add script

docker-compose/nextcloud_ldap/docker-compose.yml.j2

@@ -75,20 +75,24 @@ services:
       - nextcloud-redis-ldap
       - nextcloud-cron-ldap
     environment:
+        # redis
         REDIS_HOST: nextcloud-redis-ldap
         REDIS_HOST_PASSWORD: "{{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}"
+        # mysql
         MYSQL_DATABASE: nextcloud
         MYSQL_USER: nextcloud
         MYSQL_PASSWORD: "{{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}"
         MYSQL_HOST: nextcloud-db-ldap
-        NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.mgrote.net"
+        # mail
         SMTP_HOST: mail-relay
-        #SMTP_SECURE: tls
         SMTP_PORT: 25
-        #SMTP_AUTHTYPE: LOGIN
         SMTP_NAME: info@mgrote.net
-        #SMTP_PASSWORD: "{{ lookup('keepass', 'strato_smtp_password', 'password') }}"
+        MAIL_FROM_ADDRESS: nextcloud@mgrote.net
-        MAIL_FROM_ADDRESS: info@mgrote.net
+        # admin
+        NEXTCLOUD_ADMIN_USER: n-admin
+        NEXTCLOUD_ADMIN_PASSWORD: "{{ lookup('keepass', 'nextcloud_admin_user_password', 'password') }}"
+        # misc
+        NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.mgrote.net"
         PHP_MEMORY_LIMIT: 1024M
         PHP_UPLOAD_LIMIT: 10G
         APACHE_DISABLE_REWRITE_IP: 1
@@ -99,6 +103,8 @@ services:
     volumes:
       - app-ldap:/var/www/html
       - data-ldap:/var/www/html/data
+      # hook-script nach install welches die ldap-config setzt
+      - ./ldap.sh:/docker-entrypoint-hooks.d/post-installation
     networks:
       - intern
       - traefik

docker-compose/nextcloud_ldap/ldap.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# Vorraussetzungen siehe https://github.com/lldap/lldap/blob/main/example_configs/nextcloud.md
+# lldap_bind_user=nextcloud_bind_user
+# lldap_bind_user_pass="{{ lookup('keepass', 'nextcloud_lldap_bind_user_pass', 'password') }}"
+# lldap_bind_user_groups=lldap_strict_readonly
+
+docker exec --user www-data nextcloud-app-ldap php occ app:install user_ldap
+docker exec --user www-data nextcloud-app-ldap php occ app:enable user_ldap
+docker exec --user www-data nextcloud-app-ldap php occ ldap:create-empty-config
+
+# EDIT: domain
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapHost "ldap://ldap.mgrote.net."
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapPort 3890
+# EDIT: admin user
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapAgentName "uid=nextcloud_bind_user,ou=people,dc=mgrote,dc=net"
+# EDIT: password
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapAgentPassword "{{ lookup('keepass', 'nextcloud_lldap_bind_user_pass', 'password') }}"
+# EDIT: Base DN
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapBase "dc=mgrote,dc=net"
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapBaseUsers "dc=mgrote,dc=net"
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapBaseGroups "dc=mgrote,dc=net"
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapConfigurationActive 1
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapLoginFilter "(&(objectclass=person)(uid=%uid))"
+# EDIT: nextcloud group, contains the users who can login to Nextcloud
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapUserFilter "(&(objectclass=person)(memberOf=cn=nextcloud,ou=groups,dc=mgrote,dc=net))"
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapUserFilterMode 0
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapUserFilterObjectclass person
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 turnOnPasswordChange 0
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapCacheTTL 600
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapExperiencedAdmin 0
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapGidNumber gidNumber
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapGroupMemberAssocAttr uniqueMember
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapEmailAttribute "mail"
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapLoginFilterEmail 0
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapLoginFilterUsername 1
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapMatchingRuleInChainState unknown
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapNestedGroups 0
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapPagingSize 500
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapTLS 0
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapUserAvatarRule default
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapUserDisplayName displayname
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapUserFilterMode 1
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapUuidGroupAttribute auto
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapUuidUserAttribute auto
+docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapExpertUsernameAttr user_id
+
+
+# diese script als template und als jinja fur l+oakles ausführenr ein templaten, oder vllt direkt als hook script