Deactivated OpenProject LDAP Administrator Flag

2025-10-10 10:48:10 +02:00 · 2025-09-25 11:10:46 +02:00
parent ca52dcda43
commit 189aaaa9ec
2 changed files with 11 additions and 13 deletions
--- a/roles/web-app-openproject/config/main.yml
+++ b/roles/web-app-openproject/config/main.yml
@@ -8,7 +8,7 @@ oauth2_proxy:
      - "/oauth/token"        # Necessary for Nextcloud Plugin to work
 ldap:
  filters:
-    administrators:   True    # Set true to filter administrators
+    administrators:   False   # Set true to filter administrators
    users:            False   # Set true to filter users
 features:
  matomo:             true
@@ -37,9 +37,9 @@ docker:
    database:
      enabled: true
    web:
-      name:     openproject-web
-      image:    openproject/community
-      version:  "13"    # Update when available. No rolling release implemented
+      name:               openproject-web
+      image:              openproject/community
+      version:            "13"    # Update when available. No rolling release implemented
      backup:
        no_stop_required: true
      cpus:               "1.0"
@@ -47,7 +47,7 @@ docker:
      mem_limit:          "2g"
      pids_limit:         512
    seeder:
-      name:     openproject-seeder
+      name:               openproject-seeder
      cpus:               "0.3"
      mem_reservation:    "256m"
      mem_limit:          "512m"
@@ -80,6 +80,4 @@ docker:
      pids_limit:         256
    
  volumes:
-    data: "openproject_data"
-
-
+    data:                 "openproject_data"
--- a/roles/web-app-openproject/vars/main.yml
+++ b/roles/web-app-openproject/vars/main.yml
@@ -56,10 +56,10 @@ OPENPROJECT_RAILS_SETTINGS:
  smtp_ssl:                   false

 ## LDAP
-OPENPROJECT_LDAP_ENABLED:     "{{ applications | get_app_conf(application_id, 'features.ldap') }}"
+OPENPROJECT_LDAP_ENABLED:                       "{{ applications | get_app_conf(application_id, 'features.ldap') }}"
+OPENPROJECT_LDAP_FILTER_ADMINISTRATORS_ENABLED: "{{ applications | get_app_conf(application_id, 'ldap.filters.administrators') }}"
+OPENPROJECT_LDAP_FILTER_USERS_ENABLED:          "{{ applications | get_app_conf(application_id, 'ldap.filters.users') }}"
 OPENPROJECT_LDAP_FILTERS:
  # The administrator filter just works in the Enterprise edition
-  ADMINISTRATORS: "{{ '(memberOf=cn=openproject-admins,' ~ LDAP.DN.OU.ROLES ~ ')' 
-       if applications | get_app_conf(application_id, 'ldap.filters.administrators') else '' }}"
-  USERS: "{{ '(memberOf=cn=openproject-users,' ~ LDAP.DN.OU.ROLES ~ ')' 
-       if applications | get_app_conf(application_id, 'ldap.filters.users') else '' }}"
+  ADMINISTRATORS: "{{ '(memberOf=cn=openproject-admins,' ~ LDAP.DN.OU.ROLES ~ ')' if OPENPROJECT_LDAP_FILTER_ADMINISTRATORS_ENABLED else '' }}"
+  USERS: "{{ '(memberOf=cn=openproject-users,' ~ LDAP.DN.OU.ROLES ~ ')' if OPENPROJECT_LDAP_FILTER_USERS_ENABLED else '' }}"