mirror of
https://github.com/nextcloud/documentation.git
synced 2026-01-04 10:46:21 +07:00
Roeland Jago Douma
committed by
GitHub
GitHub
parent
ecb873ec8c
commit
eb82b93a46
@@ -9,8 +9,8 @@ of the Nextcloud Server component but provided by featured and 3rd-party Nextclo
|
||||
|
||||
|
||||
Several 2FA apps are already available including
|
||||
`TOTP <https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm>`_,
|
||||
a Telegram/Signal/SMS gateway and `U2F <https://en.wikipedia.org/wiki/Universal_2nd_Factor>`_.
|
||||
`TOTP <https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm>`_,
|
||||
a Telegram/Signal/SMS gateway and `U2F <https://en.wikipedia.org/wiki/Universal_2nd_Factor>`_.
|
||||
|
||||
|
||||
Developers can `build new two-factor provider apps <https://docs.nextcloud.com/server/latest/developer_manual/app/two-factor-provider.html>`_.
|
||||
@@ -25,8 +25,7 @@ with Google Authenticator and compatible apps. The apps are available in the
|
||||
Nextcloud App store so by navigating there and clicking **enable** for the app
|
||||
you want, 2FA will be installed and enabled on your Nextcloud server.
|
||||
|
||||
.. image:: ../images/2fa-app-install.png
|
||||
:alt:
|
||||
.. figure:: ../images/2fa-app-install.png
|
||||
|
||||
Once 2FA has been enabled, users have to `activate it in their personal settings. <https://docs.nextcloud.com/server/latest/user_manual/en/user_2fa.html>`_
|
||||
|
||||
@@ -46,8 +45,7 @@ also be excluded for certain groups.
|
||||
|
||||
These settings can be found in the administrator's security settings.
|
||||
|
||||
.. image:: ../images/2fa-admin-settings.png
|
||||
:alt:
|
||||
.. figure:: ../images/2fa-admin-settings.png
|
||||
|
||||
When groups are selected/excluded, they use the following logic to determine if
|
||||
a user has 2FA enforced:
|
||||
|
||||
@@ -53,8 +53,8 @@ authentication, enter your credentials on this tab. Nextcloud will then attempt
|
||||
to auto-detect the server's port and base DN. The base DN and port are
|
||||
mandatory, so if Nextcloud cannot detect them you must enter them manually.
|
||||
|
||||
.. image:: ../images/ldap-wizard-1-server.png
|
||||
:alt:
|
||||
.. figure:: ../images/ldap-wizard-1-server.png
|
||||
:alt: LDAP wizard, server tab
|
||||
|
||||
Server configuration:
|
||||
Configure one or more LDAP servers. Click the **Delete Configuration**
|
||||
@@ -113,8 +113,8 @@ server use the **Login Attributes** tab. Those LDAP users who have access but ar
|
||||
as users (if there are any) will be hidden users. You may bypass the form fields
|
||||
and enter a raw LDAP filter if you prefer.
|
||||
|
||||
.. image:: ../images/ldap-wizard-2-user.png
|
||||
:alt:
|
||||
.. figure:: ../images/ldap-wizard-2-user.png
|
||||
:alt: User filter
|
||||
|
||||
Only those object classes:
|
||||
Nextcloud will determine the object classes that are typically available for
|
||||
@@ -154,8 +154,8 @@ filter if you prefer.)
|
||||
You may override your User Filter settings on the Users tab by using a raw
|
||||
LDAP filter.
|
||||
|
||||
.. image:: ../images/ldap-wizard-3-login.png
|
||||
:alt:
|
||||
.. figure:: ../images/ldap-wizard-3-login.png
|
||||
:alt: Login filter
|
||||
|
||||
LDAP Username:
|
||||
If this value is checked, the login value will be compared to the username in
|
||||
@@ -198,8 +198,8 @@ By default, no LDAP groups will be available in Nextcloud. The settings in the
|
||||
Groups tab determine which groups will be available in Nextcloud. You may
|
||||
also elect to enter a raw LDAP filter instead.
