From 2cf61758aac878d7ae7bfde36802d2a7dc007617 Mon Sep 17 00:00:00 2001
From: "Jean-Yves S." <docjyj.github@jycloud.fr>
Date: Fri, 22 Mar 2024 21:39:21 +0100
Subject: [PATCH] Update to LLDAP

Signed-off-by: Jean-Yves S. <docjyj.github@jycloud.fr>
---
 community-containers/lldap/lldap.json       | 81 +++++++++++++++++++++
 community-containers/openldap/openldap.json | 56 --------------
 2 files changed, 81 insertions(+), 56 deletions(-)
 create mode 100644 community-containers/lldap/lldap.json
 delete mode 100644 community-containers/openldap/openldap.json

diff --git a/community-containers/lldap/lldap.json b/community-containers/lldap/lldap.json
new file mode 100644
index 000000000000..ce065ca3c43c
--- /dev/null
+++ b/community-containers/lldap/lldap.json
@@ -0,0 +1,81 @@
+{
+  "aio_services_v1": [
+    {
+      "container_name": "nextcloud-aio-lldap",
+      "display_name": "Light LDAP implementation",
+      "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap",
+      "image": "lldap/lldap",
+      "image_tag": "2024-03-18-alpine",
+      "internal_port": "17170",
+      "restart": "unless-stopped",
+      "ports": [
+        {
+          "ip_binding": "%APACHE_IP_BINDING%",
+          "port_number": "17170",
+          "protocol": "tcp"
+        }
+      ],
+      "apparmor_unconfined": true,
+      "environment": [
+        "TZ=%TIMEZONE%",
+        "UID=65534",
+        "GID=65534",
+        "LLDAP_JWT_SECRET=%LLDAP_JWT_SECRET%",
+        "LLDAP_LDAP_USER_PASS=%LLDAP_LDAP_USER_PASS%",
+        "LLDAP_LDAP_BASE_DN=%NC_DOMAIN_BASE_DN%"
+      ],
+      "secrets": [
+        "LLDAP_JWT_SECRET",
+        "LLDAP_LDAP_USER_PASS"
+      ],
+      "volumes": [
+        {
+          "source": "nextcloud_aio_lldap",
+          "destination": "/data",
+          "writeable": true
+        }
+      ],
+      "backup_volumes": [
+        "nextcloud_aio_lldap"
+      ],
+      "nextcloud_exec_commands": [
+        "php /var/www/html/occ app:install user_ldap",
+        "php /var/www/html/occ app:enable user_ldap",
+        "php /var/www/html/occ ldap:create-empty-config",
+        "php /var/www/html/occ ldap:set-config s01 ldapAgentName 'uid=ro_admin,ou=people,%NC_DOMAIN_BASE_DN%'",
+        "php /var/www/html/occ ldap:set-config s01 ldapAgentPassword '%OPENLDAP_LDAP_USER_PASS%'",
+        "php /var/www/html/occ ldap:set-config s01 ldapBase '%NC_DOMAIN_BASE_DN%'",
+        "php /var/www/html/occ ldap:set-config s01 ldapBaseGroups '%NC_DOMAIN_BASE_DN%'",
+        "php /var/www/html/occ ldap:set-config s01 ldapBaseUsers '%NC_DOMAIN_BASE_DN%'",
+        "php /var/www/html/occ ldap:set-config s01 ldapCacheTTL 600",
+        "php /var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1",
+        "php /var/www/html/occ ldap:set-config s01 ldapEmailAttribute 'mail'",
+        "php /var/www/html/occ ldap:set-config s01 ldapExperiencedAdmin 0",
+        "php /var/www/html/occ ldap:set-config s01 ldapGidNumber 'gidNumber'",
+        "php /var/www/html/occ ldap:set-config s01 ldapGroupDisplayName 'cn'",
+        "php /var/www/html/occ ldap:set-config s01 ldapGroupFilter '(&(objectclass=groupOfUniqueNames))'",
+        "php /var/www/html/occ ldap:set-config s01 ldapGroupFilterGroups ''",
+        "php /var/www/html/occ ldap:set-config s01 ldapGroupFilterMode 0",
+        "php /var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass 'groupOfUniqueNames'",
+        "php /var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr 'uniqueMember'",
+        "php /var/www/html/occ ldap:set-config s01 ldapHost 'nextcloud-aio-openldap'",
+        "php /var/www/html/occ ldap:set-config s01 ldapLoginFilterAttributes 'uid'",
+        "php /var/www/html/occ ldap:set-config s01 ldapLoginFilterEmail 0",
+        "php /var/www/html/occ ldap:set-config s01 ldapLoginFilterUsername 1",
