whysthatso/k-space-infra-automation
1
0
Fork 0
Code Issues Pull Requests Activity

make ldap work, thanks to Erki Aas

Browse Source
This commit is contained in:
whysthatso 2019-11-28 21:51:33 +02:00
parent dee08b7d56
commit 3ed0c1d0d3
1 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
ansible/kanban/templates/docker-compose.yml
View File

@ -162,7 +162,7 @@ services:
# - http://example.com # - http://example.com
# - http://boards.example.com # - http://boards.example.com
# - http://192.168.1.100 <=== using at local LAN # - http://192.168.1.100 <=== using at local LAN
- ROOT_URL=http://localhost # <=== using only at same laptop/desktop where Wekan is installed - ROOT_URL=https://kanban.k-space.ee # <=== using only at same laptop/desktop where Wekan is installed
#--------------------------------------------------------------- #---------------------------------------------------------------
# ==== EMAIL SETTINGS ==== # ==== EMAIL SETTINGS ====
# Email settings are required in both MAIL_URL and Admin Panel, # Email settings are required in both MAIL_URL and Admin Panel,
@ -171,7 +171,7 @@ services:
# NOTE: Special characters need to be url-encoded in MAIL_URL. # NOTE: Special characters need to be url-encoded in MAIL_URL.
# You can encode those characters for example at: https://www.urlencoder.org # You can encode those characters for example at: https://www.urlencoder.org
#- MAIL_URL=smtp://user:pass@mailserver.example.com:25/ #- MAIL_URL=smtp://user:pass@mailserver.example.com:25/
- MAIL_URL=smtp://172.20.1.7:25/?ignoreTLS=true&tls={rejectUnauthorized:false} - MAIL_URL=smtp://smtp.k-space.lan:25/?ignoreTLS=true&tls={rejectUnauthorized:false}
- MAIL_FROM=Wekan Notifications <noreply.wekan@k-space.ee> - MAIL_FROM=Wekan Notifications <noreply.wekan@k-space.ee>
#--------------------------------------------------------------- #---------------------------------------------------------------
# ==== OPTIONAL: MONGO OPLOG SETTINGS ===== # ==== OPTIONAL: MONGO OPLOG SETTINGS =====
@ -315,7 +315,7 @@ services:
- WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId - WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
#----------------------------------------------------------------- #-----------------------------------------------------------------
# ==== Debug OIDC OAuth2 etc ==== # ==== Debug OIDC OAuth2 etc ====
#- DEBUG=true - DEBUG=true
#----------------------------------------------------------------- #-----------------------------------------------------------------
# ==== OAUTH2 AZURE ==== # ==== OAUTH2 AZURE ====
# https://github.com/wekan/wekan/wiki/Azure # https://github.com/wekan/wekan/wiki/Azure
@ -430,7 +430,7 @@ services:
# The search user DN - You need quotes when you have spaces in parameters # The search user DN - You need quotes when you have spaces in parameters
# 2 examples: # 2 examples:
#- LDAP_AUTHENTIFICATION_USERDN="CN=ldap admin,CN=users,DC=domainmatter,DC=lan" #- LDAP_AUTHENTIFICATION_USERDN="CN=ldap admin,CN=users,DC=domainmatter,DC=lan"
- LDAP_AUTHENTIFICATION_USERDN="CN=kanban,CN=Users,DC=k-space,DC=lan" - LDAP_AUTHENTIFICATION_USERDN=CN=kanban,CN=Users,DC=k-space,DC=lan
#$wgLdapAuthDomainNames = 'K-SPACE.LAN'; #$wgLdapAuthDomainNames = 'K-SPACE.LAN';
# The password for the search user # The password for the search user
- LDAP_AUTHENTIFICATION_PASSWORD={{ ldap_authentifcation_password }} - LDAP_AUTHENTIFICATION_PASSWORD={{ ldap_authentifcation_password }}
@ -444,7 +444,7 @@ services:
# At which interval does the background task sync in milliseconds. # At which interval does the background task sync in milliseconds.
