From 42c9ddd3cb87ee8200d753fafb0c39676b1fbd21 Mon Sep 17 00:00:00 2001
From: Michael Grote <michael.grote@posteo.de>
Date: Wed, 3 Apr 2024 23:06:38 +0200
Subject: [PATCH] dd

---
 roles/mgrote_gitea_setup/tasks/main.yml | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/roles/mgrote_gitea_setup/tasks/main.yml b/roles/mgrote_gitea_setup/tasks/main.yml
index 8af3c0cd..e431031f 100644
--- a/roles/mgrote_gitea_setup/tasks/main.yml
+++ b/roles/mgrote_gitea_setup/tasks/main.yml
@@ -23,12 +23,28 @@
   failed_when: 'not "Command error: login source already exists [name: lldap]" in configured.stderr'
   become_user: gitea
 
-- name: debug
-  ansible.builtin.debug:
-    msg: "{{ configured }}"
+#- name: debug
+#  ansible.builtin.debug:
+#    msg: "{{ configured }}"
 
 - name: Modify LDAP config
-  ansible.builtin.command: cat /etc/motd
+  ansible.builtin.command: |
+    forgejo admin auth update-ldap \
+      --config "/etc/gitea/gitea.ini" \
+      --id "1" \
+      --security-protocol "unencrypted" \
+      --host "ldap.mgrote.net" \
+      --port "3890" \
+      --bind-dn "uid=ladmin,ou=people,dc=mgrote,dc=net" \
+      --bind-password GEHEIM \
+      --user-search-base "ou=people,dc=mgrote,dc=net" \
+      --user-filter "(&(memberof=cn=gitea,ou=groups,dc=mgrote,dc=net)(|(uid=%[1]s)(mail=%[1]s)))" \
+      --username-attribute "uid" \
+      --email-attribute "mail" \
+      --firstname-attribute "givenName" \
+      --surname-attribute "sn" \
+      --avatar-attribute "jpegPhoto" \
+      --synchronize-users
   when: '"Command error: login source already exists [name: lldap]" in configured.stderr'
   become_user: gitea