mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-10-10 02:38:10 +02:00
Kevin Veen-Birkenbach
ca52dcda43
- Add CPU, memory and PID limits to all services in config/main.yml to prevent OOM - Replace old LDAP admin bootstrap with new 02_admin.yml using OPENPROJECT_ADMINISTRATOR_* vars - Standardize variable names (uppercase convention) - Fix HTTPS/HSTS port check (443 instead of 433) - Allow docker_restart_policy override in base.yml.j2 - Cleanup redundant LDAP admin runner in 01_ldap.yml See: https://chatgpt.com/share/68d40c6e-ab9c-800f-a4a0-d9338d8c1b32
17 lines
1.8 KiB
YAML
17 lines
1.8 KiB
YAML
openproject_ldap:
|
|
name: "{{ PRIMARY_DOMAIN }}" # Display name for the LDAP connection in OpenProject
|
|
host: "{{ LDAP.SERVER.DOMAIN }}" # LDAP server address
|
|
port: "{{ LDAP.SERVER.PORT }}" # LDAP server port (typically 389 or 636)
|
|
account: "{{ LDAP.DN.ADMINISTRATOR.DATA }}" # Bind DN (used for authentication)
|
|
account_password: "{{ LDAP.BIND_CREDENTIAL }}" # Bind password
|
|
base_dn: "{{ LDAP.DN.OU.USERS }}" # Base DN for user search
|
|
attr_login: "{{ LDAP.USER.ATTRIBUTES.ID }}" # LDAP attribute used for login
|
|
attr_firstname: "givenName" # LDAP attribute for first name
|
|
attr_lastname: "{{ LDAP.USER.ATTRIBUTES.SURNAME }}" # LDAP attribute for last name
|
|
attr_mail: "{{ LDAP.USER.ATTRIBUTES.MAIL }}" # LDAP attribute for email
|
|
attr_admin: "{{ OPENPROJECT_LDAP_FILTERS.ADMINISTRATORS }}" # Optional: LDAP attribute for admin group (leave empty if unused)
|
|
onthefly_register: true # Automatically create users on first login
|
|
tls_mode: 0 # 0 = No TLS, 1 = TLS, 2 = STARTTLS
|
|
verify_peer: false # Whether to verify the SSL certificate
|
|
filter_string: "{{ OPENPROJECT_LDAP_FILTERS.USERS }}" # Optional: Custom filter for users (e.g., "(objectClass=person)")
|
|
tls_certificate_string: "" # Optional: Client certificate string for TLS (usually left empty) |