Docker automate ldap configuration

Server
1

Steps to reproduce

  1. install docker openldap and enable memberof
  2. run docker owncloud

Expected behaviour

I wish i could save the ldap config in a file so that i can run the docker-compose and the ldap configs are includes, so i don’t have to setup it again, when i rerun the docker container

Actual behaviour

Every time I have to enable the plugin, then confire ldap settings

Server configuration

Operating system: ubuntu server 18.04

Web server: apache2

**Database:**mysql

PHP version:

**ownCloud version:10.4.1

**Updated from an older ownCloud or fresh install:fresh install

2

If you’re using the official ownCloud’s docker images, you can try the following snipet in your docker-compose.yml file:

services:
  owncloud:
    volumes:
      - ${LDAP_AUTOCONFIG_FILE:-./ldap/ldap.sh}:/etc/pre_server.d/10-ldap.sh

where the ldap.sh file is a bash script with the occ commands to configure your particular ldap connection. You’d need to enable the user_ldap app at the beginning of the script (assuming the app is disabled by default)

I think this works only during the ownCloud’s installation, so if the server is already installed you’d need to throw away it and start from scratch.

2 Likes
3

thank for your fast response!

but I am not able to run it… i get this error when i start the container

docker logs owncloud
Creating volume folders…
Creating hook folders…
Waiting for MySQL…
services are ready!
Waiting for Redis…
services are ready!
Removing custom folder…
Linking custom folder…
Removing config folder…
Linking config folder…
Writing config file…
Fixing base perms…
Fixing data perms…
Fixing hook perms…
Upgrading server database…
ownCloud is already latest version
ownCloud is already latest version
Writing objectstore config…
Writing php config…
Updating htaccess config…
.htaccess has been updated
Writing apache config…
Enabling cron background…
Set mode for background jobs to ‘cron’
Touching cron configs…
Starting cron daemon…
/usr/bin/server: line 17: source: /etc/pre_server.d/10-ldap.sh: is a directory

and I have one more question. Will the script run automatically in the container?

if i make an ldap:test-config i also get an error

ldap:test-config error
root@xxxxxx: /etc/pre_server.d # occ ldap:test-config s01
The configuration is invalid. Please have a look at the logs for further details.

my ldap configs, generated by the scripts look like that:
±------------------------------±----------------------------------+
| Configuration | s01 |
±------------------------------±----------------------------------+
| hasMemberOfFilterSupport | 1 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | cn=admin,dc=schley,dc=ch |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | dc=schley,dc=ch |
| ldapBaseGroups | dc=schley,dc=ch |
| ldapBaseUsers | dc=schley,dc=ch |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 0 |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | uniqueMember |
| ldapHost | openldap |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapNetworkTimeout | 2 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | displayName |
| ldapUserDisplayName2 | |
| ldapUserFilter | (&(|(objectclass=inetOrgPerson))) |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | inetOrgPerson |
| ldapUserName | samaccountname |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| useMemberOfToDetectMembership | 1 |
±------------------------------±----------------------------------+

4

You should fix that.

The script should be running, but if there are errors…

Check the logs in case there are some error showing there.
You might also want to setup the connection using the user_ldap app and once the configuration is correct you can try to replicate it using the command line.

2 Likes
5

thanks a lot for your assistance!! now it works absolutlly fine! :slight_smile: