nextcloud/roles/ldap-user-backend

finallycoffee.nextcloud.ldap-user-backend ansible role

Ansible role for managing LDAP authentication of nextcloud instances using ansible.

Prerequisites

This role assumes a nextcloud instance is up and running, and has the user_ldap nextcloud app installed. For starting a nextcloud instance, see the finallycoffee.nextcloud.server role, for managing nextcloud apps see the finallycoffee.nextcloud.apps ansible role.

Configuration

  • Set nc_ldap_api_method to either occ or http to control wether the configuration is set using php occ command line calls or the http API of the user_ldap nextcloud app.

  • For nc_ldap_api_method: occ, ensure nc_ldap_container is set to the name of the docker container where nextcloud is running, and nc_ldap_occ_user is the user the container / nextcloud itself runs as. nc_ldap_occ_command can also be tweaked if php is not in the path, but the default should be fine in most cases.

  • For nc_ldap_api_method: http, ensure nc_ldapi_api_instance_url contains the URL to the nextcloud server, including protocol (and port, if non-standard), and nc_ldap_api_basic_auth_[user|password] contain the credentials of an admin user with the rights to edit the LDAP settings.

  • Set nc_ldap_test_configuration to true/false to have the role issue a nextcloud-provided test of the configured LDAP configuration, this corresponds to a occ ldap:test-config <id>.

For most of the options, see the nextcloud manual on configuration keys, the config keys are mapped 1:1 with a prefix of nc_ldap_config_ and the so-called "snake-case" (ldap_backup_host), so ldapUserFilterMode becomes nc_ldap_config_ldap_user_filter_mode.