Refactored LDAP and Keycloak implementation and added RBAC based groups to Keycloak

2025-09-06 02:11:42 +02:00 · 2025-07-04 16:16:45 +02:00
parent ee0561db72
commit 06b864ad52
17 changed files with 206 additions and 84 deletions
--- a/roles/docker-gitea/vars/main.yml
+++ b/roles/docker-gitea/vars/main.yml
@@ -9,9 +9,9 @@ gitea_ldap_auth_args:
  - '--bind-password "{{ ldap.bind_credential }}"'
  - '--user-search-base "{{ ldap.dn.ou.users }}"'
  - '--user-filter  "(&(objectClass=inetOrgPerson)(uid=%s))"'
-  - '--username-attribute "{{ ldap.attributes.user_id }}"'
-  - '--firstname-attribute "{{ ldap.attributes.firstname }}"'
-  - '--surname-attribute "{{ ldap.attributes.surname }}"'
-  - '--email-attribute "{{ ldap.attributes.mail }}"'
-  - '--public-ssh-key-attribute "{{ ldap.attributes.ssh_public_key }}"'
+  - '--username-attribute "{{ ldap.user.attributes.id }}"'
+  - '--firstname-attribute "{{ ldap.user.attributes.firstname }}"'
+  - '--surname-attribute "{{ ldap.user.attributes.surname }}"'
+  - '--email-attribute "{{ ldap.user.attributes.mail }}"'
+  - '--public-ssh-key-attribute "{{ ldap.user.attributes.ssh_public_key }}"'
  - '--synchronize-users'