How LDAP/AD password policies and external storage mounts work together
This article summarizes how the LDAP user backend of Nextcloud works together with LDAP/AD password policies and SMB mount points.
The presumed setup consists of the LDAP user backend within Nextcloud that is configured to take the user attributes and the password from LDAP to authenticate against Nextcloud.
The login flow
Typically logins happens on the web only once and then a cookie is used to reuse existing sessions. The user does not need to enter the password again.
For our desktop client and the mobile apps we do something similar. The user authenticates once and from then on does not need to authenticate again. Starting with iOS version 2.20.4, Android version 2.0.0 and Desktop version 2.5.0 the so-called login flow is used. That means that instead of three input fields with server URL, login name and password the web login form is opened, the user logs in there and then the web UI redirect back to the app. That allows the server to interact with the client during the login and