Documentation for enabling changing passwords in user_ldap #240
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Roger Szabo <roger.szabo@web.de>
Signed-off-by: Roger Szabo <roger.szabo@web.de>
|
@blizzz related screenshot has been updated, too. However after trying Firefox on CentOS and Windows, it was somehow still not possible to completely match the layout of the previous one. |
|
@GitHubUser4234 thank you, I'll give it a look tomorrow! |
blizzz
reviewed
Dec 6, 2016
| | - At least a 128-bit transport encryption must be used for the communication between Nextcloud and the LDAP server | ||
| | | ||
| | - Make sure that the ``fUserPwdSupport`` char of the dSHeuristics is configured to employ the ``userPassword`` attribute as ``unicodePwd`` alias. While this is set accordingly on AD LDS by default, this is not the case on AD DS. | ||
|
|
There was a problem hiding this comment.
All good contentwise. For formatting, could you convert the - to "real" bullet points? You can quickly use this:
diff --git a/admin_manual/configuration_user/user_auth_ldap.rst b/admin_manual/configuration_user/user_auth_ldap.rst
index 18ed5d0..f2cafbd 100644
--- a/admin_manual/configuration_user/user_auth_ldap.rst
+++ b/admin_manual/configuration_user/user_auth_ldap.rst
@@ -384,17 +384,13 @@ Enable LDAP password changes per user:
* General requirements:
- | - Access control policies must be configured on the LDAP server to grant permissions for password changes.
- |
- | - Passwords are sent in plaintext to the LDAP server. Therefore, transport encryption must be used for the communication between Nextcloud and the LDAP server, e.g. employ LDAPS.
- |
- | - Enabling password hashing on the LDAP server is highly recommended. While Active Directory stores passwords in a one-way format by default, OpenLDAP users could configure the ``ppolicy_hash_cleartext`` directive of the ppolicy overlay that ships with OpenLDAP.
-
- * Additional requirements for Active Directory:
+ * Access control policies must be configured on the LDAP server to grant permissions for password changes.
+ * Passwords are sent in plaintext to the LDAP server. Therefore, transport encryption must be used for the communication between Nextcloud and the LDAPserver, e.g. employ LDAPS.
+ * Enabling password hashing on the LDAP server is highly recommended. While Active Directory stores passwords in a one-way format by default, OpenLDAP users could configure the ``ppolicy_hash_cleartext`` directive of the ppolicy overlay that ships with OpenLDAP.
- | - At least a 128-bit transport encryption must be used for the communication between Nextcloud and the LDAP server
- |
- | - Make sure that the ``fUserPwdSupport`` char of the dSHeuristics is configured to employ the ``userPassword`` attribute as ``unicodePwd`` alias. While this is set accordingly on AD LDS by default, this is not the case on AD DS.
+ * Additional requirements for Active Directory:
+ * At least a 128-bit transport encryption must be used for the communication between Nextcloud and the LDAP server
+ * Make sure that the ``fUserPwdSupport`` char of the dSHeuristics is configured to employ the ``userPassword`` attribute as ``unicodePwd`` alias. While this is set accordingly on AD LDS by default, this is not the case on AD DS.
Special AttributesSigned-off-by: Roger Szabo <roger.szabo@web.de>
|
@blizzz thanks for the review, I tried to implement the change. |
|
@GitHubUser4234 thank you, 👍 @MorrisJobke mind having a look? |
blizzz
approved these changes
Dec 9, 2016
|
Yippie :D |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is the documentation for #1715. @blizzz :)