mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-07-03 15:42:04 +02:00
Finished LDAP implementation
This commit is contained in:
parent
abc9a46667
commit
bdc0074542
@ -12,32 +12,56 @@
|
|||||||
until: snipeit_admin_check.status == 200
|
until: snipeit_admin_check.status == 200
|
||||||
when: not ( applications | is_feature_enabled('oauth2', application_id))
|
when: not ( applications | is_feature_enabled('oauth2', application_id))
|
||||||
|
|
||||||
|
- name: "Debug: show APP_KEY in container shell"
|
||||||
|
shell: |
|
||||||
|
docker-compose exec -T \
|
||||||
|
-u www-data \
|
||||||
|
-e XDG_CONFIG_HOME=/tmp \
|
||||||
|
-e APP_KEY='{{ applications[application_id].credentials.app_key }}' \
|
||||||
|
application \
|
||||||
|
sh -c 'echo "SHELL sees APP_KEY=$APP_KEY"'
|
||||||
|
args:
|
||||||
|
chdir: "/opt/docker/snipe-it/"
|
||||||
|
|
||||||
|
- name: "Debug: show APP_KEY in container shell"
|
||||||
|
shell: |
|
||||||
|
docker-compose exec -T -u www-data \
|
||||||
|
-e XDG_CONFIG_HOME=/tmp \
|
||||||
|
-e APP_KEY="{{ applications[application_id].credentials.app_key }}" \
|
||||||
|
application \
|
||||||
|
php artisan tinker --execute="echo 'CONFIG app.key: ' . config('app.key') . PHP_EOL;"
|
||||||
|
args:
|
||||||
|
chdir: "/opt/docker/snipe-it/"
|
||||||
|
|
||||||
- name: "Set all LDAP settings via Laravel Setting model (inside container as www-data)"
|
- name: "Set all LDAP settings via Laravel Setting model (inside container as www-data)"
|
||||||
shell: |
|
shell: |
|
||||||
docker-compose exec -T -e XDG_CONFIG_HOME=/tmp -u www-data application sh -c 'php artisan tinker << "EOF"
|
docker-compose exec -T \
|
||||||
|
-e APP_KEY='{{ applications[application_id].credentials.app_key }}' \
|
||||||
|
-e XDG_CONFIG_HOME=/tmp \
|
||||||
|
-u www-data application \
|
||||||
|
sh -c 'php artisan tinker << "EOF"
|
||||||
$s = \App\Models\Setting::getSettings();
|
$s = \App\Models\Setting::getSettings();
|
||||||
$s->ldap_enabled = 1;
|
$s->ldap_enabled = 1;
|
||||||
$s->ldap_server = "{{ ldap.server.uri }}";
|
$s->ldap_server = "{{ ldap.server.uri }}";
|
||||||
$s->ldap_port = {{ ldap.server.port }};
|
$s->ldap_port = {{ ldap.server.port }};
|
||||||
$s->ldap_uname = "{{ ldap.dn.administrator.data }}";
|
$s->ldap_uname = "{{ ldap.dn.administrator.data }}";
|
||||||
$s->ldap_pword = "{{ ldap.bind_credential }}";
|
$s->ldap_pword = "{{ ldap.bind_credential }}";
|
||||||
$s->ldap_basedn = "{{ ldap.dn.root }}";
|
$s->ldap_basedn = "{{ ldap.dn.users }}";
|
||||||
$s->ldap_filter = "objectclass=inetOrgPerson";
|
$s->ldap_filter = "&(objectClass=inetOrgPerson)";
|
||||||
$s->ldap_username_field = "{{ ldap.attributes.user_id }}";
|
$s->ldap_username_field = "{{ ldap.attributes.user_id }}";
|
||||||
$s->ldap_fname_field = "{{ ldap.attributes.firstname }}";
|
$s->ldap_fname_field = "{{ ldap.attributes.firstname }}";
|
||||||
$s->ldap_lname_field = "{{ ldap.attributes.surname }}";
|
$s->ldap_lname_field = "{{ ldap.attributes.surname }}";
|
||||||
$s->ldap_auth_filter_query = "{{ ldap.filters.users.login }}";
|
$s->ldap_auth_filter_query = "uid=";
|
||||||
$s->ldap_version = 3;
|
$s->ldap_version = 3;
|
||||||
$s->ldap_pw_sync = 0;
|
$s->ldap_pw_sync = 0;
|
||||||
$s->is_ad = 0;
|
$s->is_ad = 0;
|
||||||
$s->ad_domain = "";
|
$s->ad_domain = "";
|
||||||
$s->ldap_default_group = "";
|
$s->ldap_default_group = "";
|
||||||
$s->ldap_email = "{{ ldap.attributes.mail }}";
|
$s->ldap_email = "{{ ldap.attributes.mail }}";
|
||||||
$s->custom_forgot_pass_url = "{{ ldap.attributes.mail }}";
|
$s->custom_forgot_pass_url = "{{ oidc.client.reset_credentials }}";
|
||||||
$s->save();
|
$s->save();
|
||||||
EOF'
|
EOF'
|
||||||
args:
|
args:
|
||||||
#chdir: "/opt/docker/snipe-it/"
|
|
||||||
chdir: "{{ docker_compose.directories.instance }}"
|
chdir: "{{ docker_compose.directories.instance }}"
|
||||||
register: ldap_tinker
|
register: ldap_tinker
|
||||||
failed_when: >
|
failed_when: >
|
||||||
@ -48,38 +72,36 @@
|
|||||||
and ldap_tinker.stdout_lines[0] == '= true'
|
and ldap_tinker.stdout_lines[0] == '= true'
|
||||||
notify: docker compose up
|
notify: docker compose up
|
||||||
|
|
||||||
|
- name: Encrypt & save LDAP bind password via Crypt + DB façade
