Authentication of non-UCS Nextcloud server with UCS OnlyOffice app

ssl
nextcloud

#1

I have a UCS server with OnlyOffice app installed from Catalog Apps. I also have a nextcloud server (non-UCS app) on my local area network (LAN). My nextcloud uses a self signed certificate, has a local IP, and a local FQDN nc.nest.lan

What would be the procedure for my nextcloud server to use OnlyOffice app (the WOPI-Host from UCS)? My UCS server has a local FQDN ucs.nest.lan

I understand that adding integration app to my nextcloud sever and configuring the URL address is not enough to authenticate my nextcloud server with UCS.

Do I have to make a new self signed certificate with Subject Alternative Name (SAN) extension that includes both ucs.nest.lan and nc.nest.lan, and put it into my nextcloud and ucs servers?

When and how should I join my nextcloud server to the UCS domain?


#2

Hello @paul86,

welcome to Univention Help.

Please have a look at Integration of Linux/Unix systems into a UCS domain. Having your system in the UCS domain is just one step. You need to configure Nextcloud manually to enable authentication via LDAP.

UCS would be an external LDAP authentication source for your Nextcloud instance. Please have a look at the User authentication with LDAP in the Nextcloud documentation.

The necessary parameters can be obtained by having a look at the Univention Configuration Registry.

As for the ONLYOFFICE addon in Nextcloud, it should be enough to add the UCS hostname + domain name to the configuration. It is important though that your Nextcloud system is able to resolve the hostname. You also may have to add the UCS certificate authority (CA) to your Nextcloud instance, so that Nextcloud can validate the certificate. See this section in the Nextcloud App join script for the App Center on how the certificate is made available for the Nextcloud Docker instance. It should be similar for your Nextcloud instance.

Please keep in mind that those are all manual steps. Going through the documentation should help. If not, maybe a migration to the App in the App Center is another solution.

Best regards,
Nico