This documentation describes a product preview for packaged integrations in Nubus for Kubernetes.

Nextcloud packaged integration for Nubus for Kubernetes

Configure Nextcloud

4. Configure Nextcloud#

How to configure the LDAP plugin in Nextcloud is beyond the scope of this document. For the configuration of the LDAP plugin, follow User authentication with LDAP in Nextcloud Administration Manual [2].

Important

Although this section provides a reference for the configuration values of the Nextcloud LDAP plugin, Univention doesn’t provide support for the configuration of the LDAP plugin.

This section provides a reference for the configuration values that operators need to configure in the LDAP plugin to use Nubus for Kubernetes. For the values on the configuration tabs, see the respective sections:

4.1. Server tab#

Table 4.1 Configuration values on Server tab for LDAP plugin in Nextcloud#

Field

Value

Host

DNS name to the LDAP server of Nubus for Kubernetes.

Port

Default value in Nubus is 389.

User DN

The DN for the LDAP search user. The LDAP search user looks like uid=nextcloudUser,cn=users,{{ ldapBaseDn }}.

Replace {{ ldapBaseDn }} with your actual LDAP base DN.

Password

Use the same value for password for the LDAP search user that you defined in Listing 3.1.

Base DN

The LDAP base DN to the Directory Service in Nubus for Kubernetes. It’s the value of the template variable ldapBaseDn.

Tip

If your Nextcloud instance runs outside your cluster, you need to make the LDAP server reachable to Nextcloud. Kubernetes provides several ways to achieve this goal, and it depends on your cluster setup. One way is to configure a Kubernetes Service of the type NodePort. You then use the DNS name of your cluster and the chosen port.

For more information about NodePort, see Service | Kubernetes.

4.2. Users tab#

Table 4.2 Configuration values on Users tab for LDAP plugin in Nextcloud#

Field

Value

LDAP Query

With the following LDAP Query, Nextcloud looks up all user accounts that the identity administrator has activated for access to Nextcloud.

(&(objectclass=univentionNextcloudUser)(univentionNextcloudEnabled=1))

4.3. Login Attributes tab#

Table 4.3 Configuration values on Login Attributes tab for LDAP plugin in Nextcloud#

Field

Value

LDAP/AD Username

Activated

LDAP Query

This query determines which LDAP attribute Nextcloud uses to match the login name. It configures it to uid. Furthermore, the query defines that the LDAP object must also match the attribute univentionNextcloudEnabled=1. It means that only user accounts activated for the use of Nextcloud are eligible to sign in.

(&(objectclass=univentionNextcloudUser)(univentionNextcloudEnabled=1)(uid=%uid))

4.4. Groups tab#

Table 4.4 Configuration values on Groups tab for LDAP plugin in Nextcloud#

Field

Value

LDAP Query

With the following LDAP Query, Nextcloud looks up all user groups that the identity administrator has activated for access to Nextcloud.

(&(objectclass=univentionNextcloudGroup)(univentionNextcloudEnabled=1))

4.5. Single sign-on#

After installing the packaged integration and configuring the LDAP plugin, Nextcloud is able to read the user accounts from Nubus for Kubernetes. The next and final step is to also configure single sign-on in Nextcloud, using Nubus for Kubernetes as the identity provider. Imagine your users signing in to the Nubus portal and then opening Nextcloud without the system asking for a username and password.

How to configure single sign-on in Nextcloud and use Nubus for Kubernetes as identity management system is beyond the scope of this document.

See also

Configure Single-Sign-On | Nextcloud Enterprise

for thorough information about how to configure single sign-on with SAML in Nextcloud.

On this page