Refactor LDAP config

* Move credentials to ENV vars in prod * Use same configs in dev and prod * Make UID attribute and admin DN configurable
Remove SMTP credentials from Rails credentials
2025-05-06 15:32:59 +04:00 · 2025-05-06 15:08:46 +04:00
5 changed files with 21 additions and 18 deletions
--- a/.env.example
+++ b/.env.example
@ -29,8 +29,12 @@

 # LDAP_HOST=localhost
 # LDAP_PORT=389
+# LDAP_USE_TLS=false
+# LDAP_UID_ATTR=cn
+# LDAP_BASE="ou=kosmos.org,cn=users,dc=kosmos,dc=org"
+# LDAP_ADMIN_USER="cn=Directory Manager"
 # LDAP_ADMIN_PASSWORD=passthebutter
-# LDAP_SUFFIX='dc=kosmos,dc=org'
+# LDAP_SUFFIX="dc=kosmos,dc=org"

 # REDIS_URL='redis://localhost:6379/1'

--- a/config/credentials.yml.enc
+++ b/config/credentials.yml.enc
@ -1 +1 @@
-zaTF2ZJaU/M9CYmXEJoDmS1oniSV/1YT0UnM1jysEhMknn3bYOzRBZM3eGJ5Mr6bJYz6cv5hSDL5pT0/6hqgpV04dc/fVDplWO4eEpD1kBFM3LjIPCe9REbRlRUwODpoV/y6wWOFme8nFMS9uOSFkL6RtMuQli0os5Rp+2Jal2lJwAujFjFwuuj+1iRzqc3pzeIIy0clPmR9ANxXS+rPL3jmxty6QzVMr9Q658roVD38yRg0CNgs09eZ/FvqeqXlQkwDfg2/zX9tg5ocGwvHzmicZJ/yU6kl6liqNAJvEDrolm0gSzemY8NfhCySd5wjEvpP+uvKxbd5M3rhagC8S9MmpmxewuOKbDFEyTSRO6Kp2yakdcLSn12ZPB+X0nlMRno+UEzh0EvcX2mxRXppIKrsRUGVeYmj4GMI0vyLW1eCuyPLueN7sOnSjhtM84URNWkSnb0LTxlYxOJGbnwzn85QVpFdXtDktbaXvMWcVdH9XdMDbaBs1G7BIA6Z8i+mxLVVEbQWQM6VBrUhpkpWfphLmN5b16LYbGTzdKnR0iPcsNr8Tsl8vYfeWH8S0ujD105lS39v37YimN6E5l4X2CrqG+DNBtKfbqC0E3lhZMqDRWetxzaxE47oe4g=--0EKrvwe2YTfsbssz--SbmUH0sMiy5uUhpxFImgMA==
+wVGTGBCsJ2bLSXxn/cYKcYyljVARvZGhi2gOQbiJy/r3Ia4gUmurlKFFKF0m6wmUMIlj+W11Mvu4at3c5h9fzODeIJ+EwkbwLcO8KECUyuXwVxVm2sH2TixWRwhyokT+UwS8J5c7lJTgmFAPlZiRQ+YyrqmhyPzq1fEdErk3btsWNPpJpOsdv1YPBCFFN96zMfY8h+Ttr53a9S58h+fwA+ZF5ePVqeIpJshQ+21UjUIKb5qSLEIECsarI/QJDMQwyKcvYiOEPny8nZL/7bE9TxBgC7v6UnsN+ZXVUB36aw7LOPj+21NVIdWjwOgHYRK1H2Co+stS8bDieuqV29iTTL+F8afHm/6yRc7EAtfKJe3nWf4woI+hHw7p7g/6t451F4nv9Nu1Mmt6YvJjzbSIDbf6Q6yfuYyRAv7uZdXrfsezjyhTDNGQ/SgBDpQ7CUzRoruc--0WsH7dH/QP2Hzvya--8eFWc0g5dVAvrPhC5JpO5Q==
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@ -45,7 +45,7 @@ Devise.setup do |config|
  # Configure the e-mail address which will be shown in Devise::Mailer,
  # note that it will be overwritten if you use your own mailer class
  # with default "from" parameter.
-  config.mailer_sender = 'accounts@kosmos.org'
+  config.mailer_sender = ENV["SMTP_FROM_ADDRESS"] || 'accounts@localhost'

