Michael Grote
28f22968da
Reviewed-on: #127
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
ci: testing deployment (#128)
Reviewed-on: #128
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
ci: test
ci: enable deployment
ci: set ssh-key for deployment
ci: debug
ci: deactivate ansible-lint temporarily
ci: deactivate ansible-galaxy temporarily
ci: debug ssh-key shell redirect
ci: base64
ci: debug
ci: debug
ci: fix output
Revert "ci: deactivate ansible-lint temporarily"
This reverts commit 6729342f26.
ci: fix vault-pass secret
pbs_integration: enable no_log
ci: debug ansible-vault
ci: debug
ci: ansible-vault + move to viczem.keepass (#130)
Reviewed-on: #130
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
ff
plugin umbennennugn
ff
49 lines
2.6 KiB
Django/Jinja
49 lines
2.6 KiB
Django/Jinja
#!/bin/bash
|
|
|
|
# Vorraussetzungen siehe https://github.com/lldap/lldap/blob/main/example_configs/nextcloud.md
|
|
# lldap_bind_user=nextcloud_bind_user
|
|
# lldap_bind_user_pass="{{ lookup('viczem.keepass.keepass', 'nextcloud_lldap_bind_user_pass', 'password') }}"
|
|
# lldap_bind_user_groups=lldap_strict_readonly
|
|
|
|
php occ app:install user_ldap
|
|
php occ app:enable user_ldap
|
|
#php occ ldap:create-empty-config # wird nur bei komplett neuer nextcloud benötigt, legt sonst bei jedem durchlauf weitere ldap-configs an
|
|
|
|
# EDIT: domain
|
|
php occ ldap:set-config s01 ldapHost "ldap://ldap.mgrote.net."
|
|
php occ ldap:set-config s01 ldapPort 3890
|
|
# EDIT: admin user
|
|
php occ ldap:set-config s01 ldapAgentName "uid=nextcloud_bind_user,ou=people,dc=mgrote,dc=net"
|
|
# EDIT: password
|
|
php occ ldap:set-config s01 ldapAgentPassword "{{ lookup('viczem.keepass.keepass', 'nextcloud_lldap_bind_user_pass', 'password') }}"
|
|
# EDIT: Base DN
|
|
php occ ldap:set-config s01 ldapBase "dc=mgrote,dc=net"
|
|
php occ ldap:set-config s01 ldapBaseUsers "dc=mgrote,dc=net"
|
|
php occ ldap:set-config s01 ldapBaseGroups "dc=mgrote,dc=net"
|
|
php occ ldap:set-config s01 ldapConfigurationActive 1
|
|
php occ ldap:set-config s01 ldapLoginFilter "(&(&(objectclass=person)(memberOf=cn=nextcloud,ou=groups,dc=mgrote,dc=net))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))"
|
|
# EDIT: nextcloud group, contains the users who can login to Nextcloud
|
|
php occ ldap:set-config s01 ldapUserFilter "(&(objectclass=person)(memberOf=cn=nextcloud,ou=groups,dc=mgrote,dc=net))"
|
|
php occ ldap:set-config s01 ldapUserFilterMode 0
|
|
php occ ldap:set-config s01 ldapUserFilterObjectclass person
|
|
php occ ldap:set-config s01 turnOnPasswordChange 0
|
|
php occ ldap:set-config s01 ldapCacheTTL 600
|
|
php occ ldap:set-config s01 ldapExperiencedAdmin 0
|
|
php occ ldap:set-config s01 ldapGidNumber gidNumber
|
|
php occ ldap:set-config s01 ldapGroupMemberAssocAttr uniqueMember
|
|
php occ ldap:set-config s01 ldapEmailAttribute "mail"
|
|
php occ ldap:set-config s01 ldapLoginFilterEmail 0
|
|
php occ ldap:set-config s01 ldapLoginFilterUsername 1
|
|
php occ ldap:set-config s01 ldapMatchingRuleInChainState unknown
|
|
php occ ldap:set-config s01 ldapNestedGroups 0
|
|
php occ ldap:set-config s01 ldapPagingSize 500
|
|
php occ ldap:set-config s01 ldapTLS 0
|
|
php occ ldap:set-config s01 ldapUserAvatarRule default
|
|
php occ ldap:set-config s01 ldapUserDisplayName displayname
|
|
php occ ldap:set-config s01 ldapUserFilterMode 1
|
|
php occ ldap:set-config s01 ldapUuidGroupAttribute auto
|
|
php occ ldap:set-config s01 ldapUuidUserAttribute auto
|
|
php occ ldap:set-config s01 ldapExpertUsernameAttr user_id
|
|
php occ ldap:set-config s01 ldap_mark_remnants_as_disabled 1
|
|
|
|
# damit der Login über LDAP geht muss das Attribute "DisplayName" gesetzt sein!
|