This commit is contained in:
Mauro Torrez
parent
0bcb81bb23
commit
351e257c91
@ -196,27 +196,28 @@ RUN \
|
|||||||
}
|
}
|
||||||
|
|
||||||
ENV LDAP_ENABLE=false
|
ENV LDAP_ENABLE=false
|
||||||
|
ENV LDAP_CONFIG_ID=s01
|
||||||
ENV LDAP_HOST=
|
ENV LDAP_HOST=
|
||||||
ENV LDAP_PORT=389
|
ENV LDAP_PORT=389
|
||||||
ENV LDAP_BACKUP_HOST=
|
ENV LDAP_BACKUP_HOST=
|
||||||
ENV LDAP_BACKUP_PORT=389
|
ENV LDAP_BACKUP_PORT=389
|
||||||
ENV LDAP_DN=
|
ENV LDAP_AGENT_NAME=
|
||||||
ENV LDAP_AGENT_PASSWORD=
|
ENV LDAP_AGENT_PASSWORD=
|
||||||
ENV LDAP_BASE=
|
ENV LDAP_BASE=
|
||||||
ENV LDAP_BASE_USERS=
|
ENV LDAP_BASE_USERS=
|
||||||
ENV LDAP_BASE_GROUPS=
|
ENV LDAP_BASE_GROUPS=
|
||||||
# space-separated objectclass values
|
# space-separated objectclass values
|
||||||
ENV LDAP_USERFILTER_OBJECTCLASS=inetOrgPerson
|
ENV LDAP_USER_FILTER_OBJECTCLASS=inetOrgPerson
|
||||||
ENV LDAP_USERLIST_FILTER=
|
ENV LDAP_USER_FILTER=
|
||||||
ENV LDAP_LOGIN_FILTER=
|
ENV LDAP_LOGIN_FILTER=
|
||||||
ENV LDAP_GROUPFILTER_OBJECTCLASS=organizationalRole
|
ENV LDAP_GROUP_FILTER_OBJECTCLASS=organizationalRole
|
||||||
ENV LDAP_GROUP_FILTER=
|
ENV LDAP_GROUP_FILTER=
|
||||||
ENV LDAP_GID_NUMBER=gidNumber
|
ENV LDAP_GID_NUMBER=gidNumber
|
||||||
ENV LDAP_DISPLAY_NAME=cn
|
ENV LDAP_USER_DISPLAY_NAME=cn
|
||||||
ENV LDAP_USER_DISPLAY_NAME_2=
|
ENV LDAP_USER_DISPLAY_NAME_2=
|
||||||
ENV LDAP_GROUP_DISPLAY_NAME=cn
|
ENV LDAP_GROUP_DISPLAY_NAME=cn
|
||||||
ENV LDAP_EMAIL_ATTR=mail
|
ENV LDAP_EMAIL_ATTRIBUTE=mail
|
||||||
ENV LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE=memberUid
|
ENV LDAP_GROUP_MEMBER_ASSOC_ATTR=memberUid
|
||||||
|
|
||||||
EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
|
EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
|
||||||
ENTRYPOINT ["/entrypoint.sh"]
|
ENTRYPOINT ["/entrypoint.sh"]
|
||||||
|
|||||||
@ -12,94 +12,103 @@ PREV_DIR=${PWD}
|
|||||||
cd /var/www/html
|
cd /var/www/html
|
||||||
php occ app:enable user_ldap
|
php occ app:enable user_ldap
|
||||||
|
|
||||||
|
LDAP_CONFIG_ID=${LDAP_CONFIG_ID:-s01}
|
||||||
|
|
||||||
|
[[ "$(php occ ldap:create-empty-config --only-print-prefix)" > "${LDAP_CONFIG_ID}" ]] || {
|
||||||
|
# config does not yet exist, create it
|
||||||
|
php occ ldap:create-empty-config
|
||||||
|
}
|
||||||
|
|
||||||
[[ -z ${LDAP_HOST} ]] || {
|
[[ -z ${LDAP_HOST} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_host --value ${LDAP_HOST}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapHost ${LDAP_HOST}
|
||||||
php occ config:app:set user_ldap s01ldap_port --value ${LDAP_PORT:-389}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapPort ${LDAP_PORT:-389}
|
||||||
}
|
}
|
||||||
[[ -z ${LDAP_BACKUP_HOST} ]] || {
|
[[ -z ${LDAP_BACKUP_HOST} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_backup_host --value ${LDAP_BACKUP_HOST}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupHost ${LDAP_BACKUP_HOST}
|
||||||
php occ config:app:set user_ldap s01ldap_backup_port --value ${LDAP_BACKUP_PORT:-389}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupPort ${LDAP_BACKUP_PORT:-389}
|
||||||
}
|
}
|
||||||
|
|
||||||
# credentials for accessing LDAP directory
|
# credentials for accessing LDAP directory
|
||||||
[[ -z ${LDAP_DN} ]] || {
|
[[ -z ${LDAP_AGENT_NAME} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_dn --value ${LDAP_DN}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentName ${LDAP_AGENT_NAME}
|
||||||
}
|
}
|
||||||
[[ -z ${LDAP_AGENT_PASSWORD} ]] || {
|
[[ -z ${LDAP_AGENT_PASSWORD} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_agent_password --value ${LDAP_AGENT_PASSWORD}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentPassword ${LDAP_AGENT_PASSWORD}
|
||||||
}
|
}
|
||||||
|
|
||||||
# search base
|
# search base
|
||||||
[[ -z ${LDAP_BASE} ]] || {
|
[[ -z ${LDAP_BASE} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_base --value ${LDAP_BASE}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBase ${LDAP_BASE}
|
||||||
php occ config:app:set user_ldap s01ldap_base_users --value ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseUsers ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
|
||||||
php occ config:app:set user_ldap s01ldap_base_groups --value ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseGroups ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
|
||||||
}
|
}
|
||||||
|
|
||||||
LDAP_USERFILTER_OBJECTCLASS=${LDAP_USERFILTER_OBJECTCLASS:-inetOrgPerson}
|
LDAP_USER_FILTER_OBJECTCLASS=${LDAP_USER_FILTER_OBJECTCLASS:-inetOrgPerson}
|
||||||
php occ config:app:set user_ldap s01ldap_userfilter_objectclass --value "$(echo ${LDAP_USERFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilterObjectclass "$(echo ${LDAP_USER_FILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||||
|
|
||||||
DEFAULT_FILTER="(|(objectclass=${LDAP_USERFILTER_OBJECTCLASS// /)(objectclass=}))"
|
DEFAULT_FILTER="(|(objectclass=${LDAP_USER_FILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||||
LDAP_USERLIST_FILTER="${LDAP_USERLIST_FILTER:-${DEFAULT_FILTER}}"
|
LDAP_USER_FILTER="${LDAP_USER_FILTER:-${DEFAULT_FILTER}}"
|
||||||
php occ config:app:set user_ldap s01ldap_userlist_filter --value "${LDAP_USERLIST_FILTER}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilter "${LDAP_USER_FILTER}"
|
||||||
|
|
||||||
# ldap_user_filter_mode|0
|
# | ldapUserFilterGroups | |
|
||||||
# ldap_userfilter_groups|
|
# | ldapUserFilterMode | 0 |
|
||||||
|
|
||||||
DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
|
DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
|
||||||
php occ config:app:set user_ldap s01ldap_login_filter --value "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapLoginFilter "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
|
||||||
|
|
||||||
# ldap_login_filter_mode|0
|
# | ldapLoginFilterAttributes | |
|
||||||
# ldap_loginfilter_email|0
|
# | ldapLoginFilterEmail | 0 |
|
||||||
# ldap_loginfilter_username|1
|
# | ldapLoginFilterMode | 0 |
|
||||||
# ldap_loginfilter_attributes|
|
# | ldapLoginFilterUsername | 1 |
|
||||||
|
|
||||||
LDAP_GROUPFILTER_OBJECTCLASS=${LDAP_GROUPFILTER_OBJECTCLASS:-organizationalRole}
|
LDAP_GROUP_FILTER_OBJECTCLASS=${LDAP_GROUP_FILTER_OBJECTCLASS:-organizationalRole}
|
||||||
php occ config:app:set user_ldap s01ldap_groupfilter_objectclass --value "$(echo ${LDAP_GROUPFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilterObjectclass "$(echo ${LDAP_GROUP_FILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||||
