{ "aio_services_v1": [ { "container_name": "nextcloud-aio-lldap", "display_name": "Light LDAP implementation", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap", "image": "lldap/lldap", "image_tag": "v0-alpine", "internal_port": "17170", "restart": "unless-stopped", "ports": [ { "ip_binding": "%APACHE_IP_BINDING%", "port_number": "17170", "protocol": "tcp" } ], "environment": [ "TZ=%TIMEZONE%", "UID=65534", "GID=65534", "LLDAP_JWT_SECRET=%LLDAP_JWT_SECRET%", "LLDAP_LDAP_USER_PASS=%LLDAP_LDAP_USER_PASS%", "LLDAP_LDAP_BASE_DN=%NC_BASE_DN%" ], "secrets": [ "LLDAP_JWT_SECRET", "LLDAP_LDAP_USER_PASS" ], "ui_secret": "LLDAP_JWT_SECRET", "volumes": [ { "source": "nextcloud_aio_lldap", "destination": "/data", "writeable": true } ], "backup_volumes": [ "nextcloud_aio_lldap" ], "nextcloud_exec_commands": [ "php /var/www/html/occ app:install user_ldap", "php /var/www/html/occ app:enable user_ldap", "# Get Base", "BASE_DN=\"dc=${NC_DOMAIN//./,dc=}\"", "# Create a new empty ldap config", "CONF_NAME=$(php /var/www/html/occ ldap:create-empty-config -p)", "# Check that the base DN matches your domain and retrieve your configuration name", "echo \"Base DN: '$BASE_DN', Config name: '$CONF_NAME'\"", "# Set the ldap password", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapAgentPassword \"\"", "# Set the ldap config: Host and connection", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapAdminGroup lldap_admin", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapAgentName \"cn=admin,ou=people,$BASE_DN\"", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapBase \"$BASE_DN\"", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapHost \"ldap://nextcloud-aio-lldap\"", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapPort 3890", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapTLS 0", "php /var/www/html/occ ldap:set-config $CONF_NAME turnOnPasswordChange 0", "# Set the ldap config: Users", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapBaseUsers \"ou=people,$BASE_DN\"", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapEmailAttribute mail", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapGidNumber gidNumber", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapLoginFilter \"(&(|(objectclass=person))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))\"", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapLoginFilterEmail 1", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapLoginFilterUsername 1", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserAvatarRule default", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserDisplayName cn", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserFilter \"(|(objectclass=person))\"", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserFilterMode 0", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapUserFilterObjectclass person", "# Set the ldap config: Groups", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapBaseGroups \"ou=groups,$BASE_DN\"", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupDisplayName cn", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupFilter \"(&(|(objectclass=groupOfUniqueNames)))\"", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupFilterMode 0", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupFilterObjectclass groupOfUniqueNames", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapGroupMemberAssocAttr uniqueMember", "php /var/www/html/occ ldap:set-config $CONF_NAME useMemberOfToDetectMembership 1", "# Optional : Check the configuration", "#php /var/www/html/occ ldap:show-config $CONF_NAME", "# Test the ldap config", "php /var/www/html/occ ldap:test-config $CONF_NAME", "# Enable ldap config", "php /var/www/html/occ ldap:set-config $CONF_NAME ldapConfigurationActive 1", "# Exit the container shell", "exit" ] } ] }