From 94002d62e55fe72c928faec7a8c303ada4a9f9fd Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Mon, 18 Mar 2024 09:13:57 +0100 Subject: [PATCH 01/16] first test Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/openldap/openldap.json | 56 +++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 community-containers/openldap/openldap.json diff --git a/community-containers/openldap/openldap.json b/community-containers/openldap/openldap.json new file mode 100644 index 00000000000..1fe2f5b2480 --- /dev/null +++ b/community-containers/openldap/openldap.json @@ -0,0 +1,56 @@ +{ + "aio_services_v1": [ + { + "container_name": "nextcloud-aio-openldap", + "display_name": "OpenLDAP implementation", + "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/openldap", + "image": "osixia/openldap", + "image_tag": "1.5.0", + "restart": "unless-stopped", + "apparmor_unconfined": true, + "environment": [ + "TZ=%TIMEZONE%", + "LDAP_ADMIN_PASSWORD=%OPENLDAP_ADMIN_PASS%", + "LDAP_DOMAIN=%NC_DOMAIN%" + ], + "secrets": [ + "OPENLDAP_LDAP_USER_PASS" + ], + "volumes": [ + { + "source": "nextcloud_aio_ldap", + "destination": "/var/lib/ldap", + "writeable": true + }, + { + "source": "nextcloud_aio_openldap", + "destination": "/var/lib/ldap", + "writeable": true + } + ], + "backup_volumes": [ + "nextcloud_aio_ldap", + "nextcloud_aio_openldap" + ], + "nextcloud_exec_commands": [ + "php /var/www/html/occ app:install user_ldap", + "php /var/www/html/occ app:enable user_ldap", + "php /var/www/html/occ ldap:set-config 0 ldapAgentName cn=admin,dc=localhost", + "php /var/www/html/occ ldap:set-config 0 ldapAgentPassword %OPENLDAP_LDAP_USER_PASS%", + "php /var/www/html/occ ldap:set-config 0 ldapBase dc=localhost", + "php /var/www/html/occ ldap:set-config 0 ldapBaseGroups ou=groups,dc=localhost", + "php /var/www/html/occ ldap:set-config 0 ldapBaseUsers ou=users,dc=localhost", + "php /var/www/html/occ ldap:set-config 0 ldapEmailAttribute mail", + "php /var/www/html/occ ldap:set-config 0 ldapGidNumber gidNumber", + "php /var/www/html/occ ldap:set-config 0 ldapGroupDisplayName cn", + "php /var/www/html/occ ldap:set-config 0 ldapGroupFilter '(&(objectClass=posixGroup)(gidNumber=%gid))'", + "php /var/www/html/occ ldap:set-config 0 ldapHost nextcloud-aio-openldap", + "php /var/www/html/occ ldap:set-config 0 ldapLoginFilterAttributes uid", + "php /var/www/html/occ ldap:set-config 0 ldapLoginFilterEmail 1", + "php /var/www/html/occ ldap:set-config 0 ldapLoginFilterMode 1", + "php /var/www/html/occ ldap:set-config 0 ldapLoginFilterUsername 1", + "php /var/www/html/occ ldap:set-config 0 ldapUserFilter '(&(objectClass=inetOrgPerson)(uid=%uid))'" + ] + } + ] +} \ No newline at end of file From 96335509cb8e8a0df89eb71ec044c23034fdbaac Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Fri, 22 Mar 2024 21:39:21 +0100 Subject: [PATCH 02/16] Update to LLDAP Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/lldap/lldap.json | 81 +++++++++++++++++++++ community-containers/openldap/openldap.json | 56 -------------- 2 files changed, 81 insertions(+), 56 deletions(-) create mode 100644 community-containers/lldap/lldap.json delete mode 100644 community-containers/openldap/openldap.json diff --git a/community-containers/lldap/lldap.json b/community-containers/lldap/lldap.json new file mode 100644 index 00000000000..ce065ca3c43 --- /dev/null +++ b/community-containers/lldap/lldap.json @@ -0,0 +1,81 @@ +{ + "aio_services_v1": [ + { + "container_name": "nextcloud-aio-lldap", + "display_name": "Light LDAP implementation", + "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap", + "image": "lldap/lldap", + "image_tag": "2024-03-18-alpine", + "internal_port": "17170", + "restart": "unless-stopped", + "ports": [ + { + "ip_binding": "%APACHE_IP_BINDING%", + "port_number": "17170", + "protocol": "tcp" + } + ], + "apparmor_unconfined": true, + "environment": [ + "TZ=%TIMEZONE%", + "UID=65534", + "GID=65534", + "LLDAP_JWT_SECRET=%LLDAP_JWT_SECRET%", + "LLDAP_LDAP_USER_PASS=%LLDAP_LDAP_USER_PASS%", + "LLDAP_LDAP_BASE_DN=%NC_DOMAIN_BASE_DN%" + ], + "secrets": [ + "LLDAP_JWT_SECRET", + "LLDAP_LDAP_USER_PASS" + ], + "volumes": [ + { + "source": "nextcloud_aio_lldap", + "destination": "/data", + "writeable": true + } + ], + "backup_volumes": [ + "nextcloud_aio_lldap" + ], + "nextcloud_exec_commands": [ + "php /var/www/html/occ app:install user_ldap", + "php /var/www/html/occ app:enable user_ldap", + "php /var/www/html/occ ldap:create-empty-config", + "php /var/www/html/occ ldap:set-config s01 ldapAgentName 'uid=ro_admin,ou=people,%NC_DOMAIN_BASE_DN%'", + "php /var/www/html/occ ldap:set-config s01 ldapAgentPassword '%OPENLDAP_LDAP_USER_PASS%'", + "php /var/www/html/occ ldap:set-config s01 ldapBase '%NC_DOMAIN_BASE_DN%'", + "php /var/www/html/occ ldap:set-config s01 ldapBaseGroups '%NC_DOMAIN_BASE_DN%'", + "php /var/www/html/occ ldap:set-config s01 ldapBaseUsers '%NC_DOMAIN_BASE_DN%'", + "php /var/www/html/occ ldap:set-config s01 ldapCacheTTL 600", + "php /var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1", + "php /var/www/html/occ ldap:set-config s01 ldapEmailAttribute 'mail'", + "php /var/www/html/occ ldap:set-config s01 ldapExperiencedAdmin 0", + "php /var/www/html/occ ldap:set-config s01 ldapGidNumber 'gidNumber'", + "php /var/www/html/occ ldap:set-config s01 ldapGroupDisplayName 'cn'", + "php /var/www/html/occ ldap:set-config s01 ldapGroupFilter '(&(objectclass=groupOfUniqueNames))'", + "php /var/www/html/occ ldap:set-config s01 ldapGroupFilterGroups ''", + "php /var/www/html/occ ldap:set-config s01 ldapGroupFilterMode 0", + "php /var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass 'groupOfUniqueNames'", + "php /var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr 'uniqueMember'", + "php /var/www/html/occ ldap:set-config s01 ldapHost 'nextcloud-aio-openldap'", + "php /var/www/html/occ ldap:set-config s01 ldapLoginFilterAttributes 'uid'", + "php /var/www/html/occ ldap:set-config s01 ldapLoginFilterEmail 0", + "php /var/www/html/occ ldap:set-config s01 ldapLoginFilterUsername 1", + "php /var/www/html/occ ldap:set-config s01 ldapMatchingRuleInChainState 'unknown'", + "php /var/www/html/occ ldap:set-config s01 ldapNestedGroups 0", + "php /var/www/html/occ ldap:set-config s01 ldapPagingSize 500", + "php /var/www/html/occ ldap:set-config s01 ldapPort 3890", + "php /var/www/html/occ ldap:set-config s01 ldapTLS 0", + "php /var/www/html/occ ldap:set-config s01 ldapUserAvatarRule 'default'", + "php /var/www/html/occ ldap:set-config s01 ldapUserDisplayName 'displayname'", + "php /var/www/html/occ ldap:set-config s01 ldapUserFilter'(&(objectClass=person)(uid=%uid))'", + "php /var/www/html/occ ldap:set-config s01 ldapUserFilterMode 1", + "php /var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass 'person'", + "php /var/www/html/occ ldap:set-config s01 ldapUuidGroupAttribute 'auto'", + "php /var/www/html/occ ldap:set-config s01 ldapUuidUserAttribute 'auto'", + "php /var/www/html/occ ldap:set-config s01 turnOnPasswordChange 0" + ] + } + ] +} \ No newline at end of file diff --git a/community-containers/openldap/openldap.json b/community-containers/openldap/openldap.json deleted file mode 100644 index 1fe2f5b2480..00000000000 --- a/community-containers/openldap/openldap.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "aio_services_v1": [ - { - "container_name": "nextcloud-aio-openldap", - "display_name": "OpenLDAP implementation", - "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/openldap", - "image": "osixia/openldap", - "image_tag": "1.5.0", - "restart": "unless-stopped", - "apparmor_unconfined": true, - "environment": [ - "TZ=%TIMEZONE%", - "LDAP_ADMIN_PASSWORD=%OPENLDAP_ADMIN_PASS%", - "LDAP_DOMAIN=%NC_DOMAIN%" - ], - "secrets": [ - "OPENLDAP_LDAP_USER_PASS" - ], - "volumes": [ - { - "source": "nextcloud_aio_ldap", - "destination": "/var/lib/ldap", - "writeable": true - }, - { - "source": "nextcloud_aio_openldap", - "destination": "/var/lib/ldap", - "writeable": true - } - ], - "backup_volumes": [ - "nextcloud_aio_ldap", - "nextcloud_aio_openldap" - ], - "nextcloud_exec_commands": [ - "php /var/www/html/occ app:install user_ldap", - "php /var/www/html/occ app:enable user_ldap", - "php /var/www/html/occ ldap:set-config 0 ldapAgentName cn=admin,dc=localhost", - "php /var/www/html/occ ldap:set-config 0 ldapAgentPassword %OPENLDAP_LDAP_USER_PASS%", - "php /var/www/html/occ ldap:set-config 0 ldapBase dc=localhost", - "php /var/www/html/occ ldap:set-config 0 ldapBaseGroups ou=groups,dc=localhost", - "php /var/www/html/occ ldap:set-config 0 ldapBaseUsers ou=users,dc=localhost", - "php /var/www/html/occ ldap:set-config 0 ldapEmailAttribute mail", - "php /var/www/html/occ ldap:set-config 0 ldapGidNumber gidNumber", - "php /var/www/html/occ ldap:set-config 0 ldapGroupDisplayName cn", - "php /var/www/html/occ ldap:set-config 0 ldapGroupFilter '(&(objectClass=posixGroup)(gidNumber=%gid))'", - "php /var/www/html/occ ldap:set-config 0 ldapHost nextcloud-aio-openldap", - "php /var/www/html/occ ldap:set-config 0 ldapLoginFilterAttributes uid", - "php /var/www/html/occ ldap:set-config 0 ldapLoginFilterEmail 1", - "php /var/www/html/occ ldap:set-config 0 ldapLoginFilterMode 1", - "php /var/www/html/occ ldap:set-config 0 ldapLoginFilterUsername 1", - "php /var/www/html/occ ldap:set-config 0 ldapUserFilter '(&(objectClass=inetOrgPerson)(uid=%uid))'" - ] - } - ] -} \ No newline at end of file From 6f832bb39faab73ed0a7ed0d4da29c5586aed236 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Tue, 26 Mar 2024 09:02:54 +0100 Subject: [PATCH 03/16] Add ReadMe Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/lldap/readme.md | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 community-containers/lldap/readme.md diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md new file mode 100644 index 00000000000..629bf144d2c --- /dev/null +++ b/community-containers/lldap/readme.md @@ -0,0 +1,10 @@ +## Light LDAP server +This container bundles LLDAP server and auto-configures your nextcloud instance for you. + +### Notes + +### Repository +https://github.com/lldap/lldap + +### Maintainer +https://github.com/docjyj From cbcfe4e169481fc62b8611e52ef777ad8b2c35cc Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Tue, 26 Mar 2024 09:41:53 +0100 Subject: [PATCH 04/16] Add Base DN generation when user selects the aio domain Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/lldap/lldap.json | 10 +++++----- php/src/Data/ConfigurationManager.php | 12 ++++++++++++ php/src/Docker/DockerActionManager.php | 2 ++ 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/community-containers/lldap/lldap.json b/community-containers/lldap/lldap.json index ce065ca3c43..3de1061c897 100644 --- a/community-containers/lldap/lldap.json +++ b/community-containers/lldap/lldap.json @@ -22,7 +22,7 @@ "GID=65534", "LLDAP_JWT_SECRET=%LLDAP_JWT_SECRET%", "LLDAP_LDAP_USER_PASS=%LLDAP_LDAP_USER_PASS%", - "LLDAP_LDAP_BASE_DN=%NC_DOMAIN_BASE_DN%" + "LLDAP_LDAP_BASE_DN=%NC_BASE_DN%" ], "secrets": [ "LLDAP_JWT_SECRET", @@ -42,11 +42,11 @@ "php /var/www/html/occ app:install user_ldap", "php /var/www/html/occ app:enable user_ldap", "php /var/www/html/occ ldap:create-empty-config", - "php /var/www/html/occ ldap:set-config s01 ldapAgentName 'uid=ro_admin,ou=people,%NC_DOMAIN_BASE_DN%'", + "php /var/www/html/occ ldap:set-config s01 ldapAgentName 'uid=ro_admin,ou=people,%NC_BASE_DN%'", "php /var/www/html/occ ldap:set-config s01 ldapAgentPassword '%OPENLDAP_LDAP_USER_PASS%'", - "php /var/www/html/occ ldap:set-config s01 ldapBase '%NC_DOMAIN_BASE_DN%'", - "php /var/www/html/occ ldap:set-config s01 ldapBaseGroups '%NC_DOMAIN_BASE_DN%'", - "php /var/www/html/occ ldap:set-config s01 ldapBaseUsers '%NC_DOMAIN_BASE_DN%'", + "php /var/www/html/occ ldap:set-config s01 ldapBase '%NC_BASE_DN%'", + "php /var/www/html/occ ldap:set-config s01 ldapBaseGroups '%NC_BASE_DN%'", + "php /var/www/html/occ ldap:set-config s01 ldapBaseUsers '%NC_BASE_DN%'", "php /var/www/html/occ ldap:set-config s01 ldapCacheTTL 600", "php /var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1", "php /var/www/html/occ ldap:set-config s01 ldapEmailAttribute 'mail'", diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 3b3cba5db21..ad8f0a1ac4b 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -372,6 +372,9 @@ public function SetDomain(string $domain) : void { // Write domain $config = $this->GetConfig(); $config['domain'] = $domain; + // Write base-dn + $base_dn = 'dc=' . implode(',dc=', array_reverse(explode('.', $domain))); + $config['base-dn'] = $base_dn; // Reset the borg restore password when setting the domain $config['borg_restore_password'] = ''; $this->WriteConfig($config); @@ -386,6 +389,15 @@ public function GetDomain() : string { return $config['domain']; } + public function GetBaseDN() : string { + $config = $this->GetConfig(); + if(!isset($config['base-dn'])) { + $config['base-dn'] = ''; + } + + return $config['base-dn']; + } + public function GetBackupMode() : string { $config = $this->GetConfig(); if(!isset($config['backup-mode'])) { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index ed4d77171dc..1b2fba1c70f 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -283,6 +283,8 @@ public function CreateContainer(Container $container) : void { if($out[1] === 'NC_DOMAIN') { $replacements[1] = $this->configurationManager->GetDomain(); + } elseif($out[1] === 'NC_BASE_DN') { + $replacements[1] = $this->configurationManager->GetBaseDN(); } elseif ($out[1] === 'AIO_TOKEN') { $replacements[1] = $this->configurationManager->GetToken(); } elseif ($out[1] === 'BORGBACKUP_MODE') { From 5508087e0e4b3df4321cba057a3a644a11101e0d Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Tue, 26 Mar 2024 20:00:14 +0100 Subject: [PATCH 05/16] Update with feedback Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/lldap/lldap.json | 5 ++--- community-containers/lldap/readme.md | 1 + php/src/Data/ConfigurationManager.php | 12 ++++-------- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/community-containers/lldap/lldap.json b/community-containers/lldap/lldap.json index 3de1061c897..476c2cf32a7 100644 --- a/community-containers/lldap/lldap.json +++ b/community-containers/lldap/lldap.json @@ -5,7 +5,7 @@ "display_name": "Light LDAP implementation", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap", "image": "lldap/lldap", - "image_tag": "2024-03-18-alpine", + "image_tag": "v0-alpine", "internal_port": "17170", "restart": "unless-stopped", "ports": [ @@ -15,7 +15,6 @@ "protocol": "tcp" } ], - "apparmor_unconfined": true, "environment": [ "TZ=%TIMEZONE%", "UID=65534", @@ -78,4 +77,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md index 629bf144d2c..a2c873631f6 100644 --- a/community-containers/lldap/readme.md +++ b/community-containers/lldap/readme.md @@ -2,6 +2,7 @@ This container bundles LLDAP server and auto-configures your nextcloud instance for you. ### Notes +- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack ### Repository https://github.com/lldap/lldap diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index ad8f0a1ac4b..e9ac9dd8f04 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -372,9 +372,6 @@ public function SetDomain(string $domain) : void { // Write domain $config = $this->GetConfig(); $config['domain'] = $domain; - // Write base-dn - $base_dn = 'dc=' . implode(',dc=', array_reverse(explode('.', $domain))); - $config['base-dn'] = $base_dn; // Reset the borg restore password when setting the domain $config['borg_restore_password'] = ''; $this->WriteConfig($config); @@ -390,12 +387,11 @@ public function GetDomain() : string { } public function GetBaseDN() : string { - $config = $this->GetConfig(); - if(!isset($config['base-dn'])) { - $config['base-dn'] = ''; + $domain = $this->GetDomain(); + if ($domain === "") { + return ""; } - - return $config['base-dn']; + return 'dc=' . implode(',dc=', array_reverse(explode('.', $domain))); } public function GetBackupMode() : string { From 7a243fe6f6070a37828ab64e3c53b2118f05664e Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Fri, 29 