kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-11-04 04:08:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3203151e84218aa0100c886048da6633a7f28508
computer-playbook/roles/docker-ldap/templates/ldif/data/02_users.ldif.j2
Kevin Veen-Birkenbach 3203151e84 Added {SSHA}
2025-04-24 20:38:18 +02:00

59 lines
2.3 KiB
Django/Jinja
Raw Blame History

{##
# Iterate over all users and create LDAP entries for each, then assign admin to application roles
# This template loops through a 'users' list variable where each user is a dict with keys:
# username, uid, gid, password (optional), sn (optional), cn (optional)
##}
#######################################################################
# Container for Application Roles (if not already created)
#######################################################################
dn: {{ ldap.dn.application_roles }}
objectClass: organizationalUnit
ou: roles
description: Container for application access profiles
{% for username, user in users.items() %}
#######################################################################
# Create User {{ username }}
#######################################################################
dn: {{ ldap.attributes.user_id }}={{ username }},{{ ldap.dn.users }}
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
{{ ldap.attributes.user_id }}: {{ username }}
sn: {{ username }}
cn: {{ username }}
userPassword: {SSHA}{{ user.password }}
loginShell: /bin/bash
homeDirectory: /home/{{ username }}
uidNumber: {{ user.uid }}
gidNumber: {{ user.gid }}
#######################################################################
# Assign {{ username }} to application user roles
#######################################################################
{% for app, config in defaults_applications.items() %}
dn: cn={{ app }}-user,{{ ldap.dn.application_roles }}
changetype: modify
add: roleOccupant
roleOccupant: {{ ldap.attributes.user_id }}={{ username }},{{ ldap.dn.users }}
{% endfor %}
{% endfor %}
#######################################################################
# Add Admin User to All Application Role Groups (unchanged)
#######################################################################
{% for app, config in defaults_applications.items() %}
dn: cn={{ app }}-administrator,{{ ldap.dn.application_roles }}
changetype: modify
add: roleOccupant
roleOccupant: {{ ldap.attributes.user_id }}={{ users.administrator.username }},{{ ldap.dn.users }}
dn: cn={{ app }}-user,{{ ldap.dn.application_roles }}
changetype: modify
add: roleOccupant
roleOccupant: {{ ldap.attributes.user_id }}={{ users.administrator.username }},{{ ldap.dn.users }}
{% endfor %}
Reference in New Issue View Git Blame Copy Permalink