khanh.pndc/nextcloud-docs
1
0
Fork 0
mirror of https://github.com/nextcloud/documentation.git synced 2026-01-03 02:09:45 +07:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #254 from nextcloud/remove-trailing-whitespaces

Browse Source 
Remove trailing whitespaces in user_auth_ldap.rst
This commit is contained in:
Joas Schilling
2016-12-07 21:07:16 +01:00
committed by GitHub
parent 52c02a5ab5 84aa7807bd
commit 989b49e631
1 changed files with 158 additions and 158 deletions
Download Patch File Download Diff File Expand all files Collapse all files

316
admin_manual/configuration_user/user_auth_ldap.rst
View File

@@ -2,15 +2,15 @@
User Authentication with LDAP
=============================
Nextcloud ships with an LDAP application to allow LDAP users (including Active
Directory) to appear in your Nextcloud user listings. These users will
authenticate to Nextcloud with their LDAP credentials, so you don't have to
create separate Nextcloud user accounts for them. You will manage their Nextcloud
group memberships, quotas, and sharing permissions just like any other Nextcloud
Nextcloud ships with an LDAP application to allow LDAP users (including Active
Directory) to appear in your Nextcloud user listings. These users will
authenticate to Nextcloud with their LDAP credentials, so you don't have to
create separate Nextcloud user accounts for them. You will manage their Nextcloud
group memberships, quotas, and sharing permissions just like any other Nextcloud
user.
.. note:: The PHP LDAP module is required; this is supplied by ``php5-ldap`` on
Debian/Ubuntu, and ``php-ldap`` on CentOS/Red Hat/Fedora. PHP 5.4+ is
.. note:: The PHP LDAP module is required; this is supplied by ``php5-ldap`` on
Debian/Ubuntu, and ``php-ldap`` on CentOS/Red Hat/Fedora. PHP 5.4+ is
required in Nextcloud.
The LDAP application supports:
@@ -19,15 +19,15 @@ The LDAP application supports:
* File sharing with Nextcloud users and groups
* Access via WebDAV and Nextcloud Desktop Client
* Versioning, external Storage and all other Nextcloud features
* Seamless connectivity to Active Directory, with no extra configuration
* Seamless connectivity to Active Directory, with no extra configuration
required
* Support for primary groups in Active Directory
* Auto-detection of LDAP attributes such as base DN, email, and the LDAP server
* Auto-detection of LDAP attributes such as base DN, email, and the LDAP server
port number
* Only read access to your LDAP (edit or delete of users on your LDAP is not
* Only read access to your LDAP (edit or delete of users on your LDAP is not
supported)
.. warning:: The LDAP app is not compatible with the ``User backend using remote
.. warning:: The LDAP app is not compatible with the ``User backend using remote
HTTP servers`` app. You cannot use both of them at the same time.
.. note:: A non-blocking or correctly configured SELinux setup is needed
@@ -36,34 +36,34 @@ The LDAP application supports:
Configuration
-------------
First enable the ``LDAP user and group backend`` app on the Apps page in
First enable the ``LDAP user and group backend`` app on the Apps page in
Nextcloud. Then go to your Admin page to configure it.
The LDAP configuration panel has four tabs. A correctly completed first tab
("Server") is mandatory to access the other tabs. A green indicator lights when
the configuration is correct. Hover your cursor over the fields to see some
pop-up tooltips.
The LDAP configuration panel has four tabs. A correctly completed first tab
("Server") is mandatory to access the other tabs. A green indicator lights when
the configuration is correct. Hover your cursor over the fields to see some
pop-up tooltips.
Server Tab
^^^^^^^^^^
Start with the Server tab. You may configure multiple servers if you have them.
At a minimum you must supply the LDAP server's hostname. If your server requires
authentication, enter your credentials on this tab. Nextcloud will then attempt
to auto-detect the server's port and base DN. The base DN and port are
Start with the Server tab. You may configure multiple servers if you have them.