# Leave this unset, so it uses default, and does not crash. # Leave this unset, so it uses default, and does not crash.
# https://github.com/wekan/wekan/issues/2354#issuecomment-515305722 # https://github.com/wekan/wekan/issues/2354#issuecomment-515305722
- LDAP_BACKGROUND_SYNC_INTERVAL='' #- LDAP_BACKGROUND_SYNC_INTERVAL=100
# #
#- LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false #- LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false
# #
@ -457,22 +457,22 @@ services:
- LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIFqDCCA5CgAwIBAgIE5hknWjANBgkqhkiG9w0BAQUFADByMR0wGwYDVQQKExRTYW1iYSBBZG1pbmlzdHJhdGlvbjE3MDUGA1UECxMuU2FtYmEgLSB0ZW1wb3JhcnkgYXV0b2dlbmVyYXRlZCBDQSBjZXJ0aWZpY2F0ZTEYMBYGA1UEAxMPREMxLmstc3BhY2UubGFuMB4XDTE3MTIwNTIyMTI1NFoXDTE5MTEwNTIyMTI1NFowdDEdMBsGA1UEChMUU2FtYmEgQWRtaW5pc3RyYXRpb24xOTA3BgNVBAsTMFNhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0ZWQgSE9TVCBjZXJ0aWZpY2F0ZTEYMBYGA1UEAxMPREMxLmstc3BhY2UubGFuMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5wiOgdRYZ5UTlGGQ6yLrFKQG9ZqfFOI/NBSlhw6+fs9KbHQiDwjSMzqUQa2lDWGoqJcmn4EP4v6dNEs1rxXjahVR00CzMpPumma/seHrkKx26t6DvDMgLmCuNswGU/KN5sV1wU5cEmQonkr+BH5k5M4d8fTVaGQOFGun2AaA2KRLm1dilOsr37bYhMeKHKDLnShZOGegUKw0+Dn8W7W6taVNU2yKZXmy07Hg55PAIgNT/Ni+gYjy+T4dul//zILlnuvfopd3giIJ0G8h/1rK3SzqaB/I2BHIAoVQ+LIb/bwWYAU06/vT480Uhdmr5jOyFs/EOwm+X706KTobRtr2aRzZVHLQvwGHnl4Y6Ga0ocbOFEKWzpkeIDPO+iP5Q+vWBFJID0Zv64fZYjIL1jJ2+l598JCI3lJTqBczXaaUigJzPxUyk0h/9yR+zzj7qZb0rc3loqvNFn6N+1a3y+5uXfsbtf6H7Qmugw1RT+gsWwdIlJBca+0wEzp1XDymryJW1jKTq2jcQO2VTuYgPfAAkk9E/pbFyUSdBMLyJf0yALCRgKtGmH+jio9CZKnfyH+WDZZMf64GAxFLBLbInOUBZDXjLoNcsldeejpsDQ6b8BWYHRGGmwspYvp/EBDY3oC0lfHx1dgu1xkAbIPUJarzDuLGAMD5JJUkCVwkD92ivgkCAwEAAaNEMEIwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUUXuarAUGg5SXgVTd7qjm39Jay6owDQYJKoZIhvcNAQEFBQADggIBACJDpQKuCanGQ7U0jsltgKunpJs3ZOtZP7jJhz+TeEvEYDaOFPreFLRpTOF2dTE3E5XVrUVFdCZCJcON3gkBCVDcEGfHxHTL1geGnKb6o/PY2N5l/Z8mjlqB83jxJ4xCbpELA4LWQ6jNTYcih4viInrpIyD7w05kN8bEyzet/pgms8G46+E8xAxQCCbKEM0bLrSRcUjWtqjgK34sXKYyFA0YDMafJtHgw4vDti1NdCCA88RjEdwTXJD/iiJLvA4rK7lU3JPt1sXaeawQJAK1XK7nWArmHZ3mpch+wRBX62BOvYtJAvboYMCc29bOQszQZEASnzj8cZmb5qAS2MWg2wvDgn0Z87NiGYD3xnadaVtUIYmIRb/2bOJc8qlDdasvdNvJY7zRD5xJZoUUax1eZcu/73f3PCelUsZmnUsrYhpSX5VaZyJfIBujygf9RFEeZ0q1br10ULkTN2DxAWmY6r+huywQr2wd9A3iPeo+BcUboQV3c0oFd+okDB6rbJ9U+x/CCQLXOBattZV2fqjN9C4DzSlWmLDxgFayFnG9bGUu1rfVj2S9D09hXCzY/hcM6OIhAnFVi6BxPred0RRT8q/GLgxwVlG8nN1AwMEXvDYR6q6BawDMyPAyWBE7AiV/6ubfuq94CYPxPWCaaUfuhwh5aGWn0mtyxK80rNIJZ1U1-----END