forked from finallycoffee/nextcloud
38 lines
1.8 KiB
Markdown
38 lines
1.8 KiB
Markdown
|
# `finallycoffee.nextcloud.ldap-user-backend` ansible role
|
||
|
|
||
|
Ansible role for managing LDAP authentication of nextcloud instances using ansible.
|
||
|
|
||
|
## Prerequisites
|
||
|
|
||
|
This role assumes a nextcloud instance is up and running, and has the `user_ldap`
|
||
|
nextcloud app installed. For starting a nextcloud instance, see the
|
||
|
`finallycoffee.nextcloud.server` role, for managing nextcloud apps see the
|
||
|
`finallycoffee.nextcloud.apps` ansible role.
|
||
|
|
||
|
## Configuration
|
||
|
|
||
|
- Set `nc_ldap_api_method` to either `occ` or `http` to control wether the
|
||
|
configuration is set using `php occ` command line calls or the `http` API
|
||
|
of the `user_ldap` nextcloud app.
|
||
|
|
||
|
- For `nc_ldap_api_method: occ`, ensure `nc_ldap_container` is set to the name
|
||
|
of the docker container where nextcloud is running, and `nc_ldap_occ_user` is
|
||
|
the user the container / nextcloud itself runs as. `nc_ldap_occ_command`
|
||
|
_can_ also be tweaked if `php` is not in the path, but the default should
|
||
|
be fine in most cases.
|
||
|
|
||
|
- For `nc_ldap_api_method: http`, ensure `nc_ldapi_api_instance_url` contains
|
||
|
the URL to the nextcloud server, including protocol (and port, if
|
||
|
non-standard), and `nc_ldap_api_basic_auth_[user|password]` contain the
|
||
|
credentials of an admin user with the rights to edit the LDAP settings.
|
||
|
|
||
|
- Set `nc_ldap_test_configuration` to `true`/`false` to have the role issue a
|
||
|
nextcloud-provided test of the configured LDAP configuration, this corresponds
|
||
|
to a `occ ldap:test-config <id>`.
|
||
|
|
||
|
For most of the options, see the
|
||
|
[nextcloud manual on configuration keys](https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap_api.html#configuration-keys),
|
||
|
the config keys are mapped 1:1 with a prefix of `nc_ldap_config_` and
|
||
|
the so-called "snake-case" (`ldap_backup_host`), so `ldapUserFilterMode` becomes
|
||
|
`nc_ldap_config_ldap_user_filter_mode`.
|