From 5ea1e970329ef726329ebc337a81f46003906323 Mon Sep 17 00:00:00 2001 From: Ilja Neumann Date: Fri, 18 Dec 2020 10:15:58 +0100 Subject: [PATCH 1/2] Change ldap domain to dc=com --- deployments/examples/cs3_users_ocis/.env | 4 ++-- .../examples/cs3_users_ocis/docker-compose.yaml | 13 ++++++++----- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/deployments/examples/cs3_users_ocis/.env b/deployments/examples/cs3_users_ocis/.env index 8153d7733..b3d7130e0 100644 --- a/deployments/examples/cs3_users_ocis/.env +++ b/deployments/examples/cs3_users_ocis/.env @@ -18,9 +18,9 @@ OCIS_DOMAIN= ### LDAP server settings ### -# Password of LDAP user "cn=admin,dc=owncloud,dc=test". Defaults to "admin" +# Password of LDAP user "cn=admin,dc=owncloud,dc=com". Defaults to "admin" LDAP_ADMIN_PASSWORD= ### LDAP manager settings ### # Domain of LDAP manager. Defaults to "ldap.owncloud.test" -LDAP_MANAGER_DOMAIN= \ No newline at end of file +LDAP_MANAGER_DOMAIN= diff --git a/deployments/examples/cs3_users_ocis/docker-compose.yaml b/deployments/examples/cs3_users_ocis/docker-compose.yaml index b3fa4ceef..8e3a1a7c2 100644 --- a/deployments/examples/cs3_users_ocis/docker-compose.yaml +++ b/deployments/examples/cs3_users_ocis/docker-compose.yaml @@ -55,17 +55,17 @@ services: PROXY_CONFIG_FILE: "/config/proxy-config.json" LDAP_FILTER: "(&(objectclass=inetOrgPerson)(objectClass=owncloud))" LDAP_URI: ldap://ldap-server:389 - LDAP_BINDDN: "cn=admin,dc=owncloud,dc=test" + LDAP_BINDDN: "cn=admin,dc=owncloud,dc=com" LDAP_BINDPW: ${LDAP_ADMIN_PASSWORD:-admin} - LDAP_BASEDN: "dc=owncloud,dc=test" + LDAP_BASEDN: "dc=owncloud,dc=com" LDAP_LOGIN_ATTRIBUTE: uid LDAP_UUID_ATTRIBUTE: "ownclouduuid" LDAP_UUID_ATTRIBUTE_TYPE: binary PROXY_ACCOUNT_BACKEND_TYPE: cs3 STORAGE_LDAP_HOSTNAME: ldap-server STORAGE_LDAP_PORT: 636 - STORAGE_LDAP_BASE_DN: "dc=owncloud,dc=test" - STORAGE_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=test" + STORAGE_LDAP_BASE_DN: "dc=owncloud,dc=com" + STORAGE_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com" STORAGE_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin} STORAGE_LDAP_LOGINFILTER: '(&(objectclass=inetOrgPerson)(objectclass=owncloud)(|(uid={{login}})(mail={{login}})))' STORAGE_LDAP_USERFILTER: '(&(objectclass=inetOrgPerson)(objectclass=owncloud)(|(ownclouduuid={{.OpaqueId}})(uid={{.OpaqueId}})))' @@ -113,11 +113,14 @@ services: command: --copy-service --loglevel debug environment: LDAP_TLS_VERIFY_CLIENT: never - LDAP_DOMAIN: owncloud.test + LDAP_DOMAIN: owncloud.com LDAP_ORGANISATION: ownCloud LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin} LDAP_RFC2307BIS_SCHEMA: "true" LDAP_REMOVE_CONFIG_AFTER_SETUP: "false" + ports: + - "389:389" + - "636:636" volumes: - ./config/ldap/ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom restart: always From a08a0afcfd2d955dcb3248c2ff920074b8bcac59 Mon Sep 17 00:00:00 2001 From: Ilja Neumann Date: Fri, 18 Dec 2020 10:34:56 +0100 Subject: [PATCH 2/2] Bind ldap-ports to localhost only for security reasons --- deployments/examples/cs3_users_ocis/docker-compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployments/examples/cs3_users_ocis/docker-compose.yaml b/deployments/examples/cs3_users_ocis/docker-compose.yaml index 8e3a1a7c2..d854c8890 100644 --- a/deployments/examples/cs3_users_ocis/docker-compose.yaml +++ b/deployments/examples/cs3_users_ocis/docker-compose.yaml @@ -119,8 +119,8 @@ services: LDAP_RFC2307BIS_SCHEMA: "true" LDAP_REMOVE_CONFIG_AFTER_SETUP: "false" ports: - - "389:389" - - "636:636" + - "127.0.0.1:389:389" + - "127.0.0.1:636:636" volumes: - ./config/ldap/ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom restart: always