Set LDAP uid variable

2025-08-29 15:06:26 +02:00 · 2025-02-26 10:42:25 +01:00
parent 545af78e60
commit 22ce80cd23
7 changed files with 37 additions and 26 deletions
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@@ -36,11 +36,13 @@ defaults_applications:
  ## Big Blue Button
  bigbluebutton:
    enable_greenlight:    "true"
-    setup:                false                           # Set to true in inventory file for initial setup
+    setup:                false               # Set to true in inventory file for initial setup
    oidc:
-      enabled:               true                         # Activate OIDC
+      enabled:            true                # Activate OIDC
    database:
-      central_storage:                True
+      central_storage:    True
+    ldap:
+      enabled:            False                # @todo LDAP needs to get propper implemented and tested, just set values during refactoring

  ## Bluesky
  bluesky:
@@ -78,7 +80,7 @@ defaults_applications:
  funkwhale:
    version:              "1.4.0"
    ldap:
-      enabled:            True                # Enables LDAP by default
+      enabled:            True                # Enables LDAP by default @todo check implementation
    database:
      central_storage:    True

--- a/group_vars/all/11_iam.yml
+++ b/group_vars/all/11_iam.yml
@@ -29,7 +29,9 @@ defaults_oidc:
 #############################################

 # Helper Variables:
-_ldap_dn_base: "dc={{primary_domain_sld}},dc={{primary_domain_tld}}"
+# Keep in mind to mapp this variables if there is ever the possibility for the user to define them in the inventory
+_ldap_dn_base:      "dc={{primary_domain_sld}},dc={{primary_domain_tld}}"
+_ldap_server_port:  "{% if applications.ldap.openldap.network.local | bool %}{{ ports.localhost.ldap.openldap }}{% else %}{{ ports.localhost.ldaps.openldap }}{% endif %}"

 ldap:
  # Enables LDAP for all roles in play if true
@@ -46,11 +48,15 @@ ldap:
    groups:             "ou=groups,{{_ldap_dn_base}}"
    # Dn for all application roles of the users
    application_roles:  "ou=application_roles,{{_ldap_dn_base}}"
+  attributes:
+    # Attribut to identify the user
+    user_id:            "uid" 
  # Password to access dn.bind
  bind_credential:      "{{applications.ldap.administrator_database_password}}"
  server:
    domain:             "{{applications.ldap.openldap.hostname if applications.ldap.openldap.network.local | bool else domains.ldap}}" # Mapping for public or locale access
-    uri:                "{% if applications.ldap.openldap.network.local | bool %}ldap://{{ applications.ldap.openldap.hostname }}:{{ ports.localhost.ldap.openldap }}{% else %}ldaps://{{ domains.ldap }}:{{ ports.public.ldaps.openldap }}{% endif %}"
+    port:               "{{_ldap_server_port}}"
+    uri:                "{% if applications.ldap.openldap.network.local | bool %}ldap://{{ applications.ldap.openldap.hostname }}{% else %}ldaps://{{ domains.ldap }}{% endif %}:{{ _ldap_server_port }}"
  network:
    local:              "{{applications.ldap.openldap.network.local}}" # Uses the application configuration to define if local network should be available or not