Optimized LDAP integration, keycloak realm import and health checks for docker images

2025-08-29 15:06:26 +02:00 · 2025-02-18 21:00:14 +01:00
parent e87c3e2090
commit 0f44e65bf1
26 changed files with 111 additions and 63 deletions
--- a/roles/docker-ldap/handlers/main.yml
+++ b/roles/docker-ldap/handlers/main.yml
@@ -19,7 +19,7 @@

 - name: "Import Access Roles to OpenLDAP"
  shell: >
-    docker exec -i openldap ldapadd -x -D "{{ldap.dn.bind}}" -w "{{ldap.dn.bind_credential}}" -c -f "{{ldif_docker_path}}04_access_profiles.ldif"
+    docker exec -i openldap ldapadd -x -D "{{ldap.dn.bind}}" -w "{{ldap.bind_credential}}" -c -f "{{ldif_docker_path}}04_access_profiles.ldif"
  register: ldapadd_result
  changed_when: "'adding new entry' in ldapadd_result.stdout"
  # Allow return code 0 (all entries added) or 68 (entry already exists)
--- a/roles/docker-ldap/templates/docker-compose.yml.j2
+++ b/roles/docker-ldap/templates/docker-compose.yml.j2
@@ -34,7 +34,7 @@ services:
      - '{{ldif_host_path}}:{{ldif_docker_path}}:ro'                      # Mounting all ldif files for import
    healthcheck:
      test: >
-        ldapsearch -x -H ldap://localhost:{{ldap_docker_port}} -b "{{ldap.dn.root}}" -D "{{ldap.dn.bind}}" -w "{{ldap.dn.bind_credential}}"
+        ldapsearch -x -H ldap://localhost:{{ldap_docker_port}} -b "{{ldap.dn.root}}" -D "{{ldap.dn.bind}}" -w "{{ldap.bind_credential}}"
      interval: 30s
      timeout: 10s
      retries: 3
--- a/roles/docker-ldap/templates/lam.env.j2
+++ b/roles/docker-ldap/templates/lam.env.j2
@@ -10,4 +10,4 @@ LAM_CONFIGURATION_DATABASE= files
 LDAP_SERVER=                {{ldap.server.domain}}                                  # domain of LDAP database root entry
 LDAP_BASE_DN=               {{ldap.dn.root}}                                        # LDAP base DN to overwrite value generated by LDAP_DOMAIN
 LDAP_USER=                  {{ldap.dn.bind}}                                        # LDAP admin user (set as login user for LAM)
-LDAP_ADMIN_PASSWORD=        {{ldap.dn.bind_credential}}                             # LDAP admin password
+LDAP_ADMIN_PASSWORD=        {{ldap.bind_credential}}                             # LDAP admin password
--- a/roles/docker-ldap/vars/main.yml
+++ b/roles/docker-ldap/vars/main.yml
@@ -1,7 +1,6 @@
 application_id:       "ldap"
 ldaps_docker_port:    636
 ldap_docker_port:     389
-ldap_enabled:         True

 # OAuth2 Proxy Configuration
 oauth2_proxy_upstream_application_and_port: "{{ applications.ldap.webinterface }}:{% if applications.ldap.webinterface == 'phpldapadmin' %}8080{% else %}80{% endif %}"