Refactored ldap implementation for ssh keys

2025-09-06 02:11:42 +02:00 · 2025-06-27 16:41:10 +02:00
parent bb73e948d3
commit 40edaa52ad
22 changed files with 167 additions and 67 deletions
--- a/roles/docker-openproject/vars/ldap.yml
+++ b/roles/docker-openproject/vars/ldap.yml
@@ -2,13 +2,13 @@ openproject_ldap:
  name:                   "{{ primary_domain }}"                     # Display name for the LDAP connection in OpenProject
  host:                   "{{ ldap.server.domain }}"                 # LDAP server address
  port:                   "{{ ldap.server.port }}"                   # LDAP server port (typically 389 or 636)
-  account:                "{{ ldap.dn.administrator }}"              # Bind DN (used for authentication)
+  account:                "{{ ldap.dn.administrator.data }}"         # Bind DN (used for authentication)
  account_password:       "{{ ldap.bind_credential }}"               # Bind password
  base_dn:                "{{ ldap.dn.users }}"                      # Base DN for user search
  attr_login:             "{{ ldap.attributes.user_id }}"            # LDAP attribute used for login
  attr_firstname:         "givenName"                                # LDAP attribute for first name
-  attr_lastname:          "sn"                                       # LDAP attribute for last name
-  attr_mail:              "mail"                                     # LDAP attribute for email
+  attr_lastname:          "{{ ldap.attributes.lastname }}"           # LDAP attribute for last name
+  attr_mail:              "{{ ldap.attributes.mail }}"               # LDAP attribute for email
  attr_admin:             "{{ openproject_filters.administrators }}" # Optional: LDAP attribute for admin group (leave empty if unused)
  onthefly_register:      true                                       # Automatically create users on first login
  tls_mode:               0                                          # 0 = No TLS, 1 = TLS, 2 = STARTTLS