kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-22 16:02:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
computer-playbook/roles/docker-openproject/tasks/ldap.yml

111 lines
4.2 KiB
YAML
Raw Blame History

- name: Load LDAP configuration variables
include_vars:
file: "ldap.yml"
- name: Check if LDAP source exists
community.postgresql.postgresql_query:
db: "{{ database_name }}"
login_user: "{{ database_username }}"
login_password: "{{ database_password }}"
login_host: "127.0.0.1"
login_port: "{{ database_port }}"
query: "SELECT id FROM ldap_auth_sources WHERE name = '{{ openproject_ldap.name }}' LIMIT 1;"
register: ldap_check
- name: Update existing LDAP auth source
community.postgresql.postgresql_query:
db: "{{ database_name }}"
login_user: "{{ database_username }}"
login_password: "{{ database_password }}"
login_host: "127.0.0.1"
login_port: "{{ database_port }}"
query: >
UPDATE ldap_auth_sources SET
host = '{{ openproject_ldap.host }}',
port = {{ openproject_ldap.port }},
account = '{{ openproject_ldap.account }}',
account_password = '{{ openproject_ldap.account_password }}',
base_dn = '{{ openproject_ldap.base_dn }}',
attr_login = '{{ openproject_ldap.attr_login }}',
attr_firstname = '{{ openproject_ldap.attr_firstname }}',
attr_lastname = '{{ openproject_ldap.attr_lastname }}',
attr_mail = '{{ openproject_ldap.attr_mail }}',
onthefly_register = {{ openproject_ldap.onthefly_register }},
attr_admin = '{{ openproject_ldap.attr_admin }}',
updated_at = NOW(),
tls_mode = {{ openproject_ldap.tls_mode }},
filter_string = '{{ openproject_ldap.filter_string }}',
verify_peer = {{ openproject_ldap.verify_peer }},
tls_certificate_string = '{{ openproject_ldap.tls_certificate_string }}'
WHERE name = '{{ openproject_ldap.name }}';
when: ldap_check.query_result | length > 0
- name: Create new LDAP auth source
community.postgresql.postgresql_query:
db: "{{ database_name }}"
login_user: "{{ database_username }}"
login_password: "{{ database_password }}"
login_host: "127.0.0.1"
login_port: "{{ database_port }}"
query: >
INSERT INTO ldap_auth_sources
(name, host, port, account, account_password, base_dn, attr_login,
attr_firstname, attr_lastname, attr_mail, onthefly_register, attr_admin,
created_at, updated_at, tls_mode, filter_string, verify_peer, tls_certificate_string)
VALUES (
'{{ openproject_ldap.name }}',
'{{ openproject_ldap.host }}',
{{ openproject_ldap.port }},
'{{ openproject_ldap.account }}',
'{{ openproject_ldap.account_password }}',
'{{ openproject_ldap.base_dn }}',
'{{ openproject_ldap.attr_login }}',
'{{ openproject_ldap.attr_firstname }}',
'{{ openproject_ldap.attr_lastname }}',
'{{ openproject_ldap.attr_mail }}',
{{ openproject_ldap.onthefly_register }},
'{{ openproject_ldap.attr_admin }}',
NOW(),
NOW(),
{{ openproject_ldap.tls_mode }},
'{{ openproject_ldap.filter_string }}',
{{ openproject_ldap.verify_peer }},
'{{ openproject_ldap.tls_certificate_string }}'
);
when: ldap_check.query_result | length == 0
- name: Show all LDAP sources (debug)
community.postgresql.postgresql_query:
db: "{{ database_name }}"
login_user: "{{ database_username }}"
login_password: "{{ database_password }}"
login_host: "127.0.0.1"
login_port: "{{ database_port }}"
query: "SELECT id, name FROM ldap_auth_sources"
register: ldap_entries
when: enable_debug | bool
- name: Debug LDAP entries
debug:
var: ldap_entries
when: enable_debug | bool
# This works just after the first admin login
# @todo Remove and replace trough LDAP RBAC group
- name: Set LDAP user as admin via OpenProject Rails runner
shell: >
docker compose exec web bash -c "
cd /app &&
RAILS_ENV=production bundle exec rails runner \"
user = User.find_by(mail: '{{ users.administrator.email }}');
if user.nil?;
puts 'User with email {{ users.administrator.email }} not found.';
else;
user.admin = true;
user.save!;
puts 'User \#{user.login} is now an admin.';
end
\"
"
args:
chdir: "{{ docker_compose.directories.instance }}"
Reference in New Issue View Git Blame Copy Permalink