#!/bin/bash # setup LDAP authentication for nextcloud # this script must be run as www-data [[ ${LDAP_ENABLE,,} == "true" ]] || { echo Skipping LDAP setup exit 0 } PREV_DIR=${PWD} cd /var/www/html php occ app:enable user_ldap LDAP_CONFIG_ID=${LDAP_CONFIG_ID:-s01} [[ "$(php occ ldap:create-empty-config --only-print-prefix)" > "${LDAP_CONFIG_ID}" ]] || { # config does not yet exist, create it php occ ldap:create-empty-config } [[ -z ${LDAP_HOST} ]] || { php occ ldap:set-config ${LDAP_CONFIG_ID} ldapHost ${LDAP_HOST} php occ ldap:set-config ${LDAP_CONFIG_ID} ldapPort ${LDAP_PORT:-389} } [[ -z ${LDAP_BACKUP_HOST} ]] || { php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupHost ${LDAP_BACKUP_HOST} php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupPort ${LDAP_BACKUP_PORT:-389} } # credentials for accessing LDAP directory [[ -z ${LDAP_AGENT_NAME} ]] || { php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentName ${LDAP_AGENT_NAME} } [[ -z ${LDAP_AGENT_PASSWORD} ]] || { php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentPassword ${LDAP_AGENT_PASSWORD} } # search base [[ -z ${LDAP_BASE} ]] || { php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBase ${LDAP_BASE} php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseUsers ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}} php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseGroups ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}} } LDAP_USER_FILTER_OBJECTCLASS=${LDAP_USER_FILTER_OBJECTCLASS:-inetOrgPerson} php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilterObjectclass "$(echo ${LDAP_USER_FILTER_OBJECTCLASS} | tr ' ' '\n')" DEFAULT_FILTER="(|(objectclass=${LDAP_USER_FILTER_OBJECTCLASS// /)(objectclass=}))" LDAP_USER_FILTER="${LDAP_USER_FILTER:-${DEFAULT_FILTER}}" php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilter "${LDAP_USER_FILTER}" # | ldapUserFilterGroups | | # | ldapUserFilterMode | 0 | DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))" php occ ldap:set-config ${LDAP_CONFIG_ID} ldapLoginFilter "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}" # | ldapLoginFilterAttributes | | # | ldapLoginFilterEmail | 0 | # | ldapLoginFilterMode | 0 | # | ldapLoginFilterUsername | 1 | LDAP_GROUP_FILTER_OBJECTCLASS=${LDAP_GROUP_FILTER_OBJECTCLASS:-organizationalRole} php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilterObjectclass "$(echo ${LDAP_GROUP_FILTER_OBJECTCLASS} | tr ' ' '\n')" DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUP_FILTER_OBJECTCLASS// /)(objectclass=}))" LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}" php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilter "${LDAP_GROUP_FILTER}" # | ldapGroupFilterGroups | | # | ldapGroupFilterMode | 0 | php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGidNumber "${LDAP_GID_NUMBER:-gidNumber}" php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName "${LDAP_USER_DISPLAY_NAME:-cn}" [[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || { php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName2 "${LDAP_USER_DISPLAY_NAME_2}" } php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupDisplayName "${LDAP_GROUP_DISPLAY_NAME:-cn}" # | ldapTLS | 0 | # | ldapQuotaAttribute | | # | ldapQuotaDefault | | php occ ldap:set-config ${LDAP_CONFIG_ID} ldapEmailAttribute "${LDAP_EMAIL_ATTRIBUTE:-mail}" php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupMemberAssocAttr "${LDAP_GROUP_MEMBER_ASSOC_ATTR:-memberUid}" # | hasMemberOfFilterSupport | 0 | # | homeFolderNamingRule | | # | lastJpegPhotoLookup | 0 | # | ldapAttributesForGroupSearch | | # | ldapAttributesForUserSearch | | # | ldapCacheTTL | 600 | # | ldapConfigurationActive | 0 | # | ldapDefaultPPolicyDN | | # | ldapDynamicGroupMemberURL | | # | ldapExperiencedAdmin | 0 | # | ldapExpertUUIDGroupAttr | | # | ldapExpertUUIDUserAttr | | # | ldapExpertUsernameAttr | | # | ldapExtStorageHomeAttribute | | # | ldapIgnoreNamingRules | | # | ldapNestedGroups | 0 | # | ldapOverrideMainServer | | # | ldapPagingSize | 500 | # | ldapUserAvatarRule | default | # | ldapUuidGroupAttribute | auto | # | ldapUuidUserAttribute | auto | # | turnOffCertCheck | 0 | # | turnOnPasswordChange | 0 | # | useMemberOfToDetectMembership | 1 | cd ${PREV_DIR}