Add LDAP support

Not available upstream yet
2026-05-19 16:31:30 +02:00
parent 1ac2cfcaab
commit 314bd6ab1a
3 changed files with 30 additions and 3 deletions
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -6,11 +6,20 @@ node.default['blossom']['group'] = 'blossom'
 node.default['blossom']['port'] = 3000
 node.default['blossom']['host'] = '0.0.0.0'
 node.default['blossom']['domain'] = 'blossom.example.com'
+node.default['blossom']['allow_anonymous_uploads'] = true
 node.default['blossom']['allowed_pubkeys'] = []

 node.default['blossom']['storage']['backend'] = 'local'
 node.default['blossom']['storage']['local']['dir'] = "/home/#{node['blossom']['user']}/data/blobs"
 node.default['blossom']['storage']['s3'] = {}
+
+node.default['blossom']['ldap']['enabled'] = false
+node.default['blossom']['ldap']['url'] = nil
+node.default['blossom']['ldap']['bind_dn'] = nil
+node.default['blossom']['ldap']['password'] = nil
+node.default['blossom']['ldap']['search_dn'] = nil
+node.default['blossom']['ldap']['search_filter'] = nil
+
 node.default['blossom']['max_size'] = 104857600
 node.default['blossom']['list']['enabled'] = true
 node.default['blossom']['list']['require_auth'] = true
--- a/recipes/default.rb
+++ b/recipes/default.rb
@@ -58,6 +58,8 @@ template "#{node['blossom']['install_dir']}/config.yml" do
    storage_backend: node['blossom']['storage']['backend'],
    storage_local_dir: node['blossom']['storage']['local']['dir'],
    storage_s3: node['blossom']['storage']['s3'],
+    allow_anonymous_uploads: node['blossom']['allow_anonymous_uploads'],
+    ldap: node['blossom']['ldap'],
    allowed_pubkeys: node['blossom']['allowed_pubkeys'],
    max_size: node['blossom']['max_size'],
    list_enabled: node['blossom']['list']['enabled'],
--- a/templates/default/config.yml.erb
+++ b/templates/default/config.yml.erb
@@ -27,7 +27,14 @@ storage:
 <% @allowed_pubkeys.each do |pk| %>
        - "<%= pk %>"
 <% end %>
-<% else %>
+<% end %>
+<% if @ldap['enabled'] %>
+    - type: "*"
+      expiration: "100 years"
+      ldap:
+        filter: "<%= @ldap['search_filter']%>"
+<% end %>
+<% if @allow_anonymous_uploads %>
    - type: "image/*"
      expiration: 1 month
    - type: "video/*"
@@ -36,10 +43,19 @@ storage:
      expiration: 1 week
 <% end %>

+<% if @ldap %>
+ldap:
+  enabled: <%= @ldap['enabled'] %>
+  url: "<%= @ldap['url'] %>"
+  bindDN: "<%= @ldap['bind_dn'] %>"
+  password: "<%= @ldap['password'] %>"
+  searchDN: "<%= @ldap['search_dn'] %>"
+<% end %>
+
 upload:
  enabled: true
-  requireAuth: <%= @allowed_pubkeys && !@allowed_pubkeys.empty? ? 'true' : 'false' %>
-  requirePubkeyInRule: <%= @allowed_pubkeys && !@allowed_pubkeys.empty? ? 'true' : 'false' %>
+  requireAuth: <%= !@allow_anonymous_uploads %>
+  requirePubkeyInRule: <%= !@allow_anonymous_uploads %>
  maxSize: <%= @max_size %>

 list: