This commit is contained in:
Mauro Torrez
parent
4d82904c45
commit
e447a48200
@ -38,6 +38,7 @@ RUN set -ex; \
|
||||
php-mbstring \
|
||||
php-curl \
|
||||
ssl-cert \
|
||||
sudo \
|
||||
; \
|
||||
\
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
@ -194,6 +195,29 @@ RUN \
|
||||
rm /var/www/html/index.php /var/www/html/index.php.remove; \
|
||||
}
|
||||
|
||||
ENV LDAP_ENABLE=false
|
||||
ENV LDAP_HOST=
|
||||
ENV LDAP_PORT=389
|
||||
ENV LDAP_BACKUP_HOST=
|
||||
ENV LDAP_BACKUP_PORT=389
|
||||
ENV LDAP_DN=
|
||||
ENV LDAP_AGENT_PASSWORD=
|
||||
ENV LDAP_BASE=
|
||||
ENV LDAP_BASE_USERS
|
||||
ENV LDAP_BASE_GROUPS
|
||||
# space-separated objectclass values
|
||||
ENV LDAP_USERFILTER_OBJECTCLASS=inetOrgPerson
|
||||
ENV LDAP_USERLIST_FILTER
|
||||
ENV LDAP_LOGIN_FILTER
|
||||
ENV LDAP_GROUPFILTER_OBJECTCLASS=organizationalRole
|
||||
ENV LDAP_GROUP_FILTER
|
||||
ENV LDAP_GID_NUMBER=gidNumber
|
||||
ENV LDAP_DISPLAY_NAME=cn
|
||||
ENV LDAP_USER_DISPLAY_NAME_2=
|
||||
ENV LDAP_GROUP_DISPLAY_NAME=cn
|
||||
ENV LDAP_EMAIL_ATTR=mail
|
||||
ENV LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE=memberUid
|
||||
|
||||
EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
@ -142,4 +142,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "$1" = "unitd"
|
||||
fi
|
||||
fi
|
||||
|
||||
sudo -u www-data -E /ldap_setup.sh
|
||||
|
||||
exec "$@"
|
||||
|
||||
105
14.0/unit/ldap_setup.sh
Executable file
105
14.0/unit/ldap_setup.sh
Executable file
@ -0,0 +1,105 @@
|
||||
#!/bin/bash
|
||||
|
||||
# setup LDAP authentication for nextcloud
|
||||
# this script must be run as www-data
|
||||
|
||||
[[ ${LDAP_ENABLE,,} == "true" ]] || {
|
||||
echo Skipping LDAP setup
|
||||
exit 0
|
||||
}
|
||||
|
||||
PREV_DIR=${PWD}
|
||||
cd /var/www/html
|
||||
php occ app:enable user_ldap
|
||||
|
||||
[[ -z ${LDAP_HOST} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_host --value ${LDAP_HOST}
|
||||
php occ config:app:set user_ldap s01ldap_port --value ${LDAP_PORT:-389}
|
||||
}
|
||||
[[ -z ${LDAP_BACKUP_HOST} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_backup_host --value ${LDAP_BACKUP_HOST}
|
||||
php occ config:app:set user_ldap s01ldap_backup_port --value ${LDAP_BACKUP_PORT:-389}
|
||||
}
|
||||
|
||||
# credentials for accessing LDAP directory
|
||||
[[ -z ${LDAP_DN} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_dn --value ${LDAP_DN}
|
||||
}
|
||||
[[ -z ${LDAP_AGENT_PASSWORD} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_agent_password --value ${LDAP_AGENT_PASSWORD}
|
||||
}
|
||||
|
||||
# search base
|
||||
[[ -z ${LDAP_BASE} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_base --value ${LDAP_BASE}
|
||||
php occ config:app:set user_ldap s01ldap_base_users --value ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
|
||||
php occ config:app:set user_ldap s01ldap_base_groups --value ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
|
||||
}
|
||||
|
||||
LDAP_USERFILTER_OBJECTCLASS=${LDAP_USERFILTER_OBJECTCLASS:-inetOrgPerson}
|
||||
php occ config:app:set user_ldap s01ldap_userfilter_objectclass --value "$(echo ${LDAP_USERFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||
|
||||
DEFAULT_FILTER="(|(objectclass=${LDAP_USERFILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||
LDAP_USERLIST_FILTER="${LDAP_USERLIST_FILTER:-${DEFAULT_FILTER}}"
|
||||
php occ config:app:set user_ldap s01ldap_userlist_filter --value "${LDAP_USERLIST_FILTER}"
|
||||
|
||||
# ldap_user_filter_mode|0
|
||||
# ldap_userfilter_groups|
|
||||
|
||||
DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
|
||||
php occ config:app:set user_ldap s01ldap_login_filter --value "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
|
||||
|
||||
