kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-31 02:10:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implemented OAuth2-Proxy for LDAP

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-01-26 22:16:58 +01:00
parent b742ffd476
commit 54cac88d26
7 changed files with 35 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
roles/docker-ldap/templates/docker-compose.yml.j2
View File

@@ -1,11 +1,14 @@
services:
{% if ldap_webinterface == 'lam' %}
lam:
image: ghcr.io/ldapaccountmanager/lam:{{ldap_lam_version}} # Dies ist das Docker-Image für LAM
container_name: lam
{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
{{ldap_webinterface}}:
container_name: {{ldap_webinterface}}
logging:
driver: journald
restart: {{docker_restart_policy}}
{% if ldap_webinterface == 'lam' %}
image: ghcr.io/ldapaccountmanager/lam:{{ldap_lam_version}} # Dies ist das Docker-Image für LAM
ports:
- 127.0.0.1:{{http_port}}:80
environment: # See all variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
@@ -23,12 +26,7 @@ services:
LDAP_USER: {{ldap_admin_dn}} # LDAP admin user (set as login user for LAM)
LDAP_ADMIN_PASSWORD: {{ldap_administrator_database_password}} # LDAP admin password
{% elif ldap_webinterface == 'phpldapadmin' %}
phpldapadmin:
name: phpldapadmin
image: leenooks/phpldapadmin:{{ldap_phpldapadmin_version}}
logging:
driver: journald
restart: {{docker_restart_policy}}
ports:
- 127.0.0.1:{{http_port}}:8080
environment:
@@ -38,7 +36,7 @@ services:
{% endif %}
openldap:
image: bitnami/openldap:{{ldap_openldap_version}}
name: openldap
container_name: openldap
logging:
driver: journald
restart: {{docker_restart_policy}}

6
roles/docker-ldap/vars/main.yml
View File

@@ -3,4 +3,8 @@ ldap_root: "dc={{primary_domain_sld}},dc={{primary_domain_tld
ldap_admin_dn: "cn={{ldap_administrator_username}},{{ldap_root}}"
ldap_secure_localhost_port: 1636
ldap_secure_internet_port: 636
ldap_localhost_port: 389
ldap_localhost_port: 389
# OAuth2 Proxy Configuration
oauth2_proxy_upstream_application_and_port: "{{ ldap_webinterface }}:{% if ldap_webinterface == 'phpldapadmin' %}8080{% else %}{{ ldap_webinterface }}80{% endif %}"
oauth2_proxy_active: true

4
roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
View File

@@ -8,12 +8,12 @@ whitelist_domains = [".{{primary_domain}}"]
# keycloak provider
client_secret = "{{oauth2_proxy_client_secret}}"
client_id = "{{domain}}"
client_id = "{{oauth2_proxy_client_id}}"
redirect_url = "https://{{domain}}/oauth2/callback"
oidc_issuer_url = "https://{{domain_keycloak}}/realms/{{primary_domain}}"
provider = "oidc"
provider_display_name = "Keycloak"
# role restrictions
cookie_roles = "realm_access.roles"
#cookie_roles = "realm_access.roles"
allowed_roles = "{{oauth2_proxy_allowed_roles}}"

3
roles/docker-openproject/vars/main.yml
View File

@@ -11,4 +11,5 @@ dummy_volume: "{{repository_directory}}dummy_vol
oauth2_proxy_client_secret: "{{openproject_oauth2_proxy_client_secret}}"
oauth2_proxy_cookie_secret: "{{openproject_oauth2_proxy_cookie_secret}}"
oauth2_proxy_upstream_application_and_port: "proxy:80"
oauth2_proxy_active: true
oauth2_proxy_active: true
oauth2_proxy_client_id: "{{domain}}"

8
roles/docker-phpmyadmin/vars/main.yml
View File

@@ -2,7 +2,7 @@ docker_compose_project_name: "phpmyadmin"
database_type: "mariadb"
database_host: "{{ 'central-' + database_type if enable_central_database}}"
# OAuth2 Proxy Configuration
oauth2_proxy_client_secret: "{{phpmyadmin_oauth2_proxy_client_secret}}"
oauth2_proxy_cookie_secret: "{{phpmyadmin_oauth2_proxy_cookie_secret}}"
oauth2_proxy_upstream_application_and_port: "application:80"
oauth2_proxy_active: true
oauth2_proxy_client_secret: "{{phpmyadmin_oauth2_proxy_client_secret}}"
oauth2_proxy_cookie_secret: "{{phpmyadmin_oauth2_proxy_cookie_secret}}"
oauth2_proxy_active: true
oauth2_proxy_client_id: "{{domain}}"