kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-24 11:06:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added LDAP draft for Open WebUI - Deactivated just PoC, because OIDC is anyhow prefered

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-09-22 20:02:36 +02:00
parent cbc4dad1d1
commit 002f45d1df
3 changed files with 39 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
roles/web-app-openwebui/config/main.yml
View File

@@ -7,6 +7,7 @@ features:
javascript: false javascript: false
local_ai: true local_ai: true
oidc: true oidc: true
ldap: false # default deactivated because OIDC is sufficient
server: server:
domains: domains:
canonical: canonical:

36
roles/web-app-openwebui/templates/env.j2
View File

@@ -47,3 +47,39 @@ OAUTH_SCOPES=openid email profile
# ENABLE_OAUTH_GROUP_CREATION=false # ENABLE_OAUTH_GROUP_CREATION=false
# OAUTH_GROUP_CLAIM={{ RBAC.GROUP.CLAIM }} # OAUTH_GROUP_CLAIM={{ RBAC.GROUP.CLAIM }}
{% endif %} {% endif %}
{% if OPENWEBUI_LDAP_ENABLED %}
# =========================
# LDAP Authentication
# =========================
# Enable LDAP login in parallel to OIDC (both can coexist)
ENABLE_LDAP=true
# --- Server Settings ---
# Label shown in the UI (optional)
LDAP_SERVER_LABEL=OpenLDAP
# Hostname/IP and port from your global LDAP settings
LDAP_SERVER_HOST={{ LDAP.SERVER.DOMAIN }}
LDAP_SERVER_PORT={{ LDAP.SERVER.PORT }}
# TLS: set to true for StartTLS or LDAPS (maps from your SECURITY setting)
# SECURITY can be "", "TLS" or "SSL" in your mapping; treat TLS/SSL as true
LDAP_USE_TLS={{ ('true' if (LDAP.SERVER.SECURITY | upper) in ['TLS','SSL'] else 'false') }}
# Certificate validation (set to true if you use a proper CA; false for self-signed/dev)
LDAP_VALIDATE_CERT={{ ('true' if (LDAP.SERVER.SECURITY | upper) in ['TLS','SSL'] else 'false') }}
# --- Bind Credentials (app/service account) ---
LDAP_APP_DN={{ LDAP.DN.ADMINISTRATOR.DATA }}
LDAP_APP_PASSWORD={{ LDAP.BIND_CREDENTIAL }}
# --- User Schema / Search ---
# Base DN for user search
LDAP_SEARCH_BASE={{ LDAP.DN.ROOT }}
# Attribute used as login name (uid / sAMAccountName / mail, etc.)
LDAP_ATTRIBUTE_FOR_USERNAME={{ LDAP.USER.ATTRIBUTES.ID }}
# Attribute for email address
LDAP_ATTRIBUTE_FOR_MAIL={{ LDAP.USER.ATTRIBUTES.MAIL }}
# Search filter with placeholder for username
LDAP_SEARCH_FILTER=({{ LDAP.USER.ATTRIBUTES.ID }}=%(user)s)
{% endif %}

1
roles/web-app-openwebui/vars/main.yml
View File

@@ -16,3 +16,4 @@ OPENWEBUI_HF_HUB_OFFLINE: "{{ applications | get_app_conf(applicatio
OPENWEBUI_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.openwebui') }}" OPENWEBUI_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.openwebui') }}"
OPENWEBUI_PORT_PUBLIC: "{{ ports.localhost.http[application_id] }}" OPENWEBUI_PORT_PUBLIC: "{{ ports.localhost.http[application_id] }}"
OPENWEBUI_OIDC_ENABLED: "{{ applications | get_app_conf(application_id, 'features.oidc') }}" OPENWEBUI_OIDC_ENABLED: "{{ applications | get_app_conf(application_id, 'features.oidc') }}"
OPENWEBUI_LDAP_ENABLED: "{{ applications | get_app_conf(application_id, 'features.ldap') }}"