Implemented user_objects

2025-04-28 18:30:24 +02:00 · 2025-04-24 21:17:06 +02:00 · 2025-04-24 21:17:06 +02:00 · ec79cb8921
commit ec79cb8921
parent 3203151e84
3 changed files with 9 additions and 5 deletions
--- a/group_vars/all/11_iam.yml
+++ b/group_vars/all/11_iam.yml
@ -65,4 +65,8 @@ ldap:
    uri:                "{% if applications.ldap.network.local | bool %}ldap://{{ applications.ldap.hostname }}{% else %}ldaps://{{ domains.ldap }}{% endif %}:{{ _ldap_server_port }}"
  network:
    local:              "{{applications.ldap.network.local}}" # Uses the application configuration to define if local network should be available or not
-  
+  user_objects:
+    - person          # Basic person attributes (sn, cn …) – RFC 4519
+    - inetOrgPerson   # Extended Internet / intranet person – RFC 2798
+    - posixAccount    # POSIX/UNIX login attributes (uidNumber, gidNumber …) – RFC 2307
+    - nextcloudUser   # Nextcloud-specific auxiliary attributes (nextcloudQuota, nextcloudEnabled) – Nextcloud schema
--- a/roles/docker-keycloak/templates/import/realm.json.j2
+++ b/roles/docker-keycloak/templates/import/realm.json.j2
@ -2070,7 +2070,7 @@
            "false"
          ],
          "userObjectClasses": [
-            "person, inetOrgPerson, nextcloudUser"
+            "{{ ldap.user_objects | join(', ') }}"
          ],
          "rdnLDAPAttribute": [
            "{{ldap.attributes.user_id}}"
--- a/roles/docker-ldap/templates/ldif/data/02_users.ldif.j2
+++ b/roles/docker-ldap/templates/ldif/data/02_users.ldif.j2
@ -16,9 +16,9 @@ description: Container for application access profiles
 # Create User {{ username }}
 #######################################################################
 dn: {{ ldap.attributes.user_id }}={{ username }},{{ ldap.dn.users }}
-objectClass: top
-objectClass: inetOrgPerson
-objectClass: posixAccount
+{% for cls in ldap.user_objects %}
+objectClass: {{ cls }}
+{% endfor %}
 {{ ldap.attributes.user_id }}: {{ username }}
 sn: {{ username }}
 cn: {{ username }}