From f86568fb85908123fd75997a594b56e0309c223a Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sat, 21 Jun 2025 12:36:07 +0200 Subject: [PATCH] Added link how to sync ldap --- roles/docker-nextcloud/LDAP.md | 49 ++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 roles/docker-nextcloud/LDAP.md diff --git a/roles/docker-nextcloud/LDAP.md b/roles/docker-nextcloud/LDAP.md new file mode 100644 index 00000000..72728298 --- /dev/null +++ b/roles/docker-nextcloud/LDAP.md @@ -0,0 +1,49 @@ +Natürlich, hier ist der aktualisierte Abschnitt inklusive des allgemeinen LDAP-Synchronisationsbefehls: + +--- + +## Add LDAP Users Manually for Immediate Sharing + +In a default Nextcloud + LDAP setup, user accounts are only created in the internal Nextcloud database **after their first login**. This means that even if a user exists in LDAP, they **cannot receive shared files or folders** until they have logged in at least once—or are manually synchronized. + +To make LDAP users available for sharing **without requiring initial login**, follow these steps: + +### 1. Search for the User in LDAP + +Check if the user exists in the configured LDAP directory: + +```bash +docker exec -u www-data nextcloud-application php occ ldap:search +``` + +If the user is found, proceed to the next step. + +### 2. Create the User in Nextcloud from LDAP + +Manually trigger a sync to register the user in the Nextcloud database: + +```bash +docker exec -u www-data nextcloud-application php occ ldap:check-user --update +``` + +**Example:** + +```bash +docker exec -u www-data nextcloud-application php occ ldap:check-user --update viktoriakaffanke +``` + +Once executed, the user becomes fully available in the system—for sharing, group membership, and permissions—even without logging in. + +### 3. Synchronize All Known Users (Optional) + +To synchronize account data (display name, mail address, group memberships, etc.) for **all users** currently known to Nextcloud: + +```bash +docker exec -u www-data nextcloud-application php occ user:sync-account-data +``` + +This step is especially useful after modifying LDAP attributes or group memberships, ensuring up-to-date data in the Nextcloud UI and permission system. + +--- + +Let me know if you'd like a similar section for OIDC or automated sync in Ansible.