LLDAP - Update ReadMe (#4571)

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>

community-containers/lldap/readme.md

@@ -1,13 +1,30 @@
 ## Light LDAP server
-This container bundles LLDAP server and auto-configures your nextcloud instance for you.
+This container bundles LLDAP server and auto-configures your Nextcloud instance for you.
 
 ### Notes
 - In order to access your LLDAP web interface outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `ldap.$NC_DOMAIN` to redirect to your Lldap. You need to point the reverse proxy at port 17170 of this server.
-- After adding and starting the container, you can log in to the lldap web interface by using the password that you can retrieve via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_JWT_SECRET`.
+- After adding and starting the container, you can log in to the lldap web interface by using the username `admin` and the password that you can retrieve via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_JWT_SECRET`.
-- Also, you need to run the following script one time in order to activate the ldap config in nextcloud so that Nextcloud uses lldap as user backend. You can see a [nextcloud example configuration provide by LLDAP](https://github.com/lldap/lldap/blob/main/example_configs/nextcloud.md)<br>
+- To configure Nextcloud, you can use the generic configuration proposed below.
-    First, you need to retrieve the LLDAP admin password via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_LDAP_USER_PASS`. This will be used later on which you need to type in or copy and paste.
+- For advanced configurations, see how to configure a client with lldap https://github.com/lldap/lldap#client-configuration
+- Also, see how Nextcloud's LDAP application works https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Generic Nextcloud LDAP config
+Functionality with this configuration:
+- User and group management.
+- Login via username (or email) and password.
+- Profile picture sync.
+- Synchronization of administrator accounts (via the lldap_admin group).
+
+> For simplicity, this configuration is done via the command line (don't worry, it's very simple).
+
+First, you need to retrieve the LLDAP admin password, this will be used later on. Which you need to type in or copy and paste:
+```bash
+sudo docker inspect nextcloud-aio-lldap | grep LLDAP_LDAP_USER_PASS
+```
+
+Now go into the Nextcloud container:
 ```bash
-    # Now go into the container
 sudo docker exec --user www-data -it nextcloud-aio-nextcloud bash
 ```
 Now inside the container:
@@ -18,50 +35,56 @@ This container bundles LLDAP server and auto-configures your nextcloud instance
 # Create a new empty ldap config
 CONF_NAME=$(php /var/www/html/occ ldap:create-empty-config -p)
 
-    # Set the ldap password
+# Check that the base DN matches your domain and retrieve your configuration name
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapAgentPassword "<your-password>"
+echo "Base DN: '$BASE_DN', Config name: '$CONF_NAME'"
 
-    # Set the ldap config
+# Set the ldap password
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapAgentName                "uid=ro_admin,ou=people,$BASE_DN"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapAgentPassword "<your-password>"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapBase                     "$BASE_DN"
+
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapBaseGroups               "$BASE_DN"
+# Set the ldap config: Host and connection
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapBaseUsers                "$BASE_DN"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapAdminGroup       lldap_admin
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapCacheTTL                 600
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapAgentName        "cn=admin,ou=people,$BASE_DN"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapConfigurationActive      1
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapBase             "$BASE_DN"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapEmailAttribute           "mail"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapHost             "ldap://nextcloud-aio-lldap"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapExperiencedAdmin         0
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapPort             3890
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGidNumber                "gidNumber"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapTLS              0
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupDisplayName         "cn"
+php /var/www/html/occ ldap:set-config $CONF_NAME turnOnPasswordChange 0
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilter              "(&(objectclass=groupOfUniqueNames))"
+
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilterGroups        ""
+# Set the ldap config: Users
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilterMode          0
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapBaseUsers             "ou=people,$BASE_DN"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilterObjectclass   "groupOfUniqueNames"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapEmailAttribute        mail
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupMemberAssocAttr     "uniqueMember"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapGidNumber             gidNumber
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapHost                     "nextcloud-aio-lldap"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapLoginFilter           "(&(|(objectclass=person))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapLoginFilterAttributes    "uid"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapLoginFilterEmail      1
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapLoginFilterEmail         0
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapLoginFilterUsername   1
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapLoginFilterUsername      1
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserAvatarRule        default
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapMatchingRuleInChainState "unknown"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserDisplayName       cn
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapNestedGroups             0
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserFilter            "(|(objectclass=person))"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapPagingSize               500
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserFilterMode        0
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapPort                     3890
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserFilterObjectclass person
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapTLS                      0
+
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserAvatarRule           "default"
+# Set the ldap config: Groups
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserDisplayName          "displayname"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapBaseGroups                "ou=groups,$BASE_DN"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserFilter               "(&(objectClass=person)(uid=%uid))"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupDisplayName          cn
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserFilterMode           1
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupFilter               "(&(|(objectclass=groupOfUniqueNames)))"
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserFilterObjectclass    "person"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupFilterMode           0
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUuidGroupAttribute       "auto"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupFilterObjectclass    groupOfUniqueNames
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUuidUserAttribute        "auto"
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupMemberAssocAttr      uniqueMember
-    php /var/www/html/occ ldap:set-config "$CONF_NAME" turnOnPasswordChange         0
+php /var/www/html/occ ldap:set-config $CONF_NAME useMemberOfToDetectMembership 1
+
+# Optional : Check the configuration
+#php /var/www/html/occ ldap:show-config $CONF_NAME
 
 # Test the ldap config
-    php /var/www/html/occ ldap:test-config "$NAME"
+php /var/www/html/occ ldap:test-config $CONF_NAME
+
+# Enable ldap config
+php /var/www/html/occ ldap:set-config $CONF_NAME ldapConfigurationActive 1
 
 # Exit the container shell
 exit
 ```
-- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+It's done ! All you have to do is go to the Nextcloud administration interface to see the magic of LDAP.
 
 ### Repository
 https://github.com/lldap/lldap