Nextcloud with SAML and Azure Guest User

FIC5020 · February 16, 2022, 4:33pm

Hello all,

I installed UCS Server with Lets Encrypt and Nextcloud. Runs great so far. Even the connection to external storage. A Windows file server. Worked under my Debian installation only partially. with some Windows servers it worked, with some not. Well.

The real problem is that I want to invite external users to our Azure AD as a guest, which works fine so far.
Also the SAML login works fine and the user is in his Nextcloud.
The account of a guest looks like this. vorname.nachame_domain.at#EXT#@tenant.onmicrosoft.com

As a username, this is what is in the Nextcloud.
vorname.nachame_domain.at#EXT#@tenant.onmicrosoft.com = user principal name

This is probably the problem.
Can’t Nextcloud handle the cryptic name?
I can’t delete it from the Nextcloud user management.
I get the message: “An error occurred during the request”.

Did anyone have a solution for this ?

With normal Azure AD users it works fine.

Thanks a lot
Christian

Translated with www.DeepL.com/Translator (free version)

santiago · February 21, 2022, 8:22am

Hi,

you can open a shell:

univention-app shell nextcloud

and execute the following in /var/www/html

I would like to know how does the user UID looks like with:

sudo -u www-data ./occ user:list -i

and is there an error deleting with :

sudo -u www-data ./occ user:delete -vvv 'uid'

Thanks

FIC5020 · February 21, 2022, 4:23pm

Hi,

the result von occ list command

vorname.nachame_domain.at#EXT#@tenant.onmicrosoft.com:
- user_id: vorname.nachame_domain.at#EXT#@tenant.onmicrosoft.com
- display_name: Testuser01
- email: vorname.nachame_domain.at#EXT#@tenant.onmicrosoft.com
- cloud_id: vorname.nachame_domain.at#EXT#@tenant.onmicrosoft.com@extern.domain.at/nextcloud
- enabled: true
- groups:
- quota: none
- last_seen: 2022-02-16T15:52:14+00:00
- user_directory: /var/lib/univention-appcenter/apps/nextcloud/data/nextcloud-data/vorname.nachame_domain.at#EXT#@tenant.onmicrosoft.com
- backend: user_saml

it is deleteable with the occ command. no errors

I think the Path of the user_directory could be the problem. Maybe the two # are the problem.

Thanks.

santiago · February 22, 2022, 5:35am

Yes, a least nextcloud says:

Internal Username:
The internal username is the identifier in Nextcloud for LDAP users. By default it will be created from the UUID attribute. The UUID attribute ensures that the username is unique, and that characters do not need to be converted. Only these characters are allowed: [a-zA-Z0-9_.@-]. Other characters are replaced with their ASCII equivalents, or are simply omitted.

And:

By default, the Nextcloud server creates the user directory in your Nextcloud data directory and gives it the Nextcloud username,

But this is Nextcloud…

FIC5020 · February 22, 2022, 12:15pm

Thanks for the info and confirmation of my suspicion

Ist it possible to change the the name of the userdirectory and the path in the Userconfig? Or is this not recommened?

But thanks for info, now i know the reason. Maybe nextcloud change there something or not

Thanks

santiago · February 22, 2022, 2:15pm

Your are welcome

I found this an interesting topic regarding usernames, and might answer your question.

My personal opinion is “keep it simple”.

best regards

andm100 · April 17, 2023, 7:54pm

it is possible to change the “User principal name” in the Azure AD config. Simply select the user, then “Properties” and remove the “#” or any other unwanted characters.