From ad12ac0c8ec51a63f14ca351b2e85d6a30b28b78 Mon Sep 17 00:00:00 2001
From: Christian Elberfeld <6413499+elberfeld@users.noreply.github.com>
Date: Wed, 12 Mar 2025 23:19:43 +0100
Subject: [PATCH] Einrichtung OAUth Login mit uffd
---
testserver/docker_dokuwiki/tasks/main.yml | 50 ++++++++++---------
.../templates/docker-compose.yml | 15 +++++-
.../templates/uffd-ldapd/Dockerfile | 24 +++++++++
3 files changed, 65 insertions(+), 24 deletions(-)
create mode 100644 testserver/docker_dokuwiki/templates/uffd-ldapd/Dockerfile
diff --git a/testserver/docker_dokuwiki/tasks/main.yml b/testserver/docker_dokuwiki/tasks/main.yml
index a48f0ed5..3b5413a2 100644
--- a/testserver/docker_dokuwiki/tasks/main.yml
+++ b/testserver/docker_dokuwiki/tasks/main.yml
@@ -3,6 +3,8 @@
- include_tasks: ../functions/get_secret.yml
with_items:
- { path: "{{ basedir }}/secrets/oauth_secret", length: 64}
+ - { path: "{{ basedir }}/dokuwiki_api_secret", length: 32 }
+ - { path: "{{ basedir }}/ldap_bind_pw", length: 32 }
- name: create folder struct for dokuwiki
file:
@@ -16,6 +18,7 @@
- "{{ basedir }}/data/lib/plugins"
- "{{ basedir }}/data/lib/plugins/oauth"
- "{{ basedir }}/data/lib/plugins/oauthgeneric"
+ - "{{ basedir }}/uffd-ldapd"
- name: Docker Compose Konfig-Datei erstellen
template:
@@ -24,35 +27,36 @@
with_items:
- docker-compose.yml
- Dockerfile
+ - uffd-ldapd/Dockerfile
register: config
-- name: oauth plugin clonen
- ansible.builtin.git:
- repo: https://github.com/cosmocode/dokuwiki-plugin-oauth.git
- dest: "{{ basedir }}/data/lib/plugins/oauth"
- force: true
+#- name: oauth plugin clonen
+# ansible.builtin.git:
+# repo: https://github.com/cosmocode/dokuwiki-plugin-oauth.git
+# dest: "{{ basedir }}/data/lib/plugins/oauth"
+# force: true
-- name: config für oauth kopieren
- ansible.builtin.template:
- src: oauth_vars.php
- dest: "{{ basedir }}/data/lib/plugins/oauth/conf/default.php"
+#- name: config für oauth kopieren
+# ansible.builtin.template:
+# src: oauth_vars.php
+# dest: "{{ basedir }}/data/lib/plugins/oauth/conf/default.php"
-- name: oauthgeneric plugin clonen
- ansible.builtin.git:
- repo: https://github.com/cosmocode/dokuwiki-plugin-oauthgeneric.git
- dest: "{{ basedir }}/data/lib/plugins/oauthgeneric"
- force: true
+#- name: oauthgeneric plugin clonen
+# ansible.builtin.git:
+# repo: https://github.com/cosmocode/dokuwiki-plugin-oauthgeneric.git
+# dest: "{{ basedir }}/data/lib/plugins/oauthgeneric"
+# force: true
-- name: config für oauthgeneric kopieren
- ansible.builtin.template:
- src: oauthgeneric_vars.php
- dest: "{{ basedir }}/data/lib/plugins/oauthgeneric/conf/default.php"
+#- name: config für oauthgeneric kopieren
+# ansible.builtin.template:
+# src: oauthgeneric_vars.php
+# dest: "{{ basedir }}/data/lib/plugins/oauthgeneric/conf/default.php"
-- name: oauth provider aktivieren
- ansible.builtin.lineinfile:
- path: "{{ basedir }}/data/conf/local.php"
- regexp: "^$conf['authtype'] = "
- line: "$conf['authtype'] = 'oauth';"
+#- name: oauth provider aktivieren
+# ansible.builtin.lineinfile:
+# path: "{{ basedir }}/data/conf/local.php"
+# regexp: "^$conf['authtype'] = "
+# line: "$conf['authtype'] = 'oauth';"
- name: "stop {{ servicename}} docker"
community.docker.docker_compose_v2:
diff --git a/testserver/docker_dokuwiki/templates/docker-compose.yml b/testserver/docker_dokuwiki/templates/docker-compose.yml
index e3389c99..268b1874 100644
--- a/testserver/docker_dokuwiki/templates/docker-compose.yml
+++ b/testserver/docker_dokuwiki/templates/docker-compose.yml
@@ -17,7 +17,20 @@ services:
networks:
- default
- web
-
+
+ ldap:
+
+ build: uffd-ldapd/
+ restart: always
+ environment:
+ SERVER_API_URL: "{{ oidc_global.provider_url }}"
+ SERVER_API_USER: "dokuwikildap"
+ SERVER_API_SECRET: "{{ dokuwiki_api_secret }}"
+ SERVER_BASE_DN: "{{ oidc_global.ldap_base_dn }}"
+ SERVER_BIND_PASSWORD: "{{ ldap_bind_pw}}"
+ networks:
+ - default
+
networks:
web:
external: true
diff --git a/testserver/docker_dokuwiki/templates/uffd-ldapd/Dockerfile b/testserver/docker_dokuwiki/templates/uffd-ldapd/Dockerfile
new file mode 100644
index 00000000..c39c751f
--- /dev/null
+++ b/testserver/docker_dokuwiki/templates/uffd-ldapd/Dockerfile
@@ -0,0 +1,24 @@
+FROM debian:bookworm-slim
+
+# Set environment variables
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install necessary dependencies and configure custom repository
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends wget gnupg ca-certificates \
+ && wget -O- "https://packages.cccv.de/docs/cccv-archive-key.gpg" | gpg --dearmor -o /etc/apt/trusted.gpg.d/cccv-archive-key.gpg \
+ && echo "deb https://packages.cccv.de/uffd bookworm main" > /etc/apt/sources.list.d/custom.list \
+ && apt-get update \
+ && apt-get install -y --no-install-recommends uffd-ldapd ldap-utils \
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/*
+
+USER 999
+EXPOSE 389/tcp
+
+# Set default command
+CMD ["/usr/sbin/uffd-ldapd","--socket-address","0.0.0.0:389"]
+
+# Get all LDAP Entries
+# ldapsearch -x -H ldap://127.0.0.1 -D "cn=service,ou=system,{{ oidc_global.ldap_base_dn }}" -w "{{ ldap_bind_pw }}" -b "ou=users,{{ oidc_global.ldap_base_dn }}" "(objectClass=*)"
+
--
GitLab