{"id":15051385,"url":"https://github.com/nextcloud/user_sql","last_synced_at":"2025-10-19T23:31:50.298Z","repository":{"id":16944002,"uuid":"80904000","full_name":"nextcloud/user_sql","owner":"nextcloud","description":"🔒 App for authenticating Nextcloud users using SQL","archived":false,"fork":false,"pushed_at":"2023-11-12T20:36:10.000Z","size":680,"stargazers_count":68,"open_issues_count":46,"forks_count":33,"subscribers_count":17,"default_branch":"master","last_synced_at":"2025-04-06T06:23:34.181Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nextcloud.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-02-04T07:58:01.000Z","updated_at":"2025-03-11T10:23:04.000Z","dependencies_parsed_at":"2022-08-07T08:15:40.935Z","dependency_job_id":null,"html_url":"https://github.com/nextcloud/user_sql","commit_stats":null,"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"purl":"pkg:github/nextcloud/user_sql","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nextcloud%2Fuser_sql","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nextcloud%2Fuser_sql/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nextcloud%2Fuser_sql/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nextcloud%2Fuser_sql/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nextcloud","download_url":"https://codeload.github.com/nextcloud/user_sql/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nextcloud%2Fuser_sql/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279941858,"owners_count":26248369,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-19T02:00:07.647Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-09-24T21:34:17.274Z","updated_at":"2025-10-19T23:31:50.006Z","avatar_url":"https://github.com/nextcloud.png","language":"PHP","readme":"user_sql\n========\n\n**Nextcloud SQL user authentication.**\n\n![screenshot](https://github.com/nextcloud/user_sql/blob/develop/img/screenshot.png)\n\nUse external database as a source for Nextcloud users and groups.\nRetrieve the users and groups info. Allow the users to change their passwords.\nSync the users' email addresses with the addresses stored by Nextcloud.\n\n## Getting Started\n\n1. SSH into your server.\n\n2. Get into the apps folder of your Nextcloud installation, for example */var/www/nextcloud/apps*.\n\n3. Git clone this project: `git clone https://github.com/nextcloud/user_sql.git`.\n\n4. Login to your Nextcloud instance as admin.\n\n5. Navigate to Apps from the menu then find and enable the *User and Group SQL Backends* app.\n\n6. Navigate to Admin from menu and switch to Additional Settings, scroll down the page and you will see *SQL Backends* settings.\n\n*You can skip the first three steps as this app is available in the official [Nextcloud App Store](https://apps.nextcloud.com/apps/user_sql).*\n\n## Configuration\n\nBelow are detailed descriptions of all available options.\n\n#### Database connection\n\nThis section contains the database connection parameters.\n\nName | Description | Details\n--- | --- | ---\n**SQL driver** | The database driver to use. Currently supported drivers are: mysql, pgsql. | Mandatory.\n**Hostname** | The hostname on which the database server resides. | Mandatory.\n**Database** | The name of the database. | Mandatory.\n**Username** | The name of the user for the connection. | Optional.\n**Password** | The password of the user for the connection. | Optional.\n**SSL CA** | The file path to the SSL certificate authority (relative to Nextcloud serverroot) | Optional.\u003cbr/\u003eRequires: SQL driver *mysql*.\n**SSL Certificate** | The file path to the SSL certificate (relative to Nextcloud serverroot) | Optional.\u003cbr/\u003eRequires: SQL driver *mysql*.\n**SSL Key** | The file path to the SSL key (relative to Nextcloud serverroot) | Optional.\u003cbr/\u003eRequires: SQL driver *mysql*.\n**System wide values** | Place where database connection parameters are stored.\u003cbr/\u003e- *true* - config.php (System wide values).\u003cbr/\u003e- *false* - database (App values). | Optional.\u003cbr/\u003eDefault: *false*.\n\n#### Options\n\nHere are all currently supported options.\n\nName | Description | Details\n--- | --- | ---\n**Allow display name change** | With this option enabled user can change its display name. The display name change is propagated to the database. | Optional.