# ldap_login_filter_mode|0
|
||||
# ldap_loginfilter_email|0
|
||||
# ldap_loginfilter_username|1
|
||||
# ldap_loginfilter_attributes|
|
||||
|
||||
LDAP_GROUPFILTER_OBJECTCLASS=${LDAP_GROUPFILTER_OBJECTCLASS:-organizationalRole}
|
||||
php occ config:app:set user_ldap s01ldap_groupfilter_objectclass --value "$(echo ${LDAP_GROUPFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||
|
||||
DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUPFILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||
LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
|
||||
php occ config:app:set user_ldap s01ldap_group_filter --value "${LDAP_GROUP_FILTER}"
|
||||
|
||||
# ldap_group_filter_mode|0
|
||||
# ldap_groupfilter_groups|
|
||||
|
||||
php occ config:app:set user_ldap s01ldap_gid_number --value "${LDAP_GID_NUMBER:-gidNumber}"
|
||||
|
||||
php occ config:app:set user_ldap s01ldap_display_name --value "${LDAP_DISPLAY_NAME:-cn}"
|
||||
[[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_user_display_name_2 --value "${LDAP_USER_DISPLAY_NAME_2}"
|
||||
}
|
||||
php occ config:app:set user_ldap s01ldap_group_display_name --value "${LDAP_GROUP_DISPLAY_NAME:-cn}"
|
||||
|
||||
# ldap_tls|0
|
||||
# ldap_quota_def|
|
||||
# ldap_quota_attr|
|
||||
|
||||
php occ config:app:set user_ldap s01ldap_email_attr --value "${LDAP_EMAIL_ATTR:-mail}"
|
||||
php occ config:app:set user_ldap s01ldap_group_member_assoc_attribute --value "${LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE:-memberUid}"
|
||||
|
||||
# ldap_cache_ttl|600
|
||||
|
||||
# home_folder_naming_rule|
|
||||
# ldap_turn_off_cert_check|0
|
||||
# ldap_attributes_for_user_search|
|
||||
# ldap_attributes_for_group_search|
|
||||
# ldap_expert_username_attr|
|
||||
# ldap_expert_uuid_user_attr|
|
||||
# ldap_expert_uuid_group_attr|
|
||||
# has_memberof_filter_support|0
|
||||
# use_memberof_to_detect_membership|1
|
||||
|
||||
# last_jpegPhoto_lookup|0
|
||||
# ldap_nested_groups|0
|
||||
# ldap_paging_size|500
|
||||
# ldap_turn_on_pwd_change|0
|
||||
# ldap_experienced_admin|0
|
||||
# ldap_dynamic_group_member_url|
|
||||
# ldap_default_ppolicy_dn|
|
||||
# ldap_user_avatar_rule|default
|
||||
# ldap_ext_storage_home_attribute|
|
||||
# _lastChange|1570896933
|
||||
|
||||
cd ${PREV_DIR}
|
||||
@ -38,6 +38,7 @@ RUN set -ex; \
|
||||
php-mbstring \
|
||||
php-curl \
|
||||
ssl-cert \
|
||||
sudo \
|
||||
; \
|
||||
\
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
@ -194,6 +195,29 @@ RUN \
|
||||
rm /var/www/html/index.php /var/www/html/index.php.remove; \
|
||||
}
|
||||
|
||||
ENV LDAP_ENABLE=false
|
||||
ENV LDAP_HOST=
|
||||
ENV LDAP_PORT=389
|
||||
ENV LDAP_BACKUP_HOST=
|
||||
ENV LDAP_BACKUP_PORT=389
|
||||
ENV LDAP_DN=
|
||||
ENV LDAP_AGENT_PASSWORD=
|
||||
ENV LDAP_BASE=
|
||||
ENV LDAP_BASE_USERS
|
||||
ENV LDAP_BASE_GROUPS
|
||||
# space-separated objectclass values
|
||||
ENV LDAP_USERFILTER_OBJECTCLASS=inetOrgPerson
|
||||
ENV LDAP_USERLIST_FILTER
|
||||
ENV LDAP_LOGIN_FILTER
|
||||
ENV LDAP_GROUPFILTER_OBJECTCLASS=organizationalRole
|
||||
ENV LDAP_GROUP_FILTER
|
||||
ENV LDAP_GID_NUMBER=gidNumber
|
||||
ENV LDAP_DISPLAY_NAME=cn
|
||||
ENV LDAP_USER_DISPLAY_NAME_2=
|
||||
ENV LDAP_GROUP_DISPLAY_NAME=cn
|
||||
ENV LDAP_EMAIL_ATTR=mail
|
||||
ENV LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE=memberUid
|
||||
|
||||
EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
@ -142,4 +142,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "$1" = "unitd"
|
||||
fi
|
||||
fi
|
||||
|
||||
sudo -u www-data -E /ldap_setup.sh
|
||||
|
||||
exec "$@"
|
||||
|
||||
105
15.0/unit/ldap_setup.sh
Executable file
105
15.0/unit/ldap_setup.sh
Executable file
@ -0,0 +1,105 @@
|
||||
#!/bin/bash
|
||||
|
||||
