The Nextcloud app has been available for installation from the Univention Appcenter for almost four years. It is a very effective way of making a functioning integration of the popular “File Sync and Share” solution into the management system of the Univention Corporate Server within a very short time. This is suitable for making the services of the Nextcloud hub available to a manageable number of users. On occasion, even to a larger circle of several hundred or thousand users.
However, the Docker-based integration has a few disadvantages due to its architecture, for which a Nextcloud installation on a different platform would be worth considering.
A first point is the space limitation in the use of a local hard disk: The Docker instance only has access to the overlay mounts of the host machine provided by the integration. Therefore, it cannot use additional local hard disks without further effort. There are similar challenges when integrating NFS or S3-based network storage. With the increased use of Nextcloud service it would still be worth considering being able to scale horizontally to multiple peer Nextcloud instances. This would require significant subsequent changes to the system setup. Also, a separation of the database, which relies on the Appcenter integration PostgreSQL, or use of a highly available database cluster, e. g. based on Galera, is not supported by the integration innately.
In general, it is also conceivable to install the file-sharing platform on UCS natively. However, the dependency of Nextcloud towards very new PHP versions does not make such an undertaking easy and not very recommendable considering the higher operating costs, feared in the long term.
Luckily, the above arguments are no exclusion criteria for the operation of a highly scalable Nextcloud platform together with the identity management system provided by UCS. In the following, I would like to explain the steps and further considerations that are necessary or reasonable for manual integration. It is irrelevant on which platform Nextcloud is installed, as well as which database backend or web server is in use. Therefore, I will not go into the initial setup of Nextcloud itself.
Table of Contents
First, another app…
Firstly, Nextcloud must be configured so that the users and groups defined in UCS are also available in Nextcloud. Since the UCS stores this information in a directory based on OpenLDAP, it is obvious to use the “LDAP application“. This method is also used by the Nextcloud integration from the Appcenter, but for automating reasons, the configuration using the “occ” command-line tool. If not already available, the Nextcloud app “LDAP user and group backend” must be installed and activated.
The documentation above mentions some elementary configuration options for the LDAP connection. First, the DNS name or IP address of the LDAP server is needed. One might be tempted to enter the first
domain controller of a UCS domain (“DC Master” or “Primary Directory Node”). This will certainly work, but is rather questionable, at least if a very large group of users (several thousand) are supposed to use the service. Although Nextcloud tries to cache received LDAP information, it will generate enough requests on a busy Nextcloud server to cause a good basic load on the LDAP server. It is a good idea to select another existing domain controller here.