2024-04-03 10:28:05 +02:00
|
|
|
---
|
|
|
|
- name: Ensure package is installed
|
|
|
|
ansible.builtin.apt:
|
2024-04-03 10:49:11 +02:00
|
|
|
deb: "{{ lldap_package_url }}"
|
2024-04-03 10:53:24 +02:00
|
|
|
notify: Ensure services are enabled and started
|
2024-04-03 10:28:05 +02:00
|
|
|
|
2024-04-03 11:00:29 +02:00
|
|
|
- name: Ensure needed directories exist
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: "{{ item }}"
|
|
|
|
state: directory
|
|
|
|
owner: lldap
|
|
|
|
group: lldap
|
2024-04-03 17:47:09 +02:00
|
|
|
mode: '0755'
|
2024-04-03 11:00:29 +02:00
|
|
|
loop:
|
|
|
|
- /usr/share/lldap/app/static/fonts
|
|
|
|
- /usr/share/lldap/app/static
|
|
|
|
- /usr/share/lldap/app/pkg
|
|
|
|
|
2024-04-03 10:28:05 +02:00
|
|
|
- name: Ensure config is templated
|
|
|
|
ansible.builtin.template:
|
|
|
|
src: lldap_config.toml.j2
|
|
|
|
dest: /etc/lldap/lldap_config.toml
|
|
|
|
owner: lldap
|
|
|
|
group: lldap
|
|
|
|
mode: "0644"
|
2024-04-03 10:53:24 +02:00
|
|
|
notify: Ensure services are enabled and started
|
2024-04-03 10:28:05 +02:00
|
|
|
...
|
2024-04-03 23:00:58 +02:00
|
|
|
|
|
|
|
mache das
|
|
|
|
https://docs.gitea.com/administration/command-line + https://github.com/lldap/lldap/blob/main/example_configs/gitea.md
|
|
|
|
|
|
|
|
forgejo admin auth add-ldap --config "/etc/gitea/gitea.ini" --name "lldap" --security-protocol "unencrypted" --host "ldap.mgrote.net" --port "3890" --bind-dn "uid=ladmin,ou=people,dc=mgrote,dc=net" --bind-password GEHEIM --user-search-base "ou=people,dc=mgrote,dc=net" --user-filter "(&(memberof=cn=gitea,ou=groups,dc=mgrote,dc=net)(|(uid=%[1]s)(mail=%[1]s)))" --username-attribute "uid" --email-attribute "mail" --firstname-attribute "givenName" --surname-attribute "sn" --avatar-attribute "jpegPhoto" --synchronize-users
|
|
|
|
|
|
|
|
when error =
|
|
|
|
Command error: login source already exists [name: lldap]
|
|
|
|
|
|
|
|
dann
|
|
|
|
|
|
|
|
forgejo admin auth update-ldap --config "/etc/gitea/gitea.ini" --id "1" --security-protocol "unencrypted" --host "ldap.mgrote.net" --port "3890" --bind-dn "uid=ladmin,ou=people,dc=mgrote,dc=net" --bind-password GEHEIM --user-search-base "ou=people,dc=mgrote,dc=net" --user-filter "(&(memberof=cn=gitea,ou=groups,dc=mgrote,dc=net)(|(uid=%[1]s)(mail=%[1]s)))" --username-attribute "uid" --email-attribute "mail" --firstname-attribute "givenName" --surname-attribute "sn" --avatar-attribute "jpegPhoto" --synchronize-users
|
|
|
|
|
|
|
|
|
|
|
|
das selbe um admin user zu erstellen
|