CERTIFICATE----- - LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIFqDCCA5CgAwIBAgIE5hknWjANBgkqhkiG9w0BAQUFADByMR0wGwYDVQQKExRTYW1iYSBBZG1pbmlzdHJhdGlvbjE3MDUGA1UECxMuU2FtYmEgLSB0ZW1wb3JhcnkgYXV0b2dlbmVyYXRlZCBDQSBjZXJ0aWZpY2F0ZTEYMBYGA1UEAxMPREMxLmstc3BhY2UubGFuMB4XDTE3MTIwNTIyMTI1NFoXDTE5MTEwNTIyMTI1NFowdDEdMBsGA1UEChMUU2FtYmEgQWRtaW5pc3RyYXRpb24xOTA3BgNVBAsTMFNhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0ZWQgSE9TVCBjZXJ0aWZpY2F0ZTEYMBYGA1UEAxMPREMxLmstc3BhY2UubGFuMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5wiOgdRYZ5UTlGGQ6yLrFKQG9ZqfFOI/NBSlhw6+fs9KbHQiDwjSMzqUQa2lDWGoqJcmn4EP4v6dNEs1rxXjahVR00CzMpPumma/seHrkKx26t6DvDMgLmCuNswGU/KN5sV1wU5cEmQonkr+BH5k5M4d8fTVaGQOFGun2AaA2KRLm1dilOsr37bYhMeKHKDLnShZOGegUKw0+Dn8W7W6taVNU2yKZXmy07Hg55PAIgNT/Ni+gYjy+T4dul//zILlnuvfopd3giIJ0G8h/1rK3SzqaB/I2BHIAoVQ+LIb/bwWYAU06/vT480Uhdmr5jOyFs/EOwm+X706KTobRtr2aRzZVHLQvwGHnl4Y6Ga0ocbOFEKWzpkeIDPO+iP5Q+vWBFJID0Zv64fZYjIL1jJ2+l598JCI3lJTqBczXaaUigJzPxUyk0h/9yR+zzj7qZb0rc3loqvNFn6N+1a3y+5uXfsbtf6H7Qmugw1RT+gsWwdIlJBca+0wEzp1XDymryJW1jKTq2jcQO2VTuYgPfAAkk9E/pbFyUSdBMLyJf0yALCRgKtGmH+jio9CZKnfyH+WDZZMf64GAxFLBLbInOUBZDXjLoNcsldeejpsDQ6b8BWYHRGGmwspYvp/EBDY3oC0lfHx1dgu1xkAbIPUJarzDuLGAMD5JJUkCVwkD92ivgkCAwEAAaNEMEIwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUUXuarAUGg5SXgVTd7qjm39Jay6owDQYJKoZIhvcNAQEFBQADggIBACJDpQKuCanGQ7U0jsltgKunpJs3ZOtZP7jJhz+TeEvEYDaOFPreFLRpTOF2dTE3E5XVrUVFdCZCJcON3gkBCVDcEGfHxHTL1geGnKb6o/PY2N5l/Z8mjlqB83jxJ4xCbpELA4LWQ6jNTYcih4viInrpIyD7w05kN8bEyzet/pgms8G46+E8xAxQCCbKEM0bLrSRcUjWtqjgK34sXKYyFA0YDMafJtHgw4vDti1NdCCA88RjEdwTXJD/iiJLvA4rK7lU3JPt1sXaeawQJAK1XK7nWArmHZ3mpch+wRBX62BOvYtJAvboYMCc29bOQszQZEASnzj8cZmb5qAS2MWg2wvDgn0Z87NiGYD3xnadaVtUIYmIRb/2bOJc8qlDdasvdNvJY7zRD5xJZoUUax1eZcu/73f3PCelUsZmnUsrYhpSX5VaZyJfIBujygf9RFEeZ0q1br10ULkTN2DxAWmY6r+huywQr2wd9A3iPeo+BcUboQV3c0oFd+okDB6rbJ9U+x/CCQLXOBattZV2fqjN9C4DzSlWmLDxgFayFnG9bGUu1rfVj2S9D09hXCzY/hcM6OIhAnFVi6BxPred0RRT8q/GLgxwVlG8nN1AwMEXvDYR6q6BawDMyPAyWBE7AiV/6ubfuq94CYPxPWCaaUfuhwh5aGWn0mtyxK80rNIJZ1U1-----END CERTIFICATE-----
# #
# Reject Unauthorized Certificate # Reject Unauthorized Certificate
#- LDAP_REJECT_UNAUTHORIZED=false - LDAP_REJECT_UNAUTHORIZED=false
# #
# Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key). # Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
- LDAP_USER_AUTHENTICATION="false" #- LDAP_USER_AUTHENTICATION=true
# #
# Which field is used to find the user for the user authentication. Default: uid. # Which field is used to find the user for the user authentication. Default: uid.