|
||||
|
||||
.. image:: ../images/ldap-wizard-4-group.png
|
||||
:alt:
|
||||
.. figure:: ../images/ldap-wizard-4-group.png
|
||||
:alt: Group filter
|
||||
|
||||
Only these object classes:
|
||||
Nextcloud will determine the object classes that are typically available for
|
||||
@@ -244,8 +244,8 @@ The Advanced Settings are structured into three parts:
|
||||
Connection settings
|
||||
^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
.. image:: ../images/ldap-advanced-1-connection.png
|
||||
:alt:
|
||||
.. figure:: ../images/ldap-advanced-1-connection.png
|
||||
:alt: Advanced settings
|
||||
|
||||
Configuration Active:
|
||||
Enables or Disables the current configuration. By default, it is turned off.
|
||||
@@ -309,8 +309,8 @@ operates.
|
||||
Directory settings
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
.. image:: ../images/ldap-advanced-2-directory.png
|
||||
:alt:
|
||||
.. figure:: ../images/ldap-advanced-2-directory.png
|
||||
:alt: Directory settings.
|
||||
|
||||
User Display Name Field:
|
||||
The attribute that should be used as display name in Nextcloud.
|
||||
@@ -429,8 +429,8 @@ Default password policy DN:
|
||||
Special attributes
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
.. image:: ../images/ldap-advanced-3-attributes.png
|
||||
:alt:
|
||||
.. figure:: ../images/ldap-advanced-3-attributes.png
|
||||
:alt: Special Attributes.
|
||||
|
||||
Quota Field:
|
||||
Nextcloud can read an LDAP attribute and set the user quota according to its
|
||||
@@ -469,8 +469,8 @@ In migrated Nextcloud installations the old behavior still applies, which is usi
|
||||
Expert settings
|
||||
---------------
|
||||
|
||||
.. image:: ../images/ldap-expert.png
|
||||
:alt:
|
||||
.. figure:: ../images/ldap-expert.png
|
||||
:alt: Expert settings.
|
||||
|
||||
In the Expert Settings fundamental behavior can be adjusted to your needs. The
|
||||
configuration should be well-tested before starting production use.
|
||||
@@ -494,10 +494,10 @@ Internal Username:
|
||||
|
||||
You can override all of this with the Internal Username setting. Leave it
|
||||
empty for default behavior. Changes will affect only newly mapped LDAP users.
|
||||
|
||||
When configuring this, be aware that the username in Nextcloud is considered
|
||||
|
||||
When configuring this, be aware that the username in Nextcloud is considered
|
||||
immutable and cannot be changed afterwards. This can cause issues when using
|
||||
an attribute that might change, e.g. the email address of a user that will
|
||||
an attribute that might change, e.g. the email address of a user that will
|
||||
get changed during name change.
|
||||
|
||||
* Example: *uid*
|
||||
@@ -584,8 +584,8 @@ server, it will be used as their avatar. In this case the user cannot alter thei
|
||||
avatar (on their Personal page) as it must be changed in LDAP. *jpegPhoto* is
|
||||
preferred over *thumbnailPhoto*.
|
||||
|
||||
.. image:: ../images/ldap-fetched-avatar.png
|
||||
:alt:
|
||||
.. figure:: ../images/ldap-fetched-avatar.png
|
||||
:alt: Profile picture fetched from LDAP.
|
||||
|
||||
If the *jpegPhoto* or *thumbnailPhoto* attribute is not set or empty, then
|
||||
users can upload and manage their avatars on their Nextcloud Personal pages.
|
||||
@@ -715,7 +715,7 @@ The attributes of users are fetched on demand (i.e. for sharing autocompletion
|
||||
or in the user management) and then stored inside the Nextcloud database to
|
||||
allow a better performance on our side. They are typically checked twice a day
|
||||
in batches from all users again. Beside that they are also refreshed during a
|
||||
login for this user or can be fetched manually via the occ command
|
||||
login for this user or can be fetched manually via the occ command
|
||||
``occ ldap:check-user --update USERID`` where ``USERID`` is Nextcloud's user id.
|
||||
|
||||
Caching
|
||||
|
||||
@@ -18,21 +18,18 @@ On the User management page of your Nextcloud Web UI you can:
|
||||
|
||||
The default view displays basic information about your users.
|
||||
|
||||
.. image:: ../images/users-config.png
|
||||
:alt:
|
||||
.. figure:: ../images/users-config.png
|
||||
|
||||
The Group filters on the left sidebar lets you quickly filter users by their
|
||||
group memberships, and create new groups.
