# `finallycoffee.nextcloud.ldap-user-backend` ansible role

Ansible role for managing LDAP authentication of nextcloud instances using ansible.

## Prerequisites

This role assumes a nextcloud instance is up and running, and has the `user_ldap`
nextcloud app installed. For starting a nextcloud instance, see the
`finallycoffee.nextcloud.server` role, for managing nextcloud apps see the
`finallycoffee.nextcloud.apps` ansible role.

## Configuration

- Set `nc_ldap_api_method` to either `occ` or `http` to control wether the
  configuration is set using `php occ` command line calls or the `http` API
  of the `user_ldap` nextcloud app.

- For `nc_ldap_api_method: occ`, ensure `nc_ldap_container` is set to the name
  of the docker container where nextcloud is running, and `nc_ldap_occ_user` is
  the user the container / nextcloud itself runs as. `nc_ldap_occ_command`
  _can_ also be tweaked if `php` is not in the path, but the default should
  be fine in most cases.

- For `nc_ldap_api_method: http`, ensure `nc_ldapi_api_instance_url` contains
  the URL to the nextcloud server, including protocol (and port, if
  non-standard), and `nc_ldap_api_basic_auth_[user|password]` contain the
  credentials of an admin user with the rights to edit the LDAP settings.