|
|
||||||
DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUPFILTER_OBJECTCLASS// /)(objectclass=}))"
|
DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUP_FILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||||
LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
|
LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
|
||||||
php occ config:app:set user_ldap s01ldap_group_filter --value "${LDAP_GROUP_FILTER}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilter "${LDAP_GROUP_FILTER}"
|
||||||
|
|
||||||
# ldap_group_filter_mode|0
|
# | ldapGroupFilterGroups | |
|
||||||
# ldap_groupfilter_groups|
|
# | ldapGroupFilterMode | 0 |
|
||||||
|
|
||||||
php occ config:app:set user_ldap s01ldap_gid_number --value "${LDAP_GID_NUMBER:-gidNumber}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGidNumber "${LDAP_GID_NUMBER:-gidNumber}"
|
||||||
|
|
||||||
php occ config:app:set user_ldap s01ldap_display_name --value "${LDAP_DISPLAY_NAME:-cn}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName "${LDAP_USER_DISPLAY_NAME:-cn}"
|
||||||
[[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
|
[[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_user_display_name_2 --value "${LDAP_USER_DISPLAY_NAME_2}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName2 "${LDAP_USER_DISPLAY_NAME_2}"
|
||||||
}
|
}
|
||||||
php occ config:app:set user_ldap s01ldap_group_display_name --value "${LDAP_GROUP_DISPLAY_NAME:-cn}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupDisplayName "${LDAP_GROUP_DISPLAY_NAME:-cn}"
|
||||||
|
|
||||||
# ldap_tls|0
|
# | ldapTLS | 0 |
|
||||||
# ldap_quota_def|
|
# | ldapQuotaAttribute | |
|
||||||
# ldap_quota_attr|
|
# | ldapQuotaDefault | |
|
||||||
|
|
||||||
php occ config:app:set user_ldap s01ldap_email_attr --value "${LDAP_EMAIL_ATTR:-mail}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapEmailAttribute "${LDAP_EMAIL_ATTRIBUTE:-mail}"
|
||||||
php occ config:app:set user_ldap s01ldap_group_member_assoc_attribute --value "${LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE:-memberUid}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupMemberAssocAttr "${LDAP_GROUP_MEMBER_ASSOC_ATTR:-memberUid}"
|
||||||
|
|
||||||
# ldap_cache_ttl|600
|
# | hasMemberOfFilterSupport | 0 |
|
||||||
|
# | homeFolderNamingRule | |
|
||||||
# home_folder_naming_rule|
|
# | lastJpegPhotoLookup | 0 |
|
||||||
# ldap_turn_off_cert_check|0
|
# | ldapAttributesForGroupSearch | |
|
||||||
# ldap_attributes_for_user_search|
|
# | ldapAttributesForUserSearch | |
|
||||||
# ldap_attributes_for_group_search|
|
# | ldapCacheTTL | 600 |
|
||||||
# ldap_expert_username_attr|
|
# | ldapConfigurationActive | 0 |
|
||||||
# ldap_expert_uuid_user_attr|
|
# | ldapDefaultPPolicyDN | |
|
||||||
# ldap_expert_uuid_group_attr|
|
# | ldapDynamicGroupMemberURL | |
|
||||||
# has_memberof_filter_support|0
|
# | ldapExperiencedAdmin | 0 |
|
||||||
# use_memberof_to_detect_membership|1
|
# | ldapExpertUUIDGroupAttr | |
|
||||||
|
# | ldapExpertUUIDUserAttr | |
|
||||||
# last_jpegPhoto_lookup|0
|
# | ldapExpertUsernameAttr | |
|
||||||
# ldap_nested_groups|0
|
# | ldapExtStorageHomeAttribute | |
|
||||||
# ldap_paging_size|500
|
# | ldapIgnoreNamingRules | |
|
||||||
# ldap_turn_on_pwd_change|0
|
# | ldapNestedGroups | 0 |
|
||||||
# ldap_experienced_admin|0
|
# | ldapOverrideMainServer | |
|
||||||
# ldap_dynamic_group_member_url|
|
# | ldapPagingSize | 500 |
|
||||||
# ldap_default_ppolicy_dn|
|
# | ldapUserAvatarRule | default |
|
||||||
# ldap_user_avatar_rule|default
|
# | ldapUuidGroupAttribute | auto |
|
||||||
# ldap_ext_storage_home_attribute|
|
# | ldapUuidUserAttribute | auto |
|
||||||
# _lastChange|1570896933
|
# | turnOffCertCheck | 0 |
|
||||||
|
# | turnOnPasswordChange | 0 |
|
||||||
|
# | useMemberOfToDetectMembership | 1 |
|
||||||
|
|
||||||
cd ${PREV_DIR}
|
cd ${PREV_DIR}
|
||||||
|
|||||||
@ -196,27 +196,28 @@ RUN \
|
|||||||
}
|
}
|
||||||
|
|
||||||
ENV LDAP_ENABLE=false
|
ENV LDAP_ENABLE=false
|
||||||
|
ENV LDAP_CONFIG_ID=s01
|
||||||
ENV LDAP_HOST=
|
ENV LDAP_HOST=
|
||||||
ENV LDAP_PORT=389
|
ENV LDAP_PORT=389
|
||||||
ENV LDAP_BACKUP_HOST=
|
ENV LDAP_BACKUP_HOST=
|
||||||
ENV LDAP_BACKUP_PORT=389
|
ENV LDAP_BACKUP_PORT=389
|
||||||
ENV LDAP_DN=
|
ENV LDAP_AGENT_NAME=
|
||||||
ENV LDAP_AGENT_PASSWORD=
|
ENV LDAP_AGENT_PASSWORD=
|
||||||
ENV LDAP_BASE=
|
ENV LDAP_BASE=
|
||||||
ENV LDAP_BASE_USERS=
|
ENV LDAP_BASE_USERS=
|
||||||
ENV LDAP_BASE_GROUPS=
|
ENV LDAP_BASE_GROUPS=
|
||||||
# space-separated objectclass values
|
# space-separated objectclass values
|
||||||
ENV LDAP_USERFILTER_OBJECTCLASS=inetOrgPerson
|
ENV LDAP_USER_FILTER_OBJECTCLASS=inetOrgPerson
|
||||||
ENV LDAP_USERLIST_FILTER=
|
ENV LDAP_USER_FILTER=
|
||||||
ENV LDAP_LOGIN_FILTER=
|
ENV LDAP_LOGIN_FILTER=
|
||||||
ENV LDAP_GROUPFILTER_OBJECTCLASS=organizationalRole
|
ENV LDAP_GROUP_FILTER_OBJECTCLASS=organizationalRole
|
||||||
ENV LDAP_GROUP_FILTER=
|
ENV LDAP_GROUP_FILTER=
|
||||||
ENV LDAP_GID_NUMBER=gidNumber
|
ENV LDAP_GID_NUMBER=gidNumber
|
||||||
ENV LDAP_DISPLAY_NAME=cn
|
ENV LDAP_USER_DISPLAY_NAME=cn
|
||||||
ENV LDAP_USER_DISPLAY_NAME_2=
|
ENV LDAP_USER_DISPLAY_NAME_2=
|
||||||
ENV LDAP_GROUP_DISPLAY_NAME=cn
|
ENV LDAP_GROUP_DISPLAY_NAME=cn
|
||||||
ENV LDAP_EMAIL_ATTR=mail
|
ENV LDAP_EMAIL_ATTRIBUTE=mail
|
||||||
ENV LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE=memberUid
|
ENV LDAP_GROUP_MEMBER_ASSOC_ATTR=memberUid
|
||||||
|
|
||||||
EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
|
EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
|
||||||
ENTRYPOINT ["/entrypoint.sh"]
|
ENTRYPOINT ["/entrypoint.sh"]
|
||||||
|
|||||||
@ -12,94 +12,103 @@ PREV_DIR=${PWD}
|
|||||||
cd /var/www/html
|
cd /var/www/html
|
||||||
php occ app:enable user_ldap
|
php occ app:enable user_ldap
|
||||||
|
|
||||||
|
LDAP_CONFIG_ID=${LDAP_CONFIG_ID:-s01}
|
||||||
|
|
||||||
|
[[ "$(php occ ldap:create-empty-config --only-print-prefix)" > "${LDAP_CONFIG_ID}" ]] || {
|
||||||
|
# config does not yet exist, create it
|
||||||
|
php occ ldap:create-empty-config
|
||||||
|
}
|
||||||
|
|
||||||
[[ -z ${LDAP_HOST} ]] || {
|
[[ -z ${LDAP_HOST} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_host --value ${LDAP_HOST}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapHost ${LDAP_HOST}
|
||||||
php occ config:app:set user_ldap s01ldap_port --value ${LDAP_PORT:-389}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapPort ${LDAP_PORT:-389}
