docker-image-nextcloud/docker-ldap_setup.sh

#!/bin/bash

# setup LDAP authentication for nextcloud
# this script must be run as www-data

[[ ${LDAP_ENABLE,,} == "true" ]] || {
    echo Skipping LDAP setup
    exit 0
}

PREV_DIR=${PWD}
cd /var/www/html
php occ app:enable user_ldap

LDAP_CONFIG_ID=${LDAP_CONFIG_ID:-s01}

[[ "$(php occ ldap:create-empty-config --only-print-prefix)" > "${LDAP_CONFIG_ID}" ]] || {
    # config does not yet exist, create it
    php occ ldap:create-empty-config
}

[[ -z ${LDAP_HOST} ]] || {
    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapHost ${LDAP_HOST}
    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapPort ${LDAP_PORT:-389}
}
[[ -z ${LDAP_BACKUP_HOST} ]] || {
    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupHost ${LDAP_BACKUP_HOST}
    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBackupPort ${LDAP_BACKUP_PORT:-389}
}

# credentials for accessing LDAP directory
[[ -z ${LDAP_AGENT_NAME} ]] || {
    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentName ${LDAP_AGENT_NAME}
}
[[ -z ${LDAP_AGENT_PASSWORD} ]] || {
    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapAgentPassword ${LDAP_AGENT_PASSWORD}
}

# search base
[[ -z ${LDAP_BASE} ]] || {
    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBase ${LDAP_BASE}
    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseUsers ${LDAP_BASE_USERS:-ou=People,${LDAP_BASE}}
    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapBaseGroups ${LDAP_BASE_GROUPS:-ou=Group,${LDAP_BASE}}
}

LDAP_USER_FILTER_OBJECTCLASS=${LDAP_USER_FILTER_OBJECTCLASS:-inetOrgPerson}
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilterObjectclass "$(echo ${LDAP_USER_FILTER_OBJECTCLASS} | tr ' ' '\n')"

DEFAULT_FILTER="(|(objectclass=${LDAP_USER_FILTER_OBJECTCLASS// /)(objectclass=}))"
LDAP_USER_FILTER="${LDAP_USER_FILTER:-${DEFAULT_FILTER}}"
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserFilter "${LDAP_USER_FILTER}"

# | ldapUserFilterGroups          |             |
# | ldapUserFilterMode            | 0           |

DEFAULT_LOGIN_FILTER="(&${DEFAULT_FILTER}(uid=%uid))"
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapLoginFilter "${LDAP_LOGIN_FILTER:-${DEFAULT_LOGIN_FILTER}}"

# | ldapLoginFilterAttributes     |             |
# | ldapLoginFilterEmail          | 0           |
# | ldapLoginFilterMode           | 0           |
# | ldapLoginFilterUsername       | 1           |

LDAP_GROUP_FILTER_OBJECTCLASS=${LDAP_GROUP_FILTER_OBJECTCLASS:-organizationalRole}
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilterObjectclass "$(echo ${LDAP_GROUP_FILTER_OBJECTCLASS} | tr ' ' '\n')"

DEFAULT_GFILTER="(|(objectclass=${LDAP_GROUP_FILTER_OBJECTCLASS// /)(objectclass=}))"
LDAP_GROUP_FILTER="${LDAP_GROUP_FILTER:-${DEFAULT_GFILTER}}"
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupFilter "${LDAP_GROUP_FILTER}"

# | ldapGroupFilterGroups         |             |
# | ldapGroupFilterMode           | 0           |

php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGidNumber "${LDAP_GID_NUMBER:-gidNumber}"

php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName "${LDAP_USER_DISPLAY_NAME:-cn}"
[[ -z ${LDAP_USER_DISPLAY_NAME_2} ]] || {
    php occ ldap:set-config ${LDAP_CONFIG_ID} ldapUserDisplayName2 "${LDAP_USER_DISPLAY_NAME_2}"
}
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupDisplayName "${LDAP_GROUP_DISPLAY_NAME:-cn}"

# | ldapTLS                       | 0           |
# | ldapQuotaAttribute            |             |
# | ldapQuotaDefault              |             |

php occ ldap:set-config ${LDAP_CONFIG_ID} ldapEmailAttribute "${LDAP_EMAIL_ATTRIBUTE:-mail}"
php occ ldap:set-config ${LDAP_CONFIG_ID} ldapGroupMemberAssocAttr "${LDAP_GROUP_MEMBER_ASSOC_ATTR:-memberUid}"

# | hasMemberOfFilterSupport      | 0           |
# | homeFolderNamingRule          |             |
# | lastJpegPhotoLookup           | 0           |
# | ldapAttributesForGroupSearch  |             |
# | ldapAttributesForUserSearch   |             |
# | ldapCacheTTL                  | 600         |
# | ldapConfigurationActive       | 0           |
# | ldapDefaultPPolicyDN          |             |
# | ldapDynamicGroupMemberURL     |             |
# | ldapExperiencedAdmin          | 0           |
# | ldapExpertUUIDGroupAttr       |             |
# | ldapExpertUUIDUserAttr        |             |
# | ldapExpertUsernameAttr        |             |
# | ldapExtStorageHomeAttribute   |             |
# | ldapIgnoreNamingRules         |             |
# | ldapNestedGroups              | 0           |
# | ldapOverrideMainServer        |             |
# | ldapPagingSize                | 500         |
# | ldapUserAvatarRule            | default     |
# | ldapUuidGroupAttribute        | auto        |
# | ldapUuidUserAttribute         | auto        |
# | turnOffCertCheck              | 0           |
# | turnOnPasswordChange          | 0           |
# | useMemberOfToDetectMembership | 1           |

cd ${PREV_DIR}