mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-02-18 03:18:52 -06:00
Code Issues Packages Projects Releases Wiki Activity

Adapt deployment examples for new LDAP config

Browse Source
This commit is contained in:
Ralf Haferkamp
2022-04-11 12:35:17 +02:00
parent dc6a4fdc02
commit 91a0301ea0
3 changed files with 24 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
deployments/examples/oc10_ocis_parallel/docker-compose.yml
View File

@@ -58,8 +58,7 @@ services:
STORAGE_LDAP_IDP: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-owncloud}
WEB_OIDC_SCOPE: openid profile email owncloud
# LDAP bind
STORAGE_LDAP_HOSTNAME: openldap
STORAGE_LDAP_PORT: 636
STORAGE_LDAP_URI: "ldaps://openldap"
STORAGE_LDAP_INSECURE: "true"
STORAGE_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
STORAGE_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
@@ -68,25 +67,22 @@ services:
PROXY_ACCOUNT_BACKEND_TYPE: cs3 # proxy should get users from CS3APIS (which gets it from LDAP)
PROXY_USER_OIDC_CLAIM: ocis.user.uuid # claim was added in Keycloak
PROXY_USER_CS3_CLAIM: userid # equals STORAGE_LDAP_USER_SCHEMA_UID
STORAGE_LDAP_BASE_DN: "dc=owncloud,dc=com"
STORAGE_LDAP_GROUP_BASE_DN: "dc=owncloud,dc=com"
STORAGE_LDAP_GROUP_SCHEMA_DISPLAYNAME: "cn"
STORAGE_LDAP_GROUP_SCHEMA_GID_NUMBER: "gidnumber"
STORAGE_LDAP_GROUP_SCHEMA_GID: "cn"
STORAGE_LDAP_GROUP_SCHEMA_ID: "cn"
STORAGE_LDAP_GROUP_SCHEMA_MAIL: "mail"
STORAGE_LDAP_GROUPATTRIBUTEFILTER: "(&(objectclass=posixGroup)(objectclass=owncloud)({{attr}}={{value}}))"
STORAGE_LDAP_GROUPFILTER: "(&(objectclass=groupOfUniqueNames)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))"
STORAGE_LDAP_GROUPMEMBERFILTER: "(&(objectclass=posixAccount)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))"
STORAGE_LDAP_USERGROUPFILTER: "(&(objectclass=posixGroup)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))"
STORAGE_LDAP_USER_SCHEMA_CN: "cn"
STORAGE_LDAP_GROUP_SCHEMA_MEMBER: "cn"
STORAGE_LDAP_GROUP_OBJECTCLASS: "groupOfUniqueNames"
STORAGE_LDAP_GROUPFILTER: "(objectclass=owncloud)"
STORAGE_LDAP_USER_BASE_DN: "dc=owncloud,dc=com"
STORAGE_LDAP_USER_SCHEMA_USERNAME: "cn"
STORAGE_LDAP_USER_SCHEMA_DISPLAYNAME: "displayname"
STORAGE_LDAP_USER_SCHEMA_GID_NUMBER: "gidnumber"
STORAGE_LDAP_USER_SCHEMA_MAIL: "mail"
STORAGE_LDAP_USER_SCHEMA_UID_NUMBER: "uidnumber"
STORAGE_LDAP_USER_SCHEMA_UID: "ownclouduuid"
STORAGE_LDAP_LOGINFILTER: "(&(objectclass=posixAccount)(objectclass=owncloud)(|(uid={{login}})(mail={{login}})))"
STORAGE_LDAP_USERATTRIBUTEFILTER: "(&(objectclass=posixAccount)(objectclass=owncloud)({{attr}}={{value}}))"
STORAGE_LDAP_USERFILTER: "(&(objectclass=posixAccount)(objectclass=owncloud)(|(ownclouduuid={{.OpaqueId}})(uid={{.OpaqueId}})))"
STORAGE_LDAP_USERFINDFILTER: "(&(objectclass=posixAccount)(objectclass=owncloud)(|(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)))"
STORAGE_LDAP_USER_SCHEMA_ID: "ownclouduuid"
STORAGE_LDAP_LOGIN_ATTRIBUTES: "uid,mail"
# ownCloudSQL storage driver
STORAGE_USERS_DRIVER: owncloudsql
STORAGE_METADATA_DRIVER: ocis # keep metadata on ocis storage since this are only small files atm

