Refactor LDAP variable schema to use top-level constant LDAP and nested ALL-CAPS keys.

- Converted group_vars/all/13_ldap.yml from lower-case to ALL-CAPS nested keys. - Updated all roles, tasks, templates, and filter_plugins to reference LDAP.* instead of ldap.*. - Fixed Keycloak JSON templates to properly quote Jinja variables. - Adjusted svc-db-openldap filter plugins and unit tests to handle new LDAP structure. - Updated integration test to only check uniqueness of TOP-LEVEL ALL-CAPS constants, ignoring nested keys. See: https://chatgpt.com/share/68b01017-efe0-800f-a508-7d7e2f1c8c8d
2025-08-30 07:18:09 +02:00 · 2025-08-28 10:15:48 +02:00
parent b9da6908ec
commit cb66fb2978
33 changed files with 238 additions and 249 deletions
--- a/roles/web-app-openproject/vars/ldap.yml
+++ b/roles/web-app-openproject/vars/ldap.yml
@@ -1,14 +1,14 @@
 openproject_ldap:
  name:                   "{{ PRIMARY_DOMAIN }}"                      # Display name for the LDAP connection in OpenProject
-  host:                   "{{ ldap.server.domain }}"                  # LDAP server address
-  port:                   "{{ ldap.server.port }}"                    # LDAP server port (typically 389 or 636)
-  account:                "{{ ldap.dn.administrator.data }}"          # Bind DN (used for authentication)
-  account_password:       "{{ ldap.bind_credential }}"                # Bind password
-  base_dn:                "{{ ldap.dn.ou.users }}"                       # Base DN for user search
-  attr_login:             "{{ ldap.user.attributes.id }}"             # LDAP attribute used for login
+  host:                   "{{ LDAP.SERVER.DOMAIN }}"                  # LDAP server address
+  port:                   "{{ LDAP.SERVER.PORT }}"                    # LDAP server port (typically 389 or 636)
+  account:                "{{ LDAP.DN.ADMINISTRATOR.DATA }}"          # Bind DN (used for authentication)
+  account_password:       "{{ LDAP.BIND_CREDENTIAL }}"                # Bind password
+  base_dn:                "{{ LDAP.DN.OU.USERS }}"                       # Base DN for user search
+  attr_login:             "{{ LDAP.USER.ATTRIBUTES.ID }}"             # LDAP attribute used for login
  attr_firstname:         "givenName"                                 # LDAP attribute for first name
-  attr_lastname:          "{{ ldap.user.attributes.surname }}"             # LDAP attribute for last name
-  attr_mail:              "{{ ldap.user.attributes.mail }}"                # LDAP attribute for email
+  attr_lastname:          "{{ LDAP.USER.ATTRIBUTES.SURNAME }}"             # LDAP attribute for last name
+  attr_mail:              "{{ LDAP.USER.ATTRIBUTES.MAIL }}"                # LDAP attribute for email
  attr_admin:             "{{ openproject_filters.administrators }}"  # Optional: LDAP attribute for admin group (leave empty if unused)
  onthefly_register:      true                                        # Automatically create users on first login
  tls_mode:               0                                           # 0 = No TLS, 1 = TLS, 2 = STARTTLS