\u003cbr/\u003eDefault: *false*.\u003cbr/\u003eRequires: user *Display name* column.\n**Allow email login** | User input at login is considered to be either UID or email. | Optional.\u003cbr/\u003eDefault: *false*.\u003cbr/\u003eRequires: user *Email* column.\n**Allow password change** | Can user change its password. The password change is propagated to the database. See [Hash algorithms](#hash-algorithms). | Optional.\u003cbr/\u003eDefault: *false*.\n**Allow providing avatar** | Can user provide its avatar. The value is used when column *Provide avatar* is not set. | Optional.\u003cbr/\u003eDefault: *false*.\n**Case-insensitive username** | Whether user query should be case-sensitive or case-insensitive. | Optional.\u003cbr/\u003eDefault: *false*.\n**Reverse active column** | Reverse value of active column in user table. | Optional.\u003cbr/\u003eDefault: *false*.\n**Use cache** | Use database query results cache. The cache can be cleared any time with the *Clear cache* button click. | Optional.\u003cbr/\u003eDefault: *false*.\n**Hash algorithm** | How users passwords are stored in the database. See [Hash algorithms](#hash-algorithms). | Mandatory.\n**Name sync** | Sync display name with the Nextcloud.\u003cbr/\u003e- *None* - Disables this feature. This is the default option.\u003cbr/\u003e- *Synchronise only once* - Copy the display name to the Nextcloud preferences if its not set.\u003cbr/\u003e- *Nextcloud always wins* - Always copy the display name to the database. This updates the user table.\u003cbr/\u003e- *SQL always wins* - Always copy the display name to the Nextcloud preferences. | Optional.\u003cbr/\u003eDefault: *None*.\u003cbr/\u003eRequires: user *Display name* column.\n**Email sync** | Sync e-mail address with the Nextcloud.\u003cbr/\u003e- *None* - Disables this feature. This is the default option.\u003cbr/\u003e- *Synchronise only once* - Copy the e-mail address to the Nextcloud preferences if its not set.\u003cbr/\u003e- *Nextcloud always wins* - Always copy the e-mail address to the database. This updates the user table.\u003cbr/\u003e- *SQL always wins* - Always copy the e-mail address to the Nextcloud preferences. | Optional.\u003cbr/\u003eDefault: *None*.\u003cbr/\u003eRequires: user *Email* column.\n**Quota sync** | Sync user quota with the Nextcloud.\u003cbr/\u003e- *None* - Disables this feature. This is the default option.\u003cbr/\u003e- *Synchronise only once* - Copy the user quota to the Nextcloud preferences if its not set.\u003cbr/\u003e- *Nextcloud always wins* - Always copy the user quota to the database. This updates the user table.\u003cbr/\u003e- *SQL always wins* - Always copy the user quota to the Nextcloud preferences. | Optional.\u003cbr/\u003eDefault: *None*.\u003cbr/\u003eRequires: user *Quota* column.\n**Home mode** | User storage path.\u003cbr/\u003e- *Default* - Let the Nextcloud manage this. The default option.\u003cbr/\u003e- *Query* - Use location from the user table pointed by the *home* column.\u003cbr/\u003e- *Static* - Use static location pointed by the *Home Location* option. | Optional\u003cbr/\u003eDefault: *Default*.\n**Home location** | User storage path for the `Static` *Home mode*. The `%u` variable is replaced with the uid of the user. | Mandatory if the *Home mode* is set to `Static`.\n**Default group** | Default group for all 'User SQL' users. | Optional.\n\n#### User table\n\nThe definition of user table. The table containing user accounts.\n\nName | Description | Details\n--- | --- | ---\n**Table name** | The table name. | Mandatory for user backend.\n**UID** | User ID column. | Mandatory for user backend.\n**Username** | Username column which is used **only** for password verification. | Optional. If unsure leave it blank and use only the `uid` column.\n**Email** | E-mail column. | Mandatory for *Email sync* option.\n**Quota** | Quota column. | Mandatory for *Quota sync* option.\n**Home** | Home path column. | Mandatory for `Query` *Home sync* option.\n**Password** | Password hash column. | Mandatory for user backend.\n**Display name** | Display name column. | Optional.\n**Active** | Flag indicating if user can log in. | Optional.