DokuWiki

It's better when it's simple

User Tools

Site Tools


plugin:authpdo:nextcloud

authPDO

Nextcloud

Configuration for authPDO plugin to authenticate with the Nextcloud open-source private cloud system.

Scenario

In this scenario, the intention is to permit the same users who are registered on Nextcloud (version 12 / 15) to make edits in the Wiki. The wiki is not open to all. Users must first have an account on Nextcloud, after which they can log into the wiki as well using the same credentials.

In this example, the Nextcloud release is version 12, running on PostgreSQL. It was also tested on Nextcloud 15 with MariaDB / MySQL.

Note that this does not give a 'single sign-on' experience, but simply enables a user to have the same username/password on both Nextcloud and the Dokuwiki installation.

Plugin Configuration

This guide is a work in progress

Note that Nextcloud stores the password hash in the database with a hardcoded prefix '1|', so when retrieving the password from the database, this 2-character prefix needs to be removed. This can be done in the SQL query, there is no need to modify core files.

In the AuthPDO section, configure the following:

plugin>authpdo>debug Checkbox - enable this for testing, otherwise disable
plugin>authpdo>dsn pgsql:host=localhost;port=5432;dbname=mydatabasename
plugin>authpdo>user <DB-USERNAME>
plugin>authpdo>pass <DB-PASSWORD>
plugin>authpdo>select-user
SELECT
    uid AS user,
    SUBSTRING(password,3) AS hash,
    displayname AS name,
    configvalue AS mail
FROM 
    oc_users LEFT JOIN oc_preferences 
ON
    oc_users.uid = oc_preferences.userid AND
    oc_preferences.appid = 'settings' AND
    oc_preferences.configkey = 'email'
WHERE
    oc_users.uid = :user
plugin>authpdo>select-user-groups
SELECT gid AS 'group' FROM oc_group_user WHERE uid=:user
Other fields Leave empty

Note: Make sure not to add quotes around :user, as the authpdo plugin will automatically wrap strings like the user id in quotes.

Note2: Instead of using the same database user as Nextcloud, it might be advisable to create a new 'read-only' user as we will not be doing any writing to the Nextcloud database.

In the Authentication section:

authtype authpdo
passcrypt bcrypt
defaultgroup users
superuser @admin
manager (what ever group you have set up in NC that fits the bill)
disableactions Uncheck everything to prevent users registering in Dokuwiki

Note: “passcrypt = bcrypt” doesn't really matter as we will not be doing any writing into the database, and for reading the type is auto-detected (see code above).

plugin/authpdo/nextcloud.txt · Last modified: 2019-02-18 01:04 by reinhold