feat: use authentik ldap outpost for ldap instead of 389ds+keycloak
Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
This commit is contained in:
parent
1641956dd2
commit
0e1c07625a
GPG key ID:
C1E0AB516AC16D1A
5 changed files with 111 additions and 40 deletions
|
|
@ -1,19 +1,20 @@
|
|||
opencloud_domain: "opencloud.local.test"
|
||||
opencloud_admin_password: "admin"
|
||||
opencloud_extra_networks:
|
||||
- ldap
|
||||
opencloud_extra_hosts:
|
||||
- "opencloud.local.test:host-gateway"
|
||||
- "keycloak.local.test:host-gateway"
|
||||
- "authentik.local.test:192.168.56.11"
|
||||
- "storage.local.test:192.168.56.11"
|
||||
- "office.local.test:host-gateway"
|
||||
- "drawio.local.test:host-gateway"
|
||||
- "389ds:192.168.56.11"
|
||||
|
||||
# OIDC configuration (Keycloak)
|
||||
opencloud_oidc_issuer: "https://keycloak.local.test/realms/vagrant"
|
||||
# OIDC configuration (Authentik)
|
||||
opencloud_oidc_issuer: "https://authentik.local.test/application/o/opencloud/"
|
||||
opencloud_oidc_client_id: "opencloud"
|
||||
opencloud_oidc_client_secret: "opencloud-secret-change-in-production"
|
||||
opencloud_oidc_account_edit_url: "https://keycloak.local.test/realms/vagrant/account"
|
||||
opencloud_oidc_autoprovision_accounts: false
|
||||
opencloud_oidc_account_edit_url: "https://authentik.local.test/if/user/#/settings"
|
||||
opencloud_oidc_autoprovision_accounts: true
|
||||
|
||||
# S3 storage configuration using Garage
|
||||
opencloud_use_s3_storage: true
|
||||
|
|
@ -26,12 +27,18 @@ opencloud_s3_bucket: "opencloud"
|
|||
opencloud_collabora_domain: "office.local.test"
|
||||
opencloud_wopi_domain: "wopi.opencloud.local.test"
|
||||
|
||||
# LDAP backend (users synced from Keycloak via 389ds)
|
||||
opencloud_ldap_uri: "ldaps://389ds:3636"
|
||||
opencloud_ldap_bind_dn: "cn=Directory Manager"
|
||||
# LDAP backend (Authentik LDAP outpost)
|
||||
opencloud_ldap_uri: "ldap://authentik-outpost-ldap-ldap-1:3389"
|
||||
opencloud_ldap_bind_dn: "cn=akadmin,ou=users,dc=local,dc=test"
|
||||
opencloud_ldap_bind_password: "admin"
|
||||
opencloud_ldap_user_base_dn: "ou=users,dc=local,dc=test"
|
||||
opencloud_ldap_group_base_dn: "ou=groups,dc=local,dc=test"
|
||||
opencloud_ldap_user_schema_id: "uid"
|
||||
opencloud_ldap_user_schema_id_is_octet_string: false
|
||||
opencloud_ldap_user_schema_username: "cn"
|
||||
opencloud_ldap_user_schema_display_name: "cn"
|
||||
opencloud_ldap_group_schema_id: "uid"
|
||||
opencloud_ldap_group_schema_id_is_octet_string: false
|
||||
|
||||
# Draw.io integration
|
||||
opencloud_drawio_url: "https://drawio.local.test"
|
||||
|
|
@ -48,6 +55,6 @@ opencloud_role_mapping:
|
|||
|
||||
# CSP configuration
|
||||
opencloud_csp_extra_connect_src:
|
||||
- "https://keycloak.local.test/"
|
||||
- "https://authentik.local.test/"
|
||||
opencloud_csp_extra_frame_src:
|
||||
- "https://drawio.local.test/"
|
||||
Loading…
Add table
Add a link
Reference in a new issue