User password change in Nextcloud using LDAP

nextcloud

(Thomas) #1

Hi,

in my NS set-up for our tennis club I installed LDAP and Nextcloud.

Looks like NS by design requires that users change their password through the NS frontend (:980). In my set-up there is no need for most of the users to logon to NS directly. They shall only have access to Nextcloud.

So far I found the following:
I ticked the box for “Nextcloud/LDAP Integration/Login Attributes/Advanced/Dicectory Settings/Enable LDAP password changes per user”.

This gives the users a passwort change field in the Nextcloud/security tab.
Unfortunately this seems not to be sufficient. A user can not change the password neither logging in with the short credentials nor with the full email address.

In another thread there was a hint about “Default password policy DN”.
Not exactely knowing what to add there I tried: cn=ldapservice,dc=directory,dc=nh
but this still does not allow a user to change the password.

Any hint?

Thomas


Replacing Sophos and Office 365 in my tennis club
(HF) #2

Maybe this helps.

https://wiki.nethserver.org/doku.php?id=userguide:self-service-password

Within the nextcloud config file you can set a custom link to https://yourdomain.com/ssp or https://ssp.yourdomain.com so when users click on the ‘forgot password link’ on the nextcloud login page, they get redirected to the custom link specified.


(Marc) #3

There are some requirements to enable the user password change…

Access control policies must be configured on the LDAP server to grant permissions for password changes. The User DN as configured in Server Settings needs to have write permissions in order to update the userPassword attribute.

(Additional requirements have to be met for Active Directory.)
First stopper (at least for openldap provider): the default config is using ldapservice service account, which has read-only access.

I didn’t though about using 'lost_password_link' => 'ssp_url', in the config file, good idea! Worth adding to the wiki after some more testing is done on ssp module.


(Alessio Fattorini) #4

A tennis-club? Looks amazing. Please tell me more :slight_smile:


Replacing Sophos and Office 365 in my tennis club
(Alessio Fattorini) split this topic #5

A post was split to a new topic: Replacing Sophos and Office 365 with NethServer


(Thomas) #6

Yes I read this in the NC manual and that’s exactly my (and others) issue but don’t know how to do.

Interesting, however I do not want to expose the NHS login on RED interface.


(Dan) #7

Why NHS as the abbreviation for NethServer? In any case, you’re exposing only one standalone page (not part of the server manager or any Neth administrative stuff), allowing a user to change his password. This is no more exposure than allowing the same user to change his password directly inside Nextcloud.


(Thomas) #8

My remote users for Nextcloud are not users for NS. So you ring the bell - I should install nextcloud without NS/LDAP for my use case.