|
||||||
|
shell: |
|
||||||
|
docker-compose exec -T \
|
||||||
|
-u www-data \
|
||||||
|
-e APP_KEY="{{ applications[application_id].credentials.app_key }}" \
|
||||||
|
-e XDG_CONFIG_HOME=/tmp \
|
||||||
|
application \
|
||||||
|
php artisan tinker --execute="
|
||||||
|
use Illuminate\Support\Facades\Crypt;
|
||||||
|
use Illuminate\Support\Facades\DB;
|
||||||
|
|
||||||
|
/* encrypt the clear-text password */
|
||||||
|
\$encrypted = Crypt::encrypt('{{ ldap.bind_credential }}');
|
||||||
|
|
||||||
|
/* write it straight into settings.ldap_pword */
|
||||||
|
/* update the one and only row in `settings` */
|
||||||
|
DB::table('settings')->update([
|
||||||
|
'ldap_pword' => \$encrypted
|
||||||
|
]);
|
||||||
|
echo 'Stored: ' . \$encrypted . PHP_EOL;
|
||||||
|
"
|
||||||
|
args:
|
||||||
|
chdir: "/opt/docker/snipe-it/"
|
||||||
|
register: ldap_encrypt
|
||||||
|
failed_when: ldap_encrypt.rc != 0
|
||||||
|
|
||||||
- name: "Clear Laravel config & cache (inside container as www-data)"
|
- name: "Clear Laravel config & cache (inside container as www-data)"
|
||||||
shell: |
|
shell: |
|
||||||
docker-compose exec -T -u www-data application php artisan config:clear
|
docker-compose exec -T -u www-data application php artisan config:clear
|
||||||
docker-compose exec -T -u www-data application php artisan cache:clear
|
docker-compose exec -T -u www-data application php artisan cache:clear
|
||||||
args:
|
args:
|
||||||
#chdir: "/opt/docker/snipe-it/"
|
|
||||||
chdir: "{{ docker_compose.directories.instance }}"
|
chdir: "{{ docker_compose.directories.instance }}"
|
||||||
notify: docker compose up
|
notify: docker compose up
|
||||||
|
|
||||||
#- name: "Enable und konfiguriere LDAP in Snipe-IT"
|
|
||||||
# community.mysql.mysql_query:
|
|
||||||
# login_host: "127.0.0.1"
|
|
||||||
# login_port: "{{ database_port }}"
|
|
||||||
# login_user: "{{ database_username }}"
|
|
||||||
# login_password: "{{ database_password }}"
|
|
||||||
# login_db: "{{ database_name }}"
|
|
||||||
# query: |
|
|
||||||
# UPDATE settings SET
|
|
||||||
# ldap_enabled = 1,
|
|
||||||
# ldap_server = '{{ ldap.server.uri }}',
|
|
||||||
# ldap_port = '{{ ldap.server.port }}',
|
|
||||||
# ldap_uname = '{{ ldap.dn.administrator.data }}',
|
|
||||||
# ldap_pword = '{{ ldap.bind_credential }}',
|
|
||||||
# ldap_basedn = '{{ ldap.dn.root }}',
|
|
||||||
# ldap_filter = '{{ ldap.filters.users.all }}',
|
|
||||||
# ldap_username_field = '{{ ldap.attributes.user_id }}',
|
|
||||||
# ldap_lname_field = '{{ ldap.attributes.surname }}',
|
|
||||||
# ldap_fname_field = '{{ ldap.attributes.firstname }}',
|
|
||||||
# ldap_auth_filter_query = '{{ ldap.filters.users.login }}',
|
|
||||||
# ldap_version = 3,
|
|
||||||
# ldap_pw_sync = 0,
|
|
||||||
# is_ad = 0,
|
|
||||||
# ad_domain = '',
|
|
||||||
# ldap_default_group = '',
|
|
||||||
# ldap_email = '{{ ldap.attributes.mail }}';
|
|
||||||
|
|||||||
@ -3,7 +3,6 @@
|
|||||||
# --------------------------------------------
|
# --------------------------------------------
|
||||||
APP_ENV={{ CYMAIS_ENVIRONMENT | lower }}
|
APP_ENV={{ CYMAIS_ENVIRONMENT | lower }}
|
||||||
APP_DEBUG={{enable_debug | string | lower }}
|
APP_DEBUG={{enable_debug | string | lower }}
|
||||||
# Please regenerate the APP_KEY value by calling `docker compose run --rm app php artisan key:generate --show`. Copy paste the value here
|
|
||||||
APP_KEY={{ applications[application_id].credentials.app_key}}
|
APP_KEY={{ applications[application_id].credentials.app_key}}
|
||||||
APP_URL={{ snipe_it_url }}
|
APP_URL={{ snipe_it_url }}
|
||||||
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier
|
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier
|
||||||
|
|||||||
@ -4,8 +4,8 @@ features:
|
|||||||
css: false
|
css: false
|
||||||
portfolio_iframe: false
|
portfolio_iframe: false
|
||||||
central_database: true
|
central_database: true
|
||||||
ldap: false
|
ldap: true
|
||||||
oauth2: false
|
oauth2: true
|
||||||
domains:
|
domains:
|
||||||
canonical:
|
canonical:
|
||||||
- "inventory.{{ primary_domain }}"
|
- "inventory.{{ primary_domain }}"
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user