mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-04-02 23:34:16 +02:00
Optimized OIDC for Nextcloud
This commit is contained in:
parent
72b787814e
commit
61eb9a3aed
@ -252,7 +252,7 @@ defaults_applications:
|
|||||||
# Available options: oidc_login, sociallogin
|
# Available options: oidc_login, sociallogin
|
||||||
# @see https://apps.nextcloud.com/apps/oidc_login
|
# @see https://apps.nextcloud.com/apps/oidc_login
|
||||||
# @see https://apps.nextcloud.com/apps/sociallogin
|
# @see https://apps.nextcloud.com/apps/sociallogin
|
||||||
flavor: "sociallogin" # Keeping on sociallogin because the other option is not implemented yet
|
flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet
|
||||||
force_import: False # Forces the import of the LDIF files
|
force_import: False # Forces the import of the LDIF files
|
||||||
database:
|
database:
|
||||||
central_storage: True
|
central_storage: True
|
||||||
|
|||||||
@ -1192,6 +1192,39 @@
|
|||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"id": "15dd4961-5b4f-4635-a3f1-a21e1fa7bf3a",
|
||||||
|
"name": "nextcloud",
|
||||||
|
"description": "",
|
||||||
|
"protocol": "openid-connect",
|
||||||
|
"attributes": {
|
||||||
|
"include.in.token.scope": "false",
|
||||||
|
"display.on.consent.screen": "true",
|
||||||
|
"gui.order": "",
|
||||||
|
"consent.screen.text": ""
|
||||||
|
},
|
||||||
|
"protocolMappers": [
|
||||||
|
{
|
||||||
|
"id": "62190b21-f649-4aa2-806a-2bf7ba103ce1",
|
||||||
|
"name": "nextcloudQuota",
|
||||||
|
"protocol": "openid-connect",
|
||||||
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
||||||
|
"consentRequired": false,
|
||||||
|
"config": {
|
||||||
|
"aggregate.attrs": "false",
|
||||||
|
"introspection.token.claim": "true",
|
||||||
|
"multivalued": "false",
|
||||||
|
"userinfo.token.claim": "true",
|
||||||
|
"user.attribute": "nextcloudQuota",
|
||||||
|
"id.token.claim": "true",
|
||||||
|
"lightweight.claim": "false",
|
||||||
|
"access.token.claim": "true",
|
||||||
|
"claim.name": "nextcloudQuota",
|
||||||
|
"jsonType.label": "int"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"id": "c07f07bc-c4f9-48c7-87e6-0a09fca6bfa0",
|
"id": "c07f07bc-c4f9-48c7-87e6-0a09fca6bfa0",
|
||||||
"name": "web-origins",
|
"name": "web-origins",
|
||||||
@ -1584,6 +1617,7 @@
|
|||||||
"basic"
|
"basic"
|
||||||
],
|
],
|
||||||
"defaultOptionalClientScopes": [
|
"defaultOptionalClientScopes": [
|
||||||
|
"nextcloud",
|
||||||
"offline_access",
|
"offline_access",
|
||||||
"address",
|
"address",
|
||||||
"phone",
|
"phone",
|
||||||
@ -1790,6 +1824,35 @@
|
|||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"id": "12b99578-e0bf-4eeb-b0fb-8e400c0cd73e",
|
||||||
|
"name": "nextcloudQuota",
|
||||||
|
"providerId": "user-attribute-ldap-mapper",
|
||||||
|
"subComponents": {},
|
||||||
|
"config": {
|
||||||
|
"ldap.attribute": [
|
||||||
|
"nextcloudQuota"
|
||||||
|
],
|
||||||
|
"is.mandatory.in.ldap": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"attribute.force.default": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"is.binary.attribute": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"always.read.value.from.ldap": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"read.only": [
|
||||||
|
"false"
|
||||||
|
],
|
||||||
|
"user.model.attribute": [
|
||||||
|
"nextcloudQuota"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"id": "1ffab19c-4aeb-4038-a3e4-6444254fdd53",
|
"id": "1ffab19c-4aeb-4038-a3e4-6444254fdd53",
|
||||||
"name": "modify date",
|
"name": "modify date",
|
||||||
@ -1987,7 +2050,7 @@
|
|||||||
"false"
|
"false"
|
||||||
],
|
],
|
||||||
"userObjectClasses": [
|
"userObjectClasses": [
|
||||||
"person, inetOrgPerson"
|
"person, inetOrgPerson, nextcloudUser"
|
||||||
],
|
],
|
||||||
"rdnLDAPAttribute": [
|
"rdnLDAPAttribute": [
|
||||||
"uid"
|
"uid"
|
||||||
|
|||||||
@ -3,11 +3,17 @@
|
|||||||
dn: cn=nextcloud,cn=schema,cn=config
|
dn: cn=nextcloud,cn=schema,cn=config
|
||||||
objectClass: olcSchemaConfig
|
objectClass: olcSchemaConfig
|
||||||
cn: nextcloud
|
cn: nextcloud
|
||||||
olcAttributeTypes: ( 1.3.6.1.4.1.99999.1 NAME 'nextcloudQuota'
|
olcAttributeTypes: ( 1.3.6.1.4.1.99999.1
|
||||||
|
NAME 'nextcloudQuota'
|
||||||
DESC 'Quota for Nextcloud'
|
DESC 'Quota for Nextcloud'
|
||||||
EQUALITY caseIgnoreMatch
|
EQUALITY integerMatch
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
|
ORDERING integerOrderingMatch
|
||||||
olcObjectClasses: ( 1.3.6.1.4.1.99999.2 NAME 'nextcloudUser'
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||||||
|
SINGLE-VALUE
|
||||||
|
)
|
||||||
|
olcObjectClasses: ( 1.3.6.1.4.1.99999.2
|
||||||
|
NAME 'nextcloudUser'
|
||||||
DESC 'Auxiliary class for Nextcloud attributes'
|
DESC 'Auxiliary class for Nextcloud attributes'
|
||||||
AUXILIARY
|
AUXILIARY
|
||||||
MAY ( nextcloudQuota ) )
|
MAY ( nextcloudQuota )
|
||||||
|
)
|
||||||
|
|||||||
@ -9,7 +9,7 @@ services:
|
|||||||
container_name: {{nextcloud_application_container_name}}
|
container_name: {{nextcloud_application_container_name}}
|
||||||
volumes:
|
volumes:
|
||||||
- data:{{nextcloud_docker_path}}
|
- data:{{nextcloud_docker_path}}
|
||||||
{% if applications[application_id].oidc.flavor == "login" %}
|
{% if applications[application_id].oidc.flavor == "oidc_login" %}
|
||||||
- {{nextcloud_host_oidc_login_path}}:{{nextcloud_docker_oidc_login_config_path}}:ro
|
- {{nextcloud_host_oidc_login_path}}:{{nextcloud_docker_oidc_login_config_path}}:ro
|
||||||
{% endif %}
|
{% endif %}
|
||||||
healthcheck:
|
healthcheck:
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user