|
||||
|
||||
.. image:: ../images/users-config-1.png
|
||||
:alt:
|
||||
.. figure:: ../images/users-config-1.png
|
||||
|
||||
Click the gear icon on the lower left sidebar to set a default storage quota,
|
||||
and to display additional fields: **Show storage location, Show last log in,
|
||||
Show user backend, Send email to new users,** and **Show email address**.
|
||||
|
||||
.. image:: ../images/users-config-2.png
|
||||
:alt:
|
||||
.. figure:: ../images/users-config-2.png
|
||||
|
||||
User accounts have the following properties:
|
||||
|
||||
@@ -70,8 +67,7 @@ To create a user account:
|
||||
* Optionally, assign **Groups** memberships
|
||||
* Click the **Create** button
|
||||
|
||||
.. image:: ../images/users-create.png
|
||||
:alt:
|
||||
.. figure:: ../images/users-create.png
|
||||
|
||||
Login names may contain letters (a-z, A-Z), numbers (0-9), dashes (-),
|
||||
underscores (_), periods (.) and at signs (@). After creating the user, you
|
||||
@@ -125,8 +121,7 @@ system settings, or add or modify users in the groups that they are not **Group
|
||||
Administrators** for. Use the dropdown menus in the **Group Admin** column to
|
||||
assign group admin privileges.
|
||||
|
||||
.. image:: ../images/users-groups.png
|
||||
:alt:
|
||||
.. figure:: ../images/users-groups.png
|
||||
|
||||
**Super Administrators** have full rights on your Nextcloud server, and can
|
||||
access and modify all settings. To assign the **Super Administrators** role to
|
||||
@@ -189,8 +184,7 @@ files count against that user's quota.
|
||||
Disable and enable users
|
||||
------------------------
|
||||
|
||||
.. image:: ../images/users-actions.png
|
||||
:alt:
|
||||
.. figure:: ../images/users-actions.png
|
||||
|
||||
Sometimes you may want to disable a user without permanently deleting their
|
||||
settings and files. The user can be activated any time again, without data-loss.
|
||||
@@ -208,8 +202,7 @@ select **Enable**.
|
||||
Deleting users
|
||||
--------------
|
||||
|
||||
.. image:: ../images/users-actions.png
|
||||
:alt:
|
||||
.. figure:: ../images/users-actions.png
|
||||
|
||||
Deleting a user is easy: hover your cursor over their name on the **Users** page
|
||||
until the "..."-menu icon appears at the far right. After clicking on it, you will
|
||||
@@ -219,7 +212,7 @@ You'll see an undo button at the top of the page, which remains for some seconds
|
||||
When the undo button is gone you cannot recover the deleted user.
|
||||
|
||||
All of the files owned by the user are deleted as well, including all files they
|
||||
have shared. If you need to preserve the user's files and shares, you must first
|
||||
have shared. If you need to preserve the user's files and shares, you must first
|
||||
download them from your Nextcloud Files page, which compresses them into a zip
|
||||
file, or use a sync client to copy them to your local computer. See
|
||||
:doc:`../configuration_files/file_sharing_configuration` to learn how to create
|
||||
|
||||
@@ -4,17 +4,17 @@ User password policy
|
||||
|
||||
A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly.
|
||||
|
||||
In the security-section of your administrator-settings you can configure
|
||||
In the security-section of your administrator-settings you can configure
|
||||
|
||||
* a minimal length of a password. Default is 8 characters.
|
||||
* a password history
|
||||
* a password expiration period
|
||||
* a lockout policy
|
||||
* to forbid common passwords like 'password' or 'login'.
|
||||
* to forbid common passwords like 'password' or 'login'.
|
||||
* to enforce upper and lower case characters
|
||||
* to enforce numeric characters
|
||||
* to enforce special characters like ! or :
|
||||
* to check the password against the list of breached passwords from haveibeenpwnd.com (hashed check via haveibeenpwnd.com-API)
|
||||
|
||||
.. image:: ../images/user_password_policy_configuration_app.png
|
||||
:alt:
|
||||
.. figure:: ../images/user_password_policy_configuration_app.png
|
||||
|
||||
|
||||
Reference in New Issue
Block a user