Refactor LDAP variable schema to use top-level constant LDAP and nested ALL-CAPS keys.

- Converted group_vars/all/13_ldap.yml from lower-case to ALL-CAPS nested keys. - Updated all roles, tasks, templates, and filter_plugins to reference LDAP.* instead of ldap.*. - Fixed Keycloak JSON templates to properly quote Jinja variables. - Adjusted svc-db-openldap filter plugins and unit tests to handle new LDAP structure. - Updated integration test to only check uniqueness of TOP-LEVEL ALL-CAPS constants, ignoring nested keys. See: https://chatgpt.com/share/68b01017-efe0-800f-a508-7d7e2f1c8c8d
2025-08-30 15:28:12 +02:00 · 2025-08-28 10:15:48 +02:00
parent b9da6908ec
commit cb66fb2978
33 changed files with 238 additions and 249 deletions
--- a/roles/web-app-discourse/templates/config.yml.j2
+++ b/roles/web-app-discourse/templates/config.yml.j2
@@ -150,16 +150,16 @@ run:
  - exec: rails r "SiteSetting.ldap_sync_enabled = true"

  # LDAP connection settings
-  - exec: rails r "SiteSetting.ldap_sync_host = '{{ ldap.server.domain }}'"
-  - exec: rails r "SiteSetting.ldap_sync_port = {{ ldap.server.port }}"
+  - exec: rails r "SiteSetting.ldap_sync_host = '{{ LDAP.SERVER.DOMAIN }}'"
+  - exec: rails r "SiteSetting.ldap_sync_port = {{ LDAP.SERVER.PORT }}"
  - exec: rails r "SiteSetting.ldap_encryption = 'simple_tls'"
-  - exec: rails r "SiteSetting.ldap_base_dn = '{{ ldap.dn.root }}'"
-  - exec: rails r "SiteSetting.ldap_bind_dn = '{{ ldap.dn.administrator.data }}'"
-  - exec: rails r "SiteSetting.ldap_bind_password = '{{ ldap.bind_credential }}'"
+  - exec: rails r "SiteSetting.ldap_base_dn = '{{ LDAP.DN.ROOT }}'"
+  - exec: rails r "SiteSetting.ldap_bind_dn = '{{ LDAP.DN.ADMINISTRATOR.DATA }}'"
+  - exec: rails r "SiteSetting.ldap_bind_password = '{{ LDAP.BIND_CREDENTIAL }}'"

  # LDAP additional configuration
-  - exec: rails r "SiteSetting.ldap_user_filter = '{{ ldap.filters.users.login }}'"
-  - exec: rails r "SiteSetting.ldap_group_base_dn = '{{ ldap.dn.ou.groups }}'"
+  - exec: rails r "SiteSetting.ldap_user_filter = '{{ LDAP.FILTERS.USERS.LOGIN }}'"
+  - exec: rails r "SiteSetting.ldap_group_base_dn = '{{ LDAP.DN.OU.GROUPS }}'"
  - exec: rails r "SiteSetting.ldap_group_member_check = 'memberUid'"

  - exec: rails r "SiteSetting.ldap_sync_period = 1"