#!/bin/bash

# Vorraussetzungen siehe https://github.com/lldap/lldap/blob/main/example_configs/nextcloud.md
# lldap_bind_user=nextcloud_bind_user
# lldap_bind_user_pass="{{ lookup('keepass', 'nextcloud_lldap_bind_user_pass', 'password') }}"
# lldap_bind_user_groups=lldap_strict_readonly

docker exec --user www-data nextcloud-app-ldap php occ app:install user_ldap
docker exec --user www-data nextcloud-app-ldap php occ app:enable user_ldap
docker exec --user www-data nextcloud-app-ldap php occ ldap:create-empty-config

# EDIT: domain
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapHost "ldap://ldap.mgrote.net."
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapPort 3890
# EDIT: admin user
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapAgentName "uid=nextcloud_bind_user,ou=people,dc=mgrote,dc=net"
# EDIT: password
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapAgentPassword "{{ lookup('keepass', 'nextcloud_lldap_bind_user_pass', 'password') }}"
# EDIT: Base DN
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapBase "dc=mgrote,dc=net"
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapBaseUsers "dc=mgrote,dc=net"
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapBaseGroups "dc=mgrote,dc=net"
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapConfigurationActive 1
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapLoginFilter "(&(objectclass=person)(uid=%uid))"
# EDIT: nextcloud group, contains the users who can login to Nextcloud
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapUserFilter "(&(objectclass=person)(memberOf=cn=nextcloud,ou=groups,dc=mgrote,dc=net))"
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapUserFilterMode 0
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapUserFilterObjectclass person
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 turnOnPasswordChange 0
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapCacheTTL 600
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapExperiencedAdmin 0
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapGidNumber gidNumber
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapGroupMemberAssocAttr uniqueMember
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapEmailAttribute "mail"
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapLoginFilterEmail 0
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapLoginFilterUsername 1
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapMatchingRuleInChainState unknown
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapNestedGroups 0
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapPagingSize 500
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapTLS 0
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapUserAvatarRule default
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapUserDisplayName displayname
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapUserFilterMode 1
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapUuidGroupAttribute auto
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapUuidUserAttribute auto
docker exec --user www-data nextcloud-app-ldap php occ ldap:set-config s01 ldapExpertUsernameAttr user_id


# diese script als template und als jinja fur l+oakles ausführenr ein templaten, oder vllt direkt als hook script