# setup LDAP authentication for nextcloud
|
||||
# this script must be run as www-data
|
||||
|
||||
[[ ${LDAP_ENABLE,,} == "true" ]] || {
|
||||
echo Skipping LDAP setup
|
||||
exit 0
|
||||
}
|
||||
|
||||
PREV_DIR=${PWD}
|
||||
cd /var/www/html
|
||||
php occ app:enable user_ldap
|
||||
|
||||
[[ -z ${LDAP_HOST} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_host --value ${LDAP_HOST}
|
||||
php occ config:app:set user_ldap s01ldap_port --value ${LDAP_PORT:-389}
|
||||
}
|
||||
[[ -z ${LDAP_BACKUP_HOST} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_backup_host --value ${LDAP_BACKUP_HOST}
|
||||
php occ config:app:set user_ldap s01ldap_backup_port --value ${LDAP_BACKUP_PORT:-389}
|
||||
}
|
||||
|
||||
# credentials for accessing LDAP directory
|
||||
[[ -z ${LDAP_DN} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_dn --value ${LDAP_DN}
|
||||
}
|
||||
[[ -z ${LDAP_AGENT_PASSWORD} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_agent_password --value ${LDAP_AGENT_PASSWORD}
|
||||
}
|
||||
|
||||
# search base
|
||||
[[ -z ${LDAP_BASE} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_base --value ${LDAP_BASE}
|
||||
php occ config:app:set user_ldap s01ldap_base_users --value ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
|
||||
php occ config:app:set user_ldap s01ldap_base_groups --value ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
|
||||
}
|
||||
|
||||
LDAP_USERFILTER_OBJECTCLASS=${LDAP_USERFILTER_OBJECTCLASS:-inetOrgPerson}
|
||||
php occ config:app:set user_ldap s01ldap_userfilter_objectclass --value "$(echo ${LDAP_USERFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||
|
||||
DEFAULT_FILTER="(|(objectclass=${LDAP_USERFILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||
LDAP_USERLIST_FILTER="${LDAP_USERLIST_FILTER:-${DEFAULT_FILTER}}"
|
||||
php occ config:app:set user_ldap s01ldap_userlist_filter --value "${LDAP_USERLIST_FILTER}"
|
||||
|
||||
# ldap_user_filter_mode|0
|
||||
# ldap_userfilter_groups|
|
||||
|
||||
DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
|
||||
php occ config:app:set user_ldap s01ldap_login_filter --value "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
|
||||
|
||||
# ldap_login_filter_mode|0
|
||||
# ldap_loginfilter_email|0
|
||||
# ldap_loginfilter_username|1
|
||||
# ldap_loginfilter_attributes|
|
||||
|
||||
LDAP_GROUPFILTER_OBJECTCLASS=${LDAP_GROUPFILTER_OBJECTCLASS:-organizationalRole}
|
||||
php occ config:app:set user_ldap s01ldap_groupfilter_objectclass --value "$(echo ${LDAP_GROUPFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||
|
||||
DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUPFILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||
LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
|
||||
php occ config:app:set user_ldap s01ldap_group_filter --value "${LDAP_GROUP_FILTER}"
|
||||
|
||||
# ldap_group_filter_mode|0
|
||||
# ldap_groupfilter_groups|
|
||||
|
||||
php occ config:app:set user_ldap s01ldap_gid_number --value "${LDAP_GID_NUMBER:-gidNumber}"
|
||||
|
||||
php occ config:app:set user_ldap s01ldap_display_name --value "${LDAP_DISPLAY_NAME:-cn}"
|
||||
[[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_user_display_name_2 --value "${LDAP_USER_DISPLAY_NAME_2}"
|
||||
}
|
||||
php occ config:app:set user_ldap s01ldap_group_display_name --value "${LDAP_GROUP_DISPLAY_NAME:-cn}"
|
||||
|
||||
# ldap_tls|0
|
||||
# ldap_quota_def|
|
||||
# ldap_quota_attr|
|
||||
|
||||
php occ config:app:set user_ldap s01ldap_email_attr --value "${LDAP_EMAIL_ATTR:-mail}"
|
||||
php occ config:app:set user_ldap s01ldap_group_member_assoc_attribute --value "${LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE:-memberUid}"
|
||||
|
||||
# ldap_cache_ttl|600
|
