{"id":13556863,"url":"https://github.com/nextcloud/user_external","last_synced_at":"2025-04-04T07:05:12.463Z","repository":{"id":33816897,"uuid":"162498008","full_name":"nextcloud/user_external","owner":"nextcloud","description":"👥 External user authentication methods like IMAP, SMB and FTP","archived":false,"fork":false,"pushed_at":"2025-03-10T16:43:58.000Z","size":450,"stargazers_count":113,"open_issues_count":58,"forks_count":67,"subscribers_count":18,"default_branch":"master","last_synced_at":"2025-03-28T06:04:31.482Z","etag":null,"topics":["authentication","ftp","imap","nextcloud","nextcloud-app","samba","smb"],"latest_commit_sha":null,"homepage":"https://apps.nextcloud.com/apps/user_external","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nextcloud.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-12-19T22:34:18.000Z","updated_at":"2025-03-20T07:08:09.000Z","dependencies_parsed_at":"2024-01-17T05:28:37.549Z","dependency_job_id":"5594168d-eb60-43ad-8867-219ca0b71352","html_url":"https://github.com/nextcloud/user_external","commit_stats":null,"previous_names":[],"tags_count":21,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nextcloud%2Fuser_external","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nextcloud%2Fuser_external/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nextcloud%2Fuser_external/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nextcloud%2Fuser_external/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nextcloud","download_url":"https://codeload.github.com/nextcloud/user_external/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247135141,"owners_count":20889420,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","ftp","imap","nextcloud","nextcloud-app","samba","smb"],"created_at":"2024-08-01T12:04:03.546Z","updated_at":"2025-04-04T07:05:12.431Z","avatar_url":"https://github.com/nextcloud.png","language":"PHP","funding_links":[],"categories":["PHP","others"],"sub_categories":[],"readme":"External user authentication\n============================\n\n**⚠⚠ Warning:** As of Version 3.0 this app uses namespace \\OCA\\UserExternal now. You MUST change your config to adopt to this change. See examples below. ⚠⚠\n\n**Authenticate user login against IMAP, SMB, FTP, WebDAV, HTTP BasicAuth, SSH and XMPP**\n\nPasswords are not stored locally; authentication always happens against\nthe remote server.\n\nIt stores users and their display name in its own database table\n`users_external`.\nWhen modifying the `user_backends` configuration, you need to\nupdate the database table's `backend` field, or your users will lose\ntheir configured display name.\n\nIf something does not work, check the log file at `nextcloud/data/nextcloud.log`.\n\n**⚠⚠ Warning:** If you are using more than one backend or especially one backend more often than once, make sure that you still have resp. get unique `uid`s in the database. ⚠⚠\n\n**⚠⚠ Warning:** If you are using tools like fail2ban (https://www.fail2ban.org) to protect your authentication source (e.g. IMAP server), be sure to disable it for the host that runs `user_external`. Otherwise a single user failing to login too many times can practically DoS your whole Nextcloud installation because `fail2ban` will then block the Nextcloud IP address. ⚠⚠\nInstead, make sure the bruteforce protection app for Nextcloud is installed and configured correctly.\n\nFTP\n---\nAuthenticate Nextcloud users against a FTP server.\n\n\n### Configuration\nYou only need to supply the FTP host name or IP.\n\nThe second - optional - parameter determines if SSL should be used or not.\n\nAdd the following to `config.php`:\n\n    'user_backends' =\u003e array(\n        array(\n            'class' =\u003e '\\OCA\\UserExternal\\FTP',\n            'arguments' =\u003e array('127.0.0.1'),\n        ),\n    ),\n\nTo enable SSL connections via `ftps`, append a second parameter `true`:\n\n    'user_backends' =\u003e array(\n        array(\n            'class' =\u003e '\\OCA\\UserExternal\\FTP',\n            'arguments' =\u003e array('127.0.0.1', true),\n        ),\n    ),\n\n\n### Dependencies\nPHP automatically contains basic FTP support.\n\nFor SSL-secured FTP connections via ftps, the PHP [openssl extension][FTP_0]\nneeds to be activated.\n\n[FTP_0]: http://php.net/openssl\n\n\n\nIMAP\n----\nAuthenticate Nextcloud users against an IMAP server.\nIMAP user and password need to be given for the Nextcloud login.\n\n\n### Configuration\nThe parameters are `host, port, sslmode, domain`.\nPossible values for sslmode are `ssl` or `tls`.\nAdd the following to your `config.php`:\n\n    'user_backends' =\u003e array(\n        array(\n            'class' =\u003e '\\OCA\\UserExternal\\IMAP',\n            'arguments' =\u003e array(\n                '127.0.0.1', 993, 'ssl', 'example.com', true, false\n            ),\n        ),\n    ),\n\nThis connects to the IMAP server on IP `127.0.0.1`.\nThe default port is 143. However, note that parameter order matters and if\nyou want to restrict the domain (4th parameter), you need to also specify\nthe port (2nd parameter) and sslmode (3rd parameter; set to `null` for\ninsecure connection).\nIf a domain name (e.g. example.com) is specified, then this makes sure that\nonly users from this domain will be allowed to login. If the fifth parameter\nis set to true, after successfull login the domain part will be striped and\nthe rest used as username in Nextcloud. e.g. 