From f6dc1d82615fdcd25b885901ec92875c569540ca Mon Sep 17 00:00:00 2001 From: Bert-Jan Fikse Date: Fri, 13 Mar 2026 10:46:49 +0100 Subject: [PATCH] feat: add ldap provisioning to nextcloud Signed-off-by: Bert-Jan Fikse --- .../vagrant/host_vars/backend/nextcloud.yml | 28 ++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/inventories/vagrant/host_vars/backend/nextcloud.yml b/inventories/vagrant/host_vars/backend/nextcloud.yml index 5343040..22b5435 100644 --- a/inventories/vagrant/host_vars/backend/nextcloud.yml +++ b/inventories/vagrant/host_vars/backend/nextcloud.yml @@ -17,6 +17,32 @@ nextcloud_extra_hosts: - "storage.local.test:192.168.56.11" - "keycloak.local.test:192.168.56.11" - "authentik.local.test:192.168.56.11" + - "389ds:192.168.56.11" + +# LDAP backend (pre-create users synced from Keycloak via 389ds) +nextcloud_ldap_enabled: true +nextcloud_ldap_config: + ldapHost: "ldaps://389ds" + ldapPort: "3636" + ldapAgentName: "cn=Directory Manager" + ldapAgentPassword: "admin" + ldapBase: "dc=local,dc=test" + ldapBaseUsers: "ou=users,dc=local,dc=test" + ldapBaseGroups: "dc=local,dc=test" + ldapTLS: "0" + turnOffCertCheck: "1" + ldapUserFilter: "(&(objectclass=inetOrgPerson)(uid=*))" + ldapUserFilterObjectclass: "inetOrgPerson" + ldapLoginFilter: "(&(objectclass=inetOrgPerson)(uid=%uid))" + ldapLoginFilterUsername: "1" + ldapUserDisplayName: "displayName" + ldapEmailAttribute: "mail" + ldapExpertUsernameAttr: "uid" + ldapExpertUUIDUserAttr: "nsuniqueid" + ldapCacheTTL: "600" + ldapPagingSize: "500" + ldapExperiencedAdmin: "1" + ldapConfigurationActive: "1" # OIDC providers for login nextcloud_oidc_providers: @@ -26,7 +52,7 @@ nextcloud_oidc_providers: client_secret: "nextcloud-secret-change-in-production" discovery_url: "https://keycloak.local.test/realms/vagrant/.well-known/openid-configuration" scope: "openid email profile" - unique_uid: true + unique_uid: false mapping: uid: preferred_username display_name: name