Add LDAP support for blossom-server

Only available in our feature branch atm
2026-05-19 16:32:03 +02:00
parent 8afe2ad05d
commit 2169e7904c
3 changed files with 18 additions and 8 deletions
--- a/roles/blossom.rb
+++ b/roles/blossom.rb
@@ -3,14 +3,14 @@ name "blossom"
 override_attributes(
  "blossom" => {
    "allowed_pubkeys" => [
-      "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf",
-      "1f79058c77a224e5be226c8f024cacdad4d741855d75ed9f11473ba8eb86e1cb",
-      "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3",
-      "898a73f2c1f9a9f42d9ef4ac363622f92fdd4290c8f190340a0862d8e0f70046"
+      # "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf",
+      # "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3",
+      # "898a73f2c1f9a9f42d9ef4ac363622f92fdd4290c8f190340a0862d8e0f70046"
    ]
  },
 )

 run_list %w(
+  role[ldap_client]
  kosmos_blossom::default
 )
--- a/site-cookbooks/blossom
+++ b/site-cookbooks/blossom
--- a/site-cookbooks/kosmos_blossom/recipes/default.rb
+++ b/site-cookbooks/kosmos_blossom/recipes/default.rb
@@ -4,20 +4,30 @@
 #

 credentials = Chef::EncryptedDataBagItem.load('credentials', 'blossom')
+ldap_credentials = Chef::EncryptedDataBagItem.load('credentials', 'dirsrv')
+
+node.default['blossom']['repo_url'] = 'https://github.com/67P/blossom-server.git'
+node.default['blossom']['revision'] = 'feature/ldap'

 node.default['blossom']['storage']['backend'] = 's3'
 node.default['blossom']['storage']['s3']['access_key'] = credentials['s3_access_key']
 node.default['blossom']['storage']['s3']['secret_key'] = credentials['s3_secret_key']

+node.default['blossom']['allow_anonymous_uploads'] = false
+
+node.default['blossom']['ldap']['enabled'] = true
+node.default['blossom']['ldap']['url'] = 'ldap://ldap.kosmos.local:389'
+node.default['blossom']['ldap']['bind_dn'] = ldap_credentials["service_dn"]
+node.default['blossom']['ldap']['password'] = ldap_credentials["service_password"]
+node.default['blossom']['ldap']['search_dn'] = "ou=kosmos.org,cn=users,dc=kosmos,dc=org"
+node.default['blossom']['ldap']['search_filter'] = "(nostrKey={pubkey})"
+
 node.default['blossom']['dashboard']['enabled'] = true
 node.default['blossom']['dashboard']['username'] = credentials['admin_username'] || 'admin'
 node.default['blossom']['dashboard']['password'] = credentials['admin_password']

 node.default['blossom']['landing']['title'] = 'Kosmos Blossom Server'

-node.default['blossom']['repo_url'] = 'https://github.com/67P/blossom-server.git'
-node.default['blossom']['revision'] = 'master'
-
 include_recipe 'blossom::default'

 firewall_rule 'blossom' do