.
This commit is contained in:
@@ -35,14 +35,15 @@ data:
|
||||
echo "[ldap-bootstrap] using existing LDAP config ${LDAP_CONFIG_ID}"
|
||||
else
|
||||
echo "[ldap-bootstrap] creating LDAP config"
|
||||
CREATE_OUT="$(php occ ldap:create-empty-config)"
|
||||
echo "${CREATE_OUT}"
|
||||
LDAP_CONFIG_ID="$(printf '%s\n' "${CREATE_OUT}" | sed -n "s/.*configID '\([^']*\)'.*/\1/p")"
|
||||
if [ -z "${LDAP_CONFIG_ID}" ]; then
|
||||
echo "[ldap-bootstrap] could not determine LDAP config ID"
|
||||
php occ ldap:create-empty-config >/tmp/ldap-create.txt 2>&1 || true
|
||||
cat /tmp/ldap-create.txt
|
||||
|
||||
if ! php occ ldap:show-config "${LDAP_CONFIG_ID}" >/tmp/ldap-show.txt 2>/dev/null; then
|
||||
echo "[ldap-bootstrap] LDAP config ${LDAP_CONFIG_ID} not found after creation attempt"
|
||||
echo "[ldap-bootstrap] existing configs:"
|
||||
php occ ldap:show-config || true
|
||||
exit 1
|
||||
fi
|
||||
echo "[ldap-bootstrap] created LDAP config ${LDAP_CONFIG_ID}"
|
||||
fi
|
||||
|
||||
set_cfg() {
|
||||
@@ -61,16 +62,16 @@ data:
|
||||
set_cfg ldapAgentName "${LDAP_BIND_DN}"
|
||||
set_cfg ldapAgentPassword "${LDAP_BIND_PASSWORD}"
|
||||
|
||||
set_cfg ldapLoginFilter "(&(|(objectclass=person))(uid=%uid))"
|
||||
set_cfg ldapUserFilter "(&(|(objectclass=person))(uid=*))"
|
||||
set_cfg ldapUserDisplayName "cn"
|
||||
set_cfg ldapEmailAttribute "mail"
|
||||
set_cfg ldapUuidUserAttribute "entryUUID"
|
||||
|
||||
set_cfg ldapLoginFilter "(&(|(objectClass=user)(objectClass=person))(sAMAccountName=%uid))"
|
||||
set_cfg ldapUserFilter "(&(|(objectClass=user)(objectClass=person))(sAMAccountName=*))"
|
||||
set_cfg ldapUserDisplayName "cn"
|
||||
set_cfg ldapEmailAttribute "mail"
|
||||
set_cfg ldapUuidUserAttribute "objectGUID"
|
||||
|
||||
set_cfg ldapGroupFilter "(&(objectClass=group)(cn=*))"
|
||||
set_cfg ldapGroupDisplayName "cn"
|
||||
set_cfg ldapUuidGroupAttribute "objectGUID"
|
||||
set_cfg ldapGroupMemberAssocAttr "member"
|
||||
|
||||
set_cfg ldapConfigurationActive "1"
|
||||
set_cfg turnOffCertCheck "0"
|
||||
@@ -79,7 +80,6 @@ data:
|
||||
echo "[ldap-bootstrap] testing LDAP config ${LDAP_CONFIG_ID}"
|
||||
if php occ ldap:test-config "${LDAP_CONFIG_ID}"; then
|
||||
echo "[ldap-bootstrap] LDAP config OK"
|
||||
php occ app:enable user_ldap || true
|
||||
else
|
||||
echo "[ldap-bootstrap] LDAP test failed, disabling user_ldap to avoid breaking local admin login"
|
||||
php occ app:disable user_ldap || true
|
||||
@@ -209,7 +209,7 @@ spec:
|
||||
- name: LDAP_GROUP_BASE_DN
|
||||
value: "ou=groups,ou=Undercloud,dc=undercloud,dc=local"
|
||||
- name: LDAP_BIND_DN
|
||||
value: "cn=nextcloud,ou=serviceaccounts,ou=users,ou=Undercloud,dc=undercloud,dc=local"
|
||||
value: "CN=nextcloud,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local"
|
||||
- name: LDAP_BIND_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
|
||||
Reference in New Issue
Block a user