Migrating LDAP Servers With Nextcloud/ Owncloud

Those of you who have seen any of my previous posts know that I have an arsenal of PowerEdge 2950s.  I am trying to move away from the 2950s for the purpose of power efficiency and have been consolidating all of my VMs and Docker containers to one Dell R710 running Proxmox.  Most of the services were an easy move, as the migration only involved sliding over a Virtual machine and reconfiguring the network adapter.  There are two major exceptions to this, one being the MySQL server (which is currently running as a docker container), and the other is the LDAP server.  The LDAP server migration isn’t really a problem on it’s own, but the fact that I am going to be using FreeIPA for SSO across my network is.  Basically, I needed to move my Nextcloud users from the existing LDAP server to the IPA server.

A quick search on Google turns up very little useful information.  The only thing I found was a post (which I can’t find anymore) that suggested it would be necessary to manually change some things in the “ldap_user_mapping” table in the database.  This is actually a pretty simple task, but it took me a while to figure out some of the FreeIPA specific LDAP settings in Nextcloud.  The first thing is to make sure the two “objectclass” references both equal “person”, and not “inetOrgPerson”.  One reference is under Users>Edit LDAP Query, and the second reference is under Login Attributes> Edit LDAP Query.  Those two settings kept me from getting this to work for a couple of hours.  The next step is to go to the Advanced>Directory Settings tab and make sure the “User Name Display Field” is set to “displayName”.  Finally, head over to the Advanced tab and set the Internal Username Attribute and both UUID Attribute boxes to “ipaUniqueID”.  This UUID is how Nextcloud keeps track of users.

The problem now is that your existing users, when logging in to the new LDAP server, will be presented with a new account.  This is not optimal if you already have calendars, contacts, and files already stored in your Nextcloud account.  The best way around this that I can tell is to login with the new user account so a new user account mapping is created, and to copy the old UUID to the new user.  Just make sure you change something on the old user, as the UUID field is the primary key for that table, meaning there can’t be records with the same UUID value.