feat: add ldap provisioning to nextcloud

Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-13 10:46:49 +01:00 · 2026-03-13 10:46:49 +01:00 · f6dc1d8261
commit f6dc1d8261
parent eb3cc1390b
1 changed files with 27 additions and 1 deletions
--- a/inventories/vagrant/host_vars/backend/nextcloud.yml
+++ b/inventories/vagrant/host_vars/backend/nextcloud.yml
@ -17,6 +17,32 @@ nextcloud_extra_hosts:
  - "storage.local.test:192.168.56.11"
  - "keycloak.local.test:192.168.56.11"
  - "authentik.local.test:192.168.56.11"
+  - "389ds:192.168.56.11"
+
+# LDAP backend (pre-create users synced from Keycloak via 389ds)
+nextcloud_ldap_enabled: true
+nextcloud_ldap_config:
+  ldapHost: "ldaps://389ds"
+  ldapPort: "3636"
+  ldapAgentName: "cn=Directory Manager"
+  ldapAgentPassword: "admin"
+  ldapBase: "dc=local,dc=test"
+  ldapBaseUsers: "ou=users,dc=local,dc=test"
+  ldapBaseGroups: "dc=local,dc=test"
+  ldapTLS: "0"
+  turnOffCertCheck: "1"
+  ldapUserFilter: "(&(objectclass=inetOrgPerson)(uid=*))"
+  ldapUserFilterObjectclass: "inetOrgPerson"
+  ldapLoginFilter: "(&(objectclass=inetOrgPerson)(uid=%uid))"
+  ldapLoginFilterUsername: "1"
+  ldapUserDisplayName: "displayName"
+  ldapEmailAttribute: "mail"
+  ldapExpertUsernameAttr: "uid"
+  ldapExpertUUIDUserAttr: "nsuniqueid"
+  ldapCacheTTL: "600"
+  ldapPagingSize: "500"
+  ldapExperiencedAdmin: "1"
+  ldapConfigurationActive: "1"

 # OIDC providers for login
 nextcloud_oidc_providers:
@ -26,7 +52,7 @@ nextcloud_oidc_providers:
    client_secret: "nextcloud-secret-change-in-production"
    discovery_url: "https://keycloak.local.test/realms/vagrant/.well-known/openid-configuration"
    scope: "openid email profile"
-    unique_uid: true
+    unique_uid: false
    mapping:
      uid: preferred_username
      display_name: name