I’ve got groups mapped correctly from sso unfortunately nextcloud expects there to be a group called “admin” so after the credentials are refreshed the users added to admin group are removed as there’s no such titled group under nethserver I also looked at trying to change the name of the group nextcloud uses for admin users but haven’t had luck with that either anyone have any suggestions
If you login as the default admin user from Nextcloud, you can then add in NethServers Admin to the local admin group. Or other users, as needed.
After that, these users can administrate this admin groups membership…
Normally that would work fine but (and it’s not essential I get it working this way) im trying to get nextcloud to pull the groups from sso as apposed to LDAP which works but as there’s no admin group while I can use occ to add users to the admin group after a while it gets removed from the admin group as I said not essential more of a learning experience with sso
Edit: turns out i cant add admin group as user admin is referred by cn=admin in ad groups also referred by cn=group i did a test (expecting to restore from backup after result) removed user admin then add group admin result success
so I guess i need to change my question to “is there a way to rename the admin user in nethserver?” maybe something like admin2
Moreover…
Interestingly, QNAP and Synology into their security advisor procedures are bashing like hell to delete “admin” account and have another “admin account” which has not the same name…
Syno / Qnap
After keeping admin as default for years, AND using something like fail2ban on the account.
But they really sticklers, every single login!
Turns out nextcloud wants to eat it’s cake and have it too it wants nethserver to have both the user admin and the group admin.
The other reason is to be able to (at least on a fresh install) bypass the user attribute being object guid although I did find you can override the settings in expert mode in LDAP/ad mapping
Hi
You can use any other groupname and add that into the local admin group of NC.
Example: NS group “nc-admins” is a member of the local Nextcloud group “admin”.
→ Groupmembers can be other groups! (Same counts eg also for AD).
Almost seme result…
My 2 cents
Andy