I am using Univention Corporate Server (UCS) as my LDAP and DNS servers. I wanted to utilize my LDAP server to centralize the management of my Nextcloud users and their profile. Thankfully, Nextcloud supports LDAP/AD. However, this feature requires the admin to enable the LDAP user and group backend app from Nextcloud’s app store.
If you are reading this post and wanted to implement LDAP/AD, this post assumes that you already have the following in placed:
- LDAP server
- A service account
- GMail account with an app password enabled
Login to the Nextcloud instance using the admin account. Navigate to Apps and search for LDAP user and group backend. If it has not downloaded and enabled yet, click on Download and enable as shown in Figure 1.
Once done, navigate to Settings > LDAP / AD integration. Fill out the fields as shown in Figure 2.
- Enter the Host or the FQDN of the LDAP server and its port. I am using Univention and its LDAP port is 7389. The LDAP standard port is 389 and for LDAPS is 636
- Enter the User DN. I usually use a service account for each service that requires LDAP integration
- Enter the User DN password
- Enter the Base DN
If everything is correct, the ‘Configuration OK’ will show up at near the Continue button as shown in Figure 2. Click Continue.
- Select inetOrgPerson from the Only these object classes drop-down menu
- Select the groups from the left box under the Only from these groups then move them to the right box as shown in Figure 3
- Click Continue
- Mark the LDAP / AD Username
- Select cn from the Other Attributes drop-down menu
- Click Continue
- As in Figure 3, select the groups from the left box under the Only from these groups then move them to the right box
- If you want to set up the quota, click on Advanced
This is optional, but if you want to set the storage quota for the all the users continue with this set up. This will also override the LDAP quota if you have that configured for LDAP users. Since I didn’t configure the user quota in Univention, I have to set it here.
- Under the Advanced, select the Special Attributes
- In the Quota Defualt, enter the desire quota for the Nextcloud users
- Click on Expert
- Under the Internal Username, enter uid in the Internal Username Attributes
- Under the Override UUID detection, enter uid in the UUID Attribute for Users
That is pretty much it for LDAP. To enable SMTP, navigate to Settings > Basic settings
- Select SMTP from the Send mode drop-down menu
- Select SSL/TLS for the Encryption
- Enter an address in From address and domain in @ field
- Select Login for Authentication method
- Mark the Authentication required box
- Enter smtp.gmail.com with the port of 465
- Enter the gmail account in the Credentials field and the app password
- Click Save
- Click on Send email to send a test email to verify that it is working
That is it folks. Hope you’ll find this post helpful. Cheers!