From db21030a64ea9da55b7bfe6f5730e82f4eb4e942 Mon Sep 17 00:00:00 2001 From: Bert-Jan Fikse Date: Fri, 13 Mar 2026 11:43:11 +0100 Subject: [PATCH] feat: add ldap backend to opencloud Signed-off-by: Bert-Jan Fikse --- roles/opencloud/defaults/main.yml | 18 +++++++++++++ .../opencloud/templates/docker-compose.yml.j2 | 25 +++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/roles/opencloud/defaults/main.yml b/roles/opencloud/defaults/main.yml index 9e43dcc..d7abfee 100644 --- a/roles/opencloud/defaults/main.yml +++ b/roles/opencloud/defaults/main.yml @@ -46,5 +46,23 @@ opencloud_collabora_domain: "" opencloud_wopi_domain: "" opencloud_collabora_insecure: true +# LDAP configuration (set opencloud_ldap_uri to enable external LDAP) +opencloud_ldap_uri: "" +opencloud_ldap_insecure: true +opencloud_ldap_bind_dn: "" +opencloud_ldap_bind_password: "" +opencloud_ldap_user_base_dn: "" +opencloud_ldap_group_base_dn: "" +opencloud_ldap_user_schema_id: "nsuniqueid" +opencloud_ldap_user_schema_id_is_octet_string: true +opencloud_ldap_user_schema_username: "uid" +opencloud_ldap_user_schema_mail: "mail" +opencloud_ldap_user_schema_display_name: "displayName" +opencloud_ldap_group_schema_id: "nsuniqueid" +opencloud_ldap_group_schema_id_is_octet_string: true +opencloud_ldap_group_schema_groupname: "cn" +opencloud_ldap_group_schema_member: "member" +opencloud_ldap_write_enabled: false + # CSP configuration (extra URLs to allow in connect-src) opencloud_csp_extra_connect_src: [] \ No newline at end of file diff --git a/roles/opencloud/templates/docker-compose.yml.j2 b/roles/opencloud/templates/docker-compose.yml.j2 index bc142a2..88faa46 100644 --- a/roles/opencloud/templates/docker-compose.yml.j2 +++ b/roles/opencloud/templates/docker-compose.yml.j2 @@ -44,6 +44,31 @@ services: STORAGE_USERS_DECOMPOSEDS3_SECRET_KEY: "{{ opencloud_s3_secret_key }}" STORAGE_USERS_DECOMPOSEDS3_BUCKET: "{{ opencloud_s3_bucket }}" {% endif %} +{% if opencloud_ldap_uri %} + # Disable built-in IDM when using external LDAP + OC_EXCLUDE_RUN_SERVICES: "idm" + IDM_CREATE_DEMO_USERS: "false" + # LDAP connection + OC_LDAP_URI: "{{ opencloud_ldap_uri }}" + OC_LDAP_INSECURE: "{{ opencloud_ldap_insecure | string | lower }}" + OC_LDAP_BIND_DN: "{{ opencloud_ldap_bind_dn }}" + OC_LDAP_BIND_PASSWORD: "{{ opencloud_ldap_bind_password }}" + # LDAP user/group base + OC_LDAP_USER_BASE_DN: "{{ opencloud_ldap_user_base_dn }}" + OC_LDAP_GROUP_BASE_DN: "{{ opencloud_ldap_group_base_dn }}" + # LDAP user schema + OC_LDAP_USER_SCHEMA_ID: "{{ opencloud_ldap_user_schema_id }}" + OC_LDAP_USER_SCHEMA_ID_IS_OCTET_STRING: "{{ opencloud_ldap_user_schema_id_is_octet_string | string | lower }}" + OC_LDAP_USER_SCHEMA_USERNAME: "{{ opencloud_ldap_user_schema_username }}" + OC_LDAP_USER_SCHEMA_MAIL: "{{ opencloud_ldap_user_schema_mail }}" + OC_LDAP_USER_SCHEMA_DISPLAY_NAME: "{{ opencloud_ldap_user_schema_display_name }}" + # LDAP group schema + OC_LDAP_GROUP_SCHEMA_ID: "{{ opencloud_ldap_group_schema_id }}" + OC_LDAP_GROUP_SCHEMA_ID_IS_OCTET_STRING: "{{ opencloud_ldap_group_schema_id_is_octet_string | string | lower }}" + OC_LDAP_GROUP_SCHEMA_GROUPNAME: "{{ opencloud_ldap_group_schema_groupname }}" + OC_LDAP_GROUP_SCHEMA_MEMBER: "{{ opencloud_ldap_group_schema_member }}" + GRAPH_LDAP_SERVER_WRITE_ENABLED: "{{ opencloud_ldap_write_enabled | string | lower }}" +{% endif %} {% if opencloud_collabora_domain %} OC_ADD_RUN_SERVICES: "collaboration" COLLABORA_DOMAIN: "{{ opencloud_collabora_domain }}"