At a minimum you must supply the LDAP server's hostname. If your server requires
authentication, enter your credentials on this tab. Nextcloud will then attempt
to auto-detect the server's port and base DN. The base DN and port are
mandatory, so if Nextcloud cannot detect them you must enter them manually.
.. figure:: ../images/ldap-wizard-1-server.png
:alt: LDAP wizard, server tab
Server configuration:
Configure one or more LDAP servers. Click the **Delete Configuration**
Configure one or more LDAP servers. Click the **Delete Configuration**
button to remove the active configuration.
Host:
The host name or IP address of the LDAP server. It can also be a **ldaps://**
The host name or IP address of the LDAP server. It can also be a **ldaps://**
URI. If you enter the port number, it speeds up server detection.
Examples:
* *directory.my-company.com*
@@ -72,9 +72,9 @@ Host:
Port:
The port on which to connect to the LDAP server. The field is disabled in the
beginning of a new configuration. If the LDAP server is running on a standard
port, the port will be detected automatically. If you are using a
non-standard port, Nextcloud will attempt to detect it. If this fails you must
beginning of a new configuration. If the LDAP server is running on a standard
port, the port will be detected automatically. If you are using a
non-standard port, Nextcloud will attempt to detect it. If this fails you must
enter the port number manually.
Example:
@@ -82,8 +82,8 @@ Port:
* *389*
User DN:
The name as DN of a user who has permissions to do searches in the LDAP
directory. Leave it empty for anonymous access. We recommend that you have a
The name as DN of a user who has permissions to do searches in the LDAP
directory. Leave it empty for anonymous access. We recommend that you have a
special LDAP system user for this.
Example:
@@ -94,10 +94,10 @@ Password:
The password for the user given above. Empty for anonymous access.
Base DN:
The base DN of LDAP, from where all users and groups can be reached. You may
enter multiple base DNs, one per line. (Base DNs for users and groups can be
set in the Advanced tab.) This field is mandatory. Nextcloud attempts to
determine the Base DN according to the provided User DN or the provided
The base DN of LDAP, from where all users and groups can be reached. You may
enter multiple base DNs, one per line. (Base DNs for users and groups can be
set in the Advanced tab.) This field is mandatory. Nextcloud attempts to
determine the Base DN according to the provided User DN or the provided
Host, and you must enter it manually if Nextcloud does not detect it.
Example:
@@ -107,10 +107,10 @@ Base DN:
Users Tab
^^^^^^^^^
Use this to control which LDAP users are listed as Nextcloud users on your
Nextcloud server. In order to control which LDAP users can login to your Nextcloud
server use the **Login Attributes** tab. Those LDAP users who have access but are not listed
as users (if there are any) will be hidden users. You may bypass the form fields
Use this to control which LDAP users are listed as Nextcloud users on your
Nextcloud server. In order to control which LDAP users can login to your Nextcloud
server use the **Login Attributes** tab. Those LDAP users who have access but are not listed
as users (if there are any) will be hidden users. You may bypass the form fields
and enter a raw LDAP filter if you prefer.
.. figure:: ../images/ldap-wizard-2-user.png
@@ -118,12 +118,12 @@ and enter a raw LDAP filter if you prefer.
Only those object classes:
Nextcloud will determine the object classes that are typically available for
user objects in your LDAP. Nextcloud will automatically select the object
class that returns the highest amount of users. You may select multiple
user objects in your LDAP. Nextcloud will automatically select the object
class that returns the highest amount of users. You may select multiple
object classes.
Only from those groups:
If your LDAP server supports the ``member-of-overlay`` in LDAP filters, you
If your LDAP server supports the ``member-of-overlay`` in LDAP filters, you
can define that only users from one or more certain groups are allowed to
appear in user listings in Nextcloud. By default, no value will be selected.
You may select multiple groups.
@@ -132,7 +132,7 @@ Only from those groups:
the input field is disabled. Please contact your LDAP administrator.
