Set LDAP uid variable

2025-08-29 15:06:26 +02:00 · 2025-02-26 10:42:25 +01:00
parent 545af78e60
commit 22ce80cd23
7 changed files with 37 additions and 26 deletions
--- a/roles/docker-bigbluebutton/templates/env.j2
+++ b/roles/docker-bigbluebutton/templates/env.j2
@@ -161,6 +161,7 @@ OFFICE365_HD=
 # It is useful for cases when Greenlight is deployed behind a Network Load Balancer or proxy
 OAUTH2_REDIRECT=

+{% if applications[application_id].ldap.enabled | bool %}
 # LDAP Login Provider (optional)
 #
 # You can enable LDAP authentication by providing values for the variables below.
@@ -172,23 +173,25 @@ OAUTH2_REDIRECT=
 #   LDAP_SERVER=ldap.example.com
 #   LDAP_PORT=389
 #   LDAP_METHOD=plain
-#   LDAP_UID=uid
+#   LDAP_UID={{ldap.attributes.user_id}}
 #   LDAP_BASE=dc=example,dc=com
 #   LDAP_AUTH=simple
 #   LDAP_BIND_DN=cn=admin,dc=example,dc=com
 #   LDAP_PASSWORD=password
 #   LDAP_ROLE_FIELD=ou
 #   LDAP_FILTER=(&(attr1=value1)(attr2=value2))
-LDAP_SERVER=
-LDAP_PORT=
+LDAP_SERVER="{{ldap.server.domain}}"
+LDAP_PORT="{{ldap.server.port}}"
 LDAP_METHOD=
-LDAP_UID=
-LDAP_BASE=
-LDAP_BIND_DN=
-LDAP_AUTH=
-LDAP_PASSWORD=
+LDAP_UID={{ldap.attributes.user_id}}
+LDAP_BASE="{{ldap.dn.root}}"
+LDAP_BIND_DN="{{ldap.dn.administrator}}"
+LDAP_AUTH=password
+LDAP_PASSWORD="{{ldap.bind_credential}}"
 LDAP_ROLE_FIELD=
 LDAP_FILTER=
+{% endif %}
+
 # ====================================
 # GREENLIGHT CONFIGURATION
 # ====================================
--- a/roles/docker-keycloak/templates/import/realm.json.j2
+++ b/roles/docker-keycloak/templates/import/realm.json.j2
@@ -1923,7 +1923,7 @@
              "subComponents": {},
              "config": {
                "ldap.attribute": [
-                  "uid"
+                  "{{ldap.attributes.user_id}}"
                ],
                "is.mandatory.in.ldap": [
                  "true"
@@ -2008,7 +2008,7 @@
            "-1"
          ],
          "usernameLDAPAttribute": [
-            "uid"
+            "{{ldap.attributes.user_id}}"
          ],
          "bindDn": [
            "{{ldap.dn.administrator}}"
@@ -2020,7 +2020,7 @@
            "other"
          ],
          "uuidLDAPAttribute": [
-            "uid"
+            "{{ldap.attributes.user_id}}"
          ],
          "allowKerberosAuthentication": [
            "false"
@@ -2053,7 +2053,7 @@
            "person, inetOrgPerson, nextcloudUser"
          ],
          "rdnLDAPAttribute": [
-            "uid"
+            "{{ldap.attributes.user_id}}"
          ],
          "editMode": [
            "WRITABLE"
--- a/roles/docker-ldap/templates/ldif/data/02_users.ldif.j2
+++ b/roles/docker-ldap/templates/ldif/data/02_users.ldif.j2
@@ -9,11 +9,11 @@ description: Container for application access profiles
 #######################################################################
 # Create Admin User
 #######################################################################
-dn: uid={{users.administrator.username}},{{ldap.dn.users}}
+dn: {{ldap.attributes.user_id}}={{users.administrator.username}},{{ldap.dn.users}}
 objectClass: top
 objectClass: inetOrgPerson
 objectClass: posixAccount
-uid: {{users.administrator.username}}
+{{ldap.attributes.user_id}}: {{users.administrator.username}}
 sn: Administrator
 cn: Administrator
 userPassword: {SSHA}CHANGE_THIS_PASSWORD
@@ -31,11 +31,11 @@ gidNumber: {{users.administrator.gid}}
 dn: cn={{ app }}-administrator,{{ ldap.dn.application_roles }}
 changetype: modify
 add: roleOccupant
-roleOccupant: uid={{users.administrator.username}},{{ldap.dn.users}}
+roleOccupant: {{ldap.attributes.user_id}}={{users.administrator.username}},{{ldap.dn.users}}

 dn: cn={{ app }}-user,{{ ldap.dn.application_roles }}
 changetype: modify
 add: roleOccupant
-roleOccupant: uid={{users.administrator.username}},{{ldap.dn.users}}
+roleOccupant: {{ldap.attributes.user_id}}={{users.administrator.username}},{{ldap.dn.users}}

 {% endfor %}
--- a/roles/docker-nextcloud/templates/oidc.config.php.j2
+++ b/roles/docker-nextcloud/templates/oidc.config.php.j2
@@ -98,9 +98,9 @@ return array (
        'mail' => 'email',
        # 'quota' => 'nextcloudQuota',  # Not implemented yet
        # 'home' => 'homeDirectory',    # Not implemented yet
-        'ldap_uid' => 'uid',
+        'ldap_uid' => '{{ldap.attributes.user_id}}',
        # 'groups' => 'ownCloudGroups', # Not implemented yet
-        'login_filter' => 'realm_access_roles',
+        # 'login_filter' => 'realm_access_roles',
    //    'photoURL' => 'picture',
    //    'is_admin' => 'ownCloudAdmin',
    ),
--- a/roles/docker-nextcloud/vars/ldap.yml
+++ b/roles/docker-nextcloud/vars/ldap.yml
@@ -107,7 +107,7 @@ nextcloud_ldap_configuration:
  -
    appid: "user_ldap"
    configkey: "s01ldap_login_filter"
-    configvalue: "(&(|(objectclass=inetOrgPerson))(uid=%uid))"
+    configvalue: "(&(|(objectclass=inetOrgPerson))({{ldap.attributes.user_id}}=%{{ldap.attributes.user_id}}))"
  -
    appid: "user_ldap"
    configkey: "s01ldap_login_filter_mode"
@@ -175,4 +175,4 @@ nextcloud_ldap_configuration:
  -
    appid: "user_ldap"
    configkey: "s01ldap_expert_username_attr"
-    configvalue: "uid"
+    configvalue: "{{ldap.attributes.user_id}}"