Files
computer-playbook/roles/web-app-nextcloud/vars/plugins/user_ldap.yml
Kevin Veen-Birkenbach cb66fb2978 Refactor LDAP variable schema to use top-level constant LDAP and nested ALL-CAPS keys.
- Converted group_vars/all/13_ldap.yml from lower-case to ALL-CAPS nested keys.
- Updated all roles, tasks, templates, and filter_plugins to reference LDAP.* instead of ldap.*.
- Fixed Keycloak JSON templates to properly quote Jinja variables.
- Adjusted svc-db-openldap filter plugins and unit tests to handle new LDAP structure.
- Updated integration test to only check uniqueness of TOP-LEVEL ALL-CAPS constants, ignoring nested keys.

See: https://chatgpt.com/share/68b01017-efe0-800f-a508-7d7e2f1c8c8d
2025-08-28 10:15:48 +02:00

184 lines
4.2 KiB
YAML

plugin_configuration:
-
appid: "user_ldap"
configkey: "background_sync_interval"
configvalue: 43200
-
appid: "user_ldap"
configkey: "background_sync_offset"
configvalue: 0
-
appid: "user_ldap"
configkey: "background_sync_prefix"
configvalue: "s01"
-
appid: "user_ldap"
configkey: "enabled"
configvalue: "yes"
-
appid: "user_ldap"
configkey: "s01last_jpegPhoto_lookup"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_backup_port"
configvalue: "{{ ports.localhost.ldap['svc-db-openldap'] }}" # This is just optimized for local port @todo implement for external ports as well
-
appid: "user_ldap"
configkey: "s01ldap_base"
configvalue: "{{ LDAP.DN.ROOT }}"
-
appid: "user_ldap"
configkey: "s01ldap_base_groups"
configvalue: "{{ LDAP.DN.ROOT }}"
-
appid: "user_ldap"
configkey: "s01ldap_base_users"
configvalue: "{{LDAP.DN.OU.USERS}}"
-
appid: "user_ldap"
configkey: "s01ldap_cache_ttl"
configvalue: 600
-
appid: "user_ldap"
configkey: "s01ldap_configuration_active"
configvalue: 1
-
appid: "user_ldap"
configkey: "s01ldap_connection_timeout"
configvalue: 15
-
appid: "user_ldap"
configkey: "s01ldap_display_name"
configvalue: "cn"
-
appid: "user_ldap"
configkey: "s01ldap_dn"
configvalue: "{{LDAP.DN.ADMINISTRATOR.DATA}}"
-
appid: "user_ldap"
configkey: "s01ldap_email_attr"
configvalue: "mail"
-
appid: "user_ldap"
configkey: "s01ldap_experienced_admin"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_gid_number"
configvalue: "gidNumber"
-
appid: "user_ldap"
configkey: "s01ldap_group_display_name"
configvalue: "cn"
-
appid: "user_ldap"
configkey: "s01ldap_group_filter"
configvalue: "(&(|(objectclass=groupOfUniqueNames)(objectclass=posixGroup)))"
-
appid: "user_ldap"
configkey: "s01ldap_group_filter_mode"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_group_member_assoc_attribute"
configvalue: "uniqueMember"
-
appid: "user_ldap"
configkey: "s01ldap_groupfilter_objectclass"
configvalue: "groupOfUniqueNames\nposixGroup"
-
appid: "user_ldap"
configkey: "s01ldap_host"
configvalue: "{{ LDAP.SERVER.DOMAIN }}"
-
appid: "user_ldap"
configkey: "s01ldap_login_filter"
configvalue: "{{ LDAP.FILTERS.USERS.LOGIN }}"
-
appid: "user_ldap"
configkey: "s01ldap_login_filter_mode"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_loginfilter_email"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_loginfilter_username"
configvalue: 1
-
appid: "user_ldap"
configkey: "s01ldap_mark_remnants_as_disabled"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_matching_rule_in_chain_state"
configvalue: "unknown"
-
appid: "user_ldap"
configkey: "s01ldap_nested_groups"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_paging_size"
configvalue: 500
-
appid: "user_ldap"
configkey: "s01ldap_port"
configvalue: 389
-
appid: "user_ldap"
configkey: "s01ldap_turn_off_cert_check"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_turn_on_pwd_change"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_user_avatar_rule"
configvalue: "default"
-
appid: "user_ldap"
configkey: "s01ldap_user_filter_mode"
configvalue: 0
-
appid: "user_ldap"
configkey: "s01ldap_userfilter_objectclass"
configvalue: "inetOrgPerson"
-
appid: "user_ldap"
configkey: "s01ldap_userlist_filter"
configvalue: |-
{% if applications | get_app_conf(application_id, 'plugins.user_ldap.user_directory.enabled', True) %}
{{ LDAP.FILTERS.USERS.ALL }}
{% else %}
()
{% endif %}
-
appid: "user_ldap"
configkey: "s01use_memberof_to_detect_membership"
configvalue: 1
-
appid: "user_ldap"
configkey: "types"
configvalue: "authentication"
-
appid: "user_ldap"
configkey: "s01ldap_expert_username_attr"
configvalue: "{{LDAP.USER.ATTRIBUTES.ID}}"