Edit LDAP Query:
Clicking on this text toggles the filter mode and you can enter the raw LDAP
Clicking on this text toggles the filter mode and you can enter the raw LDAP
filter directly. Example::
(&(objectClass=inetOrgPerson)(memberOf=cn=nextcloudusers,ou=groups,
@@ -145,13 +145,13 @@ x users found:
Login Attributes Tab
^^^^^^^^^^^^^^^^^^^^
The settings in the Login Attributes tab determine which LDAP users can log in to
your Nextcloud system and which attribute or attributes the provided login name
is matched against (e.g. LDAP/AD username, email address). You may select
multiple user details. (You may bypass the form fields and enter a raw LDAP
The settings in the Login Attributes tab determine which LDAP users can log in to
your Nextcloud system and which attribute or attributes the provided login name
is matched against (e.g. LDAP/AD username, email address). You may select
multiple user details. (You may bypass the form fields and enter a raw LDAP
filter if you prefer.)
You may override your User Filter settings on the Users tab by using a raw
You may override your User Filter settings on the Users tab by using a raw
LDAP filter.
.. figure:: ../images/ldap-wizard-3-login.png
@@ -160,42 +160,42 @@ LDAP filter.
LDAP Username:
If this value is checked, the login value will be compared to the username in
the LDAP directory. The corresponding attribute, usually *uid* or
*samaccountname* will be detected automatically by Nextcloud.
*samaccountname* will be detected automatically by Nextcloud.
LDAP Email Address:
If this value is checked, the login value will be compared to an email address
in the LDAP directory; specifically, the *mailPrimaryAddress* and *mail*
attributes.
in the LDAP directory; specifically, the *mailPrimaryAddress* and *mail*
attributes.
Other Attributes:
This multi-select box allows you to select other attributes for the
comparison. The list is generated automatically from the user object
attributes in your LDAP server.
This multi-select box allows you to select other attributes for the
comparison. The list is generated automatically from the user object
attributes in your LDAP server.
Edit LDAP Query:
Clicking on this text toggles the filter mode and you can enter the raw LDAP
filter directly.
Clicking on this text toggles the filter mode and you can enter the raw LDAP
filter directly.
The **%uid** placeholder is replaced with the login name entered by the
The **%uid** placeholder is replaced with the login name entered by the
user upon login.
Examples:
* only username::
* only username::
(&(objectClass=inetOrgPerson)(memberOf=cn=nextcloudusers,ou=groups,
dc=example,dc=com)(uid=%uid)
* username or email address::
((&(objectClass=inetOrgPerson)(memberOf=cn=nextcloudusers,ou=groups,
dc=example,dc=com)(|(uid=%uid)(mail=%uid)))
Groups Tab
^^^^^^^^^^
By default, no LDAP groups will be available in Nextcloud. The settings in the
Groups tab determine which groups will be available in Nextcloud. You may
By default, no LDAP groups will be available in Nextcloud. The settings in the
Groups tab determine which groups will be available in Nextcloud. You may
also elect to enter a raw LDAP filter instead.
.. figure:: ../images/ldap-wizard-4-group.png
@@ -205,16 +205,16 @@ Only these object classes:
Nextcloud will determine the object classes that are typically available for
group objects in your LDAP server. Nextcloud will only list object
classes that return at least one group object. You can select multiple
object classes. A typical object class is "group", or "posixGroup".
object classes. A typical object class is "group", or "posixGroup".
Only from these groups:
Nextcloud will generate a list of available groups found in your LDAP server.
Then you select the group or groups that get access to your Nextcloud
server.
Nextcloud will generate a list of available groups found in your LDAP server.
Then you select the group or groups that get access to your Nextcloud
server.
Edit LDAP Query:
Clicking on this text toggles the filter mode and you can enter the raw LDAP
filter directly.
Clicking on this text toggles the filter mode and you can enter the raw LDAP
filter directly.
Example:
@@ -222,16 +222,16 @@ Edit LDAP Query:
* *objectClass=posixGroup*
y groups found:
This tells you approximately how many groups will be available in Nextcloud.
This tells you approximately how many groups will be available in Nextcloud.
The number updates automatically after any change.
