Implemented OAuth2-Proxy for LDAP

2025-08-29 15:06:26 +02:00 · 2025-01-26 22:16:58 +01:00
parent b742ffd476
commit 54cac88d26
7 changed files with 35 additions and 28 deletions
--- a/roles/docker-ldap/templates/docker-compose.yml.j2
+++ b/roles/docker-ldap/templates/docker-compose.yml.j2
@@ -1,11 +1,14 @@
 services:
-{% if ldap_webinterface == 'lam' %}
-  lam:
-    image: ghcr.io/ldapaccountmanager/lam:{{ldap_lam_version}}  # Dies ist das Docker-Image für LAM
-    container_name: lam
+
+{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
+
+  {{ldap_webinterface}}:
+    container_name: {{ldap_webinterface}}
    logging:
      driver: journald
    restart: {{docker_restart_policy}}
+{% if ldap_webinterface == 'lam' %}
+    image: ghcr.io/ldapaccountmanager/lam:{{ldap_lam_version}}      # Dies ist das Docker-Image für LAM
    ports:
      - 127.0.0.1:{{http_port}}:80 
    environment:                                                    # See all variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env  
@@ -23,12 +26,7 @@ services:
      LDAP_USER:           {{ldap_admin_dn}}                         # LDAP admin user (set as login user for LAM)
      LDAP_ADMIN_PASSWORD: {{ldap_administrator_database_password}}  # LDAP admin password
 {% elif ldap_webinterface == 'phpldapadmin' %}
-  phpldapadmin:
-    name: phpldapadmin
    image: leenooks/phpldapadmin:{{ldap_phpldapadmin_version}}
-    logging:
-      driver: journald
-    restart: {{docker_restart_policy}}
    ports:
      - 127.0.0.1:{{http_port}}:8080
    environment:
@@ -38,7 +36,7 @@ services:
 {% endif %}
  openldap:
    image: bitnami/openldap:{{ldap_openldap_version}}
-    name: openldap
+    container_name: openldap
    logging:
      driver: journald
    restart: {{docker_restart_policy}}
--- a/roles/docker-ldap/vars/main.yml
+++ b/roles/docker-ldap/vars/main.yml
@@ -3,4 +3,8 @@ ldap_root:                    "dc={{primary_domain_sld}},dc={{primary_domain_tld
 ldap_admin_dn:                "cn={{ldap_administrator_username}},{{ldap_root}}"
 ldap_secure_localhost_port:   1636
 ldap_secure_internet_port:    636
-ldap_localhost_port:          389
+ldap_localhost_port:          389
+
+# OAuth2 Proxy Configuration
+oauth2_proxy_upstream_application_and_port: "{{ ldap_webinterface }}:{% if ldap_webinterface == 'phpldapadmin' %}8080{% else %}{{ ldap_webinterface }}80{% endif %}"
+oauth2_proxy_active:  true