|
||||||
}
|
}
|
||||||
[[ -z ${LDAP_BACKUP_HOST} ]] || {
|
[[ -z ${LDAP_BACKUP_HOST} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_backup_host --value ${LDAP_BACKUP_HOST}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupHost ${LDAP_BACKUP_HOST}
|
||||||
php occ config:app:set user_ldap s01ldap_backup_port --value ${LDAP_BACKUP_PORT:-389}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupPort ${LDAP_BACKUP_PORT:-389}
|
||||||
}
|
}
|
||||||
|
|
||||||
# credentials for accessing LDAP directory
|
# credentials for accessing LDAP directory
|
||||||
[[ -z ${LDAP_DN} ]] || {
|
[[ -z ${LDAP_AGENT_NAME} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_dn --value ${LDAP_DN}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentName ${LDAP_AGENT_NAME}
|
||||||
}
|
}
|
||||||
[[ -z ${LDAP_AGENT_PASSWORD} ]] || {
|
[[ -z ${LDAP_AGENT_PASSWORD} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_agent_password --value ${LDAP_AGENT_PASSWORD}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentPassword ${LDAP_AGENT_PASSWORD}
|
||||||
}
|
}
|
||||||
|
|
||||||
# search base
|
# search base
|
||||||
[[ -z ${LDAP_BASE} ]] || {
|
[[ -z ${LDAP_BASE} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_base --value ${LDAP_BASE}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBase ${LDAP_BASE}
|
||||||
php occ config:app:set user_ldap s01ldap_base_users --value ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseUsers ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
|
||||||
php occ config:app:set user_ldap s01ldap_base_groups --value ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseGroups ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
|
||||||
}
|
}
|
||||||
|
|
||||||
LDAP_USERFILTER_OBJECTCLASS=${LDAP_USERFILTER_OBJECTCLASS:-inetOrgPerson}
|
LDAP_USER_FILTER_OBJECTCLASS=${LDAP_USER_FILTER_OBJECTCLASS:-inetOrgPerson}
|
||||||
php occ config:app:set user_ldap s01ldap_userfilter_objectclass --value "$(echo ${LDAP_USERFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilterObjectclass "$(echo ${LDAP_USER_FILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||||
|
|
||||||
DEFAULT_FILTER="(|(objectclass=${LDAP_USERFILTER_OBJECTCLASS// /)(objectclass=}))"
|
DEFAULT_FILTER="(|(objectclass=${LDAP_USER_FILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||||
LDAP_USERLIST_FILTER="${LDAP_USERLIST_FILTER:-${DEFAULT_FILTER}}"
|
LDAP_USER_FILTER="${LDAP_USER_FILTER:-${DEFAULT_FILTER}}"
|
||||||
php occ config:app:set user_ldap s01ldap_userlist_filter --value "${LDAP_USERLIST_FILTER}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilter "${LDAP_USER_FILTER}"
|
||||||
|
|
||||||
# ldap_user_filter_mode|0
|
# | ldapUserFilterGroups | |
|
||||||
# ldap_userfilter_groups|
|
# | ldapUserFilterMode | 0 |
|
||||||
|
|
||||||
DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
|
DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
|
||||||
php occ config:app:set user_ldap s01ldap_login_filter --value "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapLoginFilter "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
|
||||||
|
|
||||||
# ldap_login_filter_mode|0
|
# | ldapLoginFilterAttributes | |
|
||||||
# ldap_loginfilter_email|0
|
# | ldapLoginFilterEmail | 0 |
|
||||||
# ldap_loginfilter_username|1
|
# | ldapLoginFilterMode | 0 |
|
||||||
# ldap_loginfilter_attributes|
|
# | ldapLoginFilterUsername | 1 |
|
||||||
|
|
||||||
LDAP_GROUPFILTER_OBJECTCLASS=${LDAP_GROUPFILTER_OBJECTCLASS:-organizationalRole}
|
LDAP_GROUP_FILTER_OBJECTCLASS=${LDAP_GROUP_FILTER_OBJECTCLASS:-organizationalRole}
|
||||||
php occ config:app:set user_ldap s01ldap_groupfilter_objectclass --value "$(echo ${LDAP_GROUPFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilterObjectclass "$(echo ${LDAP_GROUP_FILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||||
|
|
||||||
DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUPFILTER_OBJECTCLASS// /)(objectclass=}))"
|
DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUP_FILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||||
LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
|
LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
|
||||||
php occ config:app:set user_ldap s01ldap_group_filter --value "${LDAP_GROUP_FILTER}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilter "${LDAP_GROUP_FILTER}"
|
||||||
|
|
||||||
# ldap_group_filter_mode|0
|
# | ldapGroupFilterGroups | |
|
||||||
# ldap_groupfilter_groups|
|
# | ldapGroupFilterMode | 0 |
|
||||||
|
|
||||||
php occ config:app:set user_ldap s01ldap_gid_number --value "${LDAP_GID_NUMBER:-gidNumber}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGidNumber "${LDAP_GID_NUMBER:-gidNumber}"
|
||||||
|
|
||||||
php occ config:app:set user_ldap s01ldap_display_name --value "${LDAP_DISPLAY_NAME:-cn}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName "${LDAP_USER_DISPLAY_NAME:-cn}"
|
||||||
[[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
|
[[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_user_display_name_2 --value "${LDAP_USER_DISPLAY_NAME_2}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName2 "${LDAP_USER_DISPLAY_NAME_2}"
|
||||||
}
|
}
|
||||||
php occ config:app:set user_ldap s01ldap_group_display_name --value "${LDAP_GROUP_DISPLAY_NAME:-cn}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupDisplayName "${LDAP_GROUP_DISPLAY_NAME:-cn}"
|
||||||
|
|
||||||
# ldap_tls|0
|
# | ldapTLS | 0 |
|
||||||
# ldap_quota_def|
|
# | ldapQuotaAttribute | |
|
||||||
# ldap_quota_attr|
|
# | ldapQuotaDefault | |
|
||||||
|
|
||||||
php occ config:app:set user_ldap s01ldap_email_attr --value "${LDAP_EMAIL_ATTR:-mail}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapEmailAttribute "${LDAP_EMAIL_ATTRIBUTE:-mail}"
|
||||||
php occ config:app:set user_ldap s01ldap_group_member_assoc_attribute --value "${LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE:-memberUid}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupMemberAssocAttr "${LDAP_GROUP_MEMBER_ASSOC_ATTR:-memberUid}"
|
||||||
|
|
||||||
# ldap_cache_ttl|600
|
# | hasMemberOfFilterSupport | 0 |
|
||||||
|
# | homeFolderNamingRule | |
|
||||||
# home_folder_naming_rule|
|
# | lastJpegPhotoLookup | 0 |
|
||||||
# ldap_turn_off_cert_check|0
|
# | ldapAttributesForGroupSearch | |
|
||||||
# ldap_attributes_for_user_search|
|
# | ldapAttributesForUserSearch | |
|
||||||
# ldap_attributes_for_group_search|
|