Advanced Settings
-----------------
The LDAP Advanced Setting section contains options that are not needed for a
working connection. This provides controls to disable the current
configuration,
The LDAP Advanced Setting section contains options that are not needed for a
working connection. This provides controls to disable the current
configuration,
configure replica hosts, and various performance-enhancing options.
The Advanced Settings are structured into three parts:
@@ -247,15 +247,15 @@ Connection Settings
:alt: Advanced settings
Configuration Active:
Enables or Disables the current configuration. By default, it is turned off.
When Nextcloud makes a successful test connection it is automatically turned
on.
Enables or Disables the current configuration. By default, it is turned off.
When Nextcloud makes a successful test connection it is automatically turned
on.
Backup (Replica) Host:
If you have a backup LDAP server, enter the connection settings here.
Nextcloud will then automatically connect to the backup when the main server
cannot be reached. The backup server must be a replica of the main server so
that the object UUIDs match.
If you have a backup LDAP server, enter the connection settings here.
Nextcloud will then automatically connect to the backup when the main server
cannot be reached. The backup server must be a replica of the main server so
that the object UUIDs match.
Example:
@@ -263,7 +263,7 @@ Backup (Replica) Host:
Backup (Replica) Port:
The connection port of the backup LDAP server. If no port is given,
but only a host, then the main port (as specified above) will be used.
but only a host, then the main port (as specified above) will be used.
Example:
@@ -271,27 +271,27 @@ Backup (Replica) Port:
Disable Main Server:
You can manually override the main server and make Nextcloud only connect to
the backup server. This is useful for planned downtimes.
the backup server. This is useful for planned downtimes.
Turn off SSL certificate validation:
Turns off SSL certificate checking. Use it for testing only!
Turns off SSL certificate checking. Use it for testing only!
Cache Time-To-Live:
A cache is introduced to avoid unnecessary LDAP traffic, for example caching
usernames so they don't have to be looked up for every page, and speeding up
loading of the Users page. Saving the configuration empties the cache. The
time is given in seconds.
A cache is introduced to avoid unnecessary LDAP traffic, for example caching
usernames so they don't have to be looked up for every page, and speeding up
loading of the Users page. Saving the configuration empties the cache. The
time is given in seconds.
Note that almost every PHP request requires a new connection to the LDAP
server. If you require fresh PHP requests we recommend defining a minimum
Note that almost every PHP request requires a new connection to the LDAP
server. If you require fresh PHP requests we recommend defining a minimum
lifetime of 15s or so, rather than completely eliminating the cache.
Examples:
* ten minutes: *600*
* one hour: *3600*
See the Caching section below for detailed information on how the cache
See the Caching section below for detailed information on how the cache
operates.
.. _ldap_directory_settings:
@@ -306,15 +306,15 @@ User Display Name Field:
The attribute that should be used as display name in Nextcloud.
* Example: *displayName*
2nd User Display Name Field:
An optional second attribute displayed in brackets after the display name,
for example using the ``mail`` attribute displays as ``Molly Foo
(molly@example.com)``.
2nd User Display Name Field:
An optional second attribute displayed in brackets after the display name,
for example using the ``mail`` attribute displays as ``Molly Foo
(molly@example.com)``.
Base User Tree:
The base DN of LDAP, from where all users can be reached. This must be a
complete DN, regardless of what you have entered for your Base DN in the
The base DN of LDAP, from where all users can be reached. This must be a
complete DN, regardless of what you have entered for your Base DN in the
Basic setting. You can specify multiple base trees, one on each line.
* Example:
@@ -323,13 +323,13 @@ Base User Tree:
| *cn=designers,dc=my-company,dc=com*
User Search Attributes:
These attributes are used when searches for users are performed, for example
in the share dialogue. The user display name attribute is the
These attributes are used when searches for users are performed, for example
in the share dialogue. The user display name attribute is the
default. You may list multiple attributes, one per line.
If an attribute is not available on a user object, the user will not be
listed, and will be unable to login. This also affects the display name
attribute. If you override the default you must specify the display name
If an attribute is not available on a user object, the user will not be
listed, and will be unable to login. This also affects the display name
attribute. If you override the default you must specify the display name
attribute here.
