Optimized RBAC via LDAP

roles/docker-ldap/templates/ldif/data/01_application_roles.ldif.j2

@@ -1,30 +0,0 @@
-{%- for application_id, application_config in applications.items() %}
-  {%- set base_roles = application_config.rbac.roles | default({}) %}
-  {%- set roles = base_roles | combine({
-        'administrator': {
-          'description': 'Has full administrative access: manage themes, plugins, settings, and users'
-        }
-      }) 
-  %}
-
-  {%- for role_name, role_conf in roles.items() %}
-dn: cn={{ application_id }}-{{ role_name }},{{ ldap.dn.ou.roles }}
-objectClass: top
-objectClass: organizationalRole
-objectClass: posixGroup
-gidNumber: {{ application_config['group_id'] }}
-cn: {{ application_id }}-{{ role_name }}
-description: {{ role_conf.description }}
-
-    {%- for username, user_config in users.items() %}
-      {%- set user_roles = user_config.roles | default([]) %}
-      {%- if role_name in user_roles %}
-dn: cn={{ application_id }}-{{ role_name }},{{ ldap.dn.ou.roles }}
-changetype: modify
-add: roleOccupant
-roleOccupant: {{ ldap.attributes.user_id }}={{ username }},{{ ldap.dn.ou.users }}
-
-      {%- endif %}
-    {%- endfor %}
-  {%- endfor %}
-{%- endfor %}

roles/docker-ldap/templates/ldif/data/01_rbac.ldif.j2

@@ -0,0 +1,23 @@
+{% for dn, entry in (applications | build_ldap_role_entries(users, ldap)).items() %}
+
+dn: {{ dn }}
+{% for oc in entry.objectClass %}
+objectClass: {{ oc }}
+{% endfor %}
+{% if entry.gidNumber is defined %}
+gidNumber: {{ entry.gidNumber }}
+{% endif %}
+cn: {{ entry.cn }}
+description: {{ entry.description }}
+{% if entry.memberUid is defined %}
+{% for uid in entry.memberUid %}
+memberUid: {{ uid }}
+{% endfor %}
+{% endif %}
+{% if entry.member is defined %}
+{% for m in entry.member %}
+member: {{ m }}
+{% endfor %}
+{% endif %}
+
+{% endfor %}