.. | ||
README.md |
How to setup NextCloud
First setup
It's complicated.
First, create a service user nextcloud
and a database nextcloud
it owns. Also create a Garage access key and bucket nextcloud
it is allowed to use.
Fill in the following Consul keys with actual values:
secrets/nextcloud/db_user
secrets/nextcloud/db_pass
secrets/nextcloud/garage_access_key
secrets/nextcloud/garage_secret_key
Create the following Consul keys with empty values:
secrets/nextcloud/instance_id
secrets/nextcloud/password_salt
secrets/nextcloud/secret
Start the nextcloud.hcl nomad service. Enter the container and call occ maintenance:install
with the correct database parameters as user www-data
.
A possibility: call the admin user nextcloud
and give it the same password as the nextcloud
service user.
Cat the newly generated config.php
file and copy the instance id, password salt, and secret from there to Consul
(they were generated by the install script and we want to keep them).
Restart the Nextcloud Nomad server.
You should now be able to log in to Nextcloud using the admin user (nextcloud
if you called it that).
Go to the apps settings and enable desired apps.
Configure LDAP login
LDAP login has to be configured from the admin interface. First, enable the LDAP authentification application.
Go to settings > LDAP/AD integration. Enter the following parameters:
- ldap server:
bottin2.service.2.cluster.deuxfleurs.fr
- bind user:
cn=nextcloud,ou=services,ou=users,dc=deuxfleurs,dc=fr
- bind password: password of the nextcloud service user
- base DN for users:
ou=users,dc=deuxfleurs,dc=fr
- check "manually enter LDAP filters"
- in the users tab, edit LDAP query and set it to
(&(|(objectclass=inetOrgPerson))(|(memberof=cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr)))
- in the login attributes tab, edit LDAP query and set it to
(&(&(|(objectclass=inetOrgPerson))(|(memberof=cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr)))(|(|(mailPrimaryAddress=%uid)(mail=%uid))(|(cn=%uid))))
- in the groups tab, edit the LDAP query and set it to
(|(objectclass=groupOfNames))
- in the advanced tab, enter the "directory setting" section and check/modify the following:
- user display name field:
displayname
- base user tree:
ou=users,dc=deuxfleurs,dc=fr
- user search attribute:
cn
- groupe display name field:
displayname
- base group tree:
ou=groups,dc=deuxfleurs,dc=fr
- group search attribute:
cn
- user display name field:
That should be it. Go to the login attributes tab and enter a username (which should have been added to the nextcloud group) to check that nextcloud is able to find it and allows it for login.