mailcow-dockerized-docs/docs/third_party-nextcloud.md

3,5 KiB

NextCloud can be set up with the helper script included with mailcow. You can also set up NextCloud on a different server and still use mailcow for authentication.

In the following, we will only assume that you have already set up NextCloud at cloud.example.com and that your mailcow is running at mail.example.com. To set up authentication via mailcow, you can use OAuth2 as described below.

  1. Log into mailcow as administrator.
  2. Scroll down to OAuth2 Apps and click the Add button. Specify the redirect URI as https://cloud.example.com/index.php/apps/sociallogin/custom_oauth2/Mailcow (for NextCloud 18 without index.php) and click Add. Save the client ID and secret for later.
  3. Log into NextCloud as administrator.
  4. Click the button in the top right corner and select Apps. Click the search button in the toolbar, search for the Social Login plugin and click Download and enable next to it.
  5. Click the button in the top right corner and select Settings. Scroll down to the Administration section on the left and click Social login.
  6. Uncheck the following items:
  • Disable auto create new users,
  • Allow users to connect social logins with their accounts,
  • Do not prune not available user groups on login,
  • Automatically create groups if they do not exists,
  • Restrict login for users without mapped groups,

and check the following items:

  • Prevent creating an account if the email address exists in another account,
  • Update user profile every login,
  • Disable notify admins about new users.

Click the Save button.

  1. Scroll down to Custom OAuth2 and click the + button.
  2. Configure the parameters as follows:
  • Internal name: Mailcow
  • Title: Mailcow
  • API Base URL: https://mail.example.com
  • Authorize URL: https://mail.example.com/oauth/authorize
  • Token URL: https://mail.example.com/oauth/token
  • Profile URL: https://mail.example.com/oauth/profile
  • Logout URL: (leave blank)
  • Client ID: (what you obtained in step 1)
  • Client Secret: (what you obtained in step 1)
  • Scope: profile

Click the Save button at the very bottom of the page.

If you have previously used NextCloud with mailcow authentication via user_external/IMAP, you need to perform some additional steps to link your existing user accounts with OAuth2.

  1. Click the button in the top right corner and select Apps. Scroll down to the External user authentication app and click Remove next to it.
  2. Run the following queries in your Nextcloud database (if you set up Nextcloud using mailcow's script, you can run source mailcow.conf && docker-compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME):
INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external;
INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users_external;

If you have previously used NextCloud without mailcow authentication, but with the same usernames as mailcow, you can also link your existing user accounts with OAuth2.

  1. Run the following queries in your Nextcloud database (if you set up Nextcloud using mailcow's script, you can run source mailcow.conf && docker-compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME):
INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users;