It's better when it's simple

User Tools

Site Tools




Configuration for authPDO plugin to authenticate with the Nextcloud open-source private cloud system.


In this scenario, the intention is to permit the same users who are registered on Nextcloud (version 12 / 15) to make edits in the Wiki. The wiki is not open to all. Users must first have an account on Nextcloud, after which they can log into the wiki as well using the same credentials.

In this example, the Nextcloud release is version 12, running on PostgreSQL. It was also tested on Nextcloud 15 with MariaDB / MySQL.

Note that this does not give a 'single sign-on' experience, but simply enables a user to have the same username/password on both Nextcloud and the Dokuwiki installation.

Plugin Configuration

This guide is a work in progress

Note that Nextcloud stores the password hash in the database with a hardcoded prefix '1|', so when retrieving the password from the database, this 2-character prefix needs to be removed. This can be done in the SQL query, there is no need to modify core files.

In the AuthPDO section, configure the following:

plugin>authpdo>debug Checkbox - enable this for testing, otherwise disable
plugin>authpdo>dsn pgsql:host=localhost;port=5432;dbname=mydatabasename
plugin>authpdo>user <DB-USERNAME>
plugin>authpdo>pass <DB-PASSWORD>
    uid AS user,
    SUBSTRING(password,3) AS hash,
    displayname AS name,
    configvalue AS mail
    oc_users LEFT JOIN oc_preferences 
    oc_users.uid = oc_preferences.userid AND
    oc_preferences.appid = 'settings' AND
    oc_preferences.configkey = 'email'
    oc_users.uid = :user
SELECT gid AS 'group' FROM oc_group_user WHERE uid=:user
Other fields Leave empty

Note: Make sure not to add quotes around :user, as the authpdo plugin will automatically wrap strings like the user id in quotes.

Note2: Instead of using the same database user as Nextcloud, it might be advisable to create a new 'read-only' user as we will not be doing any writing to the Nextcloud database.

In the Authentication section:

authtype authpdo
passcrypt bcrypt
defaultgroup users
superuser @admin
manager (what ever group you have set up in NC that fits the bill)
disableactions Uncheck everything to prevent users registering in Dokuwiki

Note: “passcrypt = bcrypt” doesn't really matter as we will not be doing any writing into the database, and for reading the type is auto-detected (see code above).

plugin/authpdo/nextcloud.txt · Last modified: 2019-02-18 01:04 by reinhold

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki