Hello All,
I’m able to create a user on local LDAP in nethserver but my question is if I want to create a user for email service only and don’t want him/her to access nextcloud how I can do this?
thanks in advance.
Hi
Create a group “nextcloud-users”, and use this group as filter on “users allowed to use Nextcloud” in your LDAP or AD settings. (I’m using this on AD for my cllients).
This way, only members of this group can login to NextCloud.
A second advantage: you filter out unneeded groups / system users, which are difficult to explain to co-workers or management.
Once this is done, just create your “mail-only” user. As he’s not a member of that group, he will not be able to login to Nextcloud…
My 2 cents
Andy
My setting at my Home NethServer, using AD (It’s basically the same, seen from Nextcloud…).
4 Likes
Hi
Where I will find - users allowed to use the Nextcloud option. I’m not seeing it anywhere in LDAP ?
Hi
You need to manually create the group, and then allocate the users (those needing to use Nextcloud) to this group.
NethServer / Nextcloud can’t read your mind, which users to allow and which not! 
But once this group is available and users allocated, Nextcloud can implement your wishes as to users!
Hi Andy,
I have a similar problem. When I try to set it the way you described above, I get this message:
The group field has been deactivated because the LDAP / AD server does not support memberOf.
What is to be done there?
Greetings to Switzerland…
Uwe
Hi Uwe
It depends on how the AD is setup in your Nextcloud.
Here are my AD / LDAP settings from Nextcloud on NethServer (All 4 screens):
Note:
I still use the old NethGUI (980) to manage groups:
But this could be just as well done in Cockpit…
Check the fields used. I’m using person, you’re referring to InetOrgPerson…
These are critical - and not always easy to find / get…
Hope this helps!
My 2 cents
Andy
Hello Andy
Can you please let me know how i can configure LDAP settings in Email(NethServer Email ) Please
Hi
You don’t configure LDAP Settings in Email.
In NethServer, you choose between LDAP or AD when setting up your NethServer. You can’t change this easily later on, so decide wisely!
After setting up an account provider (LDAP or AD) any users or groups you create are actually created in the lDAP (or AD).
You can use the PHPLDAPadmin Plugin by Stephdl to administrate your AD or LDAP, like add in additional attributes.
https://wiki.nethserver.org/doku.php?id=phpldapadmin
EMail settings go automatically to LDAP / AD, depending on what you set in Email on your NethServer.
Hope this helps.
My 2 cents
Andy
1 Like
No, it really doesn’t. What seems to be happening is that, for whatever reason, OpenLDAP doesn’t support the memberOf feature that you’re using–so what you’re describing would work with AD, but not without it.
1 Like
OK, Thanks for the info. Never used LDAP, as I do need authenticated shares in ALL installations…
Seems very limiting, having groups, but not being able to query group membership…
My 2 cents
Andy
1 Like
Agreed, and I have no idea why that limitation’s there–and it results in some other oddities. It’s the reason, for example, that Nextcloud has its own admin account–it can’t just define the admin as memberOf('domain admins'), because only one of the accounts providers supports that feature.
1 Like
Thanks also for clarifing that Nextcloud admin reason - never thought of that (As I never realized the limitation…).
Another reason more to use AD on NethServer…
I thought both use openldap, fine, the difference is only samba4ad needs the hemidal kerberos library…
Another day, learned a bit more!
1 Like
Does it help to set the group member association to “memberUid” ?