||||
|
||||
# home_folder_naming_rule|
|
||||
# ldap_turn_off_cert_check|0
|
||||
# ldap_attributes_for_user_search|
|
||||
# ldap_attributes_for_group_search|
|
||||
# ldap_expert_username_attr|
|
||||
# ldap_expert_uuid_user_attr|
|
||||
# ldap_expert_uuid_group_attr|
|
||||
# has_memberof_filter_support|0
|
||||
# use_memberof_to_detect_membership|1
|
||||
|
||||
# last_jpegPhoto_lookup|0
|
||||
# ldap_nested_groups|0
|
||||
# ldap_paging_size|500
|
||||
# ldap_turn_on_pwd_change|0
|
||||
# ldap_experienced_admin|0
|
||||
# ldap_dynamic_group_member_url|
|
||||
# ldap_default_ppolicy_dn|
|
||||
# ldap_user_avatar_rule|default
|
||||
# ldap_ext_storage_home_attribute|
|
||||
# _lastChange|1570896933
|
||||
|
||||
cd ${PREV_DIR}
|
||||
@ -38,6 +38,7 @@ RUN set -ex; \
|
||||
php-mbstring \
|
||||
php-curl \
|
||||
ssl-cert \
|
||||
sudo \
|
||||
; \
|
||||
\
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
@ -194,6 +195,29 @@ RUN \
|
||||
rm /var/www/html/index.php /var/www/html/index.php.remove; \
|
||||
}
|
||||
|
||||
ENV LDAP_ENABLE=false
|
||||
ENV LDAP_HOST=
|
||||
ENV LDAP_PORT=389
|
||||
ENV LDAP_BACKUP_HOST=
|
||||
ENV LDAP_BACKUP_PORT=389
|
||||
ENV LDAP_DN=
|
||||
ENV LDAP_AGENT_PASSWORD=
|
||||
ENV LDAP_BASE=
|
||||
ENV LDAP_BASE_USERS
|
||||
ENV LDAP_BASE_GROUPS
|
||||
# space-separated objectclass values
|
||||
ENV LDAP_USERFILTER_OBJECTCLASS=inetOrgPerson
|
||||
ENV LDAP_USERLIST_FILTER
|
||||
ENV LDAP_LOGIN_FILTER
|
||||
ENV LDAP_GROUPFILTER_OBJECTCLASS=organizationalRole
|
||||
ENV LDAP_GROUP_FILTER
|
||||
ENV LDAP_GID_NUMBER=gidNumber
|
||||
ENV LDAP_DISPLAY_NAME=cn
|
||||
ENV LDAP_USER_DISPLAY_NAME_2=
|
||||
ENV LDAP_GROUP_DISPLAY_NAME=cn
|
||||
ENV LDAP_EMAIL_ATTR=mail
|
||||
ENV LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE=memberUid
|
||||
|
||||
EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
@ -142,4 +142,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "$1" = "unitd"
|
||||
fi
|
||||
fi
|
||||
|
||||
sudo -u www-data -E /ldap_setup.sh
|
||||
|
||||
exec "$@"
|
||||
|
||||
105
16.0/unit/ldap_setup.sh
Executable file
105
16.0/unit/ldap_setup.sh
Executable file
@ -0,0 +1,105 @@
|
||||
#!/bin/bash
|
||||
|
||||
# setup LDAP authentication for nextcloud
|
||||
# this script must be run as www-data
|
||||
|
||||
[[ ${LDAP_ENABLE,,} == "true" ]] || {
|
||||
echo Skipping LDAP setup
|
||||
exit 0
|
||||
}
|
||||
|
||||
PREV_DIR=${PWD}
|
||||
cd /var/www/html
|
||||
php occ app:enable user_ldap
|
||||
|
||||
[[ -z ${LDAP_HOST} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_host --value ${LDAP_HOST}
|
||||
php occ config:app:set user_ldap s01ldap_port --value ${LDAP_PORT:-389}
|
||||
}
|
||||
[[ -z ${LDAP_BACKUP_HOST} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_backup_host --value ${LDAP_BACKUP_HOST}
|
||||
php occ config:app:set user_ldap s01ldap_backup_port --value ${LDAP_BACKUP_PORT:-389}
|
||||
}
|
||||
|
||||
# credentials for accessing LDAP directory
|
||||
[[ -z ${LDAP_DN} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_dn --value ${LDAP_DN}
|
||||
}
|
||||
[[ -z ${LDAP_AGENT_PASSWORD} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_agent_password --value ${LDAP_AGENT_PASSWORD}
|
||||
}
|
||||
|
||||
# search base
|
||||
[[ -z ${LDAP_BASE} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_base --value ${LDAP_BASE}
|
||||
php occ config:app:set user_ldap s01ldap_base_users --value ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
|
||||
php occ config:app:set user_ldap s01ldap_base_groups --value ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
|
||||
}
|
||||
|
||||
LDAP_USERFILTER_OBJECTCLASS=${LDAP_USERFILTER_OBJECTCLASS:-inetOrgPerson}
|
||||
