From 2169e7904c8213a1a4672639e84023758f2eb9f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Tue, 19 May 2026 16:32:03 +0200 Subject: [PATCH] Add LDAP support for blossom-server Only available in our feature branch atm --- roles/blossom.rb | 8 ++++---- site-cookbooks/blossom | 2 +- site-cookbooks/kosmos_blossom/recipes/default.rb | 16 +++++++++++++--- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/roles/blossom.rb b/roles/blossom.rb index 6d55f74..9123fd7 100644 --- a/roles/blossom.rb +++ b/roles/blossom.rb @@ -3,14 +3,14 @@ name "blossom" override_attributes( "blossom" => { "allowed_pubkeys" => [ - "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf", - "1f79058c77a224e5be226c8f024cacdad4d741855d75ed9f11473ba8eb86e1cb", - "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3", - "898a73f2c1f9a9f42d9ef4ac363622f92fdd4290c8f190340a0862d8e0f70046" + # "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf", + # "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3", + # "898a73f2c1f9a9f42d9ef4ac363622f92fdd4290c8f190340a0862d8e0f70046" ] }, ) run_list %w( + role[ldap_client] kosmos_blossom::default ) diff --git a/site-cookbooks/blossom b/site-cookbooks/blossom index 1ac2cfc..314bd6a 160000 --- a/site-cookbooks/blossom +++ b/site-cookbooks/blossom @@ -1 +1 @@ -Subproject commit 1ac2cfcaab9c83e35ad274b5d14971cd452fa6bc +Subproject commit 314bd6ab1af26f16c0ea03f7fb75b0b163e94e58 diff --git a/site-cookbooks/kosmos_blossom/recipes/default.rb b/site-cookbooks/kosmos_blossom/recipes/default.rb index 5739767..547dc3c 100644 --- a/site-cookbooks/kosmos_blossom/recipes/default.rb +++ b/site-cookbooks/kosmos_blossom/recipes/default.rb @@ -4,20 +4,30 @@ # credentials = Chef::EncryptedDataBagItem.load('credentials', 'blossom') +ldap_credentials = Chef::EncryptedDataBagItem.load('credentials', 'dirsrv') + +node.default['blossom']['repo_url'] = 'https://github.com/67P/blossom-server.git' +node.default['blossom']['revision'] = 'feature/ldap' node.default['blossom']['storage']['backend'] = 's3' node.default['blossom']['storage']['s3']['access_key'] = credentials['s3_access_key'] node.default['blossom']['storage']['s3']['secret_key'] = credentials['s3_secret_key'] +node.default['blossom']['allow_anonymous_uploads'] = false + +node.default['blossom']['ldap']['enabled'] = true +node.default['blossom']['ldap']['url'] = 'ldap://ldap.kosmos.local:389' +node.default['blossom']['ldap']['bind_dn'] = ldap_credentials["service_dn"] +node.default['blossom']['ldap']['password'] = ldap_credentials["service_password"] +node.default['blossom']['ldap']['search_dn'] = "ou=kosmos.org,cn=users,dc=kosmos,dc=org" +node.default['blossom']['ldap']['search_filter'] = "(nostrKey={pubkey})" + node.default['blossom']['dashboard']['enabled'] = true node.default['blossom']['dashboard']['username'] = credentials['admin_username'] || 'admin' node.default['blossom']['dashboard']['password'] = credentials['admin_password'] node.default['blossom']['landing']['title'] = 'Kosmos Blossom Server' -node.default['blossom']['repo_url'] = 'https://github.com/67P/blossom-server.git' -node.default['blossom']['revision'] = 'master' - include_recipe 'blossom::default' firewall_rule 'blossom' do