Digitalboard/digitalboard.core
5
2
Fork 0
Code Pull requests Releases Packages Activity Actions

feat: add ldap backend to opencloud

Browse source 
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
This commit is contained in:
Bert-Jan Fikse 2026-03-13 11:43:11 +01:00
parent 12864a13b0
commit db21030a64
Signed by: bert-jan
GPG key ID: C1E0AB516AC16D1A
2 changed files with 43 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

18
roles/opencloud/defaults/main.yml
View file

@ -46,5 +46,23 @@ opencloud_collabora_domain: ""
opencloud_wopi_domain: "" opencloud_wopi_domain: ""
opencloud_collabora_insecure: true opencloud_collabora_insecure: true
# LDAP configuration (set opencloud_ldap_uri to enable external LDAP)
opencloud_ldap_uri: ""
opencloud_ldap_insecure: true
opencloud_ldap_bind_dn: ""
opencloud_ldap_bind_password: ""
opencloud_ldap_user_base_dn: ""
opencloud_ldap_group_base_dn: ""
opencloud_ldap_user_schema_id: "nsuniqueid"
opencloud_ldap_user_schema_id_is_octet_string: true
opencloud_ldap_user_schema_username: "uid"
opencloud_ldap_user_schema_mail: "mail"
opencloud_ldap_user_schema_display_name: "displayName"
opencloud_ldap_group_schema_id: "nsuniqueid"
opencloud_ldap_group_schema_id_is_octet_string: true
opencloud_ldap_group_schema_groupname: "cn"
opencloud_ldap_group_schema_member: "member"
opencloud_ldap_write_enabled: false
# CSP configuration (extra URLs to allow in connect-src) # CSP configuration (extra URLs to allow in connect-src)
opencloud_csp_extra_connect_src: [] opencloud_csp_extra_connect_src: []

25
roles/opencloud/templates/docker-compose.yml.j2
View file

@ -44,6 +44,31 @@ services:
STORAGE_USERS_DECOMPOSEDS3_SECRET_KEY: "{{ opencloud_s3_secret_key }}" STORAGE_USERS_DECOMPOSEDS3_SECRET_KEY: "{{ opencloud_s3_secret_key }}"
STORAGE_USERS_DECOMPOSEDS3_BUCKET: "{{ opencloud_s3_bucket }}" STORAGE_USERS_DECOMPOSEDS3_BUCKET: "{{ opencloud_s3_bucket }}"
{% endif %} {% endif %}
{% if opencloud_ldap_uri %}
# Disable built-in IDM when using external LDAP
OC_EXCLUDE_RUN_SERVICES: "idm"
IDM_CREATE_DEMO_USERS: "false"
# LDAP connection
OC_LDAP_URI: "{{ opencloud_ldap_uri }}"
OC_LDAP_INSECURE: "{{ opencloud_ldap_insecure | string | lower }}"
OC_LDAP_BIND_DN: "{{ opencloud_ldap_bind_dn }}"
OC_LDAP_BIND_PASSWORD: "{{ opencloud_ldap_bind_password }}"
# LDAP user/group base
OC_LDAP_USER_BASE_DN: "{{ opencloud_ldap_user_base_dn }}"
OC_LDAP_GROUP_BASE_DN: "{{ opencloud_ldap_group_base_dn }}"
# LDAP user schema
OC_LDAP_USER_SCHEMA_ID: "{{ opencloud_ldap_user_schema_id }}"
OC_LDAP_USER_SCHEMA_ID_IS_OCTET_STRING: "{{ opencloud_ldap_user_schema_id_is_octet_string | string | lower }}"
OC_LDAP_USER_SCHEMA_USERNAME: "{{ opencloud_ldap_user_schema_username }}"
OC_LDAP_USER_SCHEMA_MAIL: "{{ opencloud_ldap_user_schema_mail }}"
OC_LDAP_USER_SCHEMA_DISPLAY_NAME: "{{ opencloud_ldap_user_schema_display_name }}"
# LDAP group schema
OC_LDAP_GROUP_SCHEMA_ID: "{{ opencloud_ldap_group_schema_id }}"
OC_LDAP_GROUP_SCHEMA_ID_IS_OCTET_STRING: "{{ opencloud_ldap_group_schema_id_is_octet_string | string | lower }}"
OC_LDAP_GROUP_SCHEMA_GROUPNAME: "{{ opencloud_ldap_group_schema_groupname }}"
OC_LDAP_GROUP_SCHEMA_MEMBER: "{{ opencloud_ldap_group_schema_member }}"
GRAPH_LDAP_SERVER_WRITE_ENABLED: "{{ opencloud_ldap_write_enabled | string | lower }}"
{% endif %}
{% if opencloud_collabora_domain %} {% if opencloud_collabora_domain %}
OC_ADD_RUN_SERVICES: "collaboration" OC_ADD_RUN_SERVICES: "collaboration"
COLLABORA_DOMAIN: "{{ opencloud_collabora_domain }}" COLLABORA_DOMAIN: "{{ opencloud_collabora_domain }}"