* Example:
@@ -339,14 +339,14 @@ User Search Attributes:
Group Display Name Field:
The attribute that should be used as Nextcloud group name. Nextcloud allows a
limited set of characters (a-zA-Z0-9.-_@). Once a group name is assigned it
limited set of characters (a-zA-Z0-9.-_@). Once a group name is assigned it
cannot be changed.
* Example: *cn*
Base Group Tree:
The base DN of LDAP, from where all groups can be reached. This must be a
complete DN, regardless of what you have entered for your Base DN in the
The base DN of LDAP, from where all groups can be reached. This must be a
complete DN, regardless of what you have entered for your Base DN in the
Basic setting. You can specify multiple base trees, one in each line.
* Example:
@@ -355,8 +355,8 @@ Base Group Tree:
| *cn=madrid,dc=my-company,dc=com*
Group Search Attributes:
These attributes are used when a search for groups is done, for example in
the share dialogue. By default the group display name attribute as specified
These attributes are used when a search for groups is done, for example in
the share dialogue. By default the group display name attribute as specified
above is used. Multiple attributes can be given, one in each line.
If you override the default, the group display name attribute will not be
@@ -384,28 +384,28 @@ Special Attributes
Quota Field:
Nextcloud can read an LDAP attribute and set the user quota according to its
value. Specify the attribute here, and it will return human-readable values,
e.g. "2 GB". Any quota set in LDAP overrides quotas set on the Nextcloud user
value. Specify the attribute here, and it will return human-readable values,
e.g. "2 GB". Any quota set in LDAP overrides quotas set on the Nextcloud user
management page.
* Example: *NextcloudQuota*
Quota Default:
Override Nextcloud default quota for LDAP users who do not have a quota set in
Override Nextcloud default quota for LDAP users who do not have a quota set in
the Quota Field.
* Example: *15 GB*
Email Field:
Set the user's email from their LDAP attribute. Leave it empty for default
Set the user's email from their LDAP attribute. Leave it empty for default
behavior.
* Example: *mail*
User Home Folder Naming Rule:
By default, the Nextcloud server creates the user directory in your Nextcloud
By default, the Nextcloud server creates the user directory in your Nextcloud
data directory and gives it the Nextcloud username, .e.g ``/var/www/nextcloud/data/alice``. You may want to override this setting and name it after an LDAP
attribute value. The attribute can also return an absolute path, e.g.
attribute value. The attribute can also return an absolute path, e.g.
``/mnt/storage43/alice``. Leave it empty for default behavior.
* Example: *cn*
@@ -414,8 +414,8 @@ In new Nextcloud installations the home folder rule is enforced. This means that
In migrated Nextcloud installations the old behavior still applies, which is using the Nextcloud username as the home folder when an LDAP attribute is not set. You may change this enforcing the home folder rule with the ``occ`` command in Nextcloud, like this example on Ubuntu::
sudo -u www-data php occ config:app:set user_ldap enforce_home_folder_naming_rule --value=1
sudo -u www-data php occ config:app:set user_ldap enforce_home_folder_naming_rule --value=1
Expert Settings
---------------
@@ -427,9 +427,9 @@ configuration should be well-tested before starting production use.
Internal Username:
The internal username is the identifier in Nextcloud for LDAP users. By default
it will be created from the UUID attribute. The UUID attribute ensures that
the username is unique, and that characters do not need to be converted. Only
these characters are allowed: [\a-\zA-\Z0-\9_.@-]. Other characters are
it will be created from the UUID attribute. The UUID attribute ensures that
the username is unique, and that characters do not need to be converted. Only
these characters are allowed: [\a-\zA-\Z0-\9_.@-]. Other characters are
replaced with their ASCII equivalents, or are simply omitted.
The LDAP backend ensures that there are no duplicate internal usernames in
@@ -438,26 +438,26 @@ Internal Username:
and 9999) will be attached to the retrieved value. For example, if "alice"
exists, the next username may be "alice_1337".