#- LDAP_USER_AUTHENTICATION_FIELD="uid" #- LDAP_USER_AUTHENTICATION_FIELD=sAMAccountName
# #
# Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed # Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
#- LDAP_USER_SEARCH_FILTER= #- LDAP_USER_SEARCH_FILTER=
# #
# base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree) # base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree)
#- LDAP_USER_SEARCH_SCOPE=one #- LDAP_USER_SEARCH_SCOPE=CN=Users,DC=k-space,DC=lan
# #
# Which field is used to find the user, like uid / sAMAccountName # Which field is used to find the user, like uid / sAMAccountName
#- LDAP_USER_SEARCH_FIELD=sAMAccountName - LDAP_USER_SEARCH_FIELD=sAMAccountName
# #
# Used for pagination (0=unlimited) # Used for pagination (0=unlimited)
#- LDAP_SEARCH_PAGE_SIZE=0 #- LDAP_SEARCH_PAGE_SIZE=0
@ -501,10 +501,10 @@ services:
#- LDAP_UTF8_NAMES_SLUGIFY=true #- LDAP_UTF8_NAMES_SLUGIFY=true
# #
# LDAP_USERNAME_FIELD : Which field contains the ldap username. username / sAMAccountName # LDAP_USERNAME_FIELD : Which field contains the ldap username. username / sAMAccountName
#- LDAP_USERNAME_FIELD=sAMAccountName - LDAP_USERNAME_FIELD=sAMAccountName
# #
# LDAP_FULLNAME_FIELD : Which field contains the ldap fullname. fullname / sAMAccountName # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname. fullname / sAMAccountName
#- LDAP_FULLNAME_FIELD=fullname - LDAP_FULLNAME_FIELD=cn
# #
#- LDAP_MERGE_EXISTING_USERS=false #- LDAP_MERGE_EXISTING_USERS=false
# #
@ -518,7 +518,7 @@ services:
#- LDAP_EMAIL_MATCH_VERIFIED=true #- LDAP_EMAIL_MATCH_VERIFIED=true
# #
# LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address
#- LDAP_EMAIL_FIELD=mail - LDAP_EMAIL_FIELD=mail
#----------------------------------------------------------------- #-----------------------------------------------------------------
#- LDAP_SYNC_USER_DATA=false #- LDAP_SYNC_USER_DATA=false
# #
@ -528,13 +528,13 @@ services:
# #
# The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP # The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
# example : # example :
- LDAP_DEFAULT_DOMAIN=k-space.lan - LDAP_DEFAULT_DOMAIN=k-space.ee
# #
# Enable/Disable syncing of admin status based on ldap groups: # Enable/Disable syncing of admin status based on ldap groups:
- LDAP_SYNC_ADMIN_STATUS=true - LDAP_SYNC_ADMIN_STATUS=''
# #
# Comma separated list of admin group names to sync. # Comma separated list of admin group names to sync.
#- LDAP_SYNC_ADMIN_GROUPS=group1,group2 - LDAP_SYNC_ADMIN_GROUPS=Domain Admins,Members
#--------------------------------------------------------------------- #---------------------------------------------------------------------
# Login to LDAP automatically with HTTP header. # Login to LDAP automatically with HTTP header.
# In below example for siteminder, at right side of = is header name. # In below example for siteminder, at right side of = is header name.