diff --git a/group_vars/git.yml b/group_vars/git.yml index 0cfd751d..fb22ef18 100644 --- a/group_vars/git.yml +++ b/group_vars/git.yml @@ -137,6 +137,8 @@ gitea_fail2ban_jail_action: "iptables-allports" ### mgrote_gitea_setup gitea_ldap_host: "ldap.mgrote.net" -gitea_ldap_bind_pass: "{{ lookup('keepass', 'lldap_ldap_user_pass', 'password') }}" +gitea_ldap_base_path: "dc=mgrote,dc=net" +gitea_ldap_bind_user: "forgejo_bind_user" +gitea_ldap_bind_pass: "{{ lookup('keepass', 'lldap_forgejo_bind_user', 'password') }}" gitea_admin_user: "fadmin" gitea_admin_user_pass: "{{ lookup('keepass', 'forgejo_admin_user_pass', 'password') }}" diff --git a/keepass_db.kdbx b/keepass_db.kdbx index cbdc09a0..5de9b2ec 100644 Binary files a/keepass_db.kdbx and b/keepass_db.kdbx differ diff --git a/roles/mgrote_gitea_setup/tasks/ldap.yml b/roles/mgrote_gitea_setup/tasks/ldap.yml index f8ef6401..7fbb7436 100644 --- a/roles/mgrote_gitea_setup/tasks/ldap.yml +++ b/roles/mgrote_gitea_setup/tasks/ldap.yml @@ -15,10 +15,10 @@ --security-protocol "unencrypted" \ --host "{{ gitea_ldap_host }}" \ --port "3890" \ - --bind-dn "uid=ladmin,ou=people,dc=mgrote,dc=net" \ + --bind-dn "uid={{ gitea_ldap_bind_user }},ou=people,{{ gitea_ldap_base_path }}" \ --bind-password "{{ gitea_ldap_bind_pass }}" \ - --user-search-base "ou=people,dc=mgrote,dc=net" \ - --user-filter "(&(memberof=cn=gitea,ou=groups,dc=mgrote,dc=net)(|(uid=%[1]s)(mail=%[1]s)))" \ + --user-search-base "ou=people,{{ gitea_ldap_base_path }}" \ + --user-filter "(&(memberof=cn=gitea,ou=groups,{{ gitea_ldap_base_path }})(|(uid=%[1]s)(mail=%[1]s)))" \ --username-attribute "uid" \ --email-attribute "mail" \ --firstname-attribute "givenName" \ @@ -41,10 +41,10 @@ --security-protocol "unencrypted" \ --host "{{ gitea_ldap_host }}" \ --port "3890" \ - --bind-dn "uid=ladmin,ou=people,dc=mgrote,dc=net" \ + --bind-dn "uid={{ gitea_ldap_bind_user }},ou=people,{{ gitea_ldap_base_path }}" \ --bind-password "{{ gitea_ldap_bind_pass }}" \ - --user-search-base "ou=people,dc=mgrote,dc=net" \ - --user-filter "(&(memberof=cn=gitea,ou=groups,dc=mgrote,dc=net)(|(uid=%[1]s)(mail=%[1]s)))" \ + --user-search-base "ou=people,{{ gitea_ldap_base_path }}" \ + --user-filter "(&(memberof=cn=gitea,ou=groups,{{ gitea_ldap_base_path }})(|(uid=%[1]s)(mail=%[1]s)))" \ --username-attribute "uid" \ --email-attribute "mail" \ --firstname-attribute "givenName" \