# | ldapCacheTTL | 600 |
|
||||||
# ldap_expert_username_attr|
|
# | ldapConfigurationActive | 0 |
|
||||||
# ldap_expert_uuid_user_attr|
|
# | ldapDefaultPPolicyDN | |
|
||||||
# ldap_expert_uuid_group_attr|
|
# | ldapDynamicGroupMemberURL | |
|
||||||
# has_memberof_filter_support|0
|
# | ldapExperiencedAdmin | 0 |
|
||||||
# use_memberof_to_detect_membership|1
|
# | ldapExpertUUIDGroupAttr | |
|
||||||
|
# | ldapExpertUUIDUserAttr | |
|
||||||
# last_jpegPhoto_lookup|0
|
# | ldapExpertUsernameAttr | |
|
||||||
# ldap_nested_groups|0
|
# | ldapExtStorageHomeAttribute | |
|
||||||
# ldap_paging_size|500
|
# | ldapIgnoreNamingRules | |
|
||||||
# ldap_turn_on_pwd_change|0
|
# | ldapNestedGroups | 0 |
|
||||||
# ldap_experienced_admin|0
|
# | ldapOverrideMainServer | |
|
||||||
# ldap_dynamic_group_member_url|
|
# | ldapPagingSize | 500 |
|
||||||
# ldap_default_ppolicy_dn|
|
# | ldapUserAvatarRule | default |
|
||||||
# ldap_user_avatar_rule|default
|
# | ldapUuidGroupAttribute | auto |
|
||||||
# ldap_ext_storage_home_attribute|
|
# | ldapUuidUserAttribute | auto |
|
||||||
# _lastChange|1570896933
|
# | turnOffCertCheck | 0 |
|
||||||
|
# | turnOnPasswordChange | 0 |
|
||||||
|
# | useMemberOfToDetectMembership | 1 |
|
||||||
|
|
||||||
cd ${PREV_DIR}
|
cd ${PREV_DIR}
|
||||||
|
|||||||
@ -196,27 +196,28 @@ RUN \
|
|||||||
}
|
}
|
||||||
|
|
||||||
ENV LDAP_ENABLE=false
|
ENV LDAP_ENABLE=false
|
||||||
|
ENV LDAP_CONFIG_ID=s01
|
||||||
ENV LDAP_HOST=
|
ENV LDAP_HOST=
|
||||||
ENV LDAP_PORT=389
|
ENV LDAP_PORT=389
|
||||||
ENV LDAP_BACKUP_HOST=
|
ENV LDAP_BACKUP_HOST=
|
||||||
ENV LDAP_BACKUP_PORT=389
|
ENV LDAP_BACKUP_PORT=389
|
||||||
ENV LDAP_DN=
|
ENV LDAP_AGENT_NAME=
|
||||||
ENV LDAP_AGENT_PASSWORD=
|
ENV LDAP_AGENT_PASSWORD=
|
||||||
ENV LDAP_BASE=
|
ENV LDAP_BASE=
|
||||||
ENV LDAP_BASE_USERS=
|
ENV LDAP_BASE_USERS=
|
||||||
ENV LDAP_BASE_GROUPS=
|
ENV LDAP_BASE_GROUPS=
|
||||||
# space-separated objectclass values
|
# space-separated objectclass values
|
||||||
ENV LDAP_USERFILTER_OBJECTCLASS=inetOrgPerson
|
ENV LDAP_USER_FILTER_OBJECTCLASS=inetOrgPerson
|
||||||
ENV LDAP_USERLIST_FILTER=
|
ENV LDAP_USER_FILTER=
|
||||||
ENV LDAP_LOGIN_FILTER=
|
ENV LDAP_LOGIN_FILTER=
|
||||||
ENV LDAP_GROUPFILTER_OBJECTCLASS=organizationalRole
|
ENV LDAP_GROUP_FILTER_OBJECTCLASS=organizationalRole
|
||||||
ENV LDAP_GROUP_FILTER=
|
ENV LDAP_GROUP_FILTER=
|
||||||
ENV LDAP_GID_NUMBER=gidNumber
|
ENV LDAP_GID_NUMBER=gidNumber
|
||||||
ENV LDAP_DISPLAY_NAME=cn
|
ENV LDAP_USER_DISPLAY_NAME=cn
|
||||||
ENV LDAP_USER_DISPLAY_NAME_2=
|
ENV LDAP_USER_DISPLAY_NAME_2=
|
||||||
ENV LDAP_GROUP_DISPLAY_NAME=cn
|
ENV LDAP_GROUP_DISPLAY_NAME=cn
|
||||||
ENV LDAP_EMAIL_ATTR=mail
|
ENV LDAP_EMAIL_ATTRIBUTE=mail
|
||||||
ENV LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE=memberUid
|
ENV LDAP_GROUP_MEMBER_ASSOC_ATTR=memberUid
|
||||||
|
|
||||||
EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
|
EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
|
||||||
ENTRYPOINT ["/entrypoint.sh"]
|
ENTRYPOINT ["/entrypoint.sh"]
|
||||||
|
|||||||
@ -12,94 +12,103 @@ PREV_DIR=${PWD}
|
|||||||
cd /var/www/html
|
cd /var/www/html
|
||||||
php occ app:enable user_ldap
|
php occ app:enable user_ldap
|
||||||
|
|
||||||
|
LDAP_CONFIG_ID=${LDAP_CONFIG_ID:-s01}
|
||||||
|
|
||||||
|
[[ "$(php occ ldap:create-empty-config --only-print-prefix)" > "${LDAP_CONFIG_ID}" ]] || {
|
||||||
|
# config does not yet exist, create it
|
||||||
|
php occ ldap:create-empty-config
|
||||||
|
}
|
||||||
|
|
||||||
[[ -z ${LDAP_HOST} ]] || {
|
[[ -z ${LDAP_HOST} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_host --value ${LDAP_HOST}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapHost ${LDAP_HOST}
|
||||||
php occ config:app:set user_ldap s01ldap_port --value ${LDAP_PORT:-389}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapPort ${LDAP_PORT:-389}
|
||||||
}
|
}
|
||||||
[[ -z ${LDAP_BACKUP_HOST} ]] || {
|
[[ -z ${LDAP_BACKUP_HOST} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_backup_host --value ${LDAP_BACKUP_HOST}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupHost ${LDAP_BACKUP_HOST}
|
||||||
php occ config:app:set user_ldap s01ldap_backup_port --value ${LDAP_BACKUP_PORT:-389}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupPort ${LDAP_BACKUP_PORT:-389}
|
||||||
}
|
}
|
||||||
|
|
||||||
# credentials for accessing LDAP directory
|
# credentials for accessing LDAP directory
|
||||||
[[ -z ${LDAP_DN} ]] || {
|
[[ -z ${LDAP_AGENT_NAME} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_dn --value ${LDAP_DN}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentName ${LDAP_AGENT_NAME}
|
||||||
}
|
}
|
||||||
[[ -z ${LDAP_AGENT_PASSWORD} ]] || {
|
[[ -z ${LDAP_AGENT_PASSWORD} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_agent_password --value ${LDAP_AGENT_PASSWORD}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentPassword ${LDAP_AGENT_PASSWORD}
|
||||||
}
|
}
|
||||||
|
|
||||||
# search base
|
# search base
|
||||||
[[ -z ${LDAP_BASE} ]] || {
|
[[ -z ${LDAP_BASE} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_base --value ${LDAP_BASE}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBase ${LDAP_BASE}
|
||||||
php occ config:app:set user_ldap s01ldap_base_users --value ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseUsers ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
|
||||||
php occ config:app:set user_ldap s01ldap_base_groups --value ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseGroups ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
|
||||||
}
|
}
|
||||||
|
|
||||||
LDAP_USERFILTER_OBJECTCLASS=${LDAP_USERFILTER_OBJECTCLASS:-inetOrgPerson}
|
LDAP_USER_FILTER_OBJECTCLASS=${LDAP_USER_FILTER_OBJECTCLASS:-inetOrgPerson}
|
||||||
php occ config:app:set user_ldap s01ldap_userfilter_objectclass --value "$(echo ${LDAP_USERFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilterObjectclass "$(echo ${LDAP_USER_FILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||||
|
|
||||||
DEFAULT_FILTER="(|(objectclass=${LDAP_USERFILTER_OBJECTCLASS// /)(objectclass=}))"
|
DEFAULT_FILTER="(|(objectclass=${LDAP_USER_FILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||||
LDAP_USERLIST_FILTER="${LDAP_USERLIST_FILTER:-${DEFAULT_FILTER}}"
|
LDAP_USER_FILTER="${LDAP_USER_FILTER:-${DEFAULT_FILTER}}"
|
||||||
php occ config:app:set user_ldap s01ldap_userlist_filter --value "${LDAP_USERLIST_FILTER}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilter "${LDAP_USER_FILTER}"