php occ config:app:set user_ldap s01ldap_userfilter_objectclass --value "$(echo ${LDAP_USERFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||
|
||||
DEFAULT_FILTER="(|(objectclass=${LDAP_USERFILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||
LDAP_USERLIST_FILTER="${LDAP_USERLIST_FILTER:-${DEFAULT_FILTER}}"
|
||||
php occ config:app:set user_ldap s01ldap_userlist_filter --value "${LDAP_USERLIST_FILTER}"
|
||||
|
||||
# ldap_user_filter_mode|0
|
||||
# ldap_userfilter_groups|
|
||||
|
||||
DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
|
||||
php occ config:app:set user_ldap s01ldap_login_filter --value "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
|
||||
|
||||
# ldap_login_filter_mode|0
|
||||
# ldap_loginfilter_email|0
|
||||
# ldap_loginfilter_username|1
|
||||
# ldap_loginfilter_attributes|
|
||||
|
||||
LDAP_GROUPFILTER_OBJECTCLASS=${LDAP_GROUPFILTER_OBJECTCLASS:-organizationalRole}
|
||||
php occ config:app:set user_ldap s01ldap_groupfilter_objectclass --value "$(echo ${LDAP_GROUPFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||
|
||||
DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUPFILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||
LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
|
||||
php occ config:app:set user_ldap s01ldap_group_filter --value "${LDAP_GROUP_FILTER}"
|
||||
|
||||
# ldap_group_filter_mode|0
|
||||
# ldap_groupfilter_groups|
|
||||
|
||||
php occ config:app:set user_ldap s01ldap_gid_number --value "${LDAP_GID_NUMBER:-gidNumber}"
|
||||
|
||||
php occ config:app:set user_ldap s01ldap_display_name --value "${LDAP_DISPLAY_NAME:-cn}"
|
||||
[[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_user_display_name_2 --value "${LDAP_USER_DISPLAY_NAME_2}"
|
||||
}
|
||||
php occ config:app:set user_ldap s01ldap_group_display_name --value "${LDAP_GROUP_DISPLAY_NAME:-cn}"
|
||||
|
||||
# ldap_tls|0
|
||||
# ldap_quota_def|
|
||||
# ldap_quota_attr|
|
||||
|
||||
php occ config:app:set user_ldap s01ldap_email_attr --value "${LDAP_EMAIL_ATTR:-mail}"
|
||||
php occ config:app:set user_ldap s01ldap_group_member_assoc_attribute --value "${LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE:-memberUid}"
|
||||
|
||||
# ldap_cache_ttl|600
|
||||
|
||||
# home_folder_naming_rule|
|
||||
# ldap_turn_off_cert_check|0
|
||||
# ldap_attributes_for_user_search|
|
||||
# ldap_attributes_for_group_search|
|
||||
# ldap_expert_username_attr|
|
||||
# ldap_expert_uuid_user_attr|
|
||||
# ldap_expert_uuid_group_attr|
|
||||
# has_memberof_filter_support|0
|
||||
# use_memberof_to_detect_membership|1
|
||||
|
||||
# last_jpegPhoto_lookup|0
|
||||
# ldap_nested_groups|0
|
||||
# ldap_paging_size|500
|
||||
# ldap_turn_on_pwd_change|0
|
||||
# ldap_experienced_admin|0
|
||||
# ldap_dynamic_group_member_url|
|
||||
# ldap_default_ppolicy_dn|
|
||||
# ldap_user_avatar_rule|default
|
||||
# ldap_ext_storage_home_attribute|
|
||||
# _lastChange|1570896933
|
||||
|
||||
cd ${PREV_DIR}
|
||||
@ -38,6 +38,7 @@ RUN set -ex; \
|
||||
php-mbstring \
|
||||
php-curl \
|
||||
ssl-cert \
|
||||
sudo \
|
||||
; \
|
||||
\
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
@ -194,6 +195,29 @@ RUN \
|
||||
rm /var/www/html/index.php /var/www/html/index.php.remove; \
|
||||
}
|
||||
|
||||
ENV LDAP_ENABLE=false
|
||||
ENV LDAP_HOST=
|
||||
ENV LDAP_PORT=389
|
||||
ENV LDAP_BACKUP_HOST=
|
||||
ENV LDAP_BACKUP_PORT=389
|
||||
ENV LDAP_DN=
|
||||
ENV LDAP_AGENT_PASSWORD=
|
||||
ENV LDAP_BASE=
|
||||
ENV LDAP_BASE_USERS
|
||||
ENV LDAP_BASE_GROUPS
|
||||
# space-separated objectclass values
|
||||
ENV LDAP_USERFILTER_OBJECTCLASS=inetOrgPerson
|
||||
ENV LDAP_USERLIST_FILTER
|
||||
ENV LDAP_LOGIN_FILTER
|
||||
ENV LDAP_GROUPFILTER_OBJECTCLASS=organizationalRole
|
||||
