diff --git a/docker-compose/authelia/configuration.yml.j2 b/docker-compose/authelia/configuration.yml.j2 index e1b674a7..526b9e24 100644 --- a/docker-compose/authelia/configuration.yml.j2 +++ b/docker-compose/authelia/configuration.yml.j2 @@ -63,7 +63,7 @@ notifier: # https://github.com/lldap/lldap/blob/main/example_configs/authelia_config.yml authentication_backend: password_reset: - disable: true + disable: false refresh_interval: 1m ldap: implementation: custom @@ -83,4 +83,4 @@ authentication_backend: user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net password: '{{ lookup('viczem.keepass.keepass', 'authelia/lldap_authelia_bind_user', 'password') }}' -# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/ +# Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/ diff --git a/docker-compose/authelia/docs.md b/docker-compose/authelia/docs.md new file mode 100644 index 00000000..0de5d256 --- /dev/null +++ b/docker-compose/authelia/docs.md @@ -0,0 +1,7 @@ +# authelia function matrix + +| App | User | Password Reset | Group | +| - | - | - | - | +| ``authelia_*`` | `authelia_bind_user` | yes | `lldap_password_manager` | +| `forgejo` | `forgejo_bind_user` | no | `lldap_strict_readonly` + `lldap_password_manager` | +| `nextcloud` | `nextcloud_bind_user` | yes | `lldap_password_manager` | diff --git a/docker-compose/nextcloud/ldap.sh.j2 b/docker-compose/nextcloud/ldap.sh.j2 index b4f85b2b..5b602c4d 100644 --- a/docker-compose/nextcloud/ldap.sh.j2 +++ b/docker-compose/nextcloud/ldap.sh.j2 @@ -45,5 +45,6 @@ php occ ldap:set-config s01 ldapUuidGroupAttribute auto php occ ldap:set-config s01 ldapUuidUserAttribute auto php occ ldap:set-config s01 ldapExpertUsernameAttr user_id php occ ldap:set-config s01 ldap_mark_remnants_as_disabled 1 +php occ ldap:set-config s01 ldap_turn_on_pwd_change 1 # damit der Login über LDAP geht muss das Attribute "DisplayName" gesetzt sein!