|
||||||
|
|
||||||
# ldap_user_filter_mode|0
|
# | ldapUserFilterGroups | |
|
||||||
# ldap_userfilter_groups|
|
# | ldapUserFilterMode | 0 |
|
||||||
|
|
||||||
DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
|
DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
|
||||||
php occ config:app:set user_ldap s01ldap_login_filter --value "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapLoginFilter "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
|
||||||
|
|
||||||
# ldap_login_filter_mode|0
|
# | ldapLoginFilterAttributes | |
|
||||||
# ldap_loginfilter_email|0
|
# | ldapLoginFilterEmail | 0 |
|
||||||
# ldap_loginfilter_username|1
|
# | ldapLoginFilterMode | 0 |
|
||||||
# ldap_loginfilter_attributes|
|
# | ldapLoginFilterUsername | 1 |
|
||||||
|
|
||||||
LDAP_GROUPFILTER_OBJECTCLASS=${LDAP_GROUPFILTER_OBJECTCLASS:-organizationalRole}
|
LDAP_GROUP_FILTER_OBJECTCLASS=${LDAP_GROUP_FILTER_OBJECTCLASS:-organizationalRole}
|
||||||
php occ config:app:set user_ldap s01ldap_groupfilter_objectclass --value "$(echo ${LDAP_GROUPFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilterObjectclass "$(echo ${LDAP_GROUP_FILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||||
|
|
||||||
DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUPFILTER_OBJECTCLASS// /)(objectclass=}))"
|
DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUP_FILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||||
LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
|
LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
|
||||||
php occ config:app:set user_ldap s01ldap_group_filter --value "${LDAP_GROUP_FILTER}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilter "${LDAP_GROUP_FILTER}"
|
||||||
|
|
||||||
# ldap_group_filter_mode|0
|
# | ldapGroupFilterGroups | |
|
||||||
# ldap_groupfilter_groups|
|
# | ldapGroupFilterMode | 0 |
|
||||||
|
|
||||||
php occ config:app:set user_ldap s01ldap_gid_number --value "${LDAP_GID_NUMBER:-gidNumber}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGidNumber "${LDAP_GID_NUMBER:-gidNumber}"
|
||||||
|
|
||||||
php occ config:app:set user_ldap s01ldap_display_name --value "${LDAP_DISPLAY_NAME:-cn}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName "${LDAP_USER_DISPLAY_NAME:-cn}"
|
||||||
[[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
|
[[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_user_display_name_2 --value "${LDAP_USER_DISPLAY_NAME_2}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName2 "${LDAP_USER_DISPLAY_NAME_2}"
|
||||||
}
|
}
|
||||||
php occ config:app:set user_ldap s01ldap_group_display_name --value "${LDAP_GROUP_DISPLAY_NAME:-cn}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupDisplayName "${LDAP_GROUP_DISPLAY_NAME:-cn}"
|
||||||
|
|
||||||
# ldap_tls|0
|
# | ldapTLS | 0 |
|
||||||
# ldap_quota_def|
|
# | ldapQuotaAttribute | |
|
||||||
# ldap_quota_attr|
|
# | ldapQuotaDefault | |
|
||||||
|
|
||||||
php occ config:app:set user_ldap s01ldap_email_attr --value "${LDAP_EMAIL_ATTR:-mail}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapEmailAttribute "${LDAP_EMAIL_ATTRIBUTE:-mail}"
|
||||||
php occ config:app:set user_ldap s01ldap_group_member_assoc_attribute --value "${LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE:-memberUid}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupMemberAssocAttr "${LDAP_GROUP_MEMBER_ASSOC_ATTR:-memberUid}"
|
||||||
|
|
||||||
# ldap_cache_ttl|600
|
# | hasMemberOfFilterSupport | 0 |
|
||||||
|
# | homeFolderNamingRule | |
|
||||||
# home_folder_naming_rule|
|
# | lastJpegPhotoLookup | 0 |
|
||||||
# ldap_turn_off_cert_check|0
|
# | ldapAttributesForGroupSearch | |
|
||||||
# ldap_attributes_for_user_search|
|
# | ldapAttributesForUserSearch | |
|
||||||
# ldap_attributes_for_group_search|
|
# | ldapCacheTTL | 600 |
|
||||||
# ldap_expert_username_attr|
|
# | ldapConfigurationActive | 0 |
|
||||||
# ldap_expert_uuid_user_attr|
|
# | ldapDefaultPPolicyDN | |
|
||||||
# ldap_expert_uuid_group_attr|
|
# | ldapDynamicGroupMemberURL | |
|
||||||
# has_memberof_filter_support|0
|
# | ldapExperiencedAdmin | 0 |
|
||||||
# use_memberof_to_detect_membership|1
|
# | ldapExpertUUIDGroupAttr | |
|
||||||
|
# | ldapExpertUUIDUserAttr | |
|
||||||
# last_jpegPhoto_lookup|0
|
# | ldapExpertUsernameAttr | |
|
||||||
# ldap_nested_groups|0
|
# | ldapExtStorageHomeAttribute | |
|
||||||
# ldap_paging_size|500
|
# | ldapIgnoreNamingRules | |
|
||||||
# ldap_turn_on_pwd_change|0
|
# | ldapNestedGroups | 0 |
|
||||||
# ldap_experienced_admin|0
|
# | ldapOverrideMainServer | |
|
||||||
# ldap_dynamic_group_member_url|
|
# | ldapPagingSize | 500 |
|
||||||
# ldap_default_ppolicy_dn|
|
# | ldapUserAvatarRule | default |
|
||||||
# ldap_user_avatar_rule|default
|
# | ldapUuidGroupAttribute | auto |
|
||||||
# ldap_ext_storage_home_attribute|
|
# | ldapUuidUserAttribute | auto |
|
||||||
# _lastChange|1570896933
|
# | turnOffCertCheck | 0 |
|
||||||
|
# | turnOnPasswordChange | 0 |
|
||||||
|
# | useMemberOfToDetectMembership | 1 |
|
||||||
|
|
||||||
cd ${PREV_DIR}
|
cd ${PREV_DIR}
|
||||||
|
|||||||
@ -196,27 +196,28 @@ RUN \
|
|||||||
}
|
}
|
||||||
|
|
||||||
ENV LDAP_ENABLE=false
|
ENV LDAP_ENABLE=false
|
||||||
|
ENV LDAP_CONFIG_ID=s01
|
||||||
ENV LDAP_HOST=
|
ENV LDAP_HOST=
|
||||||
ENV LDAP_PORT=389
|
ENV LDAP_PORT=389
|
||||||
ENV LDAP_BACKUP_HOST=
|
ENV LDAP_BACKUP_HOST=
|
||||||
ENV LDAP_BACKUP_PORT=389
|
ENV LDAP_BACKUP_PORT=389
|
||||||
ENV LDAP_DN=
|
ENV LDAP_AGENT_NAME=
|
||||||
ENV LDAP_AGENT_PASSWORD=
|
ENV LDAP_AGENT_PASSWORD=
|
||||||
ENV LDAP_BASE=
|
ENV LDAP_BASE=
|
||||||
ENV LDAP_BASE_USERS=
|
ENV LDAP_BASE_USERS=
|
||||||
ENV LDAP_BASE_GROUPS=
|
ENV LDAP_BASE_GROUPS=
|
||||||
# space-separated objectclass values
|
# space-separated objectclass values
|
||||||
ENV LDAP_USERFILTER_OBJECTCLASS=inetOrgPerson
|
ENV LDAP_USER_FILTER_OBJECTCLASS=inetOrgPerson
|
||||||
ENV LDAP_USERLIST_FILTER=
|
ENV LDAP_USER_FILTER=
|
||||||
ENV LDAP_LOGIN_FILTER=
|
ENV LDAP_LOGIN_FILTER=
|
||||||
ENV LDAP_GROUPFILTER_OBJECTCLASS=organizationalRole
|
ENV LDAP_GROUP_FILTER_OBJECTCLASS=organizationalRole
|
||||||
ENV LDAP_GROUP_FILTER=
|
ENV LDAP_GROUP_FILTER=
|
||||||
ENV LDAP_GID_NUMBER=gidNumber
|
ENV LDAP_GID_NUMBER=gidNumber
|
||||||
ENV LDAP_DISPLAY_NAME=cn
|
ENV LDAP_USER_DISPLAY_NAME=cn
|
||||||
ENV LDAP_USER_DISPLAY_NAME_2=
|
ENV LDAP_USER_DISPLAY_NAME_2=
|
||||||
ENV LDAP_GROUP_DISPLAY_NAME=cn
