From ea71ae78301addef73dddb5c9d717ae25b9ca938 Mon Sep 17 00:00:00 2001 From: whysthatso Date: Fri, 8 Nov 2019 20:40:26 +0200 Subject: [PATCH] add more config details for ldap --- ansible/host_vars/kanban/vars.yml | 1 + ansible/host_vars/kanban/vault.yml | 15 +++++++++------ ansible/kanban/templates/docker-compose.yml | 13 ++++++------- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/ansible/host_vars/kanban/vars.yml b/ansible/host_vars/kanban/vars.yml index e69de29..1fe42cb 100644 --- a/ansible/host_vars/kanban/vars.yml +++ b/ansible/host_vars/kanban/vars.yml @@ -0,0 +1 @@ +ldap_authentifcation_password = {{ vault_ldap_authentifcation_password }} diff --git a/ansible/host_vars/kanban/vault.yml b/ansible/host_vars/kanban/vault.yml index c7a085b..bac7442 100644 --- a/ansible/host_vars/kanban/vault.yml +++ b/ansible/host_vars/kanban/vault.yml @@ -1,7 +1,10 @@ $ANSIBLE_VAULT;1.1;AES256 -38353066623230336238383639313964393766373738616466633765386132636438303232306635 -6439623733333332616333656366353637383466623664610a346130653061303763393961306534 -66326162653666663931303531626665656331666639626564626133643565343830643538663366 -6263663833623661340a306335333935383166636638333036323766303433363833383864313062 -32326638306564393038336439303662313962383563303531643961626462643563353839633135 -3732646565383732353461366239383635363638616233353633 +34396331656230663836666430343366336561626130346636306236346562363433623038623035 +3164393662646565373035363865623963653635376234630a313032636535373035336231313362 +39353033666537646137363365363836633831626335383864303936373231653230336664376531 +3365633437313933320a393761306236643936343366656664363035323132363237653734376664 +32643739626637616333323136653162346363373266623339383031663038633537396262356130 +32646136366234373461336434623563356532633135383163396339376433316531353030643237 +38396332353466356665306532376333663034376138633038393335373764386339356466343263 +34343339353131636239646262333831343135656339386230396333386431643737643539346436 +66326631636266643466393234323837366635663335346537346235373862333832 diff --git a/ansible/kanban/templates/docker-compose.yml b/ansible/kanban/templates/docker-compose.yml index d1272fa..6a3dafd 100644 --- a/ansible/kanban/templates/docker-compose.yml +++ b/ansible/kanban/templates/docker-compose.yml @@ -407,7 +407,7 @@ services: - LDAP_HOST=dc1.k-space.lan # # The base DN for the LDAP Tree - - LDAP_BASEDN=dc=k-space,dc=lan + - LDAP_BASEDN=cn=Users,dc=k-space,dc=lan # # Fallback on the default authentication method - LDAP_LOGIN_FALLBACK=false @@ -430,11 +430,10 @@ services: # The search user DN - You need quotes when you have spaces in parameters # 2 examples: #- LDAP_AUTHENTIFICATION_USERDN="CN=ldap admin,CN=users,DC=domainmatter,DC=lan" - #- LDAP_AUTHENTIFICATION_USERDN="CN=wekan_adm,OU=serviceaccounts,OU=admin,OU=prod,DC=mydomain,DC=com" - # - - LDAP_AUTHENTIFICATION_USERDN="DC=k-space,DC=lan" + - LDAP_AUTHENTIFICATION_USERDN="CN=kanban,CN=Users,DC=k-space,DC=lan" + #$wgLdapAuthDomainNames = 'K-SPACE.LAN'; # The password for the search user - #- LDAP_AUTHENTIFICATION_PASSWORD=pwd + - LDAP_AUTHENTIFICATION_PASSWORD={{ ldap_authentifcation_password }} # # Enable logs for the module - LDAP_LOG_ENABLED=true @@ -452,7 +451,7 @@ services: #- LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false # # If using LDAPS: LDAP_ENCRYPTION=ssl - - LDAP_ENCRYPTION=ssl + - LDAP_ENCRYPTION=tls # # The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file. - LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIFqDCCA5CgAwIBAgIE5hknWjANBgkqhkiG9w0BAQUFADByMR0wGwYDVQQKExRTYW1iYSBBZG1pbmlzdHJhdGlvbjE3MDUGA1UECxMuU2FtYmEgLSB0ZW1wb3JhcnkgYXV0b2dlbmVyYXRlZCBDQSBjZXJ0aWZpY2F0ZTEYMBYGA1UEAxMPREMxLmstc3BhY2UubGFuMB4XDTE3MTIwNTIyMTI1NFoXDTE5MTEwNTIyMTI1NFowdDEdMBsGA1UEChMUU2FtYmEgQWRtaW5pc3RyYXRpb24xOTA3BgNVBAsTMFNhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0ZWQgSE9TVCBjZXJ0aWZpY2F0ZTEYMBYGA1UEAxMPREMxLmstc3BhY2UubGFuMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5wiOgdRYZ5UTlGGQ6yLrFKQG9ZqfFOI/NBSlhw6+fs9KbHQiDwjSMzqUQa2lDWGoqJcmn4EP4v6dNEs1rxXjahVR00CzMpPumma/seHrkKx26t6DvDMgLmCuNswGU/KN5sV1wU5cEmQonkr+BH5k5M4d8fTVaGQOFGun2AaA2KRLm1dilOsr37bYhMeKHKDLnShZOGegUKw0+Dn8W7W6taVNU2yKZXmy07Hg55PAIgNT/Ni+gYjy+T4dul//zILlnuvfopd3giIJ0G8h/1rK3SzqaB/I2BHIAoVQ+LIb/bwWYAU06/vT480Uhdmr5jOyFs/EOwm+X706KTobRtr2aRzZVHLQvwGHnl4Y6Ga0ocbOFEKWzpkeIDPO+iP5Q+vWBFJID0Zv64fZYjIL1jJ2+l598JCI3lJTqBczXaaUigJzPxUyk0h/9yR+zzj7qZb0rc3loqvNFn6N+1a3y+5uXfsbtf6H7Qmugw1RT+gsWwdIlJBca+0wEzp1XDymryJW1jKTq2jcQO2VTuYgPfAAkk9E/pbFyUSdBMLyJf0yALCRgKtGmH+jio9CZKnfyH+WDZZMf64GAxFLBLbInOUBZDXjLoNcsldeejpsDQ6b8BWYHRGGmwspYvp/EBDY3oC0lfHx1dgu1xkAbIPUJarzDuLGAMD5JJUkCVwkD92ivgkCAwEAAaNEMEIwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUUXuarAUGg5SXgVTd7qjm39Jay6owDQYJKoZIhvcNAQEFBQADggIBACJDpQKuCanGQ7U0jsltgKunpJs3ZOtZP7jJhz+TeEvEYDaOFPreFLRpTOF2dTE3E5XVrUVFdCZCJcON3gkBCVDcEGfHxHTL1geGnKb6o/PY2N5l/Z8mjlqB83jxJ4xCbpELA4LWQ6jNTYcih4viInrpIyD7w05kN8bEyzet/pgms8G46+E8xAxQCCbKEM0bLrSRcUjWtqjgK34sXKYyFA0YDMafJtHgw4vDti1NdCCA88RjEdwTXJD/iiJLvA4rK7lU3JPt1sXaeawQJAK1XK7nWArmHZ3mpch+wRBX62BOvYtJAvboYMCc29bOQszQZEASnzj8cZmb5qAS2MWg2wvDgn0Z87NiGYD3xnadaVtUIYmIRb/2bOJc8qlDdasvdNvJY7zRD5xJZoUUax1eZcu/73f3PCelUsZmnUsrYhpSX5VaZyJfIBujygf9RFEeZ0q1br10ULkTN2DxAWmY6r+huywQr2wd9A3iPeo+BcUboQV3c0oFd+okDB6rbJ9U+x/CCQLXOBattZV2fqjN9C4DzSlWmLDxgFayFnG9bGUu1rfVj2S9D09hXCzY/hcM6OIhAnFVi6BxPred0RRT8q/GLgxwVlG8nN1AwMEXvDYR6q6BawDMyPAyWBE7AiV/6ubfuq94CYPxPWCaaUfuhwh5aGWn0mtyxK80rNIJZ1U1-----END CERTIFICATE----- @@ -461,7 +460,7 @@ services: #- LDAP_REJECT_UNAUTHORIZED=false # # Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key). - #- LDAP_USER_AUTHENTICATION="true" + - LDAP_USER_AUTHENTICATION="true" # # Which field is used to find the user for the user authentication. Default: uid. #- LDAP_USER_AUTHENTICATION_FIELD="uid"