Mar 2024 15:53:21 +0100 Subject: [PATCH 06/16] Move auto-config to setup-lldap.sh Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/lldap/lldap.json | 36 +--------------- community-containers/lldap/setup-lldap.sh | 52 +++++++++++++++++++++++ 2 files changed, 53 insertions(+), 35 deletions(-) create mode 100755 community-containers/lldap/setup-lldap.sh diff --git a/community-containers/lldap/lldap.json b/community-containers/lldap/lldap.json index 476c2cf32a7..3592f1799c5 100644 --- a/community-containers/lldap/lldap.json +++ b/community-containers/lldap/lldap.json @@ -39,41 +39,7 @@ ], "nextcloud_exec_commands": [ "php /var/www/html/occ app:install user_ldap", - "php /var/www/html/occ app:enable user_ldap", - "php /var/www/html/occ ldap:create-empty-config", - "php /var/www/html/occ ldap:set-config s01 ldapAgentName 'uid=ro_admin,ou=people,%NC_BASE_DN%'", - "php /var/www/html/occ ldap:set-config s01 ldapAgentPassword '%OPENLDAP_LDAP_USER_PASS%'", - "php /var/www/html/occ ldap:set-config s01 ldapBase '%NC_BASE_DN%'", - "php /var/www/html/occ ldap:set-config s01 ldapBaseGroups '%NC_BASE_DN%'", - "php /var/www/html/occ ldap:set-config s01 ldapBaseUsers '%NC_BASE_DN%'", - "php /var/www/html/occ ldap:set-config s01 ldapCacheTTL 600", - "php /var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1", - "php /var/www/html/occ ldap:set-config s01 ldapEmailAttribute 'mail'", - "php /var/www/html/occ ldap:set-config s01 ldapExperiencedAdmin 0", - "php /var/www/html/occ ldap:set-config s01 ldapGidNumber 'gidNumber'", - "php /var/www/html/occ ldap:set-config s01 ldapGroupDisplayName 'cn'", - "php /var/www/html/occ ldap:set-config s01 ldapGroupFilter '(&(objectclass=groupOfUniqueNames))'", - "php /var/www/html/occ ldap:set-config s01 ldapGroupFilterGroups ''", - "php /var/www/html/occ ldap:set-config s01 ldapGroupFilterMode 0", - "php /var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass 'groupOfUniqueNames'", - "php /var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr 'uniqueMember'", - "php /var/www/html/occ ldap:set-config s01 ldapHost 'nextcloud-aio-openldap'", - "php /var/www/html/occ ldap:set-config s01 ldapLoginFilterAttributes 'uid'", - "php /var/www/html/occ ldap:set-config s01 ldapLoginFilterEmail 0", - "php /var/www/html/occ ldap:set-config s01 ldapLoginFilterUsername 1", - "php /var/www/html/occ ldap:set-config s01 ldapMatchingRuleInChainState 'unknown'", - "php /var/www/html/occ ldap:set-config s01 ldapNestedGroups 0", - "php /var/www/html/occ ldap:set-config s01 ldapPagingSize 500", - "php /var/www/html/occ ldap:set-config s01 ldapPort 3890", - "php /var/www/html/occ ldap:set-config s01 ldapTLS 0", - "php /var/www/html/occ ldap:set-config s01 ldapUserAvatarRule 'default'", - "php /var/www/html/occ ldap:set-config s01 ldapUserDisplayName 'displayname'", - "php /var/www/html/occ ldap:set-config s01 ldapUserFilter'(&(objectClass=person)(uid=%uid))'", - "php /var/www/html/occ ldap:set-config s01 ldapUserFilterMode 1", - "php /var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass 'person'", - "php /var/www/html/occ ldap:set-config s01 ldapUuidGroupAttribute 'auto'", - "php /var/www/html/occ ldap:set-config s01 ldapUuidUserAttribute 'auto'", - "php /var/www/html/occ ldap:set-config s01 turnOnPasswordChange 0" + "php /var/www/html/occ app:enable user_ldap" ] } ] diff --git a/community-containers/lldap/setup-lldap.sh b/community-containers/lldap/setup-lldap.sh new file mode 100755 index 00000000000..ab311143622 --- /dev/null +++ b/community-containers/lldap/setup-lldap.sh @@ -0,0 +1,52 @@ +#!/bin/sh + +occ() { + sudo docker exec -u www-data nextcloud-aio-nextcloud php /var/www/html/occ "$@" +} +DOMAIN=cloud.example.com +#DOMAIN=$(occ config:system:get overwritehost) +BASE_DN="dc=${DOMAIN//./,dc=}" + +echo "Nextcloud instance found" +echo "Domain: $DOMAIN" +echo "Base DN: $BASE_DN" + +read -sp "Type the password for the LDAP admin user: " PASSWORD + +echo "Setting up LDAP" + +occ ldap:create-empty-config + +occ ldap:set-config s01 ldapAgentName "uid=ro_admin,ou=people,$BASE_DN" +occ ldap:set-config s01 ldapAgentPassword "$PASSWORD" +occ ldap:set-config s01 ldapBase "$BASE_DN" +occ ldap:set-config s01 ldapBaseGroups "$BASE_DN" +occ ldap:set-config s01 ldapBaseUsers "$BASE_DN" +occ ldap:set-config s01 ldapCacheTTL 600 +occ ldap:set-config s01 ldapConfigurationActive 1 +occ ldap:set-config s01 ldapEmailAttribute "mail" +occ ldap:set-config s01 ldapExperiencedAdmin 0 +occ ldap:set-config s01 ldapGidNumber "gidNumber" +occ ldap:set-config s01 ldapGroupDisplayName "cn" +occ ldap:set-config s01 ldapGroupFilter "(&(objectclass=groupOfUniqueNames))" +occ ldap:set-config s01 ldapGroupFilterGroups "" +occ ldap:set-config s01 ldapGroupFilterMode 0 +occ ldap:set-config s01 ldapGroupFilterObjectclass "groupOfUniqueNames" +occ ldap:set-config s01 ldapGroupMemberAssocAttr "uniqueMember" +occ ldap:set-config s01 ldapHost "nextcloud-aio-lldap" +occ ldap:set-config s01 ldapLoginFilterAttributes "uid" +occ ldap:set-config s01 ldapLoginFilterEmail 0 +occ ldap:set-config s01 ldapLoginFilterUsername 1 +occ ldap:set-config s01 ldapMatchingRuleInChainState "unknown" +occ ldap:set-config s01 ldapNestedGroups 0 +occ ldap:set-config s01 ldapPagingSize 500 +occ ldap:set-config s01 ldapPort 3890 +occ ldap:set-config s01 ldapTLS 0 +occ ldap:set-config s01 ldapUserAvatarRule "default" +occ ldap:set-config s01 ldapUserDisplayName "displayname" +occ ldap:set-config s01 ldapUserFilter "(&(objectClass=person)(uid=%uid))" +occ ldap:set-config s01 ldapUserFilterMode 1 +occ ldap:set-config s01 ldapUserFilterObjectclass "person" +occ ldap:set-config s01 ldapUuidGroupAttribute "auto" +occ ldap:set-config s01 ldapUuidUserAttribute "auto" +occ ldap:set-config s01 turnOnPasswordChange 0 \ No newline at end of file From 24f9afaff63968103f6a0558b14f2d077c5f2dc0 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Fri, 29 Mar 2024 15:54:56 +0100 Subject: [PATCH 07/16] No reverse Base Domain Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- php/src/Data/ConfigurationManager.