Digitalboard/digitalboard.core
6
2
Fork 0
Code Pull requests 1 Releases Packages Activity Actions
digitalboard.core/roles/authentik_outpost_ldap
History
Simon Bärlocher 03bf0efe44
docs(collection): document all roles and fix metadata drift 
Replace ansible-galaxy init placeholders across the collection and
correct documentation that drifted from the code, after a multi-agent
review of every role README against its defaults, tasks and templates.

Collection level:
- README: role table for all 16 roles, requirements and role-ordering
- galaxy.yml: declare community.docker and community.general deps,
  real description/tags/urls; normalize license to MIT-0
- meta/runtime.yml: requires_ansible '>=2.15.0'
- plugins/README: document the homarr_layout filter and
  garage_credentials lookup instead of scaffold boilerplate

Per-role meta/main.yml and README for the placeholder roles
(389ds, authentik, authentik_outpost_ldap, base, collabora, drawio,
garage, homarr, httpbin, keycloak, nextcloud, opencloud, traefik).

Correctness fixes found during review:
- keycloak: wrong domain default, drop invented keycloak_cert_resolver,
  document the provisioning feature
- garage: root_domain is .s3.<first-entry>, not the bare domain
- opnform: jwt/front_api secrets use `openssl rand -hex 32`; align the
  validation fail_msg in tasks/main.yml accordingly
- send: S3 example references garage_s3_domains[0] (was singular)
- opencloud: document required opencloud_wopi_domain

License normalized to MIT-0 across galaxy.yml, role meta and READMEs to
match the SPDX headers.
2026-05-27 22:33:42 +02:00
..
defaults chore: add authentik outpost deployment 2026-04-10 11:27:07 +02:00
handlers chore: add new empty role skeleton for authentik_outpost_ldap 2026-04-02 11:51:58 +02:00
meta docs(collection): document all roles and fix metadata drift 2026-05-27 22:33:42 +02:00
tasks feat: add blueprints for authentik ldap outpost and render values directly instead of using env vars 2026-04-10 14:33:52 +02:00
templates chore: add authentik outpost deployment 2026-04-10 11:27:07 +02:00
tests chore: add new empty role skeleton for authentik_outpost_ldap 2026-04-02 11:51:58 +02:00
vars chore: add new empty role skeleton for authentik_outpost_ldap 2026-04-02 11:51:58 +02:00
README.md docs(collection): document all roles and fix metadata drift 2026-05-27 22:33:42 +02:00

README.md

authentik_outpost_ldap

Deploys an authentik LDAP outpost via Docker Compose. The outpost exposes an LDAP interface backed by authentik, so applications that cannot speak OIDC (e.g. Nextcloud or OpenCloud LDAP backends) can still authenticate against the central IdP.

The outpost connects back to an authentik server using an outpost token issued in the authentik admin interface. The image version must match the authentik server version.

Requirements

  • Docker and Docker Compose on the target host (e.g. via digitalboard.core.base)
  • Ansible collection: community.docker

Role variables

Variable Default Description
authentik_outpost_ldap_image ghcr.io/goauthentik/ldap:2026.2.2 Outpost image (match the server version).
authentik_outpost_ldap_host https://authentik.local.test URL of the authentik server.
authentik_outpost_ldap_token changeme Outpost token — override this.
authentik_outpost_ldap_insecure "true" Skip TLS verification toward the authentik server.
authentik_outpost_ldap_network ldap Docker network LDAP clients connect over (created by the role).
authentik_outpost_ldap_authentik_network unset Optional extra external network to the authentik server.
authentik_outpost_ldap_extra_hosts [] Extra host:ip entries for in-container DNS.

Example

- hosts: directory
  become: true
  roles:
    - role: digitalboard.core.authentik_outpost_ldap
      vars:
        authentik_outpost_ldap_host: "https://auth.example.com"
        authentik_outpost_ldap_token: "{{ vault_authentik_ldap_outpost_token }}"

License

MIT-0