diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 60c385bfd93..a6400b25eae 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -1,5 +1,5 @@
## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap by listening on `ldap.$NC_DOMAIN`, if installed.
### Notes
- This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
diff --git a/community-containers/lldap/lldap.json b/community-containers/lldap/lldap.json
new file mode 100644
index 00000000000..3592f1799c5
--- /dev/null
+++ b/community-containers/lldap/lldap.json
@@ -0,0 +1,46 @@
+{
+ "aio_services_v1": [
+ {
+ "container_name": "nextcloud-aio-lldap",
+ "display_name": "Light LDAP implementation",
+ "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap",
+ "image": "lldap/lldap",
+ "image_tag": "v0-alpine",
+ "internal_port": "17170",
+ "restart": "unless-stopped",
+ "ports": [
+ {
+ "ip_binding": "%APACHE_IP_BINDING%",
+ "port_number": "17170",
+ "protocol": "tcp"
+ }
+ ],
+ "environment": [
+ "TZ=%TIMEZONE%",
+ "UID=65534",
+ "GID=65534",
+ "LLDAP_JWT_SECRET=%LLDAP_JWT_SECRET%",
+ "LLDAP_LDAP_USER_PASS=%LLDAP_LDAP_USER_PASS%",
+ "LLDAP_LDAP_BASE_DN=%NC_BASE_DN%"
+ ],
+ "secrets": [
+ "LLDAP_JWT_SECRET",
+ "LLDAP_LDAP_USER_PASS"
+ ],
+ "volumes": [
+ {
+ "source": "nextcloud_aio_lldap",
+ "destination": "/data",
+ "writeable": true
+ }
+ ],
+ "backup_volumes": [
+ "nextcloud_aio_lldap"
+ ],
+ "nextcloud_exec_commands": [
+ "php /var/www/html/occ app:install user_ldap",
+ "php /var/www/html/occ app:enable user_ldap"
+ ]
+ }
+ ]
+}
diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md
new file mode 100644
index 00000000000..03f81cdfb8e
--- /dev/null
+++ b/community-containers/lldap/readme.md
@@ -0,0 +1,70 @@
+## Light LDAP server
+This container bundles LLDAP server and auto-configures your nextcloud instance for you.
+
+### Notes
+- In order to access your LLDAP web interface outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `ldap.$NC_DOMAIN` to redirect to your Lldap. You need to point the reverse proxy at port 17170 of this server.
+- After adding and starting the container, you can log in to the lldap web interface by using the password that you can retrieve via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_JWT_SECRET`.
+- Also, you need to run the following script one time in order to activate the ldap config in nextcloud so that Nextcloud uses lldap as user backend. You can see a [nextcloud example configuration provide by LLDAP](https://github.com/lldap/lldap/blob/main/example_configs/nextcloud.md)
+ First, you need to retrieve the LLDAP admin password via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_LDAP_USER_PASS`. This will be used later on which you need to type in or copy and paste.
+ ```bash
+ # Now go into the container
+ sudo docker exec --user www-data -it nextcloud-aio-nextcloud bash
+ ```
+ Now inside the container:
+ ```bash
+ # Get Base
+ BASE_DN="dc=${NC_DOMAIN//./,dc=}"
+
+ # Create a new empty ldap config
+ CONF_NAME=$(php /var/www/html/occ ldap:create-empty-config -p)
+
+ # Set the ldap password
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapAgentPassword ""
+
+ # Set the ldap config
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapAgentName "uid=ro_admin,ou=people,$BASE_DN"
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapBase "$BASE_DN"
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapBaseGroups "$BASE_DN"
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapBaseUsers "$BASE_DN"
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapCacheTTL 600
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapConfigurationActive 1
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapEmailAttribute "mail"
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapExperiencedAdmin 0
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGidNumber "gidNumber"
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupDisplayName "cn"
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilter "(&(objectclass=groupOfUniqueNames))"
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilterGroups ""
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilterMode 0
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupFilterObjectclass "groupOfUniqueNames"
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapGroupMemberAssocAttr "uniqueMember"
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapHost "nextcloud-aio-lldap"
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapLoginFilterAttributes "uid"
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapLoginFilterEmail 0
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapLoginFilterUsername 1
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapMatchingRuleInChainState "unknown"
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapNestedGroups 0
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapPagingSize 500
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapPort 3890
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapTLS 0
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserAvatarRule "default"
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserDisplayName "displayname"
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserFilter "(&(objectClass=person)(uid=%uid))"
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserFilterMode 1
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUserFilterObjectclass "person"
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUuidGroupAttribute "auto"
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" ldapUuidUserAttribute "auto"
+ php /var/www/html/occ ldap:set-config "$CONF_NAME" turnOnPasswordChange 0
+
+ # Test the ldap config
+ php /var/www/html/occ ldap:test-config "$NAME"
+
+ # Exit the container shell
+ exit
+ ```
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/lldap/lldap
+
+### Maintainer
+https://github.com/docjyj
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index c6a475376b6..a4693330d70 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -386,6 +386,14 @@ public function GetDomain() : string {
return $config['domain'];
}
+ public function GetBaseDN() : string {
+ $domain = $this->GetDomain();
+ if ($domain === "") {
+ return "";
+ }
+ return 'dc=' . implode(',dc=', explode('.', $domain));
+ }
+
public function GetBackupMode() : string {
$config = $this->GetConfig();
if(!isset($config['backup-mode'])) {
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 8a8b1ab259d..5b65f4b09f2 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -283,6 +283,8 @@ public function CreateContainer(Container $container) : void {
if($out[1] === 'NC_DOMAIN') {
$replacements[1] = $this->configurationManager->GetDomain();
+ } elseif($out[1] === 'NC_BASE_DN') {
+ $replacements[1] = $this->configurationManager->GetBaseDN();
} elseif ($out[1] === 'AIO_TOKEN') {
$replacements[1] = $this->configurationManager->GetToken();
} elseif ($out[1] === 'BORGBACKUP_MODE') {