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index e9ac9dd8f04..5ccb2ee360e 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -391,7 +391,7 @@ public function GetBaseDN() : string { if ($domain === "") { return ""; } - return 'dc=' . implode(',dc=', array_reverse(explode('.', $domain))); + return 'dc=' . implode(',dc=', explode('.', $domain)); } public function GetBackupMode() : string { From 79101c8d4f940fad6f13c6b26b0eea8637939694 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Fri, 29 Mar 2024 15:55:46 +0100 Subject: [PATCH 08/16] No expose ldap interface (use caddy instead) Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/lldap/lldap.json | 7 ------- 1 file changed, 7 deletions(-) diff --git a/community-containers/lldap/lldap.json b/community-containers/lldap/lldap.json index 3592f1799c5..4c7c855add4 100644 --- a/community-containers/lldap/lldap.json +++ b/community-containers/lldap/lldap.json @@ -8,13 +8,6 @@ "image_tag": "v0-alpine", "internal_port": "17170", "restart": "unless-stopped", - "ports": [ - { - "ip_binding": "%APACHE_IP_BINDING%", - "port_number": "17170", - "protocol": "tcp" - } - ], "environment": [ "TZ=%TIMEZONE%", "UID=65534", From d85c4307f7f16b5d1bb76d919be8383799a1e697 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Fri, 29 Mar 2024 15:57:16 +0100 Subject: [PATCH 09/16] Uncomment getter for occ Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/lldap/setup-lldap.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/community-containers/lldap/setup-lldap.sh b/community-containers/lldap/setup-lldap.sh index ab311143622..7a5ae9e3f8d 100755 --- a/community-containers/lldap/setup-lldap.sh +++ b/community-containers/lldap/setup-lldap.sh @@ -3,8 +3,8 @@ occ() { sudo docker exec -u www-data nextcloud-aio-nextcloud php /var/www/html/occ "$@" } -DOMAIN=cloud.example.com -#DOMAIN=$(occ config:system:get overwritehost) + +DOMAIN=$(occ config:system:get overwritehost) BASE_DN="dc=${DOMAIN//./,dc=}" echo "Nextcloud instance found" From 6366dda42f88b0dbae1a2e40d5997e79e49a2f41 Mon Sep 17 00:00:00 2001 From: Simon L Date: Wed, 3 Apr 2024 13:10:49 +0200 Subject: [PATCH 10/16] expose the service again so that external reverse proxies can also be used Signed-off-by: Simon L --- community-containers/lldap/lldap.json | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/community-containers/lldap/lldap.json b/community-containers/lldap/lldap.json index 4c7c855add4..3592f1799c5 100644 --- a/community-containers/lldap/lldap.json +++ b/community-containers/lldap/lldap.json @@ -8,6 +8,13 @@ "image_tag": "v0-alpine", "internal_port": "17170", "restart": "unless-stopped", + "ports": [ + { + "ip_binding": "%APACHE_IP_BINDING%", + "port_number": "17170", + "protocol": "tcp" + } + ], "environment": [ "TZ=%TIMEZONE%", "UID=65534", From 8f7a36d8cedf6e2a345c25e994a03c5535ba6fd5 Mon Sep 17 00:00:00 2001 From: Simon L Date: Wed, 3 Apr 2024 13:30:32 +0200 Subject: [PATCH 11/16] adjust the docs Signed-off-by: Simon L --- community-containers/caddy/readme.md | 2 +- community-containers/lldap/readme.md | 63 +++++++++++++++++++++++ community-containers/lldap/setup-lldap.sh | 52 ------------------- 3 files changed, 64 insertions(+), 53 deletions(-) delete mode 100755 community-containers/lldap/setup-lldap.sh diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md index 60c385bfd93..a6400b25eae 100644 --- a/community-containers/caddy/readme.md +++ b/community-containers/caddy/readme.md @@ -1,5 +1,5 @@ ## Caddy with geoblocking -This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed. +This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap by listening on `ldap.$NC_DOMAIN`, if installed. ### Notes - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time! diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md index a2c873631f6..4d1f28e180b 100644 --- a/community-containers/lldap/readme.md +++ b/community-containers/lldap/readme.md @@ -2,6 +2,69 @@ This container bundles LLDAP server and auto-configures your nextcloud instance for you. ### Notes +- In order to access your Lldap web interface outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `ldap.$NC_DOMAIN` to redirect to your Lldap. You need to point the reverse proxy at port 17170 of this server. +- After adding and starting the container, you can log in to the lldap web interface by using the password that you can retrieve via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_JWT_SECRET`. +- Also, you need to run the following script one time in order to activate the ldap config in nextcloud so that Nextcloud uses lldap as user backend.
