Two Nextcloud queries: $user subfolder and group sync for non-UCS@School server

pp303 · July 5, 2019, 1:47am

I am testing the nextcloud app and following the cool solution to mount external file shares: Cool Solution - Mount Samba shares in Nextcloud

I have two questions I hope someone can help with:

Under the “home shares” section the howto tells you to use:
Configuration Remote Subfolder: $user variable to dynamically mount the named home folder.
This works, but I would like to go a little further and mount the “Documents” subfolder under the username as the actual share root. Effectively I want to enter something like:
Configuration Remote Subfolder: $user/Documents but it doesn’t look like that works (I get a red exclamation mark in the nextcloud GUI rather than green tick).
Has anyone got something like this working or can that $user variable only be parsed stand-alone and not as a substring of a path?
The other query is with regards to the " Enabling Nextcloud for users and groups" section. The howto says to install univention-nextcloud-enable-for-classes-and-workgroups to sync UCS users and groups to nextcloud. This appears to be related to UCS@School though. If I’d like to sync groups for a non-UCS@School setup is this package still usable?

Thanks all.

MarkR.

heidelberger · July 5, 2019, 8:56am

Hi Mark,

The wording used here by Nextcloud is a bit weird. Here’s how I understand it from my experience having developed the Cool Solution:

Share: Doesn’t seem to actually refer to the share’s name. Anything besides “/” doesn’t work for me with SMB shares
Remote subfolder: Actually the share’s name. $user/Documents probably doesn’t work because there is no SMB share with that name.

The Nextcloud support can probably give you more details about it but this is how I understand it at the moment and use it in several projects.

Unfortunately not. The package automatically enables UCS@school-specific groups such as classes and workgroups for Nextcloud. But you can still manually enable groups for Nextcloud using the “Groups” module and the “Apps” tab when a group is opened in the UMC or UDM on the CLI. The package’s main purpose is to do that automatically in school environments where lots of groups are created automatically.

Best regards,
Valentin

pp303 · July 5, 2019, 10:32am

Thanks for the reply Valentin.

Seeing the groups in nextcloud for ACL usage is all I really needed for my purposes, so great!

The groups show up now, but I notice they aren’t populated with users from UCS though. Is that likely something to do with the memberof overlay?

I’m pretty sure I set that up in the 4.2->4.3 upgrade last year (on 4.4 now) but I will check it again (ldap/overlay/memberof=yes and ldap/overlay/memberof/memberof=memberOf both exist in UCR at least).

Another thing I noticed is that when multi-editing users or groups in UMC, the fields under the apps tab to enable nextcloud can’t be ‘overridden’ so it seems you can’t effectively multi-edit to enable/disable apps at least?

Cheers.

Edit:
I re-ran /usr/share/univention-ldap-overlay-memberof/univention-update-memberof which seemed to pickup the correct groups, and then univention-ldapsearch '(uid=*)' memberOf gives me the correct results, so I’m assuming memberof is working.

pp303 · July 5, 2019, 11:20am

With regard to the empty groups I think I know whats wrong. The nextcloud Group-Member association is set to gidNumber which seems tied to primary group in UMC. All of my role-groups are additional groups (primary is all ‘domain users’) which are stored as uniquieMember in UCS LDAP.

I tried changing gidNumber to uniqueMember in the advanced settings of nextcloud GUI but the change doesn’t seem to stick.

Is it something hardcoded in the integration or a change I have to make in the docker container?

Thanks again,
MarkR.

Edit:
Actually, now the setting seems to be sticking and the group membership is updating now with uniquemember. Some sort of cache timeout?

Edit2:
Spoke too soon. ldapGroupMemberAssocAttr switched back to gidNumber. If you edit groups in UMC (say enabling/disabling sync to nextcloud) does that reset the association in nextcloud? Trying to work out if its something being changed on nextcloud or UCS side.

Edit 3:
running verify settings and count groups on the groups tab of NC ldap settings definitely resets to gidNumber. Is it something set by UCS, or an auto-detection from NC? Any way to hard-code it?