mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-29 23:08:06 +02:00
Kevin Veen-Birkenbach
cb66fb2978
- Converted group_vars/all/13_ldap.yml from lower-case to ALL-CAPS nested keys. - Updated all roles, tasks, templates, and filter_plugins to reference LDAP.* instead of ldap.*. - Fixed Keycloak JSON templates to properly quote Jinja variables. - Adjusted svc-db-openldap filter plugins and unit tests to handle new LDAP structure. - Updated integration test to only check uniqueness of TOP-LEVEL ALL-CAPS constants, ignoring nested keys. See: https://chatgpt.com/share/68b01017-efe0-800f-a508-7d7e2f1c8c8d
17 lines
1.7 KiB
YAML
17 lines
1.7 KiB
YAML
openproject_ldap:
|
|
name: "{{ PRIMARY_DOMAIN }}" # Display name for the LDAP connection in OpenProject
|
|
host: "{{ LDAP.SERVER.DOMAIN }}" # LDAP server address
|
|
port: "{{ LDAP.SERVER.PORT }}" # LDAP server port (typically 389 or 636)
|
|
account: "{{ LDAP.DN.ADMINISTRATOR.DATA }}" # Bind DN (used for authentication)
|
|
account_password: "{{ LDAP.BIND_CREDENTIAL }}" # Bind password
|
|
base_dn: "{{ LDAP.DN.OU.USERS }}" # Base DN for user search
|
|
attr_login: "{{ LDAP.USER.ATTRIBUTES.ID }}" # LDAP attribute used for login
|
|
attr_firstname: "givenName" # LDAP attribute for first name
|
|
attr_lastname: "{{ LDAP.USER.ATTRIBUTES.SURNAME }}" # LDAP attribute for last name
|
|
attr_mail: "{{ LDAP.USER.ATTRIBUTES.MAIL }}" # LDAP attribute for email
|
|
attr_admin: "{{ openproject_filters.administrators }}" # Optional: LDAP attribute for admin group (leave empty if unused)
|
|
onthefly_register: true # Automatically create users on first login
|
|
tls_mode: 0 # 0 = No TLS, 1 = TLS, 2 = STARTTLS
|
|
verify_peer: false # Whether to verify the SSL certificate
|
|
filter_string: "{{ openproject_filters.users }}" # Optional: Custom filter for users (e.g., "(objectClass=person)")
|
|
tls_certificate_string: "" # Optional: Client certificate string for TLS (usually left empty) |