+        "php /var/www/html/occ ldap:set-config s01 ldapMatchingRuleInChainState 'unknown'",
+        "php /var/www/html/occ ldap:set-config s01 ldapNestedGroups 0",
+        "php /var/www/html/occ ldap:set-config s01 ldapPagingSize 500",
+        "php /var/www/html/occ ldap:set-config s01 ldapPort 3890",
+        "php /var/www/html/occ ldap:set-config s01 ldapTLS 0",
+        "php /var/www/html/occ ldap:set-config s01 ldapUserAvatarRule 'default'",
+        "php /var/www/html/occ ldap:set-config s01 ldapUserDisplayName 'displayname'",
+        "php /var/www/html/occ ldap:set-config s01 ldapUserFilter'(&(objectClass=person)(uid=%uid))'",
+        "php /var/www/html/occ ldap:set-config s01 ldapUserFilterMode 1",
+        "php /var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass 'person'",
+        "php /var/www/html/occ ldap:set-config s01 ldapUuidGroupAttribute 'auto'",
+        "php /var/www/html/occ ldap:set-config s01 ldapUuidUserAttribute 'auto'",
+        "php /var/www/html/occ ldap:set-config s01 turnOnPasswordChange 0"
+      ]
+    }
+  ]
+}
\ No newline at end of file
diff --git a/community-containers/openldap/openldap.json b/community-containers/openldap/openldap.json
deleted file mode 100644
index 1fe2f5b24806..000000000000
--- a/community-containers/openldap/openldap.json
+++ /dev/null
@@ -1,56 +0,0 @@
-{
-  "aio_services_v1": [
-    {
-      "container_name": "nextcloud-aio-openldap",
-      "display_name": "OpenLDAP implementation",
-      "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/openldap",
-      "image": "osixia/openldap",
-      "image_tag": "1.5.0",
-      "restart": "unless-stopped",
-      "apparmor_unconfined": true,
-      "environment": [
-        "TZ=%TIMEZONE%",
-        "LDAP_ADMIN_PASSWORD=%OPENLDAP_ADMIN_PASS%",
-        "LDAP_DOMAIN=%NC_DOMAIN%"
-      ],
-      "secrets": [
-        "OPENLDAP_LDAP_USER_PASS"
-      ],
-      "volumes": [
-        {
-          "source": "nextcloud_aio_ldap",
-          "destination": "/var/lib/ldap",
-          "writeable": true
-        },
-        {
-          "source": "nextcloud_aio_openldap",
-          "destination": "/var/lib/ldap",
-          "writeable": true
-        }
-      ],
-      "backup_volumes": [
-        "nextcloud_aio_ldap",
-        "nextcloud_aio_openldap"
-      ],
-      "nextcloud_exec_commands": [
-        "php /var/www/html/occ app:install user_ldap",
-        "php /var/www/html/occ app:enable user_ldap",
-        "php /var/www/html/occ ldap:set-config 0 ldapAgentName cn=admin,dc=localhost",
-        "php /var/www/html/occ ldap:set-config 0 ldapAgentPassword %OPENLDAP_LDAP_USER_PASS%",
-        "php /var/www/html/occ ldap:set-config 0 ldapBase dc=localhost",
-        "php /var/www/html/occ ldap:set-config 0 ldapBaseGroups ou=groups,dc=localhost",
-        "php /var/www/html/occ ldap:set-config 0 ldapBaseUsers ou=users,dc=localhost",
-        "php /var/www/html/occ ldap:set-config 0 ldapEmailAttribute mail",
-        "php /var/www/html/occ ldap:set-config 0 ldapGidNumber gidNumber",
-        "php /var/www/html/occ ldap:set-config 0 ldapGroupDisplayName cn",
-        "php /var/www/html/occ ldap:set-config 0 ldapGroupFilter '(&(objectClass=posixGroup)(gidNumber=%gid))'",
-        "php /var/www/html/occ ldap:set-config 0 ldapHost nextcloud-aio-openldap",
-        "php /var/www/html/occ ldap:set-config 0 ldapLoginFilterAttributes uid",
-        "php /var/www/html/occ ldap:set-config 0 ldapLoginFilterEmail 1",
-        "php /var/www/html/occ ldap:set-config 0 ldapLoginFilterMode 1",
-        "php /var/www/html/occ ldap:set-config 0 ldapLoginFilterUsername 1",
-        "php /var/www/html/occ ldap:set-config 0 ldapUserFilter '(&(objectClass=inetOrgPerson)(uid=%uid))'"
-      ]
-    }
-  ]
-}
\ No newline at end of file