premier commit
This commit is contained in:
commit
1f72db5ba8
11 changed files with 2111 additions and 0 deletions
63
README.md
Normal file
63
README.md
Normal file
|
|
@ -0,0 +1,63 @@
|
|||
# Role : docker_ldapmanager
|
||||
|
||||
|
||||
## Services fournis
|
||||
|
||||
- main.yml : Installation de ldapmanager sur un serveur docker_host
|
||||
- configure_reverse_proxy.yml : Configuration d'un reverse proxy préalablement installé par le role reverse_proxy, avec restriction d'accès par compte ldap
|
||||
|
||||
|
||||
## Variables
|
||||
|
||||
Fournir les variables suivantes. Par exemple :
|
||||
|
||||
```yaml
|
||||
docker_ldapmanager_fqdn: ldapmanager.libretic.fr
|
||||
docker_ldapmanager_data_dir: /data1
|
||||
docker_ldapmanager_service_id: ldapmanager
|
||||
docker_ldapmanager_rp_cert: LE
|
||||
docker_ldapmanager_rp_docker_host: machine.domaine.local
|
||||
docker_ldapmanager_rp_restrict_users: admin1 admin2
|
||||
docker_ldapmanager_ldap_server: mon-serveur-ldap.domaine.local
|
||||
docker_ldapmanager_ldap_basedn: dc=domaine,dc=local
|
||||
docker_ldapmanager_ldap_binddn: uid=compte-service-ldapmanager,ou=comptes-de-service,dc=domaine,dc=local
|
||||
docker_ldapmanager_ldap_bindpwd: mdp_du_compte_de_service
|
||||
docker_ldapmanager_ldap_users_ou: utilisateurs
|
||||
docker_ldapmanager_ldap_group_admin: administrateurs-ldapmanager
|
||||
docker_ldapmanager_ldap_groups_ou: groupes
|
||||
docker_ldapmanager_email_domain: libretic.fr
|
||||
docker_ldapmanager_organisation_name: LIBRETIC
|
||||
docker_ldapmanager_site_name: Ldap Manager Libretic
|
||||
docker_ldapmanager_mail_server: smtp.domaine.local
|
||||
docker_ldapmanager_mail_from_address: nepasrepondre@libretic.fr
|
||||
docker_ldapmanager_mail_from_name: Administrateur Libretic
|
||||
docker_ldapmanager_mail_subject: Votre compte Libretic
|
||||
```
|
||||
|
||||
| Option | Valeur par défaut | Description |
|
||||
|-----------------------------------------------------|-------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|
|
||||
| docker_ldapmanager_fqdn | | Le nom de domaine pour lequel le service ldapmanager répond |
|
||||
| docker_ldapmanager_data_dir | | L'emplacement dans lequel se trouvent les volumes de donnees docker pour le service |
|
||||
| docker_ldapmanager_service_id | | Le nom de service souhaité : conditionne le nommage des volumes et le routage par traefik |
|
||||
| docker_ldapmanager_rp_docker_host | | pour configure_reverse_proxy.yml: fqdn de la machine contenant le conteneur docker |
|
||||
| docker_ldapmanager_rp_cert | LE | Type de certificat pour le reverse proxy (LE = letsencrypt) |
|
||||
| docker_ldapmanager_rp_restrict_users | | Utilisateurs autorisés à passer le reverse proxy |
|
||||
| docker_ldapmanager_ldap_server | | Adresse du serveur LDAP |
|
||||
| docker_ldapmanager_ldap_basedn | | DN de la racine |
|
||||
| docker_ldapmanager_ldap_binddn | | DN du compte de service de connexion à l'annuaire LDAP |
|
||||
| docker_ldapmanager_ldap_bindpwd | | Mot de passe du compte de service de connexion à l'annuaire LDAP |
|
||||
| docker_ldapmanager_ldap_users_ou | | Nom de l'OU contenant les utilisateurs |
|
||||
| docker_ldapmanager_ldap_group_admin | | Nom du groupe des administrateurs de ldapmanager |
|
||||
| docker_ldapmanager_ldap_groups_ou | | Nom de l'OU contenant les les groupes |
|
||||
| docker_ldapmanager_email_domain | | Suffixe des adresses mail du domaine |
|
||||
| docker_ldapmanager_organisation_name | | Nom de l'entité gérant l'annuaire LDAP - apparait dans le titre de l'application |
|
||||
| docker_ldapmanager_site_name | | Nom du site - apparait dans le titre de l'application |
|
||||
| docker_ldapmanager_username_format | {first_name}.{last_name} | Format par défaut pour proposer un login |
|
||||
| docker_ldapmanager_account_additional_objectclasses | PostfixBookMailAccount,ownCloud | Objectclasses supplémentaires dont hérite chaque utilisateur |
|
||||
| docker_ldapmanager_account_additional_attributes | registeredAddress:Adresse de récupération,mailAlias:mail Alias,mailQuota:mail Quota,ownCloudQuota:nextCloud Quota | Attributs supplémentaires a présenter dans l'interface des comptes utilisateurs |
|
||||
| docker_ldapmanager_mail_server | | Adresse du serveur smtp |
|
||||
| docker_ldapmanager_mail_from_address | | Adresse mail émettrice des notifications |
|
||||
| docker_ldapmanager_mail_from_name | | Nom associé à l'adresse mail émettrice des notifications |
|
||||
| docker_ldapmanager_mail_subject | | Titre des mails de notification |
|
||||
|
||||
|
||||
4
defaults/main.yml
Normal file
4
defaults/main.yml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
docker_ldapmanager_rp_cert: LE
|
||||
docker_ldapmanager_username_format: "{first_name}.{last_name}"
|
||||
