This is an old revision of the document!
Table of Contents
⇐ authPDO
Nextcloud
Configuration for authPDO plugin to authenticate with open-source private cloud system.
Scenario
In this scenario, the intention is to permit the same users who are registered on Nextcloud (version 12) to make edits in the Wiki. The wiki is not open to all. Users must first have an account on Nextcloud, after which they can log into the wiki as well using the same credentials.
In this example, the Nextcloud release is version 12, running on PostgreSQL. It was also tested on Nextcloud 15 with MariaDB / MySQL.
Note that this does not give a 'single sign-on' experience, but simply enables a user to have the same username/password on both Nextcloud and the Dokuwiki installation.
Plugin Configuration
This guide is a work in progress
Note that Nextcloud stores the password hash in the database with a hardcoded prefix '1|', so when retrieving the password from the database, this 2-character prefix needs to be removed. This can be done in the SQL query, there is no need to modify core files.
In the AuthPDO section, configure the following:
plugin>authpdo>debug | Checkbox - enable this for testing, otherwise disable |
plugin>authpdo>dsn | pgsql:host=localhost;port=5432;dbname=mydatabasename |
plugin>authpdo>user | <DB-USERNAME> |
plugin>authpdo>pass | <DB-PASSWORD> |
plugin>authpdo>select-user |
N oc_preferences ON oc_users.uid = oc_preferences.userid AND oc_preferences.appid = \'settings\' AND oc_preferences.configkey = \'email\' WHERE oc_users.uid =:user |
plugin>authpdo>select-user-groups | SELECT gid AS \'group\' FROM oc_group_user WHERE uid=:user |
Other fields | Leave empty |
Note: Make sure not to add quotes around :user, as the authpdo plugin will automatically wrap strings like the user id in quotes.
Note2: Instead of using the same PostgreSQL user as Nextcloud, it might be advisable to create a new 'read-only' user as we will not be doing any writing to the Nextcloud database.
In the Authentication section:
authtype | authpdo |
passcrypt | bcrypt |
defaultgroup | users |
superuser | @admin |
manager | (what ever group you have set up in NC that fits the bill) |
disableactions | Uncheck everything to prevent users registering in Dokuwiki |
Note: “passcrypt = bcrypt” doesn't really matter as we will not be doing any writing into the database, and for reading the type is auto-detected (see code above).