authelia: enable password reset (#251)

docker-compose/nextcloud/ldap.sh.j2

Signed-off-by: Michael Grote <michael.grote@posteo.de>

Reviewed-on: #251
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>

docker-compose/authelia/configuration.yml.j2

@@ -63,7 +63,7 @@ notifier:
 # https://github.com/lldap/lldap/blob/main/example_configs/authelia_config.yml
 authentication_backend:
   password_reset:
-    disable: true
+    disable: false
   refresh_interval: 1m
   ldap:
     implementation: custom
@@ -83,4 +83,4 @@ authentication_backend:
     user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net
     password: '{{ lookup('viczem.keepass.keepass', 'authelia/lldap_authelia_bind_user', 'password') }}'
 
-# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/
+# Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/

docker-compose/authelia/docs.md

@@ -0,0 +1,7 @@
+# authelia function matrix
+
+| App            | User                  | Password Reset | Group                                              |
+| -              | -                     | -              | -                                                  |
+| ``authelia_*`` | `authelia_bind_user`  | yes            | `lldap_password_manager`                           |
+| `forgejo`      | `forgejo_bind_user`   | no             | `lldap_strict_readonly` + `lldap_password_manager` |
+| `nextcloud`    | `nextcloud_bind_user` | yes            | `lldap_password_manager`                           |

docker-compose/nextcloud/ldap.sh.j2

@@ -45,5 +45,6 @@ php occ ldap:set-config s01 ldapUuidGroupAttribute auto
 php occ ldap:set-config s01 ldapUuidUserAttribute auto
 php occ ldap:set-config s01 ldapExpertUsernameAttr user_id
 php occ ldap:set-config s01 ldap_mark_remnants_as_disabled 1
+php occ ldap:set-config s01 ldap_turn_on_pwd_change 1
 
 # damit der Login über LDAP geht muss das Attribute "DisplayName" gesetzt sein!