add more config details for ldap

2019-11-08 20:40:26 +02:00 · 2019-11-08 20:40:26 +02:00 · ea71ae7830
parent 206eeb6db6
commit ea71ae7830
3 changed files with 16 additions and 13 deletions
--- a/ansible/host_vars/kanban/vars.yml
+++ b/ansible/host_vars/kanban/vars.yml
@ -0,0 +1 @@
+ldap_authentifcation_password = {{ vault_ldap_authentifcation_password }}
--- a/ansible/host_vars/kanban/vault.yml
+++ b/ansible/host_vars/kanban/vault.yml
@ -1,7 +1,10 @@
 $ANSIBLE_VAULT;1.1;AES256
-38353066623230336238383639313964393766373738616466633765386132636438303232306635
-6439623733333332616333656366353637383466623664610a346130653061303763393961306534
-66326162653666663931303531626665656331666639626564626133643565343830643538663366
-6263663833623661340a306335333935383166636638333036323766303433363833383864313062
-32326638306564393038336439303662313962383563303531643961626462643563353839633135
-3732646565383732353461366239383635363638616233353633
+34396331656230663836666430343366336561626130346636306236346562363433623038623035
+3164393662646565373035363865623963653635376234630a313032636535373035336231313362
+39353033666537646137363365363836633831626335383864303936373231653230336664376531
+3365633437313933320a393761306236643936343366656664363035323132363237653734376664
+32643739626637616333323136653162346363373266623339383031663038633537396262356130
+32646136366234373461336434623563356532633135383163396339376433316531353030643237
+38396332353466356665306532376333663034376138633038393335373764386339356466343263
+34343339353131636239646262333831343135656339386230396333386431643737643539346436
+66326631636266643466393234323837366635663335346537346235373862333832
--- a/ansible/kanban/templates/docker-compose.yml
+++ b/ansible/kanban/templates/docker-compose.yml
@ -407,7 +407,7 @@ services:
      - LDAP_HOST=dc1.k-space.lan
      #
      # The base DN for the LDAP Tree
-      - LDAP_BASEDN=dc=k-space,dc=lan
+      - LDAP_BASEDN=cn=Users,dc=k-space,dc=lan
      #
      # Fallback on the default authentication method
      - LDAP_LOGIN_FALLBACK=false
@ -430,11 +430,10 @@ services:
      # The search user DN - You need quotes when you have spaces in parameters
      # 2 examples:
      #- LDAP_AUTHENTIFICATION_USERDN="CN=ldap admin,CN=users,DC=domainmatter,DC=lan"
-      #- LDAP_AUTHENTIFICATION_USERDN="CN=wekan_adm,OU=serviceaccounts,OU=admin,OU=prod,DC=mydomain,DC=com"
-      #
-      - LDAP_AUTHENTIFICATION_USERDN="DC=k-space,DC=lan"
+      - LDAP_AUTHENTIFICATION_USERDN="CN=kanban,CN=Users,DC=k-space,DC=lan"
+      #$wgLdapAuthDomainNames = 'K-SPACE.LAN';
      # The password for the search user
-      #- LDAP_AUTHENTIFICATION_PASSWORD=pwd
+      - LDAP_AUTHENTIFICATION_PASSWORD={{ ldap_authentifcation_password }}
      #
      # Enable logs for the module
      - LDAP_LOG_ENABLED=true
@ -452,7 +451,7 @@ services:
