#!/bin/bash # setup LDAP authentication for nextcloud # this script must be run as www-data [[ ${LDAP_ENABLE,,} == "true" ]] || { echo Skipping LDAP setup exit 0 } PREV_DIR=${PWD} cd /var/www/html php occ app:enable user_ldap [[ -z ${LDAP_HOST} ]] || { php occ config:app:set user_ldap s01ldap_host --value ${LDAP_HOST} php occ config:app:set user_ldap s01ldap_port --value ${LDAP_PORT:-389} } [[ -z ${LDAP_BACKUP_HOST} ]] || { php occ config:app:set user_ldap s01ldap_backup_host --value ${LDAP_BACKUP_HOST} php occ config:app:set user_ldap s01ldap_backup_port --value ${LDAP_BACKUP_PORT:-389} } # credentials for accessing LDAP directory [[ -z ${LDAP_DN} ]] || { php occ config:app:set user_ldap s01ldap_dn --value ${LDAP_DN} } [[ -z ${LDAP_AGENT_PASSWORD} ]] || { php occ config:app:set user_ldap s01ldap_agent_password --value ${LDAP_AGENT_PASSWORD} } # search base [[ -z ${LDAP_BASE} ]] || { php occ config:app:set user_ldap s01ldap_base --value ${LDAP_BASE} php occ config:app:set user_ldap s01ldap_base_users --value ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}} php occ config:app:set user_ldap s01ldap_base_groups --value ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}} } LDAP_USERFILTER_OBJECTCLASS=${LDAP_USERFILTER_OBJECTCLASS:-inetOrgPerson} php occ config:app:set user_ldap s01ldap_userfilter_objectclass --value "$(echo ${LDAP_USERFILTER_OBJECTCLASS} | tr ' ' '\n')" DEFAULT_FILTER="(|(objectclass=${LDAP_USERFILTER_OBJECTCLASS// /)(objectclass=}))" LDAP_USERLIST_FILTER="${LDAP_USERLIST_FILTER:-${DEFAULT_FILTER}}" php occ config:app:set user_ldap s01ldap_userlist_filter --value "${LDAP_USERLIST_FILTER}" # ldap_user_filter_mode|0 # ldap_userfilter_groups| DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))" php occ config:app:set user_ldap s01ldap_login_filter --value "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}" # ldap_login_filter_mode|0 # ldap_loginfilter_email|0 # ldap_loginfilter_username|1 # ldap_loginfilter_attributes| LDAP_GROUPFILTER_OBJECTCLASS=${LDAP_GROUPFILTER_OBJECTCLASS:-organizationalRole} php occ config:app:set user_ldap s01ldap_groupfilter_objectclass --value "$(echo ${LDAP_GROUPFILTER_OBJECTCLASS} | tr ' ' '\n')" DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUPFILTER_OBJECTCLASS// /)(objectclass=}))" LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}" php occ config:app:set user_ldap s01ldap_group_filter --value "${LDAP_GROUP_FILTER}" # ldap_group_filter_mode|0 # ldap_groupfilter_groups| php occ config:app:set user_ldap s01ldap_gid_number --value "${LDAP_GID_NUMBER:-gidNumber}" php occ config:app:set user_ldap s01ldap_display_name --value "${LDAP_DISPLAY_NAME:-cn}" [[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || { php occ config:app:set user_ldap s01ldap_user_display_name_2 --value "${LDAP_USER_DISPLAY_NAME_2}" } php occ config:app:set user_ldap s01ldap_group_display_name --value "${LDAP_GROUP_DISPLAY_NAME:-cn}" # ldap_tls|0 # ldap_quota_def| # ldap_quota_attr| php occ config:app:set user_ldap s01ldap_email_attr --value "${LDAP_EMAIL_ATTR:-mail}" php occ config:app:set user_ldap s01ldap_group_member_assoc_attribute --value "${LDAP_GROUP_MEMBER_ASSOC_ATTRIBUTE:-memberUid}" # ldap_cache_ttl|600 # home_folder_naming_rule| # ldap_turn_off_cert_check|0 # ldap_attributes_for_user_search| # ldap_attributes_for_group_search| # ldap_expert_username_attr| # ldap_expert_uuid_user_attr| # ldap_expert_uuid_group_attr| # has_memberof_filter_support|0 # use_memberof_to_detect_membership|1 # last_jpegPhoto_lookup|0 # ldap_nested_groups|0 # ldap_paging_size|500 # ldap_turn_on_pwd_change|0 # ldap_experienced_admin|0 # ldap_dynamic_group_member_url| # ldap_default_ppolicy_dn| # ldap_user_avatar_rule|default # ldap_ext_storage_home_attribute| # _lastChange|1570896933 cd ${PREV_DIR}