feat: add ldap provisioning to nextcloud

Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>

inventories/vagrant/host_vars/backend/nextcloud.yml

@@ -17,6 +17,32 @@ nextcloud_extra_hosts:
   - "storage.local.test:192.168.56.11"
   - "keycloak.local.test:192.168.56.11"
   - "authentik.local.test:192.168.56.11"
+  - "389ds:192.168.56.11"
+
+# LDAP backend (pre-create users synced from Keycloak via 389ds)
+nextcloud_ldap_enabled: true
+nextcloud_ldap_config:
+  ldapHost: "ldaps://389ds"
+  ldapPort: "3636"
+  ldapAgentName: "cn=Directory Manager"
+  ldapAgentPassword: "admin"
+  ldapBase: "dc=local,dc=test"
+  ldapBaseUsers: "ou=users,dc=local,dc=test"
+  ldapBaseGroups: "dc=local,dc=test"
+  ldapTLS: "0"
+  turnOffCertCheck: "1"
+  ldapUserFilter: "(&(objectclass=inetOrgPerson)(uid=*))"
+  ldapUserFilterObjectclass: "inetOrgPerson"
+  ldapLoginFilter: "(&(objectclass=inetOrgPerson)(uid=%uid))"
+  ldapLoginFilterUsername: "1"
+  ldapUserDisplayName: "displayName"
+  ldapEmailAttribute: "mail"
+  ldapExpertUsernameAttr: "uid"
+  ldapExpertUUIDUserAttr: "nsuniqueid"
+  ldapCacheTTL: "600"
+  ldapPagingSize: "500"
+  ldapExperiencedAdmin: "1"
+  ldapConfigurationActive: "1"
 
 # OIDC providers for login
 nextcloud_oidc_providers:
@@ -26,7 +52,7 @@ nextcloud_oidc_providers:
     client_secret: "nextcloud-secret-change-in-production"
     discovery_url: "https://keycloak.local.test/realms/vagrant/.well-known/openid-configuration"
     scope: "openid email profile"
-    unique_uid: true
+    unique_uid: false
     mapping:
       uid: preferred_username
       display_name: name