|
ENV LDAP_GROUP_DISPLAY_NAME=cn
|
||||||
ENV LDAP_EMAIL_ATTR=mail
|
ENV LDAP_EMAIL_ATTRIBUTE=mail
|
||||||
ENV LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE=memberUid
|
ENV LDAP_GROUP_MEMBER_ASSOC_ATTR=memberUid
|
||||||
|
|
||||||
EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
|
EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
|
||||||
ENTRYPOINT ["/entrypoint.sh"]
|
ENTRYPOINT ["/entrypoint.sh"]
|
||||||
|
|||||||
@ -12,94 +12,103 @@ PREV_DIR=${PWD}
|
|||||||
cd /var/www/html
|
cd /var/www/html
|
||||||
php occ app:enable user_ldap
|
php occ app:enable user_ldap
|
||||||
|
|
||||||
|
LDAP_CONFIG_ID=${LDAP_CONFIG_ID:-s01}
|
||||||
|
|
||||||
|
[[ "$(php occ ldap:create-empty-config --only-print-prefix)" > "${LDAP_CONFIG_ID}" ]] || {
|
||||||
|
# config does not yet exist, create it
|
||||||
|
php occ ldap:create-empty-config
|
||||||
|
}
|
||||||
|
|
||||||
[[ -z ${LDAP_HOST} ]] || {
|
[[ -z ${LDAP_HOST} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_host --value ${LDAP_HOST}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapHost ${LDAP_HOST}
|
||||||
php occ config:app:set user_ldap s01ldap_port --value ${LDAP_PORT:-389}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapPort ${LDAP_PORT:-389}
|
||||||
}
|
}
|
||||||
[[ -z ${LDAP_BACKUP_HOST} ]] || {
|
[[ -z ${LDAP_BACKUP_HOST} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_backup_host --value ${LDAP_BACKUP_HOST}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupHost ${LDAP_BACKUP_HOST}
|
||||||
php occ config:app:set user_ldap s01ldap_backup_port --value ${LDAP_BACKUP_PORT:-389}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupPort ${LDAP_BACKUP_PORT:-389}
|
||||||
}
|
}
|
||||||
|
|
||||||
# credentials for accessing LDAP directory
|
# credentials for accessing LDAP directory
|
||||||
[[ -z ${LDAP_DN} ]] || {
|
[[ -z ${LDAP_AGENT_NAME} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_dn --value ${LDAP_DN}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentName ${LDAP_AGENT_NAME}
|
||||||
}
|
}
|
||||||
[[ -z ${LDAP_AGENT_PASSWORD} ]] || {
|
[[ -z ${LDAP_AGENT_PASSWORD} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_agent_password --value ${LDAP_AGENT_PASSWORD}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentPassword ${LDAP_AGENT_PASSWORD}
|
||||||
}
|
}
|
||||||
|
|
||||||
# search base
|
# search base
|
||||||
[[ -z ${LDAP_BASE} ]] || {
|
[[ -z ${LDAP_BASE} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_base --value ${LDAP_BASE}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBase ${LDAP_BASE}
|
||||||
php occ config:app:set user_ldap s01ldap_base_users --value ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseUsers ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
|
||||||
php occ config:app:set user_ldap s01ldap_base_groups --value ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseGroups ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
|
||||||
}
|
}
|
||||||
|
|
||||||
LDAP_USERFILTER_OBJECTCLASS=${LDAP_USERFILTER_OBJECTCLASS:-inetOrgPerson}
|
LDAP_USER_FILTER_OBJECTCLASS=${LDAP_USER_FILTER_OBJECTCLASS:-inetOrgPerson}
|
||||||
php occ config:app:set user_ldap s01ldap_userfilter_objectclass --value "$(echo ${LDAP_USERFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilterObjectclass "$(echo ${LDAP_USER_FILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||||
|
|
||||||
DEFAULT_FILTER="(|(objectclass=${LDAP_USERFILTER_OBJECTCLASS// /)(objectclass=}))"
|
DEFAULT_FILTER="(|(objectclass=${LDAP_USER_FILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||||
LDAP_USERLIST_FILTER="${LDAP_USERLIST_FILTER:-${DEFAULT_FILTER}}"
|
LDAP_USER_FILTER="${LDAP_USER_FILTER:-${DEFAULT_FILTER}}"
|
||||||
php occ config:app:set user_ldap s01ldap_userlist_filter --value "${LDAP_USERLIST_FILTER}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilter "${LDAP_USER_FILTER}"
|
||||||
|
|
||||||
# ldap_user_filter_mode|0
|
# | ldapUserFilterGroups | |
|
||||||
# ldap_userfilter_groups|
|
# | ldapUserFilterMode | 0 |
|
||||||
|
|
||||||
DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
|
DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
|
||||||
php occ config:app:set user_ldap s01ldap_login_filter --value "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapLoginFilter "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
|
||||||
|
|
||||||
# ldap_login_filter_mode|0
|
# | ldapLoginFilterAttributes | |
|
||||||
# ldap_loginfilter_email|0
|
# | ldapLoginFilterEmail | 0 |
|
||||||
# ldap_loginfilter_username|1
|
# | ldapLoginFilterMode | 0 |
|
||||||
# ldap_loginfilter_attributes|
|
# | ldapLoginFilterUsername | 1 |
|
||||||
|
|
||||||
LDAP_GROUPFILTER_OBJECTCLASS=${LDAP_GROUPFILTER_OBJECTCLASS:-organizationalRole}
|
LDAP_GROUP_FILTER_OBJECTCLASS=${LDAP_GROUP_FILTER_OBJECTCLASS:-organizationalRole}
|
||||||
php occ config:app:set user_ldap s01ldap_groupfilter_objectclass --value "$(echo ${LDAP_GROUPFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilterObjectclass "$(echo ${LDAP_GROUP_FILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||||
|
|
||||||
DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUPFILTER_OBJECTCLASS// /)(objectclass=}))"
|
DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUP_FILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||||
LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
|
LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
|
||||||
php occ config:app:set user_ldap s01ldap_group_filter --value "${LDAP_GROUP_FILTER}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilter "${LDAP_GROUP_FILTER}"
|
||||||
|
|
||||||
# ldap_group_filter_mode|0
|
# | ldapGroupFilterGroups | |
|
||||||
# ldap_groupfilter_groups|
|
# | ldapGroupFilterMode | 0 |
|
||||||
|
|
||||||
php occ config:app:set user_ldap s01ldap_gid_number --value "${LDAP_GID_NUMBER:-gidNumber}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGidNumber "${LDAP_GID_NUMBER:-gidNumber}"
|
||||||
|
|
||||||
php occ config:app:set user_ldap s01ldap_display_name --value "${LDAP_DISPLAY_NAME:-cn}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName "${LDAP_USER_DISPLAY_NAME:-cn}"
|
||||||
[[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
|
[[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_user_display_name_2 --value "${LDAP_USER_DISPLAY_NAME_2}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName2 "${LDAP_USER_DISPLAY_NAME_2}"
|
||||||
}
|
}
|
||||||