The internal username is the default name for the user home folder in
Nextcloud. It is also a part of remote URLs, for instance for all \*DAV
The internal username is the default name for the user home folder in
Nextcloud. It is also a part of remote URLs, for instance for all \*DAV
services.
You can override all of this with the Internal Username setting. Leave it
You can override all of this with the Internal Username setting. Leave it
empty for default behaviour. Changes will affect only newly mapped LDAP users.
* Example: *uid*
Override UUID detection
By default, Nextcloud auto-detects the UUID attribute. The UUID attribute is
used to uniquely identify LDAP users and groups. The internal username will
used to uniquely identify LDAP users and groups. The internal username will
be created based on the UUID, if not specified otherwise.
You can override the setting and pass an attribute of your choice. You must
make sure that the attribute of your choice can be fetched for both users and
groups and it is unique. Leave it empty for default behaviour. Changes will
have effect only on newly mapped LDAP users and groups. It also will
have effect when a user's or group's DN changes and an old UUID was cached,
which will result in a new user. Because of this, the setting should be
have effect when a user's or group's DN changes and an old UUID was cached,
which will result in a new user. Because of this, the setting should be
applied before putting Nextcloud in production use and clearing the bindings
(see the ``User and Group Mapping`` section below).
@@ -475,7 +475,7 @@ Username-LDAP User Mapping
The same is valid for groups.
The internal Nextcloud name is used all over in Nextcloud. Clearing the Mappings
will have leftovers everywhere. Never clear the mappings in a production
will have leftovers everywhere. Never clear the mappings in a production
environment, but only in a testing or experimental server.
.. warning:: Clearing the Mappings is not configuration sensitive, it affects all LDAP
@@ -484,38 +484,38 @@ Username-LDAP User Mapping
Testing the configuration
-------------------------
The **Test Configuration** button checks the values as currently given in the
input fields. You do not need to save before testing. By clicking on the
The **Test Configuration** button checks the values as currently given in the
input fields. You do not need to save before testing. By clicking on the
button, Nextcloud will try to bind to the Nextcloud server using the
settings currently given in the input fields. If the binding fails you'll see a
yellow banner with the error message "The configuration is invalid. Please have
a look at the logs for further details."
settings currently given in the input fields. If the binding fails you'll see a
yellow banner with the error message "The configuration is invalid. Please have
a look at the logs for further details."
When the configuration test reports success, save your settings and check if the
When the configuration test reports success, save your settings and check if the
users and groups are fetched correctly on the Users page.
Nextcloud Avatar integration
----------------------------
Nextcloud supports user profile pictures, which are also called avatars. If a user
has a photo stored in the *jpegPhoto* or *thumbnailPhoto* attribute on your LDAP
server, it will be used as their avatar. In this case the user cannot alter their
avatar (on their Personal page) as it must be changed in LDAP. *jpegPhoto* is
Nextcloud supports user profile pictures, which are also called avatars. If a user
has a photo stored in the *jpegPhoto* or *thumbnailPhoto* attribute on your LDAP
server, it will be used as their avatar. In this case the user cannot alter their
avatar (on their Personal page) as it must be changed in LDAP. *jpegPhoto* is
preferred over *thumbnailPhoto*.
.. figure:: ../images/ldap-fetched-avatar.png
:alt: Profile picture fetched from LDAP.
If the *jpegPhoto* or *thumbnailPhoto* attribute is not set or empty, then
users can upload and manage their avatars on their Nextcloud Personal pages.
If the *jpegPhoto* or *thumbnailPhoto* attribute is not set or empty, then
users can upload and manage their avatars on their Nextcloud Personal pages.
Avatars managed in Nextcloud are not stored in LDAP.
The *jpegPhoto* or *thumbnailPhoto* attribute is fetched once a day to make
sure the current photo from LDAP is used in Nextcloud. LDAP avatars override
Nextcloud avatars, and when an LDAP avatar is deleted then the most recent
sure the current photo from LDAP is used in Nextcloud. LDAP avatars override
Nextcloud avatars, and when an LDAP avatar is deleted then the most recent
Nextcloud avatar replaces it.
