kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-30 15:28:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor LDAP variable schema to use top-level constant LDAP and nested ALL-CAPS keys.

Browse Source 
- Converted group_vars/all/13_ldap.yml from lower-case to ALL-CAPS nested keys.
- Updated all roles, tasks, templates, and filter_plugins to reference LDAP.* instead of ldap.*.
- Fixed Keycloak JSON templates to properly quote Jinja variables.
- Adjusted svc-db-openldap filter plugins and unit tests to handle new LDAP structure.
- Updated integration test to only check uniqueness of TOP-LEVEL ALL-CAPS constants, ignoring nested keys.

See: https://chatgpt.com/share/68b01017-efe0-800f-a508-7d7e2f1c8c8d
This commit is contained in:
Kevin Veen-Birkenbach
2025-08-28 10:15:48 +02:00
parent b9da6908ec
commit cb66fb2978
33 changed files with 238 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
roles/web-app-keycloak/templates/import/components/org.keycloak.storage.UserStorageProvider.json.j2
View File

@@ -11,7 +11,7 @@
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [ "{{ ldap.user.attributes.firstname }}" ],
"ldap.attribute": [ "{{ LDAP.USER.ATTRIBUTES.FIRSTNAME }}" ],
"attribute.force.default": [ "true" ],
"is.mandatory.in.ldap": [ "true" ],
"is.binary.attribute": [ "false" ],
@@ -27,7 +27,7 @@
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [ "{{ ldap.user.attributes.surname }}" ],
"ldap.attribute": [ "{{ LDAP.USER.ATTRIBUTES.SURNAME }}" ],
"is.mandatory.in.ldap": [ "true" ],
"always.read.value.from.ldap": [ "true" ],
"read.only": [ "false" ],
@@ -43,7 +43,7 @@
"config": {
"read.only": [ "false" ],
"write.only": [ "true" ],
"ldap.full.name.attribute": [ "{{ ldap.user.attributes.fullname }}" ]
"ldap.full.name.attribute": [ "{{ LDAP.USER.ATTRIBUTES.FULLNAME }}" ]
}
},
@@ -53,7 +53,7 @@
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [ "{{ ldap.user.attributes.id }}" ],
"ldap.attribute": [ "{{ LDAP.USER.ATTRIBUTES.ID }}" ],
"is.mandatory.in.ldap": [ "true" ],
"attribute.force.default": [ "false" ],
"is.binary.attribute": [ "false" ],
@@ -69,7 +69,7 @@
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [ "{{ ldap.user.attributes.mail }}" ],
"ldap.attribute": [ "{{ LDAP.USER.ATTRIBUTES.MAIL }}" ],
"is.mandatory.in.ldap": [ "false" ],
"read.only": [ "false" ],
"always.read.value.from.ldap": [ "false" ],
@@ -83,29 +83,29 @@
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [ "{{ ldap.user.attributes.ssh_public_key }}" ],
"ldap.attribute": [ "{{ LDAP.USER.ATTRIBUTES.SSH_PUBLIC_KEY }}" ],
"is.mandatory.in.ldap": [ "false" ],
"attribute.force.default": [ "false" ],
"is.binary.attribute": [ "false" ],
"read.only": [ "false" ],
"always.read.value.from.ldap": [ "true" ],
"user.model.attribute": [ "{{ ldap.user.attributes.ssh_public_key }}" ]
"user.model.attribute": [ "{{ LDAP.USER.ATTRIBUTES.SSH_PUBLIC_KEY }}" ]
}
},
{# ---------------------- Nextcloud Quota ----------------- #}
{
"name": "{{ ldap.user.attributes.nextcloud_quota }}",
"name": "{{ LDAP.USER.ATTRIBUTES.NEXTCLOUD_QUOTA }}",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [ "{{ ldap.user.attributes.nextcloud_quota }}" ],
"ldap.attribute": [ "{{ LDAP.USER.ATTRIBUTES.NEXTCLOUD_QUOTA }}" ],
"is.mandatory.in.ldap": [ "false" ],
"attribute.force.default": [ "false" ],
"is.binary.attribute": [ "false" ],
"always.read.value.from.ldap": [ "false" ],
"read.only": [ "false" ],
"user.model.attribute": [ "{{ ldap.user.attributes.nextcloud_quota }}" ]
"user.model.attribute": [ "{{ LDAP.USER.ATTRIBUTES.NEXTCLOUD_QUOTA }}" ]
}
},
@@ -145,12 +145,12 @@
"config": {
"membership.attribute.type": [ "DN" ],
"group.name.ldap.attribute": [ "cn" ],
"membership.user.ldap.attribute": [ "{{ ldap.user.attributes.id }}" ],
"membership.user.ldap.attribute": [ "{{ LDAP.USER.ATTRIBUTES.ID }}" ],
"preserve.group.inheritance": [ "true" ],
"groups.dn": [ "{{ ldap.dn.ou.roles }}" ],
"groups.dn": [ "{{ LDAP.DN.OU.ROLES }}" ],
"mode": [ "LDAP_ONLY" ],
"user.roles.retrieve.strategy": [ "LOAD_GROUPS_BY_MEMBER_ATTRIBUTE" ],
"groups.ldap.filter": ["{{ ldap.rbac.flavors | ldap_groups_filter }}"],
"groups.ldap.filter": ["{{ LDAP.RBAC.FLAVORS | ldap_groups_filter }}"],
"membership.ldap.attribute": [ "member" ],
"ignore.missing.groups": [ "true" ],
"group.object.classes": [ "groupOfNames" ],
@@ -205,9 +205,9 @@
"mode": [ "LDAP_ONLY" ],
"membership.attribute.type": [ "DN" ],
"user.roles.retrieve.strategy": [ "LOAD_ROLES_BY_MEMBER_ATTRIBUTE" ],
"roles.dn": [ "{{ ldap.dn.ou.roles }}" ],
"roles.dn": [ "{{ LDAP.DN.OU.ROLES }}" ],
"membership.ldap.attribute": [ "member" ],
"membership.user.ldap.attribute": [ "{{ ldap.user.attributes.id }}" ],
"membership.user.ldap.attribute": [ "{{ LDAP.USER.ATTRIBUTES.ID }}" ],
"memberof.ldap.attribute": [ "memberOf" ],
"role.name.ldap.attribute": [ "cn" ],
"use.realm.roles.mapping": [ "true" ],
@@ -221,7 +221,7 @@
"pagination": [ "true" ],
"connectionTrace": [ "false" ],
"startTls": [ "false" ],
"usersDn": [ "{{ ldap.dn.ou.users }}" ],
"usersDn": [ "{{ LDAP.DN.OU.USERS }}" ],
"connectionPooling": [ "true" ],
"cachePolicy": [ "DEFAULT" ],
"useKerberosForPasswordAuthentication": [ "false" ],
@@ -229,10 +229,10 @@
"enabled": [ "true" ],
"bindCredential": [ "{{ KEYCLOAK_LDAP_BIND_PW }}" ],
"changedSyncPeriod": [ "-1" ],
"usernameLDAPAttribute": [ "{{ ldap.user.attributes.id }}" ],
"usernameLDAPAttribute": [ "{{ LDAP.USER.ATTRIBUTES.ID }}" ],
"bindDn": [ "{{ KEYCLOAK_LDAP_BIND_DN }}" ],
"vendor": [ "other" ],
"uuidLDAPAttribute": [ "{{ ldap.user.attributes.id }}" ],
"uuidLDAPAttribute": [ "{{ LDAP.USER.ATTRIBUTES.ID }}" ],
"allowKerberosAuthentication": [ "false" ],
"connectionUrl": [ "{{ KEYCLOAK_LDAP_URL }}" ],
"syncRegistrations": [ "true" ],
@@ -248,7 +248,7 @@
{{ KEYCLOAK_LDAP_USER_OBJECT_CLASSES | trim | tojson }}
],
"rdnLDAPAttribute": [ "{{ ldap.user.attributes.id }}" ],
"rdnLDAPAttribute": [ "{{ LDAP.USER.ATTRIBUTES.ID }}" ],
"editMode": [ "WRITABLE" ],
"validatePasswordPolicy": [ "false" ],