ENV LDAP_GROUP_FILTER
|
||||
ENV LDAP_GID_NUMBER=gidNumber
|
||||
ENV LDAP_DISPLAY_NAME=cn
|
||||
ENV LDAP_USER_DISPLAY_NAME_2=
|
||||
ENV LDAP_GROUP_DISPLAY_NAME=cn
|
||||
ENV LDAP_EMAIL_ATTR=mail
|
||||
ENV LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE=memberUid
|
||||
|
||||
EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
@ -142,4 +142,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "$1" = "unitd"
|
||||
fi
|
||||
fi
|
||||
|
||||
sudo -u www-data -E /ldap_setup.sh
|
||||
|
||||
exec "$@"
|
||||
|
||||
105
17.0/unit/ldap_setup.sh
Executable file
105
17.0/unit/ldap_setup.sh
Executable file
@ -0,0 +1,105 @@
|
||||
#!/bin/bash
|
||||
|
||||
# setup LDAP authentication for nextcloud
|
||||
# this script must be run as www-data
|
||||
|
||||
[[ ${LDAP_ENABLE,,} == "true" ]] || {
|
||||
echo Skipping LDAP setup
|
||||
exit 0
|
||||
}
|
||||
|
||||
PREV_DIR=${PWD}
|
||||
cd /var/www/html
|
||||
php occ app:enable user_ldap
|
||||
|
||||
[[ -z ${LDAP_HOST} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_host --value ${LDAP_HOST}
|
||||
php occ config:app:set user_ldap s01ldap_port --value ${LDAP_PORT:-389}
|
||||
}
|
||||
[[ -z ${LDAP_BACKUP_HOST} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_backup_host --value ${LDAP_BACKUP_HOST}
|
||||
php occ config:app:set user_ldap s01ldap_backup_port --value ${LDAP_BACKUP_PORT:-389}
|
||||
}
|
||||
|
||||
# credentials for accessing LDAP directory
|
||||
[[ -z ${LDAP_DN} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_dn --value ${LDAP_DN}
|
||||
}
|
||||
[[ -z ${LDAP_AGENT_PASSWORD} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_agent_password --value ${LDAP_AGENT_PASSWORD}
|
||||
}
|
||||
|
||||
# search base
|
||||
[[ -z ${LDAP_BASE} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_base --value ${LDAP_BASE}
|
||||
php occ config:app:set user_ldap s01ldap_base_users --value ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
|
||||
php occ config:app:set user_ldap s01ldap_base_groups --value ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
|
||||
}
|
||||
|
||||
LDAP_USERFILTER_OBJECTCLASS=${LDAP_USERFILTER_OBJECTCLASS:-inetOrgPerson}
|
||||
php occ config:app:set user_ldap s01ldap_userfilter_objectclass --value "$(echo ${LDAP_USERFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||
|
||||
DEFAULT_FILTER="(|(objectclass=${LDAP_USERFILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||
LDAP_USERLIST_FILTER="${LDAP_USERLIST_FILTER:-${DEFAULT_FILTER}}"
|
||||
php occ config:app:set user_ldap s01ldap_userlist_filter --value "${LDAP_USERLIST_FILTER}"
|
||||
|
||||
# ldap_user_filter_mode|0
|
||||
# ldap_userfilter_groups|
|
||||
|
||||
DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
|
||||
php occ config:app:set user_ldap s01ldap_login_filter --value "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
|
||||
|
||||
# ldap_login_filter_mode|0
|
||||
# ldap_loginfilter_email|0
|
||||
# ldap_loginfilter_username|1
|
||||
# ldap_loginfilter_attributes|
|
||||
|
||||
LDAP_GROUPFILTER_OBJECTCLASS=${LDAP_GROUPFILTER_OBJECTCLASS:-organizationalRole}
|
||||
php occ config:app:set user_ldap s01ldap_groupfilter_objectclass --value "$(echo ${LDAP_GROUPFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||
|
||||
DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUPFILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||
LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
|
||||
php occ config:app:set user_ldap s01ldap_group_filter --value "${LDAP_GROUP_FILTER}"
|
||||
|
||||
# ldap_group_filter_mode|0
|
||||
# ldap_groupfilter_groups|
|
||||
|
||||
php occ config:app:set user_ldap s01ldap_gid_number --value "${LDAP_GID_NUMBER:-gidNumber}"
|
||||
|
||||
