[How-To] Add LDAP/AD Authentication to Nextcloud

Purpose

This will show you how to add LDAP/AD auth to the nextcloud server. 

Prerequisites

List of prerequisites:

• Root user or sudo user
• Nextcloud Server

LDAP Implementation

Step 1: Update and Install Modules

Run this line to update your server CLI side:

sudo apt update

Now run this command to install the php-ldap module:

sudo apt install php-ldap -y

Next, reload Apache so that the updated library can be exposed to Nextcloud:

sudo systemctl reload apache2

Now you have the needed mods and can move on to GUI steps.

Step 2: Add the LDAP App in the GUI

First, browse to your Nextcloud Instance in web UI. Log in and go to administrative settings in the top right corner. Then, browse to disabled apps. Look for "LDAP user and group backend" and enable it. 

Step 3: Configure the LDAP App

After you enable the app, in the admin tab, you'll see "LDAP/AD Integration", select it. There are 4 tabs to configure:

1. The first tab is the Server tab. It will set up what LDAP/AD servers you are pointing to. Use the IP address or the DNS name for each DC, and add them as separate servers with the plus button. Once they are added, add an account dedicated to servicing user lookups for this app and its password. Then finally, add a Base DN for user lookup. 
2. The second tab is for user configuration. Everything here can be left default.
3. The third tab is for configuring Login Attributes. The only thing to change here is to to check the email box and the username to allow users to sign in with either option. 
4. The fourth tab is to configure security groups for nextcloud users. Use the drop-down to select the group and hit save. Make sure the configuration shows as OK and green status.