      #- LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false
      #
      # If using LDAPS: LDAP_ENCRYPTION=ssl
-      - LDAP_ENCRYPTION=ssl
+      - LDAP_ENCRYPTION=tls
      #
      # The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file.
      - LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIFqDCCA5CgAwIBAgIE5hknWjANBgkqhkiG9w0BAQUFADByMR0wGwYDVQQKExRTYW1iYSBBZG1pbmlzdHJhdGlvbjE3MDUGA1UECxMuU2FtYmEgLSB0ZW1wb3JhcnkgYXV0b2dlbmVyYXRlZCBDQSBjZXJ0aWZpY2F0ZTEYMBYGA1UEAxMPREMxLmstc3BhY2UubGFuMB4XDTE3MTIwNTIyMTI1NFoXDTE5MTEwNTIyMTI1NFowdDEdMBsGA1UEChMUU2FtYmEgQWRtaW5pc3RyYXRpb24xOTA3BgNVBAsTMFNhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0ZWQgSE9TVCBjZXJ0aWZpY2F0ZTEYMBYGA1UEAxMPREMxLmstc3BhY2UubGFuMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5wiOgdRYZ5UTlGGQ6yLrFKQG9ZqfFOI/NBSlhw6+fs9KbHQiDwjSMzqUQa2lDWGoqJcmn4EP4v6dNEs1rxXjahVR00CzMpPumma/seHrkKx26t6DvDMgLmCuNswGU/KN5sV1wU5cEmQonkr+BH5k5M4d8fTVaGQOFGun2AaA2KRLm1dilOsr37bYhMeKHKDLnShZOGegUKw0+Dn8W7W6taVNU2yKZXmy07Hg55PAIgNT/Ni+gYjy+T4dul//zILlnuvfopd3giIJ0G8h/1rK3SzqaB/I2BHIAoVQ+LIb/bwWYAU06/vT480Uhdmr5jOyFs/EOwm+X706KTobRtr2aRzZVHLQvwGHnl4Y6Ga0ocbOFEKWzpkeIDPO+iP5Q+vWBFJID0Zv64fZYjIL1jJ2+l598JCI3lJTqBczXaaUigJzPxUyk0h/9yR+zzj7qZb0rc3loqvNFn6N+1a3y+5uXfsbtf6H7Qmugw1RT+gsWwdIlJBca+0wEzp1XDymryJW1jKTq2jcQO2VTuYgPfAAkk9E/pbFyUSdBMLyJf0yALCRgKtGmH+jio9CZKnfyH+WDZZMf64GAxFLBLbInOUBZDXjLoNcsldeejpsDQ6b8BWYHRGGmwspYvp/EBDY3oC0lfHx1dgu1xkAbIPUJarzDuLGAMD5JJUkCVwkD92ivgkCAwEAAaNEMEIwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUUXuarAUGg5SXgVTd7qjm39Jay6owDQYJKoZIhvcNAQEFBQADggIBACJDpQKuCanGQ7U0jsltgKunpJs3ZOtZP7jJhz+TeEvEYDaOFPreFLRpTOF2dTE3E5XVrUVFdCZCJcON3gkBCVDcEGfHxHTL1geGnKb6o/PY2N5l/Z8mjlqB83jxJ4xCbpELA4LWQ6jNTYcih4viInrpIyD7w05kN8bEyzet/pgms8G46+E8xAxQCCbKEM0bLrSRcUjWtqjgK34sXKYyFA0YDMafJtHgw4vDti1NdCCA88RjEdwTXJD/iiJLvA4rK7lU3JPt1sXaeawQJAK1XK7nWArmHZ3mpch+wRBX62BOvYtJAvboYMCc29bOQszQZEASnzj8cZmb5qAS2MWg2wvDgn0Z87NiGYD3xnadaVtUIYmIRb/2bOJc8qlDdasvdNvJY7zRD5xJZoUUax1eZcu/73f3PCelUsZmnUsrYhpSX5VaZyJfIBujygf9RFEeZ0q1br10ULkTN2DxAWmY6r+huywQr2wd9A3iPeo+BcUboQV3c0oFd+okDB6rbJ9U+x/CCQLXOBattZV2fqjN9C4DzSlWmLDxgFayFnG9bGUu1rfVj2S9D09hXCzY/hcM6OIhAnFVi6BxPred0RRT8q/GLgxwVlG8nN1AwMEXvDYR6q6BawDMyPAyWBE7AiV/6ubfuq94CYPxPWCaaUfuhwh5aGWn0mtyxK80rNIJZ1U1-----END CERTIFICATE-----
@ -461,7 +460,7 @@ services:
      #- LDAP_REJECT_UNAUTHORIZED=false
      #
      # Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
-      #- LDAP_USER_AUTHENTICATION="true"
+      - LDAP_USER_AUTHENTICATION="true"
      #
      # Which field is used to find the user for the user authentication. Default: uid.
      #- LDAP_USER_AUTHENTICATION_FIELD="uid"
				`@ -0,0 +1 @@`
				`ldap_authentifcation_password = {{ vault_ldap_authentifcation_password }}`