kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-07-03 15:42:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Finished LDAP implementation

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-07-01 15:11:13 +02:00
parent abc9a46667
commit bdc0074542
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
3 changed files with 60 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
roles/docker-snipe-it/tasks/ldap.yml
View File

@ -12,32 +12,56 @@
until: snipeit_admin_check.status == 200
when: not ( applications | is_feature_enabled('oauth2', application_id))
- name: "Debug: show APP_KEY in container shell"
shell: |
docker-compose exec -T \
-u www-data \
-e XDG_CONFIG_HOME=/tmp \
-e APP_KEY='{{ applications[application_id].credentials.app_key }}' \
application \
sh -c 'echo "SHELL sees APP_KEY=$APP_KEY"'
args:
chdir: "/opt/docker/snipe-it/"
- name: "Debug: show APP_KEY in container shell"
shell: |
docker-compose exec -T -u www-data \
-e XDG_CONFIG_HOME=/tmp \
-e APP_KEY="{{ applications[application_id].credentials.app_key }}" \
application \
php artisan tinker --execute="echo 'CONFIG app.key: ' . config('app.key') . PHP_EOL;"
args:
chdir: "/opt/docker/snipe-it/"
- name: "Set all LDAP settings via Laravel Setting model (inside container as www-data)"
shell: |
docker-compose exec -T -e XDG_CONFIG_HOME=/tmp -u www-data application sh -c 'php artisan tinker << "EOF"
docker-compose exec -T \
-e APP_KEY='{{ applications[application_id].credentials.app_key }}' \
-e XDG_CONFIG_HOME=/tmp \
-u www-data application \
sh -c 'php artisan tinker << "EOF"
$s = \App\Models\Setting::getSettings();
$s->ldap_enabled = 1;
$s->ldap_server = "{{ ldap.server.uri }}";
$s->ldap_port = {{ ldap.server.port }};
$s->ldap_uname = "{{ ldap.dn.administrator.data }}";
$s->ldap_pword = "{{ ldap.bind_credential }}";
$s->ldap_basedn = "{{ ldap.dn.root }}";
$s->ldap_filter = "objectclass=inetOrgPerson";
$s->ldap_basedn = "{{ ldap.dn.users }}";
$s->ldap_filter = "&(objectClass=inetOrgPerson)";
$s->ldap_username_field = "{{ ldap.attributes.user_id }}";
$s->ldap_fname_field = "{{ ldap.attributes.firstname }}";
$s->ldap_lname_field = "{{ ldap.attributes.surname }}";
$s->ldap_auth_filter_query = "{{ ldap.filters.users.login }}";
$s->ldap_auth_filter_query = "uid=";
$s->ldap_version = 3;
$s->ldap_pw_sync = 0;
$s->is_ad = 0;
$s->ad_domain = "";
$s->ldap_default_group = "";
$s->ldap_email = "{{ ldap.attributes.mail }}";
$s->custom_forgot_pass_url = "{{ ldap.attributes.mail }}";
$s->custom_forgot_pass_url = "{{ oidc.client.reset_credentials }}";
$s->save();
EOF'
args:
#chdir: "/opt/docker/snipe-it/"
chdir: "{{ docker_compose.directories.instance }}"
register: ldap_tinker
failed_when: >
@ -48,38 +72,36 @@
and ldap_tinker.stdout_lines[0] == '= true'
notify: docker compose up
- name: Encrypt & save LDAP bind password via Crypt + DB façade
shell: |
docker-compose exec -T \
-u www-data \
-e APP_KEY="{{ applications[application_id].credentials.app_key }}" \
-e XDG_CONFIG_HOME=/tmp \
application \
php artisan tinker --execute="
use Illuminate\Support\Facades\Crypt;
use Illuminate\Support\Facades\DB;
/* encrypt the clear-text password */
\$encrypted = Crypt::encrypt('{{ ldap.bind_credential }}');
/* write it straight into settings.ldap_pword */
/* update the one and only row in `settings` */
DB::table('settings')->update([
'ldap_pword' => \$encrypted
]);
echo 'Stored: ' . \$encrypted . PHP_EOL;
"
args:
chdir: "/opt/docker/snipe-it/"
register: ldap_encrypt
failed_when: ldap_encrypt.rc != 0
- name: "Clear Laravel config & cache (inside container as www-data)"
shell: |
docker-compose exec -T -u www-data application php artisan config:clear
docker-compose exec -T -u www-data application php artisan cache:clear
args:
#chdir: "/opt/docker/snipe-it/"
chdir: "{{ docker_compose.directories.instance }}"
notify: docker compose up
#- name: "Enable und konfiguriere LDAP in Snipe-IT"
# community.mysql.mysql_query:
# login_host: "127.0.0.1"
# login_port: "{{ database_port }}"
# login_user: "{{ database_username }}"
# login_password: "{{ database_password }}"
# login_db: "{{ database_name }}"
# query: |
# UPDATE settings SET
# ldap_enabled = 1,
# ldap_server = '{{ ldap.server.uri }}',
# ldap_port = '{{ ldap.server.port }}',
# ldap_uname = '{{ ldap.dn.administrator.data }}',
# ldap_pword = '{{ ldap.bind_credential }}',
# ldap_basedn = '{{ ldap.dn.root }}',
# ldap_filter = '{{ ldap.filters.users.all }}',
# ldap_username_field = '{{ ldap.attributes.user_id }}',
# ldap_lname_field = '{{ ldap.attributes.surname }}',
# ldap_fname_field = '{{ ldap.attributes.firstname }}',
# ldap_auth_filter_query = '{{ ldap.filters.users.login }}',
# ldap_version = 3,
# ldap_pw_sync = 0,
# is_ad = 0,
# ad_domain = '',
# ldap_default_group = '',
# ldap_email = '{{ ldap.attributes.mail }}';

3
roles/docker-snipe-it/templates/env.j2
View File

@ -3,8 +3,7 @@
# --------------------------------------------
APP_ENV={{ CYMAIS_ENVIRONMENT | lower }}
APP_DEBUG={{enable_debug | string | lower }}
# Please regenerate the APP_KEY value by calling `docker compose run --rm app php artisan key:generate --show`. Copy paste the value here
APP_KEY={{applications[application_id].credentials.app_key}}
APP_KEY={{ applications[application_id].credentials.app_key}}
APP_URL={{ snipe_it_url }}
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier
APP_TIMEZONE='{{ HOST_TIMEZONE }}'

4
roles/docker-snipe-it/vars/configuration.yml
View File

@ -4,8 +4,8 @@ features:
css: false
portfolio_iframe: false
central_database: true
ldap: false
oauth2: false
ldap: true
oauth2: true
domains:
canonical:
- "inventory.{{ primary_domain }}"