kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-12 05:17:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

XWiki: LDAP/OIDC admin mapping, config mounts, and REST installs

Browse Source 
- LDAP: move settings to xwiki.cfg; enable trylocal (1/0), group_mapping to XWiki.XWikiAdminGroup,
  and mode_group_sync=always.
- OIDC: add groups claim request (oidc.userinfoclaims), map provider group to XWiki.XWikiAdminGroup,
  and use space-separated scopes.
- Compose: mount xwiki.cfg and xwiki.properties into /usr/local/xwiki.
- Extensions: wait for REST readiness; pre-check OIDC/LDAP extensions (URL-encoded IDs);
  install via REST job only if missing.
- Vars: strict mappings to LDAP.* and OIDC.* (no defaults), add XWIKI_ADMIN_GROUP and derived DNs.
- Config: expose ldap.local_enabled; tidy meta tags; README grammar update.

Conversation: https://chatgpt.com/share/68c2b8ad-4814-800f-b377-065f967998db
This commit is contained in:
Kevin Veen-Birkenbach
2025-09-11 13:55:53 +02:00
parent 8bc6e1f921
commit 6418a462ec
11 changed files with 198 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
roles/web-app-xwiki/templates/env.j2
View File

@@ -3,27 +3,3 @@ DB_PASSWORD="{{ database_password }}"
DB_HOST="{{ database_host }}"
DB_PORT="{{ database_port }}"
DB_DATABASE="{{ database_name }}"
### Pretix core
#XWIKI_XWIKI_INSTANCE_NAME="{{ PRIMARY_DOMAIN | upper }} Tickets"
#XWIKI_XWIKI_ALLOWED_HOSTS="{{ XWIKI_HOSTNAME }},127.0.0.1,localhost"
#XWIKI_XWIKI_URL="{{ XWIKI_URL }}"
#XWIKI_XWIKI_AUTH_BACKENDS="xwiki.base.auth.NativeAuthBackend{% if XWIKI_OIDC_ENABLED %},xwiki_oidc.auth.OIDCAuthBackend{% endif %}"
#
### Locale
#XWIKI_LOCALE_TIMEZONE="{{ HOST_TIMEZONE }}"
#
#{% if XWIKI_OIDC_ENABLED %}
### OIDC (plugin)
#XWIKI_OIDC_TITLE="{{ XWIKI_OIDC_LABEL | replace('\"','\\\"') }}"
#XWIKI_OIDC_ISSUER="{{ XWIKI_OIDC_ISSUER }}"
#XWIKI_OIDC_AUTHORIZATION_ENDPOINT="{{ XWIKI_OIDC_AUTH_URL }}"
#XWIKI_OIDC_TOKEN_ENDPOINT="{{ XWIKI_OIDC_TOKEN_URL }}"
#XWIKI_OIDC_USERINFO_ENDPOINT="{{ XWIKI_OIDC_USERINFO_URL }}"
#XWIKI_OIDC_END_SESSION_ENDPOINT="{{ XWIKI_OIDC_LOGOUT_URL }}"
#XWIKI_OIDC_JWKS_URI="{{ XWIKI_OIDC_JWKS_URL }}"
#XWIKI_OIDC_CLIENT_ID="{{ XWIKI_OIDC_CLIENT_ID }}"
#XWIKI_OIDC_CLIENT_SECRET="{{ XWIKI_OIDC_CLIENT_SECRET }}"
#XWIKI_OIDC_SCOPES="{{ XWIKI_OIDC_SCOPES }}"
#XWIKI_OIDC_UNIQUE_ATTRIBUTE="{{ XWIKI_OIDC_UNIQUE_ATTRIBUTE }}"
#{% endif %}