Add separate ldap dc to env.sh #70

Jean28518 · Mar 13, 2024 · f80cd8b · f80cd8b
1 parent c43629d
commit f80cd8b
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 25 deletions.
diff --git a/docs/modules/addons.rst b/docs/modules/addons.rst
@@ -82,6 +82,7 @@ It is automatically executed as root. Three variables are passed to the script:
 - $DOMAIN: The domain name of the service example: ``int.de``
 - $ADMIN_PASSWORD: The password of the administrator which is used for the ldap instance or the system user "systemv" which has also admin rights with sudo
 - $IP: The IP address of the server
+- $LDAP_DC: The domain component of the ldap instance
 
 It is a good practice to store the config of the service in the ``/root/[NAME]`` directory, for example the docker-compose.yml file. 
 The addon detection is based on the existence of this folder. Also it will be easier for system administrators to find the config of the service in the future.
@@ -95,7 +96,7 @@ An example of setup_nocodb.sh would be:
 .. code-block:: bash
 
   #!/bin/bash
-  # This script gets three variables passed: $DOMAIN, $ADMIN_PASSWORD and $IP
+  # This script gets three variables passed: $DOMAIN, $ADMIN_PASSWORD, $IP, $LDAP_DC
   mkdir -p /root/nocodb
   # Dont forget to escape " with a backslash:
   echo "version: \"2.1\"
@@ -182,7 +183,7 @@ An example of remove_nocodb.sh would be:
 .. code-block:: bash
 
     #!/bin/bash
-    # This script gets three variables passed: $DOMAIN, $ADMIN_PASSWORD and $IP
+    # This script gets three variables passed: $DOMAIN, $ADMIN_PASSWORD, $IP, $LDAP_DC
     docker-compose -f /root/nocodb/docker-compose.yml down --volumes
     rm -rf /root/nocodb
     # Remove the entry from the Caddyfile

diff --git a/docs/setup/installation.rst b/docs/setup/installation.rst
@@ -122,4 +122,5 @@ The following variables are mandatory to be set. An example would be:
 
     export IP="1.2.3.4"
     export ADMIN_PASSWORD="AdminPasswordOfTheLDAPDomainOtherwiseSetItToAnEmptyString"
-    export DOMAIN="int.de"
+    export DOMAIN="int.de"
+    export LDAP_DC="dc=int,dc=de" # Keep it empty if you don't use LDAP
diff --git a/src/lac/unix/unix_scripts/general/setup_rest_of_linux_arbeitsplatz.sh b/src/lac/unix/unix_scripts/general/setup_rest_of_linux_arbeitsplatz.sh
@@ -2,10 +2,8 @@
 # DOMAIN
 # ADMIN_PASSWORD
 # IP
+# LDAP_DC
 
-# Thrd Level:                                       # subdomain
-SCND_DOMAIN_LABEL=`echo $DOMAIN | cut -d'.' -f1`    # int
-FRST_DOMAIN_LABEL=`echo $DOMAIN | cut -d'.' -f2`    # de
 
 DEBIAN_FRONTEND=noninteractive
 
@@ -59,12 +57,12 @@ sed -i "/AUTH_LDAP/d" /usr/share/linux-arbeitsplatz/cfg
 
 # Add the Samba AD settings to the cfg file
 echo "export AUTH_LDAP_SERVER_URI=\"ldaps://la.$DOMAIN\"" >>/usr/share/linux-arbeitsplatz/cfg
-echo "export AUTH_LDAP_DC=\"dc=$SCND_DOMAIN_LABEL,dc=$FRST_DOMAIN_LABEL\"" >>/usr/share/linux-arbeitsplatz/cfg
-echo "export AUTH_LDAP_BIND_DN=\"cn=Administrator,cn=users,dc=$SCND_DOMAIN_LABEL,dc=$FRST_DOMAIN_LABEL\"" >>/usr/share/linux-arbeitsplatz/cfg
+echo "export AUTH_LDAP_DC=\"$LDAP_DC\"" >>/usr/share/linux-arbeitsplatz/cfg
+echo "export AUTH_LDAP_BIND_DN=\"cn=Administrator,cn=users,$LDAP_DC\"" >>/usr/share/linux-arbeitsplatz/cfg
 echo "export AUTH_LDAP_BIND_PASSWORD=\"$ADMIN_PASSWORD\"" >>/usr/share/linux-arbeitsplatz/cfg
-echo "export AUTH_LDAP_USER_DN_TEMPLATE=\"cn=%(user)s,cn=users,dc=$SCND_DOMAIN_LABEL,dc=$FRST_DOMAIN_LABEL\"" >>/usr/share/linux-arbeitsplatz/cfg
-echo "export AUTH_LDAP_GROUP_SEARCH_BASE=\"cn=Groups,dc=$SCND_DOMAIN_LABEL,dc=$FRST_DOMAIN_LABEL\"" >>/usr/share/linux-arbeitsplatz/cfg
-echo "export AUTH_LDAP_GROUP_ADMIN_DN=\"CN=Administrators,CN=Builtin,DC=$SCND_DOMAIN_LABEL,DC=$FRST_DOMAIN_LABEL\"" >>/usr/share/linux-arbeitsplatz/cfg
+echo "export AUTH_LDAP_USER_DN_TEMPLATE=\"cn=%(user)s,cn=users,$LDAP_DC\"" >>/usr/share/linux-arbeitsplatz/cfg
+echo "export AUTH_LDAP_GROUP_SEARCH_BASE=\"cn=Groups,$LDAP_DC\"" >>/usr/share/linux-arbeitsplatz/cfg
+echo "export AUTH_LDAP_GROUP_ADMIN_DN=\"CN=Administrators,CN=Builtin,$LDAP_DC\"" >>/usr/share/linux-arbeitsplatz/cfg
 
