Add lldap comunity container

[docjyJ]

Hi,

It is an implementation of lldpa container.
See : #406

Todos

• Add json container
• Add ReadMe
• Auto generate Base DN
• Auto configure Nextcloud
• (maybe) Auto configure Stalwart
• Add LLDAP redirection szaimen/aio-caddy#31
• (maybe) Public access with ldaps

[szaimen]

Hi @docjyJ thanks for your PR!

I was wondering if you could consider adding lldap instead of openldap considering that the openldap image was updated 3 years ago and is probably completely outdated and unmaintained?

See https://hub.docker.com/r/osixia/openldap/tags and #406 (reply in thread)

[docjyJ]

lldap does not support mail aliases, and certain ldap functionality.
Also everything goes through a web interface, so it would be nice to have the Caddy routes.

See lldap/lldap#67 and #3192

I can try to fork, update and adapt Osixia's project to AIO

[szaimen]

lldap does not support mail aliases, and certain ldap functionality.

See lldap/lldap#67

I see, however I'd still say lldap is the way to go.

Also everything goes through a web interface, so it would be nice to have the Caddy routes. [...] and #3192

You can actually already do this with the caddy community container. See szaimen/aio-caddy#13 as example

I can try to fork, update and adapt Osixia's project to AIO

I'd rather like to see the lldap project getting integrated first to be honest :)

[johnnyq]

yes I totally agree I would rather see lldap as well for simplicity sake.
I don't know if a ticket was raised with LLDAP for mail alias support

[johnnyq]

Nice!! @docjyJ

My dream would be tying the lldap in with Stalwart Mail Server and the Nextcloud. You would get your perfect all in one M365 or Google Workspaces replacement. All in instance! Maybe one day hahahha

[docjyJ]

Author: Jean-Yves S, Committer: Jean-Yves S; Expected "Jean-Yves S [email protected]", but got "Jean-Yves S. [email protected]".

Is it a bug? Or am I dumb?

[docjyJ]

Thank @johnnyq
I think lldap is better than openldap.
But, important features of ldap are still missing...

[docjyJ]

@szaimen

Where can I instantiate the environment variable for the Base?

[szaimen]

Thanks a lot for your PR! I have a few comments

[szaimen]

clicked the wrong button

[szaimen]

• (maybe) Auto configure Stalwart

I would not do this in PR, but could be done in a follow-up. However how to do this could be added to the readme file that you added.

• Add subdomain for lldap admin panel

This is a good idea! See szaimen/aio-caddy#13 how to do this. Should also be mentioned in this readme then and in the caddy community container readme

• (maybe) Public access with ldaps

I would not do this in PR, but could be done in a follow-up.

[szaimen]

I took the liberty to adjust some details.

This looks good to me now. WDYT @docjyJ ? :)

[docjyJ]

Yes, good, I fixed the setup, and added a link to lldap Nextcloud config.
To test!

[szaimen]

Thanks a lot @docjyJ! btw, I've invited you to the repo :)

[kri164]

I did quick test of nextcloud+lldap. Configured via GUI.

Users are handled as random generated UUID and their home directory too.
Is it OK? Shouldn we use some mapping attribute as ldapExpertUUIDUserAttr=uid ?

sudo -u www-data php occ user:list
Warning: Failed to set memory limit to 0 bytes (Current memory usage is 2097152 bytes) in Unknown on line 0
The current PHP memory limit is below the recommended value of 512MB.
  - admin: admin The Big
  - a07a628c-6f42-3c15-9c98-0ae2e1e1c82d: Joe Doe

and

sudo -u www-data php occ user:info a07a628c-6f42-3c15-9c98-0ae2e1e1c82d
Warning: Failed to set memory limit to 0 bytes (Current memory usage is 2097152 bytes) in Unknown on line 0
The current PHP memory limit is below the recommended value of 512MB.
  - user_id: a07a628c-6f42-3c15-9c98-0ae2e1e1c82d
  - display_name: Joe Doe
  - email: [email protected]
  - cloud_id: [email protected]
  - enabled: true
  - groups:
    - family
    - friends
  - quota: none
  - storage:
    - free: 54208667648
    - used: 38547109
    - total: 54247214757
    - relative: 0.07
    - quota: -3
  - last_seen: 2024-04-05T07:58:16+00:00
  - user_directory: /mnt/ncdata/a07a628c-6f42-3c15-9c98-0ae2e1e1c82d
  - backend: LDAP

[szaimen]

Users are handled as random generated UUID and their home directory too.
Is it OK?

Yes, it is

[szaimen]

This is now released with v8.2.0 Beta. Testing and feedback is welcome! See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel

[docjyJ]

Hi @szaimen,
I tried to create a local instance to test lldap, but I didn't succeed... Would you have a doker compose or a script to setup a local instance?

I made this file, but when I connect I always get a 502 error... I'd like to have a test instance.

version: "3.8"

services:
  nextcloud-aio-mastercontainer:
    image: nextcloud/all-in-one:beta
    init: true
    restart: always
    container_name: nextcloud-aio-mastercontainer
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    ports:
      - 80:80
      - 8080:8080
      - 8443:8443
    environment:
      - SKIP_DOMAIN_VALIDATION=true
      - AIO_DISABLE_BACKUP_SECTION=true
      - APACHE_PORT=11000
      - APACHE_IP_BINDING=127.0.0.1

  caddy:
    image: caddy:alpine
    restart: always
    container_name: caddy
    command: caddy reverse-proxy -i --from https://thinkpadp16s.fedora:9443 --to https://127.0.0.1:11000
    ports:
      - 9443:9443

volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer

[szaimen]

Does this help?
#588 (comment)

[docjyJ]

Yeah ! It works very well !

With the proposed configuration:

• The LDAP Administrators group is synchronized with the Nextcloud Administrators group.
• Log in with email and uid
• It retrieves display name and profile photo

[docjyJ]

Does this help? #588 (comment)

I don't know. It's a bit strange...
Docker localhost points to the container. This is in the market area with /etc/hosts but you have to restart the system for it to take effect.

It's magic !

My setup (if it helps some)
docker.sh :

sudo docker run -d --name caddy-for-aio-debug --restart always \
        -v ./Caddyfile:/etc/caddy/Caddyfile:ro \
                -p 443:443 -p 9443:9443 \
                 --network=nextcloud-aio caddy:alpine

sudo docker run -d --name nextcloud-aio-mastercontainer --restart always -e SKIP_DOMAIN_VALIDATION=true \
        -p 8080:8080 -e APACHE_PORT=11000 -e APACHE_IP_BINDING=127.0.0.1 \
        -e AIO_COMMUNITY_CONTAINERS="stalwart lldap" \
        --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
        --volume /var/run/docker.sock:/var/run/docker.sock:ro \
        nextcloud/all-in-one:beta

Caddyfile

https://nextcloud.local:443 {
    reverse_proxy nextcloud-aio-apache:11000
}
https://nextcloud.local:9443 {
    reverse_proxy nextcloud-aio-lldap:17170
}

/etc/hosts

# ////
127.0.0.1   nextcloud.local