KokaKiwi
/
infrastructure
forked from Deuxfleurs/infrastructure
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
infrastructure/op_guide/nextcloud
History
Quentin c4a6cf1534 Rebase first step 2020-09-12 10:03:48 +02:00
..
README.md Rebase first step 2020-09-12 10:03:48 +02:00

README.md

How to setup NextCloud

First setup

It's complicated.

First, create a service user nextcloud and a database nextcloud it owns. Also create a Garage access key and bucket nextcloud it is allowed to use.

Fill in the following Consul keys with actual values:

secrets/nextcloud/db_user
secrets/nextcloud/db_pass
secrets/nextcloud/garage_access_key
secrets/nextcloud/garage_secret_key

Create the following Consul keys with empty values:

secrets/nextcloud/instance_id
secrets/nextcloud/password_salt
secrets/nextcloud/secret

Start the nextcloud.hcl nomad service. Enter the container and call occ maintenance:install with the correct database parameters as user www-data. A possibility: call the admin user nextcloud and give it the same password as the nextcloud service user.

Cat the newly generated config.php file and copy the instance id, password salt, and secret from there to Consul (they were generated by the install script and we want to keep them).

Restart the Nextcloud Nomad server.

You should now be able to log in to Nextcloud using the admin user (nextcloud if you called it that).

Go to the apps settings and enable desired apps.

Configure LDAP login

LDAP login has to be configured from the admin interface. First, enable the LDAP authentification application.

Go to settings > LDAP/AD integration. Enter the following parameters:

  • ldap server: bottin2.service.2.cluster.deuxfleurs.fr
  • bind user: cn=nextcloud,ou=services,ou=users,dc=deuxfleurs,dc=fr
  • bind password: password of the nextcloud service user
  • base DN for users: ou=users,dc=deuxfleurs,dc=fr
  • check "manually enter LDAP filters"
  • in the users tab, edit LDAP query and set it to (&(|(objectclass=inetOrgPerson))(|(memberof=cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr)))
  • in the login attributes tab, edit LDAP query and set it to (&(&(|(objectclass=inetOrgPerson))(|(memberof=cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr)))(|(|(mailPrimaryAddress=%uid)(mail=%uid))(|(cn=%uid))))
  • in the groups tab, edit the LDAP query and set it to (|(objectclass=groupOfNames))
  • in the advanced tab, enter the "directory setting" section and check/modify the following:
    • user display name field: displayname
    • base user tree: ou=users,dc=deuxfleurs,dc=fr
    • user search attribute: cn
    • groupe display name field: displayname
    • base group tree: ou=groups,dc=deuxfleurs,dc=fr
    • group search attribute: cn

That should be it. Go to the login attributes tab and enter a username (which should have been added to the nextcloud group) to check that nextcloud is able to find it and allows it for login.