
No one says that the same Usermanagement is used for Nextcloud and for internal users. In general there’s only one Usermanagement - let’s say AD for a whole company. If the company grows there can be several ADs - either standalone or with trusts to other ADs. In my company - which is spread over whole germany we use around 20 ADs and 15 of them are connectred to our Nextcloud instances (We use 3 NC instances) and not a single one has write support to any AD even every AD is connectec via VPN.
Sure - there are service providers which allow you to create users inside a usermanagement using Nextcloud - just to name an example. But at the end the person setting those system up is responsible for what happens. So if you connect your Nextcloud to a service provider allowing write support you are the one who is responsible to what happens to the usermanagement system if your Nextcloud, or the Server below has been infiltrated.
Last but not leaset - there are many different users here in the forum. Most of them are able to manage a simple Nextcloud instance using the forum and and a bit of google but there are also a lot of users that cannot even manage Linux or Active Directory or do not understand or know what’s going on in the background.
Please don’t get me wrong - everyone needs to learn how to proper administrate their personal Nextcloud and that’s what this forum is made for. I don’t think it’s a good idea reagrding Lucy’s initial question to enable write support to an external usermanagement if he/she does not even know where users are stored.
I have a little bit of confusing. So where is my data stored? I thought it was in the database.