diff --git a/nextcloud/ansible/roles/nextcloud/tasks/main.yml b/nextcloud/ansible/roles/nextcloud/tasks/main.yml index 3edea5f..ee2552b 100644 --- a/nextcloud/ansible/roles/nextcloud/tasks/main.yml +++ b/nextcloud/ansible/roles/nextcloud/tasks/main.yml @@ -302,23 +302,24 @@ - name: Configure LDAP ansible.builtin.shell: cmd: | - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBase cn=users,cn=accounts,dc=libreoffice,dc=gob,dc=mx - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBaseGroups cn=users,cn=accounts,dc=libreoffice,dc=gob,dc=mx - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBaseUsers cn=users,cn=accounts,dc=libreoffice,dc=gob,dc=mx - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapAgentName "cn=Directory Manager" - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapAgentPassword {{ ldap_agent_password }} - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapHost {{ ldap_server_host }} - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 hasMemberOfFilterSupport 1 - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapEmailAttribute mail - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapLoginFilter "(&(&(|(objectclass=posixAccount)))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))" - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapPort 389 - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapUserFilter "(&(|(objectclass=posixAccount)))" - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapUserFilterObjectclass posixAccount - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapConfigurationActive 1 + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBase "{{ ldapBase }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBaseGroups "{{ ldapBaseGroups }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBaseUsers "{{ ldapBaseUsers }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapAgentName "{{ ldapAgentName }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapAgentPassword "{{ ldap_agent_password }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapHost "{{ ldap_server_host }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 hasMemberOfFilterSupport "{{ hasMemberOfFilterSupport }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapEmailAttribute "{{ ldapEmailAttribute }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapLoginFilter "{{ ldapLoginFilter }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapPort "{{ ldapPort }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapUserFilter "{{ ldapUserFilter }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapUserFilterObjectclass "{{ ldapUserFilterObjectclass }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapConfigurationActive "{{ ldapConfigurationActive }}" become: true become_user: "{{ web_user }}" tags: - ldap + when: ldap_enabled - name: Set httpd_can_network_relay to allow nginx to proxy connections seboolean: diff --git a/nextcloud/ansible/vars/main.ejemplo.yaml b/nextcloud/ansible/vars/main.ejemplo.yaml index c888d27..a899405 100644 --- a/nextcloud/ansible/vars/main.ejemplo.yaml +++ b/nextcloud/ansible/vars/main.ejemplo.yaml @@ -22,6 +22,25 @@ nextcloud_db: nextcloud nextcloud_db_user: nextcloud nextcloud_db_user_password: Una contraseña bien, pero bien difícil. +## LDAP +ldap_enabled: false +ldap_agent_password: cIBI4mLESN1nSrAPr7pX3350NPXkD3vExjr27X1ju +ldap_server_host: "10.254.1.1" +ldapBase: cn=users,cn=accounts,dc=softwarelibre,dc=mx +ldapBaseGroups: cn=users,cn=accounts,dc=softwarelibre,dc=mx +ldapBaseUsers: cn=users,cn=accounts,dc=softwarelibre,dc=mx +ldapAgentName: "cn=Directory Manager" +ldapAgentPassword: {{ ldap_agent_password }} +ldapHost: {{ ldap_server_host }} +hasMemberOfFilterSupport: 1 +ldapEmailAttribute: mail +ldapLoginFilter: "(&(&(|(objectclass=posixAccount)))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))" +ldapPort: 389 +ldapUserFilter: "(&(|(objectclass=posixAccount)))" +ldapUserFilterObjectclass: posixAccount +ldapConfigurationActive: 1 + + ## occ nextcloud_occ: "{{ nextcloud_path }}/occ"