Optimized Nextcloud for OIDC flavor login and adapted user administrator credentials

roles/docker-ldap/templates/ldif/data/01_application_roles.ldif.j2

@@ -0,0 +1,29 @@
+
+#######################################################################
+# Generic container for Application roles
+#######################################################################
+dn: {{ldap.dn.application_roles}}
+objectClass: organizationalUnit
+ou: roles
+description: Container for application access profiles
+
+{# 
+  This template generates two LDIF entries for each application in defaults_applications:
+  one for the administrator role and one for the standard user role.
+  Please adjust the base DN (dc=example,dc=com) and other attributes as necessary.
+#}
+
+{% for app, config in defaults_applications.items() %}
+dn: cn={{ app }}-administrator,{{ldap.dn.application_roles}}
+objectClass: top
+objectClass: organizationalRole
+cn: {{ app }}-administrator
+description: Administrator role for {{ app }} (automatically generated)
+
+dn: cn={{ app }}-user,{{ldap.dn.application_roles}}
+objectClass: top
+objectClass: organizationalRole
+cn: {{ app }}-user
+description: Standard user role for {{ app }} (automatically generated)
+
+{% endfor %}

roles/docker-ldap/templates/ldif/data/02_users.ldif.j2

@@ -0,0 +1,41 @@
+#######################################################################
+# Container for Application Roles (if not already created)
+#######################################################################
+dn: {{ ldap.dn.application_roles }}
+objectClass: organizationalUnit
+ou: roles
+description: Container for application access profiles
+
+#######################################################################
+# Create Admin User
+#######################################################################
+dn: uid={{users.administrator.username}},{{ldap.dn.users}}
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: posixAccount
+uid: {{users.administrator.username}}
+sn: Administrator
+cn: Administrator
+userPassword: {SSHA}CHANGE_THIS_PASSWORD
+loginShell: /bin/bash
+homeDirectory: /home/admin
+uidNumber: {{users.administrator.uid}}
+gidNumber: {{users.administrator.gid}}
+
+#######################################################################
+# Add Admin User to All Application Role Groups
+#######################################################################
+{# Loop over each application defined in defaults_applications #}
+{% for app, config in defaults_applications.items() %}
+
+dn: cn={{ app }}-administrator,{{ ldap.dn.application_roles }}
+changetype: modify
+add: roleOccupant
+roleOccupant: uid={{users.administrator.username}},{{ldap.dn.users}}
+
+dn: cn={{ app }}-user,{{ ldap.dn.application_roles }}
+changetype: modify
+add: roleOccupant
+roleOccupant: uid={{users.administrator.username}},{{ldap.dn.users}}
+
+{% endfor %}

roles/docker-ldap/templates/ldif/data/README.md

@@ -0,0 +1 @@
+This folder contains files which are importet via ldapadd without any specific logic