+ First, you need to retrieve the lldap admin password via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_LDAP_USER_PASS`. This will be used later on which you need to type in or copy- and paste. + ```bash + # Now go into the container + sudo docker exec --user www-data -it nextcloud-aio-nextcloud bash + ``` + Now inside the container: + ```bash + occ() { + sudo docker exec -u www-data nextcloud-aio-nextcloud php /var/www/html/occ "$@" + } + + BASE_DN="dc=${NC_DOMAIN//./,dc=}" + + echo "Nextcloud instance found" + echo "Domain: $NC_DOMAIN" + echo "Base DN: $BASE_DN" + + read -sp "Type the password for the LDAP admin user: " PASSWORD + + echo "Setting up LDAP" + + occ ldap:create-empty-config + + occ ldap:set-config s01 ldapAgentName "uid=ro_admin,ou=people,$BASE_DN" + occ ldap:set-config s01 ldapAgentPassword "$PASSWORD" + occ ldap:set-config s01 ldapBase "$BASE_DN" + occ ldap:set-config s01 ldapBaseGroups "$BASE_DN" + occ ldap:set-config s01 ldapBaseUsers "$BASE_DN" + occ ldap:set-config s01 ldapCacheTTL 600 + occ ldap:set-config s01 ldapConfigurationActive 1 + occ ldap:set-config s01 ldapEmailAttribute "mail" + occ ldap:set-config s01 ldapExperiencedAdmin 0 + occ ldap:set-config s01 ldapGidNumber "gidNumber" + occ ldap:set-config s01 ldapGroupDisplayName "cn" + occ ldap:set-config s01 ldapGroupFilter "(&(objectclass=groupOfUniqueNames))" + occ ldap:set-config s01 ldapGroupFilterGroups "" + occ ldap:set-config s01 ldapGroupFilterMode 0 + occ ldap:set-config s01 ldapGroupFilterObjectclass "groupOfUniqueNames" + occ ldap:set-config s01 ldapGroupMemberAssocAttr "uniqueMember" + occ ldap:set-config s01 ldapHost "nextcloud-aio-lldap" + occ ldap:set-config s01 ldapLoginFilterAttributes "uid" + occ ldap:set-config s01 ldapLoginFilterEmail 0 + occ ldap:set-config s01 ldapLoginFilterUsername 1 + occ ldap:set-config s01 ldapMatchingRuleInChainState "unknown" + occ ldap:set-config s01 ldapNestedGroups 0 + occ ldap:set-config s01 ldapPagingSize 500 + occ ldap:set-config s01 ldapPort 3890 + occ ldap:set-config s01 ldapTLS 0 + occ ldap:set-config s01 ldapUserAvatarRule "default" + occ ldap:set-config s01 ldapUserDisplayName "displayname" + occ ldap:set-config s01 ldapUserFilter "(&(objectClass=person)(uid=%uid))" + occ ldap:set-config s01 ldapUserFilterMode 1 + occ ldap:set-config s01 ldapUserFilterObjectclass "person" + occ ldap:set-config s01 ldapUuidGroupAttribute "auto" + occ ldap:set-config s01 ldapUuidUserAttribute "auto" + occ ldap:set-config s01 turnOnPasswordChange 0 + + # Exit the container shell + exit + ``` - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack ### Repository diff --git a/community-containers/lldap/setup-lldap.sh b/community-containers/lldap/setup-lldap.sh deleted file mode 100755 index 7a5ae9e3f8d..00000000000 --- a/community-containers/lldap/setup-lldap.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh - -occ() { - sudo docker exec -u www-data nextcloud-aio-nextcloud php /var/www/html/occ "$@" -} - -DOMAIN=$(occ config:system:get overwritehost) -BASE_DN="dc=${DOMAIN//./,dc=}" - -echo "Nextcloud instance found" -echo "Domain: $DOMAIN" -echo "Base DN: $BASE_DN" - -read -sp "Type the password for the LDAP admin user: " PASSWORD - -echo "Setting up LDAP" - -occ ldap:create-empty-config - -occ ldap:set-config s01 ldapAgentName "uid=ro_admin,ou=people,$BASE_DN" -occ ldap:set-config s01 ldapAgentPassword "$PASSWORD" -occ ldap:set-config s01 ldapBase "$BASE_DN" -occ ldap:set-config s01 ldapBaseGroups "$BASE_DN" -occ ldap:set-config s01 ldapBaseUsers "$BASE_DN" -occ ldap:set-config s01 ldapCacheTTL 600 -occ ldap:set-config s01 ldapConfigurationActive 1 -occ ldap:set-config s01 ldapEmailAttribute "mail" -occ ldap:set-config s01 ldapExperiencedAdmin 0 -occ ldap:set-config s01 ldapGidNumber "gidNumber" -occ ldap:set-config s01 ldapGroupDisplayName "cn" -occ ldap:set-config s01 ldapGroupFilter "(&(objectclass=groupOfUniqueNames))" -occ ldap:set-config s01 ldapGroupFilterGroups "" -occ ldap:set-config s01 ldapGroupFilterMode 0 -occ ldap:set-config s01 ldapGroupFilterObjectclass "groupOfUniqueNames" -occ ldap:set-config s01 ldapGroupMemberAssocAttr "uniqueMember" -occ ldap:set-config s01 ldapHost "nextcloud-aio-lldap" -occ ldap:set-config s01 ldapLoginFilterAttributes "uid" -occ ldap:set-config s01 ldapLoginFilterEmail 0 -occ ldap:set-config s01 ldapLoginFilterUsername 1 -occ ldap:set-config s01 ldapMatchingRuleInChainState "unknown" -occ ldap:set-config s01 ldapNestedGroups 0 -occ ldap:set-config s01 ldapPagingSize 500 -occ ldap:set-config s01 ldapPort 3890 -occ ldap:set-config s01 ldapTLS 0 -occ ldap:set-config s01 ldapUserAvatarRule "default" -occ ldap:set-config s01 ldapUserDisplayName "displayname" -occ ldap:set-config s01 ldapUserFilter "(&(objectClass=person)(uid=%uid))" -occ ldap:set-config s01 ldapUserFilterMode 1 -occ ldap:set-config s01 ldapUserFilterObjectclass "person" -occ ldap:set-config s01 ldapUuidGroupAttribute "auto" -occ ldap:set-config s01 ldapUuidUserAttribute "auto" -occ ldap:set-config s01 turnOnPasswordChange 0 \ No newline at end of file From e396acf4da7817875fdeca0975f58dbe157cf715 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Wed, 3 Apr 2024 13:46:51 +0200 Subject: [PATCH 12/16] Update setup script Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/lldap/readme.md | 90 +++++++++++++--------------- 1 file changed, 43 insertions(+), 47 