php occ config:app:set user_ldap s01ldap_display_name --value "${LDAP_DISPLAY_NAME:-cn}"
|
||||
[[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_user_display_name_2 --value "${LDAP_USER_DISPLAY_NAME_2}"
|
||||
}
|
||||
php occ config:app:set user_ldap s01ldap_group_display_name --value "${LDAP_GROUP_DISPLAY_NAME:-cn}"
|
||||
|
||||
# ldap_tls|0
|
||||
# ldap_quota_def|
|
||||
# ldap_quota_attr|
|
||||
|
||||
php occ config:app:set user_ldap s01ldap_email_attr --value "${LDAP_EMAIL_ATTR:-mail}"
|
||||
php occ config:app:set user_ldap s01ldap_group_member_assoc_attribute --value "${LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE:-memberUid}"
|
||||
|
||||
# ldap_cache_ttl|600
|
||||
|
||||
# home_folder_naming_rule|
|
||||
# ldap_turn_off_cert_check|0
|
||||
# ldap_attributes_for_user_search|
|
||||
# ldap_attributes_for_group_search|
|
||||
# ldap_expert_username_attr|
|
||||
# ldap_expert_uuid_user_attr|
|
||||
# ldap_expert_uuid_group_attr|
|
||||
# has_memberof_filter_support|0
|
||||
# use_memberof_to_detect_membership|1
|
||||
|
||||
# last_jpegPhoto_lookup|0
|
||||
# ldap_nested_groups|0
|
||||
# ldap_paging_size|500
|
||||
# ldap_turn_on_pwd_change|0
|
||||
# ldap_experienced_admin|0
|
||||
# ldap_dynamic_group_member_url|
|
||||
# ldap_default_ppolicy_dn|
|
||||
# ldap_user_avatar_rule|default
|
||||
# ldap_ext_storage_home_attribute|
|
||||
# _lastChange|1570896933
|
||||
|
||||
cd ${PREV_DIR}
|
||||
@ -37,6 +37,7 @@ RUN set -ex; \
|
||||
php-mbstring \
|
||||
php-curl \
|
||||
ssl-cert \
|
||||
sudo \
|
||||
; \
|
||||
\
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
@ -193,6 +194,29 @@ RUN \
|
||||
rm /var/www/html/index.php /var/www/html/index.php.remove; \
|
||||
}
|
||||
|
||||
ENV LDAP_ENABLE=false
|
||||
ENV LDAP_HOST=
|
||||
ENV LDAP_PORT=389
|
||||
ENV LDAP_BACKUP_HOST=
|
||||
ENV LDAP_BACKUP_PORT=389
|
||||
ENV LDAP_DN=
|
||||
ENV LDAP_AGENT_PASSWORD=
|
||||
ENV LDAP_BASE=
|
||||
ENV LDAP_BASE_USERS
|
||||
ENV LDAP_BASE_GROUPS
|
||||
# space-separated objectclass values
|
||||
ENV LDAP_USERFILTER_OBJECTCLASS=inetOrgPerson
|
||||
ENV LDAP_USERLIST_FILTER
|
||||
ENV LDAP_LOGIN_FILTER
|
||||
ENV LDAP_GROUPFILTER_OBJECTCLASS=organizationalRole
|
||||
ENV LDAP_GROUP_FILTER
|
||||
ENV LDAP_GID_NUMBER=gidNumber
|
||||
ENV LDAP_DISPLAY_NAME=cn
|
||||
ENV LDAP_USER_DISPLAY_NAME_2=
|
||||
ENV LDAP_GROUP_DISPLAY_NAME=cn
|
||||
ENV LDAP_EMAIL_ATTR=mail
|
||||
ENV LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE=memberUid
|
||||
|
||||
EXPOSE 9000 9001 9002 9003 9010 9011 9012 9013
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
@ -142,4 +142,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "$1" = "unitd"
|
||||
fi
|
||||
fi
|
||||
|
||||
sudo -u www-data -E /ldap_setup.sh
|
||||
|
||||
exec "$@"
|
||||
|
||||
105
docker-ldap_setup.sh
Executable file
105
docker-ldap_setup.sh
Executable file
@ -0,0 +1,105 @@
|
||||
#!/bin/bash
|
||||
|
||||
# setup LDAP authentication for nextcloud
|
||||
# this script must be run as www-data
|
||||
|
||||
[[ ${LDAP_ENABLE,,} == "true" ]] || {
|
||||
echo Skipping LDAP setup
|
||||
exit 0
|
||||
}
|
||||
|
||||
PREV_DIR=${PWD}
|
||||
cd /var/www/html
|
||||
php occ app:enable user_ldap
|
||||
|
||||
[[ -z ${LDAP_HOST} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_host --value ${LDAP_HOST}
|
||||
php occ config:app:set user_ldap s01ldap_port --value ${LDAP_PORT:-389}
|
||||
}
|
||||
[[ -z ${LDAP_BACKUP_HOST} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_backup_host --value ${LDAP_BACKUP_HOST}
|
||||
php occ config:app:set user_ldap s01ldap_backup_port --value ${LDAP_BACKUP_PORT:-389}
|
||||
}
|
||||
|
||||
# credentials for accessing LDAP directory
|
||||
[[ -z ${LDAP_DN} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_dn --value ${LDAP_DN}