6
deployments/examples/ocis_individual_services/docker-compose.yml
View File

@@ -608,8 +608,7 @@ services:
STORAGE_USERPROVIDER_ADDR: 0.0.0.0:9144
STORAGE_USERPROVIDER_DRIVER: ldap
STORAGE_LDAP_HOSTNAME: glauth
STORAGE_LDAP_PORT: 9126
STORAGE_LDAP_URI: "ldaps://glauth:9126"
STORAGE_LDAP_INSECURE: "true"
STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva}
STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-ocis.owncloud.test}
@@ -639,8 +638,7 @@ services:
STORAGE_GROUPPROVIDER_ADDR: 0.0.0.0:9160
STORAGE_GROUPPROVIDER_DRIVER: ldap
STORAGE_LDAP_HOSTNAME: glauth
STORAGE_LDAP_PORT: 9126
STORAGE_LDAP_URI: "ldaps://glauth:9126"
STORAGE_LDAP_INSECURE: "true"
STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva}
STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-ocis.owncloud.test}

29
deployments/examples/ocis_ldap/docker-compose.yml
View File

@@ -53,26 +53,21 @@ services:
- /entrypoint-override.sh
environment:
# CS3 users from ldap specific configuration
IDP_LDAP_FILTER: "(&(objectclass=inetOrgPerson)(objectClass=owncloud))"
IDP_LDAP_URI: ldap://ldap-server:389
IDP_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
IDP_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
IDP_LDAP_BASE_DN: "dc=owncloud,dc=com"
IDP_LDAP_LOGIN_ATTRIBUTE: uid
LDAP_URI: ldaps://ldap-server
LDAP_INSECURE: "true"
LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
LDAP_GROUP_BASE_DN: "dc=owncloud,dc=com"
LDAP_GROUPFILTER: "(objectclass=owncloud)"
LDAP_GROUP_OBJECTCLASS: "groupOfUniqueNames"
LDAP_USER_BASE_DN: "dc=owncloud,dc=com"
LDAP_USERFILTER: "(objectclass=owncloud)"
LDAP_USER_OBEJECTCLASS: "inetOrgPerson"
LDAP_LOGIN_ATTRIBUTES: "uid,mail"
IDP_LDAP_LOGIN_ATTRIBUTE: "uid"
IDP_LDAP_UUID_ATTRIBUTE: "ownclouduuid"
IDP_LDAP_UUID_ATTRIBUTE_TYPE: binary
PROXY_ACCOUNT_BACKEND_TYPE: cs3
STORAGE_LDAP_HOSTNAME: ldap-server
STORAGE_LDAP_PORT: 636
STORAGE_LDAP_INSECURE: "true"
STORAGE_LDAP_BASE_DN: "dc=owncloud,dc=com"
STORAGE_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
STORAGE_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
STORAGE_LDAP_LOGINFILTER: '(&(objectclass=inetOrgPerson)(objectclass=owncloud)(|(uid={{login}})(mail={{login}})))'
STORAGE_LDAP_USERFILTER: '(&(objectclass=inetOrgPerson)(objectclass=owncloud)(|(ownclouduuid={{.OpaqueId}})(uid={{.OpaqueId}})))'
STORAGE_LDAP_ATTRIBUTEFILTER: '(&(objectclass=owncloud)({{attr}}={{value}}))'
STORAGE_LDAP_FINDFILTER: '(&(objectclass=owncloud)(|(uid={{query}}*)(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)(description={{query}}*)))'
STORAGE_LDAP_GROUPFILTER: '(&(objectclass=groupOfUniqueNames)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))'
# web ui
WEB_UI_CONFIG: "/var/tmp/ocis/.config/web-config.json"
# General oCIS config