Photos served from LDAP are automatically cropped and resized in Nextcloud. This
Photos served from LDAP are automatically cropped and resized in Nextcloud. This
affects only the presentation, and the original image is not changed.
Troubleshooting, Tips and Tricks
@@ -530,7 +530,7 @@ If you have trouble with certificate validation make sure that
* You have the certificate of the server installed on the Nextcloud server
* The certificate is announced in the system's LDAP configuration file (usually
*/etc/ldap/ldap.conf*)
.. commenting out windows section as windows server is not supported
.. commenting out windows section as windows server is not supported
.. *C:\\openldap\\sysconf\\ldap.conf* or
.. *C:\\ldap.conf* on Windows) using a **TLS_CACERT /path/to/cert** line.
* Using LDAPS, also make sure that the port is correctly configured (by default
@@ -612,43 +612,43 @@ Caching
^^^^^^^
The LDAP information is cached in Nextcloud memory cache, and you must install
and configure the memory cache (see
and configure the memory cache (see
:doc:`../configuration_server/caching_configuration`). The Nextcloud **Cache**
helps to speed up user interactions and sharing. It is populated on demand,
and remains populated until the **Cache Time-To-Live** for each unique request
expires. User logins are not cached, so if you need to improve login times set
up a slave LDAP server to share the load.
You can adjust the **Cache Time-To-Live** value to balance performance and
freshness of LDAP data. All LDAP requests will be cached for 10 minutes by
default, and you can alter this with the **Cache Time-To-Live** setting. The
cache answers each request that is identical to a previous request, within the
You can adjust the **Cache Time-To-Live** value to balance performance and
freshness of LDAP data. All LDAP requests will be cached for 10 minutes by
default, and you can alter this with the **Cache Time-To-Live** setting. The
cache answers each request that is identical to a previous request, within the
time-to-live of the original request, rather than hitting the LDAP server.
The **Cache Time-To-Live** is related to each single request. After a cache
entry expires there is no automatic trigger for re-populating the information,
as the cache is populated only by new requests, for example by opening the
The **Cache Time-To-Live** is related to each single request. After a cache
entry expires there is no automatic trigger for re-populating the information,
as the cache is populated only by new requests, for example by opening the
User administration page, or searching in a sharing dialog.
There is one trigger which is automatically triggered by a certain background
There is one trigger which is automatically triggered by a certain background
job which keeps the ``user-group-mappings`` up-to-date, and always in cache.
Under normal circumstances, all users are never loaded at the same time.
Typically the loading of users happens while page results are generated, in
steps of 30 until the limit is reached or no results are left. For this to
work on an oC-Server and LDAP-Server, **Paged Results** must be supported,
Under normal circumstances, all users are never loaded at the same time.
Typically the loading of users happens while page results are generated, in
steps of 30 until the limit is reached or no results are left. For this to
work on an oC-Server and LDAP-Server, **Paged Results** must be supported,
which presumes PHP >= 5.4.
Nextcloud remembers which user belongs to which LDAP-configuration. That means
each request will always be directed to the right server unless a user is
defunct, for example due to a server migration or unreachable server. In this
Nextcloud remembers which user belongs to which LDAP-configuration. That means
each request will always be directed to the right server unless a user is
defunct, for example due to a server migration or unreachable server. In this
case the other servers will also receive the request.
Handling with Backup Server
^^^^^^^^^^^^^^^^^^^^^^^^^^^
When Nextcloud is not able to contact the main LDAP server, Nextcloud assumes it
is offline and will not try to connect again for the time specified in **Cache
Time-To-Live**. If you have a backup server configured Nextcloud will connect to
it instead. When you have scheduled downtime, check **Disable Main Server** to
When Nextcloud is not able to contact the main LDAP server, Nextcloud assumes it
is offline and will not try to connect again for the time specified in **Cache
Time-To-Live**. If you have a backup server configured Nextcloud will connect to
it instead. When you have scheduled downtime, check **Disable Main Server** to
avoid unnecessary connection attempts.