Raw refactoring of roles

2025-08-29 15:06:26 +02:00 · 2025-05-09 17:47:33 +02:00
parent 82f442f40e
commit 5b47333955
177 changed files with 1483 additions and 1041 deletions
--- a/roles/docker-ldap/meta/schema.yml
+++ b/roles/docker-ldap/meta/schema.yml
@@ -0,0 +1,10 @@
+credentials:
+  administrator_password:
+    description: "Initial password for the LDAP administrator (e.g. cn=admin,dc=example,dc=com)"
+    algorithm: "sha256"
+    validation: "^[a-f0-9]{64}$"
+
+  administrator_database_password:
+    description: "Password used internally for the database-backed directory admin"
+    algorithm: "bcrypt"
+    validation: "^\\$2[aby]\\$.{56}$"
--- a/roles/docker-ldap/templates/env.j2
+++ b/roles/docker-ldap/templates/env.j2
@@ -3,8 +3,8 @@
      
 # GENERAL
 ## Database
-LDAP_ADMIN_USERNAME=        {{applications.ldap.users.administrator.username}}      # LDAP database admin user.
-LDAP_ADMIN_PASSWORD=        {{applications.ldap.administrator_database_password}}   # LDAP database admin password.
+LDAP_ADMIN_USERNAME=        {{applications[application_id].administrator.username}}      # LDAP database admin user.
+LDAP_ADMIN_PASSWORD=        {{applications[application_id].credentials.administrator_database_password}}   # LDAP database admin password.

 ## Users
 LDAP_USERS=                 ' '                             # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02
@@ -14,8 +14,8 @@ LDAP_ROOT=                  {{ldap.dn.root}}                # LDAP baseDN (or su
 ## Admin
 LDAP_ADMIN_DN=              {{ldap.dn.administrator}}
 LDAP_CONFIG_ADMIN_ENABLED=  yes
-LDAP_CONFIG_ADMIN_USERNAME= {{applications.ldap.users.administrator.username}}
-LDAP_CONFIG_ADMIN_PASSWORD= {{applications.ldap.administrator_password}}
+LDAP_CONFIG_ADMIN_USERNAME= {{applications[application_id].administrator.username}}
+LDAP_CONFIG_ADMIN_PASSWORD= {{applications[application_id].credentials.administrator_password}}
  
 # Network
 LDAP_PORT_NUMBER=           {{ldap_docker_port}}            # Route to default port
--- a/roles/docker-ldap/vars/configuration.yml
+++ b/roles/docker-ldap/vars/configuration.yml
@@ -0,0 +1,15 @@
+version:                        "latest"
+network:
+  local:                        True                                # Activates local network. Necessary for LDIF import routines
+  docker:                       True                                # Activates docker network to allow other docker containers to connect
+  public:                       False                               # Set to true in inventory file if you want to expose the LDAP port to the internet
+hostname:                       "ldap"                              # Hostname of the LDAP Server in the central_ldap network
+webinterface:                   "lam"                               # The webinterface which should be used. Possible: lam and phpldapadmin
+users:  
+  administrator:
+    username:                   "{{users.administrator.username}}"  # Administrator username
+credentials:
+# administrator_password:                                           # CHANGE for security reasons in inventory file
+# administrator_database_password:                                  # CHANGE for security reasons in inventory file
+features:
+  ldap: true