  # Configure the class responsible to send e-mails.
  # config.mailer = 'Devise::Mailer'
--- a/config/ldap.yml
+++ b/config/ldap.yml
@ -28,11 +28,11 @@ authorizations: &AUTHORIZATIONS
 development:
  host: <%= ENV["LDAP_HOST"] || "localhost" %>
  port: <%= ENV["LDAP_PORT"] || "389" %>
-  attribute: cn
-  base: <%= ENV["LDAP_BASE"] || "ou=kosmos.org,cn=users,dc=kosmos,dc=org" %>
-  admin_user: "cn=Directory Manager"
-  admin_password: <%= ENV["LDAP_ADMIN_PASSWORD"] %>
  ssl: <%= ENV["LDAP_USE_TLS"] || "false" %>
+  attribute: <%= ENV["LDAP_UID_ATTR"] || "cn" %>
+  base: <%= ENV["LDAP_BASE"] || "ou=kosmos.org,cn=users,dc=kosmos,dc=org" %>
+  admin_user: <%= ENV["LDAP_ADMIN_USER"] || "cn=Directory Manager" %>
+  admin_password: <%= ENV["LDAP_ADMIN_PASSWORD"] %>
  # <<: *AUTHORIZATIONS

 test:
@ -46,11 +46,11 @@ test:
  # <<: *AUTHORIZATIONS

 production:
-  host: ldap.kosmos.local
-  port: 389
-  attribute: cn
-  base: ou=kosmos.org,cn=users,dc=kosmos,dc=org
-  admin_user: <%= Rails.application.credentials.ldap[:username] rescue nil %>
-  admin_password: <%= Rails.application.credentials.ldap[:password] rescue nil %>
-  # ssl: false
+  host: <%= ENV["LDAP_HOST"] || "localhost" %>
+  port: <%= ENV["LDAP_PORT"] || "389" %>
+  ssl: <%= ENV["LDAP_USE_TLS"] || "false" %>
+  attribute: <%= ENV["LDAP_UID_ATTR"] || "cn" %>
+  base: <%= ENV["LDAP_BASE"] || "ou=kosmos.org,cn=users,dc=kosmos,dc=org" %>
+  admin_user: <%= ENV["LDAP_ADMIN_USER"] || "cn=Directory Manager" %>
+  admin_password: <%= ENV["LDAP_ADMIN_PASSWORD"] %>
  # <<: *AUTHORIZATIONS
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -44,15 +44,14 @@ services:
      LDAP_HOST: ldap
      LDAP_PORT: 3389
      LDAP_ADMIN_PASSWORD: passthebutter
-      LDAP_USE_TLS: "false"
      REDIS_URL: redis://redis:6379/0
-      ACTIVE_STORAGE_PATH: "/akkounts/tmp/attachments"
+      ACTIVE_STORAGE_PATH: /akkounts/tmp/attachments
      RS_REDIS_URL: redis://redis:6379/1
-      RS_STORAGE_URL: "http://localhost:4567"
+      RS_STORAGE_URL: http://localhost:4567
      S3_ENABLED: false
      NOSTR_PUBLIC_KEY: bdd76ce2934b2f591f9fad2ebe9da18f20d2921de527494ba00eeaa0a0efadcf
      NOSTR_PRIVATE_KEY: 7c3ef7e448505f0615137af38569d01807d3b05b5005d5ecf8aaafcd40323cea
-      NOSTR_RELAY_URL: "ws://strfry:7777"
+      NOSTR_RELAY_URL: ws://strfry:7777
    depends_on:
      - ldap
      - redis
Author	SHA1	Message	Date
Râu Cao	3d8619532b	Refactor LDAP config All checks were successful continuous-integration/drone/push Build is passing Details continuous-integration/drone/pr Build is passing Details * Move credentials to ENV vars in prod * Use same configs in dev and prod * Make UID attribute and admin DN configurable	2025-05-06 15:32:59 +04:00
Râu Cao	d56edb34f1	Remove SMTP credentials from Rails credentials Already unused	2025-05-06 15:08:46 +04:00