-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Documentation for enabling changing passwords in user_ldap #240
Conversation
Signed-off-by: Roger Szabo <roger.szabo@web.de>
Signed-off-by: Roger Szabo <roger.szabo@web.de>
@blizzz related screenshot has been updated, too. However after trying Firefox on CentOS and Windows, it was somehow still not possible to completely match the layout of the previous one. |
@GitHubUser4234 thank you, I'll give it a look tomorrow! |
| - At least a 128-bit transport encryption must be used for the communication between Nextcloud and the LDAP server | ||
| | ||
| - Make sure that the ``fUserPwdSupport`` char of the dSHeuristics is configured to employ the ``userPassword`` attribute as ``unicodePwd`` alias. While this is set accordingly on AD LDS by default, this is not the case on AD DS. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All good contentwise. For formatting, could you convert the - to "real" bullet points? You can quickly use this:
diff --git a/admin_manual/configuration_user/user_auth_ldap.rst b/admin_manual/configuration_user/user_auth_ldap.rst
index 18ed5d0..f2cafbd 100644
--- a/admin_manual/configuration_user/user_auth_ldap.rst
+++ b/admin_manual/configuration_user/user_auth_ldap.rst
@@ -384,17 +384,13 @@ Enable LDAP password changes per user:
* General requirements:
- | - Access control policies must be configured on the LDAP server to grant permissions for password changes.
- |
- | - Passwords are sent in plaintext to the LDAP server. Therefore, transport encryption must be used for the communication between Nextcloud and the LDAP server, e.g. employ LDAPS.
- |
- | - Enabling password hashing on the LDAP server is highly recommended. While Active Directory stores passwords in a one-way format by default, OpenLDAP users could configure the ``ppolicy_hash_cleartext`` directive of the ppolicy overlay that ships with OpenLDAP.
-
- * Additional requirements for Active Directory:
+ * Access control policies must be configured on the LDAP server to grant permissions for password changes.
+ * Passwords are sent in plaintext to the LDAP server. Therefore, transport encryption must be used for the communication between Nextcloud and the LDAPserver, e.g. employ LDAPS.
+ * Enabling password hashing on the LDAP server is highly recommended. While Active Directory stores passwords in a one-way format by default, OpenLDAP users could configure the ``ppolicy_hash_cleartext`` directive of the ppolicy overlay that ships with OpenLDAP.
- | - At least a 128-bit transport encryption must be used for the communication between Nextcloud and the LDAP server
- |
- | - Make sure that the ``fUserPwdSupport`` char of the dSHeuristics is configured to employ the ``userPassword`` attribute as ``unicodePwd`` alias. While this is set accordingly on AD LDS by default, this is not the case on AD DS.
+ * Additional requirements for Active Directory:
+ * At least a 128-bit transport encryption must be used for the communication between Nextcloud and the LDAP server
+ * Make sure that the ``fUserPwdSupport`` char of the dSHeuristics is configured to employ the ``userPassword`` attribute as ``unicodePwd`` alias. While this is set accordingly on AD LDS by default, this is not the case on AD DS.
Special Attributes
Signed-off-by: Roger Szabo <roger.szabo@web.de>
@blizzz thanks for the review, I tried to implement the change. |
@GitHubUser4234 thank you, 👍 @MorrisJobke mind having a look? |
Yippie :D |
This is the documentation for #1715. @blizzz :)