docker_ldapmanager_account_additional_objectclasses: "PostfixBookMailAccount,ownCloud"
|
||||
docker_ldapmanager_account_additional_attributes: "registeredAddress:Adresse de récupération,mailAlias:mail Alias,mailQuota:mail Quota,ownCloudQuota:nextCloud Quota"
|
||||
10
handlers/main.yml
Normal file
10
handlers/main.yml
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
- name: docker-compose-up
|
||||
shell: |
|
||||
docker-compose up -d
|
||||
args:
|
||||
chdir: /opt/{{ docker_ldapmanager_service_id }}/
|
||||
|
||||
- name: reverse-proxy-reload
|
||||
service:
|
||||
name: apache2
|
||||
state: reloaded
|
||||
11
tasks/configure_reverse_proxy.yml
Normal file
11
tasks/configure_reverse_proxy.yml
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
- name: prepare reverse_proxy
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: /etc/apache2/vhosts.d/{{ docker_ldapmanager_fqdn }}/
|
||||
with_items:
|
||||
- 0_vhost.conf
|
||||
- 1_vhost_additional.conf
|
||||
- 2_mds_exclusion.conf
|
||||
notify: reverse-proxy-reload
|
||||
|
||||
|
||||
16
tasks/main.yml
Normal file
16
tasks/main.yml
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
- name: docker directory
|
||||
file:
|
||||
path: /opt/{{ docker_ldapmanager_service_id }}/
|
||||
state: directory
|
||||
|
||||
- name: prepare docker-compose.yml
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: /opt/{{ docker_ldapmanager_service_id }}/
|
||||
with_items:
|
||||
- docker-compose.yml
|
||||
- php.ini
|
||||
- ldapmanager.env
|
||||
notify: docker-compose-up
|
||||
|
||||
|
||||
2
templates/0_vhost.conf
Normal file
2
templates/0_vhost.conf
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
# {{ ansible_managed }}
|
||||
Use vhost_HTTPS_Generic {{ docker_ldapmanager_fqdn }} {{ docker_ldapmanager_rp_cert }} http {{ docker_ldapmanager_rp_docker_host }} info LDAPAdminAccessPolicy BlockCrawlerIndexing Off
|
||||
4
templates/1_vhost_additional.conf
Normal file
4
templates/1_vhost_additional.conf
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
# {{ ansible_managed }}
|
||||
<Location />
|
||||
Require user {{ docker_ldapmanager_rp_restrict_users }}
|
||||
</Location>
|
||||
2
templates/2_mds_exclusion.conf
Normal file
2
templates/2_mds_exclusion.conf
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
24
templates/docker-compose.yml
Normal file
24
templates/docker-compose.yml
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
version: '3.1'
|
||||
|
||||
services:
|
||||
ldapman:
|
||||
image: wheelybird/ldap-user-manager:v1.7
|
||||
env_file:
|
||||
- ldapmanager.env
|
||||
restart: always
|
||||
volumes:
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- ./php.ini:/usr/local/etc/php/php.ini
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=traefik"
|
||||
- "traefik.http.routers.{{ docker_ldapmanager_service_id }}.entrypoints=web"
|
||||
- "traefik.http.routers.{{ docker_ldapmanager_service_id }}.rule=Host(`{{ docker_ldapmanager_fqdn }}`)"
|
||||
- "traefik.http.services.{{ docker_ldapmanager_service_id }}.loadbalancer.server.port=80"
|
||||
networks:
|
||||
- traefik
|
||||
|
||||
networks:
|
||||
traefik:
|
||||
external: true
|
||||
22
templates/ldapmanager.env
Normal file
22
templates/ldapmanager.env
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
SERVER_HOSTNAME={{ docker_ldapmanager_fqdn }}
|
||||
LDAP_URI=ldap://{{ docker_ldapmanager_ldap_server }}
|
||||
LDAP_BASE_DN={{ docker_ldapmanager_ldap_basedn }}
|
||||
LDAP_REQUIRE_STARTTLS=false
|
||||
LDAP_ADMINS_GROUP={{ docker_ldapmanager_ldap_group_admin }}
|
||||
LDAP_ADMIN_BIND_DN={{ docker_ldapmanager_ldap_binddn }}
|
||||
LDAP_ADMIN_BIND_PWD={{ docker_ldapmanager_ldap_bindpwd }}
|
||||
LDAP_IGNORE_CERT_ERRORS=true
|
||||
EMAIL_DOMAIN={{ docker_ldapmanager_email_domain }}
|
||||
ORGANISATION_NAME={{ docker_ldapmanager_organisation_name }}
|
||||
SITE_NAME={{ docker_ldapmanager_site_name }}
|
||||
LDAP_USER_OU={{ docker_ldapmanager_ldap_users_ou }}
|
||||
LDAP_GROUP_OU={{ docker_ldapmanager_ldap_groups_ou }}
|
||||
NO_HTTPS=true
|
||||
USERNAME_FORMAT={{ docker_ldapmanager_username_format }}
|
||||
ENFORCE_SAFE_SYSTEM_NAMES=false
|
||||
LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES={{ docker_ldapmanager_account_additional_objectclasses }}
|
||||
LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES={{ docker_ldapmanager_account_additional_attributes }}
|
||||
SMTP_HOSTNAME={{ docker_ldapmanager_mail_server }}
|
||||
EMAIL_FROM_ADDRESS={{ docker_ldapmanager_mail_from_address }}
|
||||
EMAIL_FROM_NAME={{ docker_ldapmanager_mail_from_name }}
|
||||
MAIL_SUBJECT={{ docker_ldapmanager_mail_subject }}
|
||||
1953
templates/php.ini
Normal file
1953
templates/php.ini
Normal file
File diff suppressed because it is too large
Load diff
Loading…
Reference in a new issue