'username@example.com' will be\n'username' in Nextcloud. The sixth parameter toggles whether on creation of\nthe user, it is added to a group corresponding to the name of the domain part\nof the address. \n\n**⚠⚠ Warning:** If you are [**upgrading** from versions **\u003c0.6.0**](https://github.com/nextcloud/user_external/releases/tag/v0.6.0), beside adapting your `config.php` you also have to change the `backend` column in the `users_external` table of the database. In your pre 0.6.0 database it may look like `{127.0.0.1:993/imap/ssl/readonly}INBOX` or similar, but now it has to be just `127.0.0.1` for everything to work flawless again. ⚠⚠\n\n\nSamba\n-----\nUtilizes the `smbclient` executable to authenticate against a windows\nnetwork machine via SMB.\n\n\n### Configuration\nThe only supported parameter is the hostname of the remote machine.\n\nAdd the following to your `config.php`:\n\n    'user_backends' =\u003e array(\n        array(\n            'class' =\u003e '\\OCA\\UserExternal\\SMB',\n            'arguments' =\u003e array('127.0.0.1'),\n        ),\n    ),\n\n\n### Dependencies\nThe `smbclient` executable needs to be installed and accessible within `$PATH`.\n\n\nWebDAV\n------\n\nAuthenticate users by a WebDAV call. You can use any WebDAV server, Nextcloud server or other web server to authenticate. It should return http 200 for right credentials and http 401 for wrong ones.\n\nAttention: This app is not compatible with the LDAP user and group backend. This app is not the WebDAV interface of Nextcloud, if you don't understand what it does then do not enable it.\n\n### Configuration\nThe only supported parameter is the URL of the web server.\n\nAdd the following to your `config.php`:\n\n    'user_backends' =\u003e array(\n        array(\n            'class' =\u003e '\\OCA\\UserExternal\\WebDavAuth',\n            'arguments' =\u003e array('https://example.com/webdav'),\n        ),\n    ),\n\n\nBasicAuth\n------\n\nAuthenticate users by an [HTTP Basic access authentication][BasicAuth_0]  call.\nHTTP server of your choice to authenticate. It should return HTTP 2xx for correct credentials and an appropriate other error code for wrong ones or refused access.\nThe HTTP server _must_ respond to any requests to the target URL with the \"www-authenticate\" header set. \nOtherwise BasicAuth considers itself to be misconfigured or the HTTP server unfit for authentication.\n\n### Configuration\nThe only supported parameter is the URL of the web server where the authentication happens.\n\n**⚠⚠ Warning:** make sure to use the URL of a correctly configured HTTP Basic authenticating server. If the server always responds with a HTTP 2xx response without validating the users, this would allow anyone to log in to your Nextcloud instance with **any username / password combination**. ⚠⚠\n\nAdd the following to your `config.php`:\n\n    'user_backends' =\u003e array(\n        array(\n            'class' =\u003e '\\OCA\\UserExternal\\BasicAuth',\n            'arguments' =\u003e array('https://example.com/basic_auth'),\n        ),\n    ),\n\n\n[BasicAuth_0]: https://en.wikipedia.org/wiki/Basic_access_authentication\n\n\nSSH\n---\n\nAuthenticates users via SSH. You can use any SSH2 server, but it must accept password authentication.\n\n### Configuration\nThe supported parameters are the hostname and the port (default `22`) of the remote machine.\n\nAdd the following to your `config.php`:\n\n    'user_backends' =\u003e array(\n        array(\n            'class' =\u003e '\\OCA\\UserExternal\\SSH',\n            'arguments' =\u003e array('127.0.0.1', '22'),\n        ),\n    ),\n\n\n### Dependencies\nRequires the php-ssh2 PECL module installed.\n\n\nXMPP (Prosody)\n----\nAuthenticate Nextcloud users against a Prosody XMPP MySQL database.\nProsody user and password need to be given for the Nextcloud login.\n\n\n### Configuration\nAdd the following to your `config.php`:\n\n    'user_backends' =\u003e array (\n        0 =\u003e array (\n            'class' =\u003e '\\OCA\\UserExternal\\XMPP',\n                'arguments' =\u003e array (\n                    0 =\u003e 'dbhost',\n                    1 =\u003e 'prosodydb',\n                    2 =\u003e 'dbuser',\n                    3 =\u003e 'dbuserpassword',\n                    4 =\u003e 'xmppdomain',\n                    5 =\u003e true,\n                ),\n            ),\n    ),\n\n0 - Database Host\n1 - Prosody Database Name\n2 - Database User\n3 - Database User Password\n4 - XMPP Domain\n5 - Hashed Passwords in Database (true) / Plaintext Passwords in Database (false)\n\n**⚠⚠ Warning:** If you need to set *5 (Hashed Password in Database)* to false, your Prosody Instance is storing passwords in plaintext. This is insecure and not recommended. We highly recommend that you change your Prosody configuration to protect the passwords of your Prosody users. ⚠⚠\n\n\nAlternatives\n------------\nOther extensions allow connecting to external user databases directly via SQL, which may be faster:\n\n* [user_sql](https://github.com/nextcloud/user_sql)\n* [user_backend_sql_raw](https://github.com/PanCakeConnaisseur/user_backend_sql_raw)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnextcloud%2Fuser_external","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnextcloud%2Fuser_external","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnextcloud%2Fuser_external/lists"}