|
||||
}
|
||||
[[ -z ${LDAP_AGENT_PASSWORD} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_agent_password --value ${LDAP_AGENT_PASSWORD}
|
||||
}
|
||||
|
||||
# search base
|
||||
[[ -z ${LDAP_BASE} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_base --value ${LDAP_BASE}
|
||||
php occ config:app:set user_ldap s01ldap_base_users --value ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
|
||||
php occ config:app:set user_ldap s01ldap_base_groups --value ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
|
||||
}
|
||||
|
||||
LDAP_USERFILTER_OBJECTCLASS=${LDAP_USERFILTER_OBJECTCLASS:-inetOrgPerson}
|
||||
php occ config:app:set user_ldap s01ldap_userfilter_objectclass --value "$(echo ${LDAP_USERFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||
|
||||
DEFAULT_FILTER="(|(objectclass=${LDAP_USERFILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||
LDAP_USERLIST_FILTER="${LDAP_USERLIST_FILTER:-${DEFAULT_FILTER}}"
|
||||
php occ config:app:set user_ldap s01ldap_userlist_filter --value "${LDAP_USERLIST_FILTER}"
|
||||
|
||||
# ldap_user_filter_mode|0
|
||||
# ldap_userfilter_groups|
|
||||
|
||||
DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
|
||||
php occ config:app:set user_ldap s01ldap_login_filter --value "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"
|
||||
|
||||
# ldap_login_filter_mode|0
|
||||
# ldap_loginfilter_email|0
|
||||
# ldap_loginfilter_username|1
|
||||
# ldap_loginfilter_attributes|
|
||||
|
||||
LDAP_GROUPFILTER_OBJECTCLASS=${LDAP_GROUPFILTER_OBJECTCLASS:-organizationalRole}
|
||||
php occ config:app:set user_ldap s01ldap_groupfilter_objectclass --value "$(echo ${LDAP_GROUPFILTER_OBJECTCLASS} | tr ' ' '\n')"
|
||||
|
||||
DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUPFILTER_OBJECTCLASS// /)(objectclass=}))"
|
||||
LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
|
||||
php occ config:app:set user_ldap s01ldap_group_filter --value "${LDAP_GROUP_FILTER}"
|
||||
|
||||
# ldap_group_filter_mode|0
|
||||
# ldap_groupfilter_groups|
|
||||
|
||||
php occ config:app:set user_ldap s01ldap_gid_number --value "${LDAP_GID_NUMBER:-gidNumber}"
|
||||
|
||||
php occ config:app:set user_ldap s01ldap_display_name --value "${LDAP_DISPLAY_NAME:-cn}"
|
||||
[[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
|
||||
php occ config:app:set user_ldap s01ldap_user_display_name_2 --value "${LDAP_USER_DISPLAY_NAME_2}"
|
||||
}
|
||||
php occ config:app:set user_ldap s01ldap_group_display_name --value "${LDAP_GROUP_DISPLAY_NAME:-cn}"
|
||||
|
||||
# ldap_tls|0
|
||||
# ldap_quota_def|
|
||||
# ldap_quota_attr|
|
||||
|
||||
php occ config:app:set user_ldap s01ldap_email_attr --value "${LDAP_EMAIL_ATTR:-mail}"
|
||||
php occ config:app:set user_ldap s01ldap_group_member_assoc_attribute --value "${LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE:-memberUid}"
|
||||
|
||||
# ldap_cache_ttl|600
|
||||
|
||||
# home_folder_naming_rule|
|
||||
# ldap_turn_off_cert_check|0
|
||||
# ldap_attributes_for_user_search|
|
||||
# ldap_attributes_for_group_search|
|
||||
# ldap_expert_username_attr|
|
||||
# ldap_expert_uuid_user_attr|
|
||||
# ldap_expert_uuid_group_attr|
|
||||
# has_memberof_filter_support|0
|
||||
# use_memberof_to_detect_membership|1
|
||||
|
||||
# last_jpegPhoto_lookup|0
|
||||
# ldap_nested_groups|0
|
||||
# ldap_paging_size|500
|
||||
# ldap_turn_on_pwd_change|0
|
||||
# ldap_experienced_admin|0
|
||||
# ldap_dynamic_group_member_url|
|
||||
# ldap_default_ppolicy_dn|
|
||||
# ldap_user_avatar_rule|default
|
||||
# ldap_ext_storage_home_attribute|
|
||||
# _lastChange|1570896933
|
||||
|
||||
cd ${PREV_DIR}
|
||||
Loading…
x
Reference in New Issue
Block a user