finallycoffee.nextcloud.ldap-user-backend
ansible role
Ansible role for managing LDAP authentication of nextcloud instances using ansible.
Prerequisites
This role assumes a nextcloud instance is up and running, and has the user_ldap
nextcloud app installed. For starting a nextcloud instance, see the
finallycoffee.nextcloud.server
role, for managing nextcloud apps see the
finallycoffee.nextcloud.apps
ansible role.
Configuration
-
Set
nc_ldap_api_method
to eitherocc
orhttp
to control wether the configuration is set usingphp occ
command line calls or thehttp
API of theuser_ldap
nextcloud app. -
For
nc_ldap_api_method: occ
, ensurenc_ldap_container
is set to the name of the docker container where nextcloud is running, andnc_ldap_occ_user
is the user the container / nextcloud itself runs as.nc_ldap_occ_command
can also be tweaked ifphp
is not in the path, but the default should be fine in most cases. -
For
nc_ldap_api_method: http
, ensurenc_ldapi_api_instance_url
contains the URL to the nextcloud server, including protocol (and port, if non-standard), andnc_ldap_api_basic_auth_[user|password]
contain the credentials of an admin user with the rights to edit the LDAP settings. -
Set
nc_ldap_test_configuration
totrue
/false
to have the role issue a nextcloud-provided test of the configured LDAP configuration, this corresponds to aocc ldap:test-config <id>
.
For most of the options, see the
nextcloud manual on configuration keys,
the config keys are mapped 1:1 with a prefix of nc_ldap_config_
and
the so-called "snake-case" (ldap_backup_host
), so ldapUserFilterMode
becomes
nc_ldap_config_ldap_user_filter_mode
.