From 9badb0af5a75c8985e240e4e3a09790eca298f79 Mon Sep 17 00:00:00 2001
From: Felix Bartels <1257835+fbartels@users.noreply.github.com>
Date: Wed, 11 Dec 2019 11:36:23 +0100
Subject: [PATCH] Add ldap account manager as an "extra" (#276)

* add compose file
* add working configuration for ldap account manager
depends on https://github.com/LDAPAccountManager/lam/pull/76

Important note: the open source code of lam does not include the Kopano integration. So admins can generally manage users, but to add kopano attributes admins would need to switch to the ldap tree view.

* use :7.0.RC1 as this is the first image that supports automatic setup
---
 ldap-extras/ldap-account-manager.yml | 32 ++++++++++++++++++++++++++++
 web/kweb.cfg                         |  5 +++++
 2 files changed, 37 insertions(+)
 create mode 100644 ldap-extras/ldap-account-manager.yml

diff --git a/ldap-extras/ldap-account-manager.yml b/ldap-extras/ldap-account-manager.yml
new file mode 100644
index 0000000..58ebbd4
--- /dev/null
+++ b/ldap-extras/ldap-account-manager.yml
@@ -0,0 +1,32 @@
+# Depends on https://github.com/LDAPAccountManager/lam/pull/76
+version: "3.5"
+
+services:
+  ldap-account-manager:
+    image: ldapaccountmanager/lam:7.0.RC1 # newer releases may exist, this tag was the first one with the required changes
+    restart: unless-stopped
+    #ports:
+    #  - "8080:80"
+    depends_on:
+      - ldap
+      - web
+    volumes:
+      - lametc/:/etc/ldap-account-manager
+      - lamconfig/:/var/lib/ldap-account-manager/config
+      - lamsession/:/var/lib/ldap-account-manager/sess
+    environment:
+      - LAM_PASSWORD=${LDAP_ADMIN_PASSWORD}
+      - LAM_LANG=en_US
+      - LAM_TIMEZONE=Europe/Berlin
+      - LDAP_SERVER=${LDAP_SERVER}
+      - LDAP_DOMAIN=${LDAP_DOMAIN}
+      - LDAP_BASE_DN=${LDAP_BASE_DN}
+      - ADMIN_USER=cn=admin,${LDAP_BASE_DN}
+      #- DEBUG=true
+    networks:
+      - ldap-net
+      - web-net
+volumes:
+  lametc:
+  lamconfig:
+  lamsession:
diff --git a/web/kweb.cfg b/web/kweb.cfg
index 5212e29..b74fafb 100644
--- a/web/kweb.cfg
+++ b/web/kweb.cfg
@@ -198,6 +198,11 @@
 		/.well-known/caldav  /kdav/
 	}
 
+	proxy /lam/ ldap-account-manager:80 {
+		transparent
+	}
+	redir /lam /lam/
+
 	proxy /ldap-admin/ ldap-admin:80 {
 		without /ldap-admin
 		transparent