homeserver/roles/mgrote_lldap/tasks/main.yml

---
- name: Ensure package is installed
  ansible.builtin.apt:
    deb: "{{ lldap_package_url }}"
  notify: Ensure services are enabled and started

- name: Ensure needed directories exist
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: lldap
    group: lldap
    mode: '0755'
  loop:
    - /usr/share/lldap/app/static/fonts
    - /usr/share/lldap/app/static
    - /usr/share/lldap/app/pkg

- name: Ensure config is templated
  ansible.builtin.template:
    src: lldap_config.toml.j2
    dest: /etc/lldap/lldap_config.toml
    owner: lldap
    group: lldap
    mode: "0644"
  notify: Ensure services are enabled and started
...

mache das
https://docs.gitea.com/administration/command-line + https://github.com/lldap/lldap/blob/main/example_configs/gitea.md

forgejo admin auth add-ldap --config "/etc/gitea/gitea.ini" --name "lldap" --security-protocol "unencrypted" --host "ldap.mgrote.net" --port "3890" --bind-dn "uid=ladmin,ou=people,dc=mgrote,dc=net" --bind-password GEHEIM --user-search-base "ou=people,dc=mgrote,dc=net" --user-filter "(&(memberof=cn=gitea,ou=groups,dc=mgrote,dc=net)(|(uid=%[1]s)(mail=%[1]s)))" --username-attribute "uid" --email-attribute "mail" --firstname-attribute "givenName" --surname-attribute "sn" --avatar-attribute "jpegPhoto" --synchronize-users

when error =
Command error: login source already exists [name: lldap]

dann

forgejo admin auth update-ldap --config "/etc/gitea/gitea.ini" --id "1" --security-protocol "unencrypted" --host "ldap.mgrote.net" --port "3890" --bind-dn "uid=ladmin,ou=people,dc=mgrote,dc=net" --bind-password GEHEIM --user-search-base "ou=people,dc=mgrote,dc=net" --user-filter "(&(memberof=cn=gitea,ou=groups,dc=mgrote,dc=net)(|(uid=%[1]s)(mail=%[1]s)))" --username-attribute "uid" --email-attribute "mail" --firstname-attribute "givenName" --surname-attribute "sn" --avatar-attribute "jpegPhoto" --synchronize-users


das selbe um admin user zu erstellen