Skip to content
Permalink
Browse files

[debops.owncloud] Improve LDAP integration

  • Loading branch information...
drybjed committed Oct 6, 2019
1 parent 3fa8e4b commit 4c5e129de810b7ddd352f3993afc0e3a3edd7b94
@@ -214,6 +214,16 @@ General
documentation page for details about the required attributes and their
values.

- The default LDAP group filter configured in the
:envvar:`owncloud__ldap_group_filter` variable has been modified to limit the
available set of ``groupOfNames`` LDAP objects to only those that have the
``nextcloudEnabled`` attribute set to ``true``.

- Support for disk quotas for LDAP users has been added in the default
configuration, based on the :ref:`nextcloud LDAP schema
<slapd__ref_nextcloud>`. The default disk quota is set to 10 GB and can be
changed using the ``nextcloudQuota`` LDAP attribute.

:ref:`debops.resolvconf` role
'''''''''''''''''''''''''''''

@@ -1302,7 +1302,10 @@ owncloud__ldap_user_filter_objectclass: 'inetOrgPerson'
# .. envvar:: owncloud__ldap_group_filter
#
# Refer to the `official ownCloud documentation <https://doc.owncloud.org/server/9.0/admin_manual/configuration_user/user_auth_ldap.html#group-filter>`__ for details.
owncloud__ldap_group_filter: '(objectClass=groupOfNames)'
owncloud__ldap_group_filter: '(&
(objectClass=groupOfNames)
(nextcloudEnabled=true)
)'


# .. envvar:: owncloud__ldap_group_filter_groups
@@ -1511,6 +1514,12 @@ owncloud__ldap_default_config:
- name: 'ldapTLS'
value: '{{ "1" if (owncloud__ldap_method == "tls") else "0" }}'

- name: 'ldapQuotaAttribute'
value: 'nextcloudQuota'

- name: 'ldapQuotaDefault'
value: '10 GB'

- name: 'hasMemberOfFilterSupport'
value: '1'

@@ -28,6 +28,12 @@ Object Classes and Attributes

- :ref:`debops.owncloud`: :envvar:`Object Classes <owncloud__ldap_self_object_classes>`, :envvar:`Attributes <owncloud__ldap_self_attributes>`

Custom objectClasses and attributes from the :ref:`nextcloud
<slapd__ref_nextcloud>` LDAP schema:

- objectClass ``nextcloudAccount``, attributes ``nextcloudEnabled``, ``nextcloudQuota``
- objectClass ``nextcloudGroup``, attributes ``nextcloudEnabled``


.. _owncloud__ref_ldap_dit_access:

@@ -119,7 +119,7 @@ Inventory variable changes
============================================== =============================================== ==============================
:envvar:`owncloud__ldap_login_filter` ``(&(|(objectclass=inetOrgPerson))(uid=%uid))`` too large; see the variable
---------------------------------------------- ----------------------------------------------- ------------------------------
:envvar:`owncloud__ldap_group_filter` ``(&(|(objectclass=posixGroup)))`` ``(objectClass=groupOfNames)``
:envvar:`owncloud__ldap_group_filter` ``(&(|(objectclass=posixGroup)))`` too large; see the variable
---------------------------------------------- ----------------------------------------------- ------------------------------
:envvar:`owncloud__ldap_group_assoc_attribute` ``memberUid`` ``member``
============================================== =============================================== ==============================

0 comments on commit 4c5e129

Please sign in to comment.
You can’t perform that action at this time.