mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-07-04 08:02:02 +02:00
31 lines
1.0 KiB
Django/Jinja
31 lines
1.0 KiB
Django/Jinja
{%- for application_id, application_config in applications.items() %}
|
|
{%- set base_roles = application_config.rbac.roles | default({}) %}
|
|
{%- set roles = base_roles | combine({
|
|
'administrator': {
|
|
'description': 'Has full administrative access: manage themes, plugins, settings, and users'
|
|
}
|
|
})
|
|
%}
|
|
|
|
{%- for role_name, role_conf in roles.items() %}
|
|
dn: cn={{ application_id }}-{{ role_name }},{{ ldap.dn.ou.roles }}
|
|
objectClass: top
|
|
objectClass: organizationalRole
|
|
objectClass: posixGroup
|
|
gidNumber: {{ application_config['group_id'] }}
|
|
cn: {{ application_id }}-{{ role_name }}
|
|
description: {{ role_conf.description }}
|
|
|
|
{%- for username, user_config in users.items() %}
|
|
{%- set user_roles = user_config.roles | default([]) %}
|
|
{%- if role_name in user_roles %}
|
|
dn: cn={{ application_id }}-{{ role_name }},{{ ldap.dn.ou.roles }}
|
|
changetype: modify
|
|
add: roleOccupant
|
|
roleOccupant: {{ ldap.attributes.user_id }}={{ username }},{{ ldap.dn.ou.users }}
|
|
|
|
{%- endif %}
|
|
{%- endfor %}
|
|
{%- endfor %}
|
|
{%- endfor %}
|