deletions(-) diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md index 4d1f28e180b..56b982ec120 100644 --- a/community-containers/lldap/readme.md +++ b/community-containers/lldap/readme.md @@ -12,56 +12,52 @@ This container bundles LLDAP server and auto-configures your nextcloud instance ``` Now inside the container: ```bash - occ() { - sudo docker exec -u www-data nextcloud-aio-nextcloud php /var/www/html/occ "$@" - } - + # Get Base BASE_DN="dc=${NC_DOMAIN//./,dc=}" + + # Create a new empty ldap config + CONF_NAME=$(php /var/www/html/occ ldap:create-empty-config) + + # Set the ldap password + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapAgentPassword "" - echo "Nextcloud instance found" - echo "Domain: $NC_DOMAIN" - echo "Base DN: $BASE_DN" - - read -sp "Type the password for the LDAP admin user: " PASSWORD - - echo "Setting up LDAP" - - occ ldap:create-empty-config - - occ ldap:set-config s01 ldapAgentName "uid=ro_admin,ou=people,$BASE_DN" - occ ldap:set-config s01 ldapAgentPassword "$PASSWORD" - occ ldap:set-config s01 ldapBase "$BASE_DN" - occ ldap:set-config s01 ldapBaseGroups "$BASE_DN" - occ ldap:set-config s01 ldapBaseUsers "$BASE_DN" - occ ldap:set-config s01 ldapCacheTTL 600 - occ ldap:set-config s01 ldapConfigurationActive 1 - occ ldap:set-config s01 ldapEmailAttribute "mail" - occ ldap:set-config s01 ldapExperiencedAdmin 0 - occ ldap:set-config s01 ldapGidNumber "gidNumber" - occ ldap:set-config s01 ldapGroupDisplayName "cn" - occ ldap:set-config s01 ldapGroupFilter "(&(objectclass=groupOfUniqueNames))" - occ ldap:set-config s01 ldapGroupFilterGroups "" - occ ldap:set-config s01 ldapGroupFilterMode 0 - occ ldap:set-config s01 ldapGroupFilterObjectclass "groupOfUniqueNames" - occ ldap:set-config s01 ldapGroupMemberAssocAttr "uniqueMember" - occ ldap:set-config s01 ldapHost "nextcloud-aio-lldap" - occ ldap:set-config s01 ldapLoginFilterAttributes "uid" - occ ldap:set-config s01 ldapLoginFilterEmail 0 - occ ldap:set-config s01 ldapLoginFilterUsername 1 - occ ldap:set-config s01 ldapMatchingRuleInChainState "unknown" - occ ldap:set-config s01 ldapNestedGroups 0 - occ ldap:set-config s01 ldapPagingSize 500 - occ ldap:set-config s01 ldapPort 3890 - occ ldap:set-config s01 ldapTLS 0 - occ ldap:set-config s01 ldapUserAvatarRule "default" - occ ldap:set-config s01 ldapUserDisplayName "displayname" - occ ldap:set-config s01 ldapUserFilter "(&(objectClass=person)(uid=%uid))" - occ ldap:set-config s01 ldapUserFilterMode 1 - occ ldap:set-config s01 ldapUserFilterObjectclass "person" - occ ldap:set-config s01 ldapUuidGroupAttribute "auto" - occ ldap:set-config s01 ldapUuidUserAttribute "auto" - occ ldap:set-config s01 turnOnPasswordChange 0 + # Set the ldap config + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapAgentName "uid=ro_admin,ou=people,$BASE_DN" + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapBase "$BASE_DN" + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapBaseGroups "$BASE_DN" + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapBaseUsers "$BASE_DN" + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapCacheTTL 600 + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapConfigurationActive 1 + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapEmailAttribute "mail" + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapExperiencedAdmin 0 + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGidNumber "gidNumber" + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupDisplayName "cn" + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilter "(&(objectclass=groupOfUniqueNames))" + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilterGroups "" + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilterMode 0 + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilterObjectclass "groupOfUniqueNames" + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupMemberAssocAttr "uniqueMember" + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapHost "nextcloud-aio-lldap" + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapLoginFilterAttributes "uid" + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapLoginFilterEmail 0 + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapLoginFilterUsername 1 + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapMatchingRuleInChainState "unknown" + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapNestedGroups 0 + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapPagingSize 500 + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapPort 3890 + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapTLS 0 + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserAvatarRule "default" + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserDisplayName "displayname" + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserFilter "(&(objectClass=person)(uid=%uid))" + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserFilterMode 1 + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserFilterObjectclass "person" + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUuidGroupAttribute "auto" + php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUuidUserAttribute "auto" + php /var/www/html/occ ldap:set-config "$CONF_NAME" turnOnPasswordChange 0 + # Test the ldap config + occ ldap:test-config "$NAME" + # Exit the container shell exit ``` From f98f6a51cd2637de75b950f2c9b9f816f3c6a2c7 