php occ config:app:set user_ldap s01ldap_group_display_name --value "${LDAP_GROUP_DISPLAY_NAME:-cn}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupDisplayName "${LDAP_GROUP_DISPLAY_NAME:-cn}"
|
||||||
|
|
||||||
# ldap_tls|0
|
# | ldapTLS | 0 |
|
||||||
# ldap_quota_def|
|
# | ldapQuotaAttribute | |
|
||||||
# ldap_quota_attr|
|
# | ldapQuotaDefault | |
|
||||||
|
|
||||||
php occ config:app:set user_ldap s01ldap_email_attr --value "${LDAP_EMAIL_ATTR:-mail}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapEmailAttribute "${LDAP_EMAIL_ATTRIBUTE:-mail}"
|
||||||
php occ config:app:set user_ldap s01ldap_group_member_assoc_attribute --value "${LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE:-memberUid}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupMemberAssocAttr "${LDAP_GROUP_MEMBER_ASSOC_ATTR:-memberUid}"
|
||||||
|
|
||||||
# ldap_cache_ttl|600
|
# | hasMemberOfFilterSupport | 0 |
|
||||||
|
# | homeFolderNamingRule | |
|
||||||
# home_folder_naming_rule|
|
# | lastJpegPhotoLookup | 0 |
|
||||||
# ldap_turn_off_cert_check|0
|
# | ldapAttributesForGroupSearch | |
|
||||||
# ldap_attributes_for_user_search|
|
# | ldapAttributesForUserSearch | |
|
||||||
# ldap_attributes_for_group_search|
|
# | ldapCacheTTL | 600 |
|
||||||
# ldap_expert_username_attr|
|
# | ldapConfigurationActive | 0 |
|
||||||
# ldap_expert_uuid_user_attr|
|
# | ldapDefaultPPolicyDN | |
|
||||||
# ldap_expert_uuid_group_attr|
|
# | ldapDynamicGroupMemberURL | |
|
||||||
# has_memberof_filter_support|0
|
# | ldapExperiencedAdmin | 0 |
|
||||||
# use_memberof_to_detect_membership|1
|
# | ldapExpertUUIDGroupAttr | |
|
||||||
|
# | ldapExpertUUIDUserAttr | |
|
||||||
# last_jpegPhoto_lookup|0
|
# | ldapExpertUsernameAttr | |
|
||||||
# ldap_nested_groups|0
|
# | ldapExtStorageHomeAttribute | |
|
||||||
# ldap_paging_size|500
|
# | ldapIgnoreNamingRules | |
|
||||||
# ldap_turn_on_pwd_change|0
|
# | ldapNestedGroups | 0 |
|
||||||
# ldap_experienced_admin|0
|
# | ldapOverrideMainServer | |
|
||||||
# ldap_dynamic_group_member_url|
|
# | ldapPagingSize | 500 |
|
||||||
# ldap_default_ppolicy_dn|
|
# | ldapUserAvatarRule | default |
|
||||||
# ldap_user_avatar_rule|default
|
# | ldapUuidGroupAttribute | auto |
|
||||||
# ldap_ext_storage_home_attribute|
|
# | ldapUuidUserAttribute | auto |
|
||||||
# _lastChange|1570896933
|
# | turnOffCertCheck | 0 |
|
||||||
|
# | turnOnPasswordChange | 0 |
|
||||||
|
# | useMemberOfToDetectMembership | 1 |
|
||||||
|
|
||||||
cd ${PREV_DIR}
|
cd ${PREV_DIR}
|
||||||
|
|||||||
@ -195,27 +195,28 @@ RUN \
|
|||||||
}
|
}
|
||||||
|
|
||||||
ENV LDAP_ENABLE=false
|
ENV LDAP_ENABLE=false
|
||||||
|
ENV LDAP_CONFIG_ID=s01
|
||||||
ENV LDAP_HOST=
|
ENV LDAP_HOST=
|
||||||
ENV LDAP_PORT=389
|
ENV LDAP_PORT=389
|
||||||
ENV LDAP_BACKUP_HOST=
|
ENV LDAP_BACKUP_HOST=
|
||||||
ENV LDAP_BACKUP_PORT=389
|
ENV LDAP_BACKUP_PORT=389
|
||||||
ENV LDAP_DN=
|
ENV LDAP_AGENT_NAME=
|
||||||
ENV LDAP_AGENT_PASSWORD=
|
ENV LDAP_AGENT_PASSWORD=
|
||||||
ENV LDAP_BASE=
|
ENV LDAP_BASE=
|
||||||
ENV LDAP_BASE_USERS=
|
ENV LDAP_BASE_USERS=
|
||||||
ENV LDAP_BASE_GROUPS=
|
ENV LDAP_BASE_GROUPS=
|
||||||
# space-separated objectclass values
|
# space-separated objectclass values
|
||||||
ENV LDAP_USERFILTER_OBJECTCLASS=inetOrgPerson
|
ENV LDAP_USER_FILTER_OBJECTCLASS=inetOrgPerson
|
||||||
ENV LDAP_USERLIST_FILTER=
|
ENV LDAP_USER_FILTER=
|
||||||
ENV LDAP_LOGIN_FILTER=
|
ENV LDAP_LOGIN_FILTER=
|
||||||
ENV LDAP_GROUPFILTER_OBJECTCLASS=organizationalRole
|
ENV LDAP_GROUP_FILTER_OBJECTCLASS=organizationalRole
|
||||||
ENV LDAP_GROUP_FILTER=
|
ENV LDAP_GROUP_FILTER=
|
||||||
ENV LDAP_GID_NUMBER=gidNumber
|
ENV LDAP_GID_NUMBER=gidNumber
|
||||||
ENV LDAP_DISPLAY_NAME=cn
|
ENV LDAP_USER_DISPLAY_NAME=cn
|
||||||
ENV LDAP_USER_DISPLAY_NAME_2=
|
ENV LDAP_USER_DISPLAY_NAME_2=
|
||||||
ENV LDAP_GROUP_DISPLAY_NAME=cn
|
ENV LDAP_GROUP_DISPLAY_NAME=cn
|
||||||
ENV LDAP_EMAIL_ATTR=mail
|
ENV LDAP_EMAIL_ATTRIBUTE=mail
|
||||||
ENV LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE=memberUid
|
ENV LDAP_GROUP_MEMBER_ASSOC_ATTR=memberUid
|
||||||
|
|
||||||
EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
|
EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
|
||||||
ENTRYPOINT ["/entrypoint.sh"]
|
ENTRYPOINT ["/entrypoint.sh"]
|
||||||
|
|||||||
@ -12,94 +12,103 @@ PREV_DIR=${PWD}
|
|||||||
cd /var/www/html
|
cd /var/www/html
|
||||||
php occ app:enable user_ldap
|
php occ app:enable user_ldap
|
||||||
|
|
||||||
|
LDAP_CONFIG_ID=${LDAP_CONFIG_ID:-s01}
|
||||||
|
|
||||||
|
[[ "$(php occ ldap:create-empty-config --only-print-prefix)" > "${LDAP_CONFIG_ID}" ]] || {
|
||||||
|
# config does not yet exist, create it
|
||||||
|
php occ ldap:create-empty-config
|
||||||
|
}
|
||||||
|
|
||||||
[[ -z ${LDAP_HOST} ]] || {
|
[[ -z ${LDAP_HOST} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_host --value ${LDAP_HOST}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapHost ${LDAP_HOST}
|
||||||
php occ config:app:set user_ldap s01ldap_port --value ${LDAP_PORT:-389}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapPort ${LDAP_PORT:-389}
|
||||||
}
|
}
|
||||||
[[ -z ${LDAP_BACKUP_HOST} ]] || {
|
[[ -z ${LDAP_BACKUP_HOST} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_backup_host --value ${LDAP_BACKUP_HOST}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupHost ${LDAP_BACKUP_HOST}
|
||||||
php occ config:app:set user_ldap s01ldap_backup_port --value ${LDAP_BACKUP_PORT:-389}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupPort ${LDAP_BACKUP_PORT:-389}
|
||||||
}
|
}
|
||||||
|
|
||||||
# credentials for accessing LDAP directory
|
# credentials for accessing LDAP directory
|
||||||
[[ -z ${LDAP_DN} ]] || {
|
[[ -z ${LDAP_AGENT_NAME} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_dn --value ${LDAP_DN}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentName ${LDAP_AGENT_NAME}
|
||||||
}
|
}
|
||||||
[[ -z ${LDAP_AGENT_PASSWORD} ]] || {
|
[[ -z ${LDAP_AGENT_PASSWORD} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_agent_password --value ${LDAP_AGENT_PASSWORD}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentPassword ${LDAP_AGENT_PASSWORD}
|
||||||
}
|
}
|
||||||
|
|
||||||
# search base
|
# search base
|
||||||
[[ -z ${LDAP_BASE} ]] || {
|
[[ -z ${LDAP_BASE} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_base --value ${LDAP_BASE}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBase ${LDAP_BASE}
|
||||||
