Enabled password hashing for LDAP and Keycloak

playbook.servers.yml

@@ -253,11 +253,4 @@
   roles:
    -  role: nginx-redirect-www
 
-# Helper Roles for partial deployment
-- name: Copy global css 
-  hosts: nginx-modifier-css
-  become: true
-  roles:
-   -  role: nginx-modifier-css
-
 - import_playbook: playbook.destructor.yml

roles/docker-keycloak/templates/import/realm.json.j2

@@ -2044,7 +2044,7 @@
             "always"
           ],
           "usePasswordModifyExtendedOp": [
-            "false"
+            "true"
           ],
           "trustEmail": [
             "false"

roles/docker-ldap/templates/ldif/configuration/04_hashed_password.ldif.j2

@@ -0,0 +1,6 @@
+# Activates Password hashing in ldap
+
+dn: cn=config
+changetype: modify
+replace: olcPasswordHash
+olcPasswordHash: {SSHA}

roles/docker-nextcloud/README.md

@@ -99,6 +99,11 @@ docker-compose exec -it -u www-data application /var/www/html/occ
 docker compose exec -it -u www-data application php occ user:list
 ```
 
+#### Sync Users
+```bash
+docker compose exec -it -u www-data application php occ user:sync
+```
+
 #### Create user via CLI
 ```bash
 docker compose exec -it -u www-data application php occ user:add {{username}}
@@ -161,6 +166,12 @@ More information: https://docs.nextcloud.com/server/latest/admin_manual/configur
 SELECT * FROM `oc_appconfig` WHERE appid LIKE "%ldap%" and configkey != "s01ldap_agent_password";
 ```
 
+## Update User with LDAP values
+
+```bash
+docker compose exec -it -u www-data application php occ ldap:check-user --update {{username}}
+```
+
 ## Federation
 
 If users are just created via Keycloak and not via LDAP, they have a different username. Due to this reaso concider to use LDAP to guaranty that the username is valid.