leviathonbeast/lldap
1
0
Fork 0
mirror of https://github.com/lldap/lldap.git synced 2026-03-31 15:07:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

example_configs: fix overly-permissive next loud config

Browse Source 
Any LLDAP user, not just members of nextcloud-users, could log in and get an instance. However, they weren't synchronized to the nextcloud admin view and thus were nearly invisible.
This commit is contained in:
Josh Thorpe
2025-05-30 16:23:07 +08:00
committed by GitHub
parent 1b5f6bfa66
commit 612bce48ad
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
example_configs/nextcloud.md
+2 -2
View File
@@ -45,7 +45,7 @@ occ ldap:set-config s01 ldapBase "dc=example,dc=com"
occ ldap:set-config s01 ldapBaseUsers "dc=example,dc=com"
occ ldap:set-config s01 ldapBaseGroups "dc=example,dc=com"
occ ldap:set-config s01 ldapConfigurationActive 1
occ ldap:set-config s01 ldapLoginFilter "(&(objectclass=person)(uid=%uid))"
occ ldap:set-config s01 ldapLoginFilter "(&(&(objectclass=person)(memberOf=cn=nextcloud_users,ou=groups,dc=example,dc=com))(uid=%uid))"
# EDIT: nextcloud_users group, contains the users who can login to Nextcloud
occ ldap:set-config s01 ldapUserFilter "(&(objectclass=person)(memberOf=cn=nextcloud_users,ou=groups,dc=example,dc=com))"
occ ldap:set-config s01 ldapUserFilterMode 0
@@ -105,7 +105,7 @@ You can check with `Verify settings and count users` that your filter is working
### Login attributes
Select `Edit LDAP Query` and enter :
```
(&(objectclass=person)(uid=%uid))
(&(&(objectclass=person)(memberOf=cn=nextcloud_users,ou=groups,dc=example,dc=com))(uid=%uid))
```
![login attributes page](images/nextcloud_login_attributes.png)