php occ config:app:set user_ldap s01ldap_base_users --value ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseUsers ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
|
||||||
php occ config:app:set user_ldap s01ldap_base_groups --value ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseGroups ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
|
||||||
}
|
}
|
||||||
|
|
||||||
LDAP_USERFILTER_OBJECTCLASS=${LDAP_USERFILTER_OBJECTCLASS:-inetOrgPerson}
|
LDAP_USER_FILTER_OBJECTCLASS=${LDAP_USER_FILTER_OBJECTCLASS:-inetOrgPerson}
|
||||||
php occ config:app:set user_ldap s01ldap_userfilter_objectclass --value "$(echo ${LDAP_USERFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilterObjectclass "$(echo ${LDAP_USER_FILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||||
|
|
||||||
DEFAULT_FILTER="(|(objectclass=${LDAP_USERFILTER_OBJECTCLASS// /)(objectclass=}))"
|
DEFAULT_FILTER="(|(objectclass=${LDAP_USER_FILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||||
LDAP_USERLIST_FILTER="${LDAP_USERLIST_FILTER:-${DEFAULT_FILTER}}"
|
LDAP_USER_FILTER="${LDAP_USER_FILTER:-${DEFAULT_FILTER}}"
|
||||||
php occ config:app:set user_ldap s01ldap_userlist_filter --value "${LDAP_USERLIST_FILTER}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilter "${LDAP_USER_FILTER}"
|
||||||
|
|
||||||
# ldap_user_filter_mode|0
|
# | ldapUserFilterGroups | |
|
||||||
# ldap_userfilter_groups|
|
# | ldapUserFilterMode | 0 |
|
||||||
|
|
||||||
DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
|
DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
|
||||||
php occ config:app:set user_ldap s01ldap_login_filter --value "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapLoginFilter "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
|
||||||
|
|
||||||
# ldap_login_filter_mode|0
|
# | ldapLoginFilterAttributes | |
|
||||||
# ldap_loginfilter_email|0
|
# | ldapLoginFilterEmail | 0 |
|
||||||
# ldap_loginfilter_username|1
|
# | ldapLoginFilterMode | 0 |
|
||||||
# ldap_loginfilter_attributes|
|
# | ldapLoginFilterUsername | 1 |
|
||||||
|
|
||||||
LDAP_GROUPFILTER_OBJECTCLASS=${LDAP_GROUPFILTER_OBJECTCLASS:-organizationalRole}
|
LDAP_GROUP_FILTER_OBJECTCLASS=${LDAP_GROUP_FILTER_OBJECTCLASS:-organizationalRole}
|
||||||
php occ config:app:set user_ldap s01ldap_groupfilter_objectclass --value "$(echo ${LDAP_GROUPFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilterObjectclass "$(echo ${LDAP_GROUP_FILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||||
|
|
||||||
DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUPFILTER_OBJECTCLASS// /)(objectclass=}))"
|
DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUP_FILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||||
LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
|
LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
|
||||||
php occ config:app:set user_ldap s01ldap_group_filter --value "${LDAP_GROUP_FILTER}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilter "${LDAP_GROUP_FILTER}"
|
||||||
|
|
||||||
# ldap_group_filter_mode|0
|
# | ldapGroupFilterGroups | |
|
||||||
# ldap_groupfilter_groups|
|
# | ldapGroupFilterMode | 0 |
|
||||||
|
|
||||||
php occ config:app:set user_ldap s01ldap_gid_number --value "${LDAP_GID_NUMBER:-gidNumber}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGidNumber "${LDAP_GID_NUMBER:-gidNumber}"
|
||||||
|
|
||||||
php occ config:app:set user_ldap s01ldap_display_name --value "${LDAP_DISPLAY_NAME:-cn}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName "${LDAP_USER_DISPLAY_NAME:-cn}"
|
||||||
[[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
|
[[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
|
||||||
php occ config:app:set user_ldap s01ldap_user_display_name_2 --value "${LDAP_USER_DISPLAY_NAME_2}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName2 "${LDAP_USER_DISPLAY_NAME_2}"
|
||||||
}
|
}
|
||||||
php occ config:app:set user_ldap s01ldap_group_display_name --value "${LDAP_GROUP_DISPLAY_NAME:-cn}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupDisplayName "${LDAP_GROUP_DISPLAY_NAME:-cn}"
|
||||||
|
|
||||||
# ldap_tls|0
|
# | ldapTLS | 0 |
|
||||||
# ldap_quota_def|
|
# | ldapQuotaAttribute | |
|
||||||
# ldap_quota_attr|
|
# | ldapQuotaDefault | |
|
||||||
|
|
||||||
php occ config:app:set user_ldap s01ldap_email_attr --value "${LDAP_EMAIL_ATTR:-mail}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapEmailAttribute "${LDAP_EMAIL_ATTRIBUTE:-mail}"
|
||||||
php occ config:app:set user_ldap s01ldap_group_member_assoc_attribute --value "${LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE:-memberUid}"
|
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupMemberAssocAttr "${LDAP_GROUP_MEMBER_ASSOC_ATTR:-memberUid}"
|
||||||
|
|
||||||
# ldap_cache_ttl|600
|
# | hasMemberOfFilterSupport | 0 |
|
||||||
|
# | homeFolderNamingRule | |
|
||||||
# home_folder_naming_rule|
|
# | lastJpegPhotoLookup | 0 |
|
||||||
# ldap_turn_off_cert_check|0
|
# | ldapAttributesForGroupSearch | |
|
||||||
# ldap_attributes_for_user_search|
|
# | ldapAttributesForUserSearch | |
|
||||||
# ldap_attributes_for_group_search|
|
# | ldapCacheTTL | 600 |
|
||||||
# ldap_expert_username_attr|
|
# | ldapConfigurationActive | 0 |
|
||||||
# ldap_expert_uuid_user_attr|
|
# | ldapDefaultPPolicyDN | |
|
||||||
# ldap_expert_uuid_group_attr|
|
# | ldapDynamicGroupMemberURL | |
|
||||||
# has_memberof_filter_support|0
|
# | ldapExperiencedAdmin | 0 |
|
||||||
# use_memberof_to_detect_membership|1
|
# | ldapExpertUUIDGroupAttr | |
|
||||||
|
# | ldapExpertUUIDUserAttr | |
|
||||||
# last_jpegPhoto_lookup|0
|
# | ldapExpertUsernameAttr | |
|
||||||
# ldap_nested_groups|0
|
# | ldapExtStorageHomeAttribute | |
|
||||||
# ldap_paging_size|500
|
# | ldapIgnoreNamingRules | |
|
||||||
# ldap_turn_on_pwd_change|0
|
# | ldapNestedGroups | 0 |
|
||||||
# ldap_experienced_admin|0
|
# | ldapOverrideMainServer | |
|
||||||
# ldap_dynamic_group_member_url|
|
# | ldapPagingSize | 500 |
|
||||||
# ldap_default_ppolicy_dn|
|
# | ldapUserAvatarRule | default |
|
||||||
# ldap_user_avatar_rule|default
|
# | ldapUuidGroupAttribute | auto |
|
||||||
# ldap_ext_storage_home_attribute|
|
# | ldapUuidUserAttribute | auto |
|
||||||
# _lastChange|1570896933
|
# | turnOffCertCheck | 0 |
|
||||||
|
# | turnOnPasswordChange | 0 |
|
||||||
|
# | useMemberOfToDetectMembership | 1 |
|
||||||
|
|
||||||
cd ${PREV_DIR}
|
cd ${PREV_DIR}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user