kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-02 00:20:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added gid to applications to make them posix group ldap compatible

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-07-03 23:51:14 +02:00
parent a93e1520d4
commit 56b3f854c5
10 changed files with 141 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
roles/docker-ldap/templates/ldif/data/01_application_roles.ldif.j2
View File

@@ -1,34 +1,30 @@
{% for application_id, application_config in applications.items() %}
{# 1. Build up roles dict, defaulting to {} if rbac oder roles fehlt, then ensure administrator immer dabei ist #}
{% set base_roles = application_config.rbac.roles | default({}) %}
{% set roles = base_roles | combine({
'administrator': {
'description': 'Has full administrative access: manage themes, plugins, settings, and users'
}
})
{%- for application_id, application_config in applications.items() %}
{%- set base_roles = application_config.rbac.roles | default({}) %}
{%- set roles = base_roles | combine({
'administrator': {
'description': 'Has full administrative access: manage themes, plugins, settings, and users'
}
})
%}
{# 2. Emit role definitions #}
{% for role_name, role_conf in roles.items() %}
{%- for role_name, role_conf in roles.items() %}
dn: cn={{ application_id }}-{{ role_name }},{{ ldap.dn.ou.roles }}
objectClass: top
objectClass: organizationalRole
objectClass: posixGroup
gidNumber: {{ application_config['group_id'] }}
cn: {{ application_id }}-{{ role_name }}
description: {{ role_conf.description }}
{# 3. Assign only if user has that role #}
{% for username, user_config in users.items() %}
{% set user_roles = user_config.roles | default([]) %}
{% if role_name in user_roles %}
{%- for username, user_config in users.items() %}
{%- set user_roles = user_config.roles | default([]) %}
{%- if role_name in user_roles %}
dn: cn={{ application_id }}-{{ role_name }},{{ ldap.dn.ou.roles }}
changetype: modify
add: roleOccupant
roleOccupant: {{ ldap.attributes.user_id }}={{ username }},{{ ldap.dn.ou.users }}
{% endif %}
{% endfor %}
{% endfor %}
{% endfor %}
{%- endif %}
{%- endfor %}
{%- endfor %}
{%- endfor %}