kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-31 02:10:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f7e661bccad9e9cbe31220abad47982a23497bcc
computer-playbook/roles/web-app-snipe-it/tasks/ldap.yml
Kevin Veen-Birkenbach cb66fb2978 Refactor LDAP variable schema to use top-level constant LDAP and nested ALL-CAPS keys. 
- Converted group_vars/all/13_ldap.yml from lower-case to ALL-CAPS nested keys.
- Updated all roles, tasks, templates, and filter_plugins to reference LDAP.* instead of ldap.*.
- Fixed Keycloak JSON templates to properly quote Jinja variables.
- Adjusted svc-db-openldap filter plugins and unit tests to handle new LDAP structure.
- Updated integration test to only check uniqueness of TOP-LEVEL ALL-CAPS constants, ignoring nested keys.

See: https://chatgpt.com/share/68b01017-efe0-800f-a508-7d7e2f1c8c8d
2025-08-28 10:15:48 +02:00

85 lines
3.3 KiB
YAML
Raw Blame History

# @See https://raw.githubusercontent.com/snipe/snipe-it/master/app/Models/Setting.php
---
- name: "Wait until the Snipe-IT Login is available"
uri:
url: "{{ snipe_it_url }}/login"
method: GET
return_content: no
status_code: 200
register: snipeit_admin_check
retries: 30
delay: 5
until: snipeit_admin_check.status == 200
when: not ( applications | get_app_conf(application_id, 'features.oauth2', False))
- name: "Set all LDAP settings via Laravel Setting model (inside container as {{ snipe_it_user }})"
shell: |
docker-compose exec -T \
-e APP_KEY='{{ applications | get_app_conf(application_id, 'credentials.app_key', True) }}' \
-e XDG_CONFIG_HOME=/tmp \
-u {{ snipe_it_user }} application \
sh -c 'php artisan tinker << "EOF"
$s = \App\Models\Setting::getSettings();
$s->ldap_enabled = 1;
$s->ldap_server = "{{ LDAP.SERVER.URI }}";
$s->ldap_port = {{ LDAP.SERVER.PORT }};
$s->ldap_uname = "{{ LDAP.DN.ADMINISTRATOR.DATA }}";
$s->ldap_basedn = "{{ LDAP.DN.OU.USERS }}";
$s->ldap_filter = "&(objectClass=inetOrgPerson)";
$s->ldap_username_field = "{{ LDAP.USER.ATTRIBUTES.ID }}";
$s->ldap_fname_field = "{{ LDAP.USER.ATTRIBUTES.FIRSTNAME }}";
$s->ldap_lname_field = "{{ LDAP.USER.ATTRIBUTES.SURNAME }}";
$s->ldap_auth_filter_query = "uid=";
$s->ldap_version = 3;
$s->ldap_pw_sync = 0;
$s->is_ad = 0;
$s->ad_domain = "";
$s->ldap_default_group = "";
$s->ldap_email = "{{ LDAP.USER.ATTRIBUTES.MAIL }}";
$s->custom_forgot_pass_url = "{{ OIDC.CLIENT.RESET_CREDENTIALS }}";
$s->save();
EOF'
args:
chdir: "{{ docker_compose.directories.instance }}"
register: ldap_tinker
failed_when: >
ldap_tinker.stdout_lines is not defined
or ldap_tinker.stdout_lines[0] != '= true'
changed_when: >
ldap_tinker.stdout_lines is defined
and ldap_tinker.stdout_lines[0] == '= true'
notify: docker compose up
- name: Encrypt & save LDAP bind password via Crypt + DB façade
shell: |
docker-compose exec -T \
-u {{ snipe_it_user }} \
-e APP_KEY="{{ applications | get_app_conf(application_id, 'credentials.app_key', True) }}" \
-e XDG_CONFIG_HOME=/tmp \
application \
php artisan tinker --execute="
use Illuminate\Support\Facades\Crypt;
use Illuminate\Support\Facades\DB;
/* encrypt the clear-text password */
\$encrypted = Crypt::encrypt('{{ LDAP.BIND_CREDENTIAL }}');
/* write it straight into settings.ldap_pword */
/* update the one and only row in `settings` */
DB::table('settings')->update([
'ldap_pword' => \$encrypted
]);
echo 'Stored: ' . \$encrypted . PHP_EOL;
"
args:
chdir: "{{ docker_compose.directories.instance }}"
register: ldap_encrypt
failed_when: ldap_encrypt.rc != 0
- name: "Clear Laravel config & cache (inside container as {{ snipe_it_user }})"
shell: |
docker-compose exec -T -u {{ snipe_it_user }} application php artisan config:clear
docker-compose exec -T -u {{ snipe_it_user }} application php artisan cache:clear
args:
chdir: "{{ docker_compose.directories.instance }}"
notify: docker compose up
Reference in New Issue View Git Blame Copy Permalink