Added LDAP Draft for Funkwhale

2025-08-29 15:06:26 +02:00 · 2025-02-12 12:41:13 +01:00
parent c687b19a6d
commit eaca564c6f
31 changed files with 92 additions and 78 deletions
--- a/roles/docker-ldap/templates/docker-compose.yml.j2
+++ b/roles/docker-ldap/templates/docker-compose.yml.j2
@@ -23,19 +23,18 @@ services:
 {% endif %}
  openldap:
    image: bitnami/openldap:{{applications.ldap.openldap.version}}
-    container_name: openldap
+    container_name: {{applications.ldap.openldap.hostname}}
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
-{% if applications.ldap.openldap.expose_to_internet | bool %}
+{% if applications.ldap.openldap.network.public | bool %}
    ports:
-      - 127.0.0.1:{{ldap_localhost_port}}:{{ldap_localhost_port}}               # Expose just on localhost so that nginx stream proxy can use it
-      - 127.0.0.1:{{ldap_secure_localhost_port}}:{{ldap_secure_localhost_port}} # Expose just on localhost
+      - 127.0.0.1:{{ports.localhost.ldap.openldap}}:{{ldap_docker_port}}  # Expose just on localhost so that nginx stream proxy can use it
 {% endif %}
    volumes:
      - 'data:/bitnami/openldap'
-      - '{{ldif_host_path}}:{{ldif_docker_path}}:ro' # Mounting all ldif files for import
+      - '{{ldif_host_path}}:{{ldif_docker_path}}:ro'                      # Mounting all ldif files for import
    healthcheck:
      test: >
-        ldapsearch -x -H ldap://localhost:389 -b "{{ldap_root}}" -D "{{ldap_admin_dn}}" -w "{{applications.ldap.administrator_database_password}}"
+        ldapsearch -x -H ldap://localhost:{{ldap_docker_port}} -b "{{ldap.dn.root}}" -D "{{ldap.dn.administrator}}" -w "{{applications.ldap.administrator_database_password}}"
      interval: 30s
      timeout: 10s
      retries: 3
--- a/roles/docker-ldap/templates/env.j2
+++ b/roles/docker-ldap/templates/env.j2
@@ -9,18 +9,18 @@ LDAP_ADMIN_PASSWORD=        {{applications.ldap.administrator_database_password}
 ## Users
 LDAP_USERS=                 ' '                             # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02
 LDAP_PASSWORDS=             ' '                             # Comma separated list of passwords to use for LDAP users. Default: bitnami1,bitnami2
-LDAP_ROOT=                  {{ldap_root}}                   # LDAP baseDN (or suffix) of the LDAP tree. Default: dc=example,dc=org
+LDAP_ROOT=                  {{ldap.dn.root}}                # LDAP baseDN (or suffix) of the LDAP tree. Default: dc=example,dc=org

 ## Admin
-LDAP_ADMIN_DN=              {{ldap_admin_dn}}               # Not well documented. Don't know if this has an effect
+LDAP_ADMIN_DN=              {{ldap.dn.administrator}}       # Not well documented. Don't know if this has an effect
 LDAP_CONFIG_ADMIN_ENABLED=  yes
 LDAP_CONFIG_ADMIN_USERNAME= {{applications.ldap.administrator_username}}
 LDAP_CONFIG_ADMIN_PASSWORD= {{applications.ldap.administrator_password}}
  
 # Network
-LDAP_PORT_NUMBER=           {{ldap_localhost_port}}         # Route to default port
+LDAP_PORT_NUMBER=           {{ldap_docker_port}}            # Route to default port
 LDAP_ENABLE_TLS=            no                              # Using nginx proxy for tls
-LDAP_LDAPS_PORT_NUMBER=     {{ldap_secure_localhost_port}}  # Port used for TLS secure traffic. Priviledged port is supported (e.g. 636). Default: 1636 (non privileged port).
+LDAP_LDAPS_PORT_NUMBER=     {{ldaps_docker_port}}           # Port used for TLS secure traffic. Priviledged port is supported (e.g. 636). Default: 1636 (non privileged port).

 # Security
 LDAP_ALLOW_ANON_BINDING=    no                              # Allow anonymous bindings to the LDAP server. Default: yes.
--- a/roles/docker-ldap/templates/lam.env.j2
+++ b/roles/docker-ldap/templates/lam.env.j2
@@ -7,7 +7,7 @@ LAM_PASSWORD=               {{applications.ldap.lam.administrator_password}}
 LAM_CONFIGURATION_DATABASE= files                                                   # configuration database (files or mysql) @todo implement mariadb

 # LDAP Configuration
-LDAP_SERVER=                {{applications.ldap.openldap.domain}}                   # domain of LDAP database root entry, will be converted to dc=...,dc=...
-LDAP_BASE_DN=               {{ldap_root}}                                           # LDAP base DN to overwrite value generated by LDAP_DOMAIN
-LDAP_USER=                  {{ldap_admin_dn}}                                       # LDAP admin user (set as login user for LAM)
+LDAP_SERVER=                {{ldap.server.domain}}                                  # domain of LDAP database root entry
+LDAP_BASE_DN=               {{ldap.dn.root}}                                        # LDAP base DN to overwrite value generated by LDAP_DOMAIN
+LDAP_USER=                  {{ldap.dn.administrator}}                               # LDAP admin user (set as login user for LAM)
 LDAP_ADMIN_PASSWORD=        {{applications.ldap.administrator_database_password}}   # LDAP admin password
--- a/roles/docker-ldap/templates/nginx.stream.conf.j2
+++ b/roles/docker-ldap/templates/nginx.stream.conf.j2
@@ -1,6 +1,6 @@
 server {
-    listen {{ldap_secure_internet_port}} ssl;
-    proxy_pass 127.0.0.1:{{ldap_localhost_port}};
+    listen {{ports.public.ldaps.openldap}}ssl;
+    proxy_pass 127.0.0.1:{{ports.localhost.ldap.openldap}};

    # SSL Configuration for LDAPS
    {% include 'roles/letsencrypt/templates/ssl_credentials.j2' %}