\u003cbr/\u003eDefault: true.\n**Disabled** | Flag indicating if user should not be visible (not included in searches). | Optional.\u003cbr/\u003eDefault: *false*.\n**Provide avatar** | Flag indicating if user can change its avatar. | Optional.\u003cbr/\u003eDefault: *false*.\n**Salt** | Salt which is appended to password when checking or changing the password. | Optional.\n**Append salt** | Append a salt to the password. | Optional.\u003cbr/\u003eDefault: *false*.\n**Prepend salt** | Prepend a salt to the password. | Optional.\u003cbr/\u003eDefault: *false*.\n\n#### Group table\n\nThe group definitions table.\n\nName | Description | Details\n--- | --- | ---\n**Table name** | The table name. | Mandatory for group backend.\n**GID** | Group ID column. | Mandatory for group backend.\n**Display name** | Display name column. | Optional.\n**Is admin** | Flag indicating if its the admin group | Optional.\n\n#### User group table\n\nAssociative table which maps users to groups.\n\nName | Description | Details\n--- | --- | ---\n**Table name** | The table name. | Mandatory for group backend.\n**UID** | User ID column. | Mandatory for group backend.\n**GID** | Group ID column. | Mandatory for group backend.\n\n## Integrations\n\nThe basic functionality requires only one database table: [User table](#user-table).\n\nFor all options to work three tables are required:\n - [User table](#user-table),\n - [Group table](#group-table),\n - [User group table](#user-group-table).\n\nIf you already have an existing database you can always create database views which fits this model,\nbut be aware that some functionalities requires data changes (update queries).\n\nIf you don't have any database model yet you can use below tables\n(MySQL). Please note that the optional `username` above really is only\nused for password matching and defaults to be equal to the `uid`\ncolumn. You also may want to compare with the `oc_users` and\n`oc_groups` table from you Nextcloud instance.\n```\nCREATE TABLE sql_user\n(\n  uid            VARCHAR(64) PRIMARY KEY,\n  display_name   TEXT        NULL,\n  email          TEXT        NULL,\n  quota          TEXT        NULL,\n  home           TEXT        NULL,\n  password       TEXT        NOT NULL,\n  active         TINYINT(1)  NOT NULL DEFAULT '1',\n  disabled       TINYINT(1)  NOT NULL DEFAULT '0',\n  provide_avatar BOOLEAN     NOT NULL DEFAULT FALSE,\n  salt           TEXT        NULL\n);\n\nCREATE TABLE sql_group\n(\n  gid   VARCHAR(64)  PRIMARY KEY,\n  name  VARCHAR(255) NOT NULL,\n  admin BOOLEAN      NOT NULL DEFAULT FALSE\n);\n\nCREATE TABLE sql_user_group\n(\n  uid   VARCHAR(64),\n  gid   VARCHAR(64),\n  PRIMARY KEY (uid, gid),\n  FOREIGN KEY (uid) REFERENCES sql_user (uid),\n  FOREIGN KEY (gid) REFERENCES sql_group (gid),\n  INDEX user_group_username_idx (uid),\n  INDEX user_group_group_name_idx (gid)\n);\n```\n\n#### WordPress\n\nThanks to this app, Nextcloud can easily integrate with Wordpress.\n\nIn the Nextcloud user table settings of SQL Backends, configure it as:\n```\nUser table: wp_users\nUsername column: user_login\nPassword column: user_pass\n\nHash algorithm: Unix (Crypt) or Portable PHP password\n```\n\n#### JHipster\n\nIt is very easy to integrate Nextcloud with JHipster.\n\nFollow the Using the Database instructions in [Using Jhipster in development](http://www.jhipster.tech/development/)\nto configure your database. Assume you chose MySQL as JHipster database.\nIn the Nextcloud user table settings of SQL Backends, configure it as:\n```\nUser table: jhi_users\nUsername column: login\nPassword column: password_hash\nEmail column: email\nActive column: activated\n\nHash algorithm: Unix (Crypt)\n```\n\n## Hash algorithms\n\nBelow is a table containing all of the supported hash implementations with example hashes.\nThe hashed password is \"password\", the salt if required have been generated randomly.