 # Enable the unix service
 /usr/bin/systemctl enable linux-arbeitsplatz-unix.service

diff --git a/src/lac/unix/unix_scripts/matrix/setup_matrix.sh b/src/lac/unix/unix_scripts/matrix/setup_matrix.sh
@@ -3,10 +3,7 @@
 # DOMAIN
 # IP
 # ADMIN_PASSWORD
-
-SCND_DOMAIN_LABEL=`echo $DOMAIN | cut -d'.' -f1`
-FRST_DOMAIN_LABEL=`echo $DOMAIN | cut -d'.' -f2`
-DC_DC="dc=$SCND_DOMAIN_LABEL,dc=$FRST_DOMAIN_LABEL"
+# LDAP_DC
 
 # Install matrix
 mkdir /root/matrix
@@ -23,12 +20,12 @@ modules:
      enabled: true
      uri: \"ldaps://$IP:636\"
      start_tls: false
-     base: \"dc=$SCND_DOMAIN_LABEL,dc=$FRST_DOMAIN_LABEL\"
+     base: \"$LDAP_DC\"
      attributes:
         uid: \"cn\"
         mail: \"mail\"
         name: \"displayName\"
-     bind_dn: \"cn=Administrator,cn=users,dc=$SCND_DOMAIN_LABEL,dc=$FRST_DOMAIN_LABEL\"
+     bind_dn: \"cn=Administrator,cn=users,$LDAP_DC\"
      bind_password: \"$ADMIN_PASSWORD\"
      #filter: \"(objectClass=posixAccount)\"
      tls_options:

diff --git a/src/lac/unix/unix_scripts/nextcloud/setup_nextcloud.sh b/src/lac/unix/unix_scripts/nextcloud/setup_nextcloud.sh
@@ -3,10 +3,7 @@
 # DOMAIN
 # IP
 # ADMIN_PASSWORD
-
-SCND_DOMAIN_LABEL=`echo $DOMAIN | cut -d'.' -f1`
-FRST_DOMAIN_LABEL=`echo $DOMAIN | cut -d'.' -f2`
-DC_DC="dc=$SCND_DOMAIN_LABEL,dc=$FRST_DOMAIN_LABEL"
+# LDAP_DC
 
 
 ## Setup Nextcloud #########################################
@@ -121,10 +118,10 @@ sudo -u www-data php /var/www/nextcloud/occ app:enable user_ldap
 sudo -u www-data php /var/www/nextcloud/occ ldap:create-empty-config
 sudo -u www-data php /var/www/nextcloud/occ ldap:set-config s01 ldapHost ldaps://la.$DOMAIN
 sudo -u www-data php /var/www/nextcloud/occ ldap:set-config s01 ldapPort 636
-sudo -u www-data php /var/www/nextcloud/occ ldap:set-config s01 ldapBase "dc=$SCND_DOMAIN_LABEL,dc=$FRST_DOMAIN_LABEL"
-sudo -u www-data php /var/www/nextcloud/occ ldap:set-config s01 ldapBaseGroups "cn=users,dc=$SCND_DOMAIN_LABEL,dc=$FRST_DOMAIN_LABEL"
-sudo -u www-data php /var/www/nextcloud/occ ldap:set-config s01 ldapBaseUsers "cn=users,dc=$SCND_DOMAIN_LABEL,dc=$FRST_DOMAIN_LABEL"
-sudo -u www-data php /var/www/nextcloud/occ ldap:set-config s01 ldapAgentName "cn=Administrator,cn=users,dc=$SCND_DOMAIN_LABEL,dc=$FRST_DOMAIN_LABEL"
+sudo -u www-data php /var/www/nextcloud/occ ldap:set-config s01 ldapBase "$LDAP_DC"
+sudo -u www-data php /var/www/nextcloud/occ ldap:set-config s01 ldapBaseGroups "cn=users,$LDAP_DC"
+sudo -u www-data php /var/www/nextcloud/occ ldap:set-config s01 ldapBaseUsers "cn=users,$LDAP_DC"
+sudo -u www-data php /var/www/nextcloud/occ ldap:set-config s01 ldapAgentName "cn=Administrator,cn=users,$LDAP_DC"
 sudo -u www-data php /var/www/nextcloud/occ ldap:set-config s01 ldapAgentPassword "$ADMIN_PASSWORD"
 # Disable the ssl certificate validation
 sudo -u www-data php /var/www/nextcloud/occ ldap:set-config s01 turnOffCertCheck 1

diff --git a/src/lac/welcome/views.py b/src/lac/welcome/views.py
@@ -79,11 +79,15 @@ def installation_running(request):
     os.environ["MATRIX"] = request.session["matrix"]
     os.environ["JITSI"] = request.session["jitsi"]
 
+    domain = os.environ["DOMAIN"]
+    os.environ["LDAP_DC"] = "dc=" + domain.split(".")[-2] + ",dc=" + domain.split(".")[-1]
+
     # Create env.sh file
     with open("/usr/share/linux-arbeitsplatz/unix/unix_scripts/env.sh", "w") as f:
         f.write(f"export DOMAIN={os.environ['DOMAIN']}\n")
         f.write(f"export IP={os.environ['IP']}\n")
         f.write(f"export ADMIN_PASSWORD={os.environ['ADMIN_PASSWORD']}\n")
+        f.write(f"export LDAP_DC={os.environ['LDAP_DC']}\n")
 
     # Run installation script
     # if file /usr/share/linux-arbeitsplatz/unix/unix_scripts/general/installation_running exists