OIDC User does not match with LDAP Nextcloud User

[ASLLR]

Hi everyone,

i've could see other issues like mine but i don't really understood the conclusion of these.

I use Nextcloud 24.0.9 with Social Login 5.4.1. My Nextcloud is connected to an OpenLDAP. Nominatives accounts logins with LDAP account if he's present in a specific LDAP group, and generic account logins with account in local base. I would like my nominatives accounts can connect with OIDC. My SSO is LemonLDAP and he's connected to the same OpenLDAP than Nextcloud.

That's my config :

[X]Disabling automatic user creation
[ ]Create users with disabled accounts
[X]Allow users to log in to their account through Social
[ ]Prevents the creation of a user if his e-mail is already used by another account
[X]Update user profile at each login
[X]Do not prune user groups not available at login
[ ]Create groups automatically if they do not exist
[X]Restrict login to users without mapped groups
[X]Restrict login to users without assigned groups
[ ]Disable notifications to administrators when creating users
[ ]Hide Default Login
[ ]Button text without prefix

Custom OpenID login
Internal name: XXXX
Function : OIDC
Authorization URL : https://MYSSO/oauth2/authorize
Token URL: https://MYSSO/oauth2/token
Display name claim (optional):
User information URL (optional) : https://MYSSO/oauth2/userinfo
URL after logout (optional) :
Id client : LOGIN
Customer secrecy : PASSWD
scope : openid groups profile
Group claim (optional) :  groups
button style: OpenID
Default group: None
Group correspondence : None

So, when i'm connecting to nextcloud with OIDC, i've the message "Automatic creation of new users is disabled" even if i check the option to allow users to log through social. My user, for exemple, a.bcde from my SSO doesn't match with a.bcde from nextcloud.

How can i match these accounts to have only one ? it's possible ?

Thank you in advance,

Best Regards

[zorn-v]

Try to use this app https://github.com/pulsejet/nextcloud-oidc-login instead

[ASLLR]

Thank you for your answer, but that less friendly to configure... how add all config ? directly in config.php in a new array at the end of the file ?

Thank you in advance,

Best Regards

[zorn-v]

It is not my app, but yes - just add to somewhere in config.php AFAIK As other global configs

[ASLLR]

Thank you, i understand. Are you planning to integrate this function?

Best Regards

[zorn-v]

No and never. My app is about another case. Personal SSO is not my "first plan". I just want to login via google/etc...

[MrRulf]

I tried https://github.com/pulsejet/nextcloud-oidc-login, but it had some issues for me, resolvable only by setting up nextcloud again every time it stopped working. Besides according to a pinned issue, pulsejet, the (main?) maintainer is no longer active on the project. @ASLLR You can still use it and if it works for you, please tell me how, I'd like to get it working too for the automatic linking between LDAP and OIDC. Seeing a lot of commits from pulsejet also gives me hope. If it was a dead end for you too, social-login is still an option, you just have to connect your nextcloud account and social login before you can use your social login to log in. To do that, log in into ur nextcloud account trough nextcloud, go to Settings and there, under Security there should be social login, where you can connect your OIDC (if it was setup properly, but it seems like u did that). Then you can try it out by logging out and back in trough social login.