\n\nHash name | Details | Hash example value\n--- | --- | ---\nCleartext | Never use this. Only for development. | password\nCourier base64-encoded MD5 | No salt supported. | {MD5RAW}5f4dcc3b5aa765d61d8327deb882cf99\nCourier hexadecimal MD5 | No salt supported. | {MD5}X03MO1qnZdYdgyfeuILPmQ==\nCourier base64-encoded SHA1 | No salt supported. | {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=\nCourier base64-encoded SHA256 | No salt supported. | {SHA256}XohImNooBHFR0OVvjcYpJ3NgPQ1qq73WKhHvch0VQtg=\nUnix (Crypt) | See [crypt](http://php.net/manual/en/function.crypt.php). | $2y$10$5rsN1fmoSkaRy9bqhozAXOr0mn0QiVIfd2L04Bbk1Go9MjdvotwBq\nArgon2i (Crypt) | Requires PHP \u003e= 7.2. See [password_hash](http://php.net/manual/en/function.password-hash.php). | $argon2i$v=19$m=1024,t=2,p=2$NnpSNlRNLlZobnJHUDh0Sw$oW5E1cfdPzLWfkTvQFUyzTR00R0aLwEdYwldcqW6Pmo\nArgon2id (Crypt) | Requires PHP \u003e= 7.2. See [password_hash](http://php.net/manual/en/function.password-hash.php). | $argon2id$v=19$m=65536,t=4,p=1$eWhTd3huemlhNGFkWTVSSQ$BjSh9PINc9df9WU1zppBsYJKvkwUEYHYNUUMTj+QGPw\nBlowfish (Crypt) | See [password_hash](http://php.net/manual/en/function.password-hash.php). | $2y$10$5rsN1fmoSkaRy9bqhozAXOr0mn0QiVIfd2L04Bbk1Go9MjdvotwBq\nExtended DES (Crypt) | | cDRpdxPmHpzS.\nHash HMAC | See [hash_hmac](https://www.php.net/manual/en/function.hash-hmac.php). | ba4f8624f0a4d1f2a3991f4d88cd9afb604dac20\nMD5 (Crypt) | | $1$RzaFbNcU$u9adfTY/Q6za6nu0Ogrl1/\nSHA256 (Crypt) | | $5$rounds=5000$VIYD0iHkg7uY9SRc$v2XLS/9dvfFN84mzGvW9wxnVt9Xd/urXaaTkpW8EwD1\nSHA512 (Crypt) | | $6$rounds=5000$yH.Q0OL4qbCOUJ3q$Xry5EVFva3wKnfo8/ktrugmBd8tcl34NK6rXInv1HhmdSUNLEm0La9JnA57rqwQ.9/Bz513MD4tvmmISLUIHs/\nStandard DES (Crypt) | | yTBnb7ab/N072\nDrupal 7 | See [phpass](http://www.openwall.com/phpass/). | $S$DC7eCpJQ3SUQtW4Bp.vKb2rpeaffi4iqk9OpYwJyEoSMsezn67Sl\nJoomla MD5 Encryption | Generates 32 chars salt. | 14d21b49b0f13e2acba962b6b0039edd:haJK0yTvBXTNMh76xwEw5RYEVpJsN8us\nMD5 | | 5f4dcc3b5aa765d61d8327deb882cf99\nPortable PHP password | See [phpass](http://www.openwall.com/phpass/). | $P$BxrwraqNTi4as0EI.IpiA/K.muk9ke/\nRedmine | Requires salt. Salt value for hash in the next column is 'salt'. | 48b75edeffd8e413341d7734f0f3391e7a5da994 \nSHA-1 | | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8\nSHA-256 | | 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8\nSHA-512 | | b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86\nSHA-512 Whirlpool | | a96b16ebb691dbe968b0d66d0d924cff5cf5de5e0885181d00761d87f295b2bf3d3c66187c050fc01c196ff3acaa48d3561ffd170413346e934a32280d632f2e\nSSHA256 | Generates 32 chars salt. | {SSHA256}+WxTB3JxprNteeovsuSYtgI+UkVPA9lfwGoYkz3Ff7hjd1FSdmlTMkNsSExyR21KM3NvNTZ5V0p4WXJMUjFzUg==\nSSHA512 | Generates 32 chars salt. | {SSHA512}It+v1kAEUBbhMJYJ2swAtz+RLE6ispv/FB6G/ALhK/YWwEmrloY+0jzrWIfmu+rWUXp8u0Tg4jLXypC5oXAW00IyYnRVdEZJbE9wak96bkNRVWFCYmlJNWxrdTA0QmhL\nWoltLab Community Framework 2.x | Double salted bcrypt. | $2a$08$XEQDKNU/Vbootwxv5Gp7gujxFX/RUFsZLvQPYM435Dd3/p17fto02\nWhirlpool | | 74dfc2b27acfa364da55f93a5caee29ccad3557247eda238831b3e9bd931b01d77fe994e4f12b9d4cfa92a124461d2065197d8cf7f33fc88566da2db2a4d6eae\n\n## Development\n\n#### Testing environment\n\nThere is a [vagrant](https://github.com/mlojewski-me/user_sql-vagrant) box which you can use at development stage.\n\n#### New database driver support\n\nAdd a new class in the `OCA\\UserSQL\\Platform` namespace which extends the `AbstractPlatform` class.\nAdd this driver in `admin.php` template  to `$drivers` variable and in method `getPlatform(Connection $connection)`\nof `PlatformFactory` class.\n\n#### New hash algorithm support\n\nCreate a new class in `OCA\\UserSQL\\Crypto` namespace which implements `IPasswordAlgorithm` interface.\nDo not forget to write unit tests.\n\n### Acknowledgments\n\nThis repository contains continuation of work done in [this repo](https://www.aboehler.at/hg/user_sql/).\nThis plugin was heavily based on user_imap, user_pwauth, user_ldap and user_redmine!\n\nSince version 4.0.0 the whole core implementation has been rewritten.\n\n### Credits\n\n  * Andreas Boehler for releasing the first version of this application\n  * Johan Hendriks provided his user_postfixadmin\n  * Ed Wildgoose for fixing possible SQL injection vulnerability\n  * Brandon Lee for implementing feature to separate uid from username resolving issues #108 \u0026 #121\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnextcloud%2Fuser_sql","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnextcloud%2Fuser_sql","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnextcloud%2Fuser_sql/lists"}