XWiki: LDAP/OIDC admin mapping, config mounts, and REST installs

- LDAP: move settings to xwiki.cfg; enable trylocal (1/0), group_mapping to XWiki.XWikiAdminGroup, and mode_group_sync=always. - OIDC: add groups claim request (oidc.userinfoclaims), map provider group to XWiki.XWikiAdminGroup, and use space-separated scopes. - Compose: mount xwiki.cfg and xwiki.properties into /usr/local/xwiki. - Extensions: wait for REST readiness; pre-check OIDC/LDAP extensions (URL-encoded IDs); install via REST job only if missing. - Vars: strict mappings to LDAP.* and OIDC.* (no defaults), add XWIKI_ADMIN_GROUP and derived DNs. - Config: expose ldap.local_enabled; tidy meta tags; README grammar update. Conversation: https://chatgpt.com/share/68c2b8ad-4814-800f-b377-065f967998db
2025-10-31 10:19:09 +00:00 · 2025-09-11 13:55:53 +02:00
parent 8bc6e1f921
commit 6418a462ec
11 changed files with 198 additions and 58 deletions
--- a/roles/web-app-xwiki/tasks/01_core.yml
+++ b/roles/web-app-xwiki/tasks/01_core.yml
@@ -0,0 +1,68 @@
+- name: "load docker, db and proxy for {{ application_id }}"
+  include_role: 
+    name: sys-stk-full-stateful
+  vars:
+    docker_compose_flush_handlers: false
+
+- name: "Render xwiki.cfg"
+  template:
+    src: "xwiki.cfg.j2"
+    dest: "{{ XWIKI_HOST_CONF_PATH }}"
+  notify: docker compose up
+
+- name: "Render xwiki.properties"
+  template:
+    src: "xwiki.properties.j2"
+    dest: "{{ XWIKI_HOST_PROPERTIES_PATH }}"
+  notify: docker compose up
+
+- name: "flush docker compose for '{{ application_id }}'"
+  meta: flush_handlers
+
+- name: "Wait until XWiki REST is ready"
+  uri:
+    url: "http://127.0.0.1:{{ XWIKI_HOST_PORT }}/xwiki/rest/"
+    status_code: [200, 401]
+    return_content: no
+  register: xwiki_rest_up
+  retries: 60
+  delay: 5
+  until: xwiki_rest_up is succeeded
+
+- name: "Check if OIDC extension installed"
+  uri:
+    url: "http://127.0.0.1:{{ XWIKI_HOST_PORT }}/xwiki/rest/wikis/xwiki/extensions/{{ XWIKI_EXT_OIDC_ID | urlencode }}"
+    method: GET
+    user: "{{ XWIKI_ADMIN_USER }}"
+    password: "{{ XWIKI_ADMIN_PASS }}"
+    force_basic_auth: yes
+    status_code: [200,404]
+  register: xwiki_oidc_ext
+  when: XWIKI_OIDC_ENABLED | bool
+
+- name: "Check if LDAP extension installed"
+  uri:
+    url: "http://127.0.0.1:{{ XWIKI_HOST_PORT }}/xwiki/rest/wikis/xwiki/extensions/{{ XWIKI_EXT_LDAP_ID | urlencode }}"
+    method: GET
+    user: "{{ XWIKI_ADMIN_USER }}"
+    password: "{{ XWIKI_ADMIN_PASS }}"
+    force_basic_auth: yes
+    status_code: [200,404]
+  register: xwiki_ldap_ext
+  when: XWIKI_LDAP_ENABLED | bool
+
+- name: "Install LDAP and/or OIDC extensions"
+  uri:
+    url: "{{ XWIKI_REST_BASE }}"
+    method: PUT
+    user: "{{ XWIKI_ADMIN_USER }}"
+    password: "{{ XWIKI_ADMIN_PASS }}"
+    force_basic_auth: yes
+    headers: { Content-Type: "text/xml" }
+    body: "{{ lookup('template', 'installjobrequest.xml.j2') }}"
+    status_code: 200
+  when:
+    - (XWIKI_OIDC_ENABLED | bool and xwiki_oidc_ext.status == 404) or
+      (XWIKI_LDAP_ENABLED | bool and (xwiki_ldap_ext is not skipped) and xwiki_ldap_ext.status == 404)
+
+- include_tasks: utils/run_once.yml