From 3f4a66eb7c6d365ca65303c459a95da3b6df5a80 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Mon, 22 Feb 2021 14:44:04 +0100 Subject: [PATCH] [thelounge] Copy ldap configuration for zamok Signed-off-by: Yohann D'ANELLO --- group_vars/irc.yml | 9 +++++++++ host_vars/zamok.adm.crans.org.yml | 3 +++ plays/zamok.yml | 1 - roles/thelounge/templates/config.js.j2 | 16 ++++++++-------- 4 files changed, 20 insertions(+), 9 deletions(-) diff --git a/group_vars/irc.yml b/group_vars/irc.yml index d0b65df1..cdfc1ffb 100644 --- a/group_vars/irc.yml +++ b/group_vars/irc.yml @@ -11,3 +11,12 @@ glob_thelounge: username: "thelounge" realname: "The Lounge User" join: "#general" + ldap_enable: "false" + ldap: + url: "ldap://172.16.10.157" + primaryKey: "cn" + rootDN: "cn=thelounge,ou=service-users,dc=crans,dc=org" + rootPassword: "{{ vault_ldap_thelounge_password }}" + filter: "(objectclass=inetOrgPerson)" + base: "dc=crans,dc=org" + scope: "sub" diff --git a/host_vars/zamok.adm.crans.org.yml b/host_vars/zamok.adm.crans.org.yml index 4b02629e..34e0ed9b 100644 --- a/host_vars/zamok.adm.crans.org.yml +++ b/host_vars/zamok.adm.crans.org.yml @@ -8,3 +8,6 @@ loc_borg: params: - "- name: all" - " password: {{ vault.mysql_zamok_password }}" + +loc_thelounge: + ldap_enable: "true" diff --git a/plays/zamok.yml b/plays/zamok.yml index 70b16c7d..4c52af09 100755 --- a/plays/zamok.yml +++ b/plays/zamok.yml @@ -6,7 +6,6 @@ adh: '{{ glob_adh | combine(loc_adh | default({}), recursive=True) }}' roles: - zamok-tools - - thelounge - postfix - prometheus-node-exporter-postfix diff --git a/roles/thelounge/templates/config.js.j2 b/roles/thelounge/templates/config.js.j2 index 41f1474c..e7d43fcf 100644 --- a/roles/thelounge/templates/config.js.j2 +++ b/roles/thelounge/templates/config.js.j2 @@ -391,11 +391,11 @@ module.exports = { ldap: { // - `enable`: when set to `false`, LDAP support is disabled and all other // values are ignored. - enable: false, + enable: {{ thelounge.ldap_enable }}, // - `url`: A url of the form `ldaps://:`. // For plain connections, use the `ldap` scheme. - url: "ldaps://example.com", + url: "{{ thelounge.ldap.url }}", // - `tlsOptions`: LDAP connection TLS options (only used if scheme is // `ldaps://`). It is an object whose values are Node.js' `tls.connect()` @@ -410,7 +410,7 @@ module.exports = { tlsOptions: {}, // - `primaryKey`: LDAP primary key. It is set to `"uid"` by default. - primaryKey: "uid", + primaryKey: "{{ thelounge.ldap.primaryKey }}", // - `baseDN`: LDAP base DN, alternative to `searchDN`. For example, set it // to `"ou=accounts,dc=example,dc=com"`. @@ -426,21 +426,21 @@ module.exports = { // read-only to the DNs of the people that are allowed to log in. // It is set to `"cn=thelounge,ou=system-users,dc=example,dc=com"` by // default. - rootDN: "cn=thelounge,ou=system-users,dc=example,dc=com", + rootDN: "{{ thelounge.ldap.rootDN }}", // - `rootPassword`: Password of The Lounge LDAP system user. - rootPassword: "1234", + rootPassword: "{{ thelounge.ldap.rootPassword }}", // - `ldapFilter`: it is set to `"(objectClass=person)(memberOf=ou=accounts,dc=example,dc=com)"` // by default. - filter: "(objectClass=person)(memberOf=ou=accounts,dc=example,dc=com)", + filter: "{{ thelounge.ldap.filter }}", // - `base`: LDAP search base (search only within this node). It is set // to `"dc=example,dc=com"` by default. - base: "dc=example,dc=com", + base: "{{ thelounge.ldap.base }}", // - `scope`: LDAP search scope. It is set to `"sub"` by default. - scope: "sub", + scope: "{{ thelounge.ldap.scope }}", }, },