57 lines
1.8 KiB
YAML
57 lines
1.8 KiB
YAML
|
|
---
|
|
- name: Ensure LDAP config is configured
|
|
ansible.builtin.command: |
|
|
forgejo admin auth add-ldap \
|
|
--config "/etc/gitea/gitea.ini" \
|
|
--name "lldap" \
|
|
--security-protocol "unencrypted" \
|
|
--host "ldap.mgrote.net" \
|
|
--port "3890" \
|
|
--bind-dn "uid=ladmin,ou=people,dc=mgrote,dc=net" \
|
|
--bind-password GEHEIM \
|
|
--user-search-base "ou=people,dc=mgrote,dc=net" \
|
|
--user-filter "(&(memberof=cn=gitea,ou=groups,dc=mgrote,dc=net)(|(uid=%[1]s)(mail=%[1]s)))" \
|
|
--username-attribute "uid" \
|
|
--email-attribute "mail" \
|
|
--firstname-attribute "givenName" \
|
|
--surname-attribute "sn" \
|
|
--avatar-attribute "jpegPhoto" \
|
|
--synchronize-users
|
|
register: configured
|
|
ignore_errors: true
|
|
failed_when: 'not "Command error: login source already exists [name: lldap]" in configured.stderr'
|
|
become_user: gitea
|
|
changed_when: "configured.rc == 0"
|
|
|
|
- name: debug
|
|
ansible.builtin.debug:
|
|
msg: "{{ configured }}"
|
|
|
|
- name: Modify LDAP config
|
|
ansible.builtin.command: |
|
|
forgejo admin auth update-ldap \
|
|
--config "/etc/gitea/gitea.ini" \
|
|
--id "1" \
|
|
--security-protocol "unencrypted" \
|
|
--host "ldap.mgrote.net" \
|
|
--port "3890" \
|
|
--bind-dn "uid=ladmin,ou=people,dc=mgrote,dc=net" \
|
|
--bind-password GEHEIM \
|
|
--user-search-base "ou=people,dc=mgrote,dc=net" \
|
|
--user-filter "(&(memberof=cn=gitea,ou=groups,dc=mgrote,dc=net)(|(uid=%[1]s)(mail=%[1]s)))" \
|
|
--username-attribute "uid" \
|
|
--email-attribute "mail" \
|
|
--firstname-attribute "givenName" \
|
|
--surname-attribute "sn" \
|
|
--avatar-attribute "jpegPhoto" \
|
|
--synchronize-users
|
|
when: '"Command error: login source already exists [name: lldap]" in configured.stderr'
|
|
become_user: gitea
|
|
register: zwei
|
|
|
|
- name: debug
|
|
ansible.builtin.debug:
|
|
msg: "{{ zwei }}"
|
|
|
|
...
|