Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation for enabling changing passwords in user_ldap #240

Merged
merged 12 commits into from
Dec 9, 2016
Merged

Documentation for enabling changing passwords in user_ldap #240

Show file tree
Hide file tree
Changes from 11 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
699146e
add comments for pr #600
GitHubUser4234 Aug 23, 2016
0bfca91
layout correction
GitHubUser4234 Aug 23, 2016
d30c293
layout correction
GitHubUser4234 Aug 23, 2016
afd5b78
wording
GitHubUser4234 Aug 23, 2016
32d060c
wording
GitHubUser4234 Aug 23, 2016
baa61a8
layout correction
GitHubUser4234 Aug 23, 2016
c8e772d
layout correction
GitHubUser4234 Aug 23, 2016
d584587
layout correction
GitHubUser4234 Aug 23, 2016
78fb033
Merge branch 'master' of https://github.com/nextcloud/documentation
GitHubUser4234 Aug 23, 2016
7097fb6
screenshot updated
GitHubUser4234 Dec 5, 2016
3f4a391
screenshot v2
GitHubUser4234 Dec 5, 2016
08dd8d9
use bullet points
GitHubUser4234 Dec 7, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions admin_manual/configuration_user/user_auth_ldap.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -376,6 +376,26 @@ Group Member association:
have a very valid reason and know what you are doing.

* Example: *uniquemember*

Enable LDAP password changes per user:
Allow LDAP users to change their password and allow Super Administrators and Group Administrators to change the password of their LDAP users.

To enable this feature, the following requirements have to be met:

* General requirements:

| - Access control policies must be configured on the LDAP server to grant permissions for password changes.
|
| - Passwords are sent in plaintext to the LDAP server. Therefore, transport encryption must be used for the communication between Nextcloud and the LDAP server, e.g. employ LDAPS.
|
| - Enabling password hashing on the LDAP server is highly recommended. While Active Directory stores passwords in a one-way format by default, OpenLDAP users could configure the ``ppolicy_hash_cleartext`` directive of the ppolicy overlay that ships with OpenLDAP.

* Additional requirements for Active Directory:

| - At least a 128-bit transport encryption must be used for the communication between Nextcloud and the LDAP server
|
| - Make sure that the ``fUserPwdSupport`` char of the dSHeuristics is configured to employ the ``userPassword`` attribute as ``unicodePwd`` alias. While this is set accordingly on AD LDS by default, this is not the case on AD DS.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All good contentwise. For formatting, could you convert the - to "real" bullet points? You can quickly use this:

diff --git a/admin_manual/configuration_user/user_auth_ldap.rst b/admin_manual/configuration_user/user_auth_ldap.rst
index 18ed5d0..f2cafbd 100644
--- a/admin_manual/configuration_user/user_auth_ldap.rst
+++ b/admin_manual/configuration_user/user_auth_ldap.rst
@@ -384,17 +384,13 @@ Enable LDAP password changes per user:
   
   * General requirements:
 
-    |  - Access control policies must be configured on the LDAP server to grant permissions for password changes.
-    |  
-    |  - Passwords are sent in plaintext to the LDAP server. Therefore, transport encryption must be used for the communication between Nextcloud and the LDAP server, e.g. employ LDAPS.
-    |  
-    |  - Enabling password hashing on the LDAP server is highly recommended. While Active Directory stores passwords in a one-way format by default, OpenLDAP users could configure the ``ppolicy_hash_cleartext`` directive of the ppolicy overlay that ships with OpenLDAP.
-  
-  * Additional requirements for Active Directory:
+   * Access control policies must be configured on the LDAP server to grant permissions for password changes.
+   * Passwords are sent in plaintext to the LDAP server. Therefore, transport encryption must be used for the communication between Nextcloud and the LDAPserver, e.g. employ LDAPS.
+   * Enabling password hashing on the LDAP server is highly recommended. While Active Directory stores passwords in a one-way format by default, OpenLDAP users could configure the ``ppolicy_hash_cleartext`` directive of the ppolicy overlay that ships with OpenLDAP.
 
-    |  - At least a 128-bit transport encryption must be used for the communication between Nextcloud and the LDAP server
-    |  
-    |  - Make sure that the ``fUserPwdSupport`` char of the dSHeuristics is configured to employ the ``userPassword`` attribute as ``unicodePwd`` alias. While this is set accordingly on AD LDS by default, this is not the case on AD DS.
+  * Additional requirements for Active Directory:
+   * At least a 128-bit transport encryption must be used for the communication between Nextcloud and the LDAP server
+   * Make sure that the ``fUserPwdSupport`` char of the dSHeuristics is configured to employ the ``userPassword`` attribute as ``unicodePwd`` alias. While this is set accordingly on AD LDS by default, this is not the case on AD DS.
 
 
 Special Attributes


Special Attributes
^^^^^^^^^^^^^^^^^^
Expand Down
Binary file modified admin_manual/images/ldap-advanced-2-directory.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.