kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-31 02:10:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
75d476267e2d7e377c027f2d0f747abcf8bc0d99
computer-playbook/roles/web-app-nextcloud/vars/plugins/user_ldap.yml
Kevin Veen-Birkenbach cbfb096cdb Refactor web health checker & domain expectations (filter-based) 
- Move all domain→expected-status mapping to filter `web_health_expectations`.
- Require explicit app selection via non-empty `group_names`; only those apps are included.
- Add `www_enabled` flag (wired via `WWW_REDIRECT_ENABLED`) to generate/force www.* → 301.
- Support `redirect_maps` to include manual redirects (sources forced to 301), independent of app selection.
- Aliases always 301; canonicals use per-key override or `server.status_codes.default`, else [200,302,301].
- Remove legacy fallbacks (`server.status_codes.home` / `landingpage`).
- Wire filter output into systemd ExecStart script as JSON expectations.
- Normalize various templates to use `to_json` and minor spacing fixes.
- Update app configs (e.g., YOURLS default=301; Confluence default=302; Bluesky web=405; MediaWiki/Confluence canonical/aliases).
- Constructor now uses `WWW_REDIRECT_ENABLED` for domain generation.

Tests:
- Add comprehensive unit tests for filter: selection by group, keyed/default codes, aliases, www handling, redirect_maps, input sanitization.
- Add unit tests for the standalone checker script (JSON parsing, OK/mismatch counting, sanitization).

See conversation: https://chatgpt.com/share/68c2b93e-de58-800f-8c16-ea05755ba776
2025-09-11 13:58:16 +02:00

184 lines
4.2 KiB
YAML
Raw Blame History

plugin_configuration:
-
appid: "user_ldap"
configkey: "background_sync_interval"
configvalue: 43200
-
appid: "user_ldap"
configkey: "background_sync_offset"
configvalue: 0
-
appid: "user_ldap"
configkey: "background_sync_prefix"
configvalue: "s01"
-
appid: "user_ldap"
configkey: "enabled"
configvalue: "yes"
-
appid: "user_ldap"
configkey: "s01last_jpegPhoto_lookup"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_backup_port"
configvalue: "{{ ports.localhost.ldap['svc-db-openldap'] }}" # This is just optimized for local port @todo implement for external ports as well
-
appid: "user_ldap"
configkey: "s01ldap_base"
configvalue: "{{ LDAP.DN.ROOT }}"
-
appid: "user_ldap"
configkey: "s01ldap_base_groups"
configvalue: "{{ LDAP.DN.ROOT }}"
-
appid: "user_ldap"
configkey: "s01ldap_base_users"
configvalue: "{{ LDAP.DN.OU.USERS }}"
-
appid: "user_ldap"
configkey: "s01ldap_cache_ttl"
configvalue: 600
-
appid: "user_ldap"
configkey: "s01ldap_configuration_active"
configvalue: 1
-
appid: "user_ldap"
configkey: "s01ldap_connection_timeout"
configvalue: 15
-
appid: "user_ldap"
configkey: "s01ldap_display_name"
configvalue: "cn"
-
appid: "user_ldap"
configkey: "s01ldap_dn"
configvalue: "{{ LDAP.DN.ADMINISTRATOR.DATA }}"
-
appid: "user_ldap"
configkey: "s01ldap_email_attr"
configvalue: "mail"
-
appid: "user_ldap"
configkey: "s01ldap_experienced_admin"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_gid_number"
configvalue: "gidNumber"
-
appid: "user_ldap"
configkey: "s01ldap_group_display_name"
configvalue: "cn"
-
appid: "user_ldap"
configkey: "s01ldap_group_filter"
configvalue: "(&(|(objectclass=groupOfUniqueNames)(objectclass=posixGroup)))"
-
appid: "user_ldap"
configkey: "s01ldap_group_filter_mode"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_group_member_assoc_attribute"
configvalue: "uniqueMember"
-
appid: "user_ldap"
configkey: "s01ldap_groupfilter_objectclass"
configvalue: "groupOfUniqueNames\nposixGroup"
-
appid: "user_ldap"
configkey: "s01ldap_host"
configvalue: "{{ LDAP.SERVER.DOMAIN }}"
-
appid: "user_ldap"
configkey: "s01ldap_login_filter"
configvalue: "{{ LDAP.FILTERS.USERS.LOGIN }}"
-
appid: "user_ldap"
configkey: "s01ldap_login_filter_mode"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_loginfilter_email"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_loginfilter_username"
configvalue: 1
-
appid: "user_ldap"
configkey: "s01ldap_mark_remnants_as_disabled"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_matching_rule_in_chain_state"
configvalue: "unknown"
-
appid: "user_ldap"
configkey: "s01ldap_nested_groups"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_paging_size"
configvalue: 500
-
appid: "user_ldap"
configkey: "s01ldap_port"
configvalue: 389
-
appid: "user_ldap"
configkey: "s01ldap_turn_off_cert_check"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_turn_on_pwd_change"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_user_avatar_rule"
configvalue: "default"
-
appid: "user_ldap"
configkey: "s01ldap_user_filter_mode"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_userfilter_objectclass"
configvalue: "inetOrgPerson"
-
appid: "user_ldap"
configkey: "s01ldap_userlist_filter"
configvalue: |-
{% if applications | get_app_conf(application_id, 'plugins.user_ldap.user_directory.enabled', True) %}
{{ LDAP.FILTERS.USERS.ALL }}
{% else %}
()
{% endif %}
-
appid: "user_ldap"
configkey: "s01use_memberof_to_detect_membership"
configvalue: 1
-
appid: "user_ldap"
configkey: "types"
configvalue: "authentication"
-
appid: "user_ldap"
configkey: "s01ldap_expert_username_attr"
configvalue: "{{ LDAP.USER.ATTRIBUTES.ID }}"
Reference in New Issue View Git Blame Copy Permalink