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Wed, 3 Apr 2024 13:51:30 +0200 Subject: [PATCH 13/16] Fix setup script Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/lldap/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md index 56b982ec120..80dea1d3e26 100644 --- a/community-containers/lldap/readme.md +++ b/community-containers/lldap/readme.md @@ -16,7 +16,7 @@ This container bundles LLDAP server and auto-configures your nextcloud instance BASE_DN="dc=${NC_DOMAIN//./,dc=}" # Create a new empty ldap config - CONF_NAME=$(php /var/www/html/occ ldap:create-empty-config) + CONF_NAME=$(php /var/www/html/occ ldap:create-empty-config -p) # Set the ldap password php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapAgentPassword "" From b7d8599fd7bd7f22fdcd70040a7e330559e6fb2b Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Wed, 3 Apr 2024 13:57:27 +0200 Subject: [PATCH 14/16] Add link to LLDAP sample conf Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/lldap/readme.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md index 80dea1d3e26..3e6bc39cb84 100644 --- a/community-containers/lldap/readme.md +++ b/community-containers/lldap/readme.md @@ -2,10 +2,10 @@ This container bundles LLDAP server and auto-configures your nextcloud instance for you. ### Notes -- In order to access your Lldap web interface outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `ldap.$NC_DOMAIN` to redirect to your Lldap. You need to point the reverse proxy at port 17170 of this server. +- In order to access your LLDAP web interface outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `ldap.$NC_DOMAIN` to redirect to your Lldap. You need to point the reverse proxy at port 17170 of this server. - After adding and starting the container, you can log in to the lldap web interface by using the password that you can retrieve via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_JWT_SECRET`. -- Also, you need to run the following script one time in order to activate the ldap config in nextcloud so that Nextcloud uses lldap as user backend.
- First, you need to retrieve the lldap admin password via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_LDAP_USER_PASS`. This will be used later on which you need to type in or copy- and paste. +- Also, you need to run the following script one time in order to activate the ldap config in nextcloud so that Nextcloud uses lldap as user backend. You can see a [nextcloud exemple configuration provide by LLDAP](https://github.com/lldap/lldap/blob/main/example_configs/nextcloud.md)
+ First, you need to retrieve the LLDAP admin password via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_LDAP_USER_PASS`. This will be used later on which you need to type in or copy and paste. ```bash # Now go into the container sudo docker exec --user www-data -it nextcloud-aio-nextcloud bash From a751ba7cf3e760be78fccf8c5f9fb74d70b7b15a Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Wed, 3 Apr 2024 13:58:06 +0200 Subject: [PATCH 15/16] Update community-containers/lldap/readme.md Co-authored-by: Simon L. Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/lldap/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md index 3e6bc39cb84..1c5ba4867c0 100644 --- a/community-containers/lldap/readme.md +++ b/community-containers/lldap/readme.md @@ -56,7 +56,7 @@ This container bundles LLDAP server and auto-configures your nextcloud instance php /var/www/html/occ ldap:set-config "$CONF_NAME" turnOnPasswordChange 0 # Test the ldap config - occ ldap:test-config "$NAME" + php /var/www/html/occ ldap:test-config "$NAME" # Exit the container shell exit From d2d846972b67106babda8a198ae982df4d8adcf8 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Wed, 3 Apr 2024 14:03:06 +0200 Subject: [PATCH 16/16] exemple -> example Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/lldap/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md index 3e6bc39cb84..79b6d3ec6af 100644 --- a/community-containers/lldap/readme.md +++ b/community-containers/lldap/readme.md @@ -4,7 +4,7 @@ This container bundles LLDAP server and auto-configures your nextcloud instance ### Notes - In order to access your LLDAP web interface outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `ldap.$NC_DOMAIN` to redirect to your Lldap. You need to point the reverse proxy at port 17170 of this server. - After adding and starting the container, you can log in to the lldap web interface by using the password that you can retrieve via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_JWT_SECRET`. -- Also, you need to run the following script one time in order to activate the ldap config in nextcloud so that Nextcloud uses lldap as user backend. You can see a [nextcloud exemple configuration provide by LLDAP](https://github.com/lldap/lldap/blob/main/example_configs/nextcloud.md)
+- Also, you need to run the following script one time in order to activate the ldap config in nextcloud so that Nextcloud uses lldap as user backend. You can see a [nextcloud example configuration provide by LLDAP](https://github.com/lldap/lldap/blob/main/example_configs/nextcloud.md)
First, you need to retrieve the LLDAP admin password via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_LDAP_USER_PASS`. This will be used later on which you need to type in or copy and paste. ```bash # Now go into the container