all-in-one

mirror of https://github.com/nextcloud/all-in-one.git synced 2024-11-10 08:52:39 +08:00

History

Jean-Yves 07a8367181 LLDAP - Update ReadMe (#4571 ) Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>		2024-04-30 12:05:57 +02:00
..
lldap.json	Add lldap comunity container (#4398 )	2024-04-04 10:26:42 +02:00
readme.md	LLDAP - Update ReadMe (#4571 )	2024-04-30 12:05:57 +02:00

readme.md

Light LDAP server

This container bundles LLDAP server and auto-configures your Nextcloud instance for you.

Notes

In order to access your LLDAP web interface outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following these instructions OR use the Caddy community container that will automatically configure ldap.$NC_DOMAIN to redirect to your Lldap. You need to point the reverse proxy at port 17170 of this server.
After adding and starting the container, you can log in to the lldap web interface by using the username admin and the password that you can retrieve via sudo docker inspect nextcloud-aio-lldap | grep LLDAP_JWT_SECRET.
To configure Nextcloud, you can use the generic configuration proposed below.
For advanced configurations, see how to configure a client with lldap https://github.com/lldap/lldap#client-configuration
Also, see how Nextcloud's LDAP application works https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

Generic Nextcloud LDAP config

Functionality with this configuration:

User and group management.
Login via username (or email) and password.
Profile picture sync.
Synchronization of administrator accounts (via the lldap_admin group).

For simplicity, this configuration is done via the command line (don't worry, it's very simple).

First, you need to retrieve the LLDAP admin password, this will be used later on. Which you need to type in or copy and paste:

sudo docker inspect nextcloud-aio-lldap | grep LLDAP_LDAP_USER_PASS

Now go into the Nextcloud container:

sudo docker exec --user www-data -it nextcloud-aio-nextcloud bash

Now inside the container:

# Get Base
BASE_DN="dc=${NC_DOMAIN//./,dc=}"

# Create a new empty ldap config
CONF_NAME=$(php /var/www/html/occ ldap:create-empty-config -p)

# Check that the base DN matches your domain and retrieve your configuration name
echo "Base DN: '$BASE_DN', Config name: '$CONF_NAME'"

# Set the ldap password
php /var/www/html/occ ldap:set-config $CONF_NAME ldapAgentPassword "<your-password>"

# Set the ldap config: Host and connection
php /var/www/html/occ ldap:set-config $CONF_NAME ldapAdminGroup       lldap_admin
php /var/www/html/occ ldap:set-config $CONF_NAME ldapAgentName        "cn=admin,ou=people,$BASE_DN"
php /var/www/html/occ ldap:set-config $CONF_NAME ldapBase             "$BASE_DN"
php /var/www/html/occ ldap:set-config $CONF_NAME ldapHost             "ldap://nextcloud-aio-lldap"
php /var/www/html/occ ldap:set-config $CONF_NAME ldapPort             3890
php /var/www/html/occ ldap:set-config $CONF_NAME ldapTLS              0
php /var/www/html/occ ldap:set-config $CONF_NAME turnOnPasswordChange 0

# Set the ldap config: Users
php /var/www/html/occ ldap:set-config $CONF_NAME ldapBaseUsers             "ou=people,$BASE_DN"
php /var/www/html/occ ldap:set-config $CONF_NAME ldapEmailAttribute        mail
php /var/www/html/occ ldap:set-config $CONF_NAME ldapGidNumber             gidNumber
php /var/www/html/occ ldap:set-config $CONF_NAME ldapLoginFilter           "(&(|(objectclass=person))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))"
php /var/www/html/occ ldap:set-config $CONF_NAME ldapLoginFilterEmail      1
php /var/www/html/occ ldap:set-config $CONF_NAME ldapLoginFilterUsername   1
php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserAvatarRule        default
php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserDisplayName       cn
php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserFilter            "(|(objectclass=person))"
php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserFilterMode        0
php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserFilterObjectclass person

# Set the ldap config: Groups
php /var/www/html/occ ldap:set-config $CONF_NAME ldapBaseGroups                "ou=groups,$BASE_DN"
php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupDisplayName          cn
php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupFilter               "(&(|(objectclass=groupOfUniqueNames)))"
php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupFilterMode           0
php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupFilterObjectclass    groupOfUniqueNames
php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupMemberAssocAttr      uniqueMember
php /var/www/html/occ ldap:set-config $CONF_NAME useMemberOfToDetectMembership 1

# Optional : Check the configuration
#php /var/www/html/occ ldap:show-config $CONF_NAME

# Test the ldap config
php /var/www/html/occ ldap:test-config $CONF_NAME

# Enable ldap config
php /var/www/html/occ ldap:set-config $CONF_NAME ldapConfigurationActive 1

# Exit the container shell
exit

It's done ! All you have to do is go to the Nextcloud administration interface to see the magic of LDAP.

Repository

https://github.com/lldap/lldap

Maintainer

https://github.com/docjyj