This is an old revision of the document!
Table of Contents
⇐ authPDO
Nextcloud
Configuration for authPDO plugin to authenticate with open-source private cloud system.
Scenario
In this scenario, the intention is to permit the same users who are registered on Nextcloud (version 12) to make edits in the Wiki. The wiki is not open to all. Users must first have an account on Nextcloud, after which they can log into the wiki as well using the same credentials.
In this example, the Nextcloud release is version 12, running on PostgreSQL.
Note that this does not give a 'single sign-on' experience, but simply enables a user to have the same username/password on both Nextcloud and the Dokuwiki installation.
Modification of core files
Note that this requires a modification of a Dokuwiki core file (/inc/PassHash.class.php) that handles the hashing of passwords as Nextcloud joins a custom version notifier in front of a standard php password_hash().
Specifically these changes need to be done to PassHash.class.php:
Somewhere around lines 54ff:
elseif(preg_match('/^1\|\$2(a|y)\$(.{2})\$/', $hash, $m)) { $method = 'nextcloud'; $salt = $hash; }
This is the auto detection part that compares the first part of the hash string to the expected format with a regular expression.
Then much further below the actual hash function:
public function hash_nextcloud($clear, $salt = null, $compute = 10) { $currentVersion = 1; $options = [ 'cost' => 10, ]; return $currentVersion . '|' . password_hash($clear, PASSWORD_DEFAULT, $options); }
This is still untested, but should work I hope.
Plugin Configuration
This guide is a work in progress
Note that this requires a modification of a Dokuwiki core file (/inc/PassHash.class.php) that handles the hashing of passwords as Nextcloud joins a custom version notifier in front of a standard php password_hash().
In the AuthPDO section, configure the following:
plugin>authpdo>debug | Checkbox - enable this for testing, otherwise disable |
plugin>authpdo>dsn | pgsql:host=localhost;port=5432;dbname=mydatabasename |
plugin>authpdo>user | <DB-USERNAME> |
plugin>authpdo>pass | <DB-PASSWORD> |
plugin>authpdo>select-user | SELECT uid AS user, password AS hash, displayname AS name FROM nc_users WHERE uid=':user' (currently without email, not working) |
plugin>authpdo>check-pass | |
plugin>authpdo>select-user-groups | SELECT gid AS 'group', uid FROM nc_group_user WHERE uid=':user' (not tested) |
Other fields | Leave empty |
Note: Instead of using the same PostgreSQL user as Nextcloud, it might be advisable to create a new 'read-only' user as we will not be doing any writing to the Nextcloud database.
In the Authentication section:
authtype | authpdo |
passcrypt | bcrypt |
defaultgroup | users |
superuser | |
manager | |
disableactions | Uncheck everything to prevent users registering in Dokuwiki |
Note: “passcrypt = bcrypt” doesn't really matter as we will not be doing any writing into the database, and for reading the type is auto-detected (see code above). If you want to do this more likely more corefile modifications are necessary.