2
roles/web-app-keycloak/templates/import/components/org.keycloak.userprofile.UserProfileProvider.json.j2
View File

@@ -33,7 +33,7 @@
"multivalued": false
},
{
"name": ldap.user.attributes.ssh_public_key,
"name": "{{ LDAP.USER.ATTRIBUTES.SSH_PUBLIC_KEY }}",
"displayName": "SSH Public Key",
"validations": {},
"annotations": {},

8
roles/web-app-keycloak/templates/import/scopes/nextcloud.json.j2
View File

@@ -10,7 +10,7 @@
},
"protocolMappers": [
{
"name": "{{ ldap.user.attributes.nextcloud_quota }}",
"name": "{{ LDAP.USER.ATTRIBUTES.NEXTCLOUD_QUOTA }}",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
@@ -19,11 +19,11 @@
"introspection.token.claim": "true",
"multivalued": "false",
"userinfo.token.claim": "true",
"user.attribute": "{{ ldap.user.attributes.nextcloud_quota }}",
"user.attribute": "{{ LDAP.USER.ATTRIBUTES.NEXTCLOUD_QUOTA }}",
"id.token.claim": "true",
"lightweight.claim": "false",
"access.token.claim": "true",
"claim.name": "{{ ldap.user.attributes.nextcloud_quota }}",
"claim.name": "{{ LDAP.USER.ATTRIBUTES.NEXTCLOUD_QUOTA }}",
"jsonType.label": "int"
}
},
@@ -41,7 +41,7 @@
"id.token.claim": "true",
"lightweight.claim": "false",
"access.token.claim": "true",
"claim.name": "{{ldap.user.attributes.id}}",
"claim.name": "{{LDAP.USER.ATTRIBUTES.ID}}",
"jsonType.label": "String"
}
}