LDAP auth

supertarto · supertarto · commit cf30d255ea55 · 2021-04-20T16:46:29.000+02:00
diff --git a/README.md b/README.md
@@ -42,7 +42,24 @@ bookstack_smtp_username: "null"
 bookstack_smtp_password: "null"
 bookstack_smtp_encryption: "null"
 ```
-
+Information about your LDAP.
+```yml
+bookstack_use_ldap_auth: false
+bookstack_ldap_server: "ldaps://example.com:636"
+bookstack_ldap_base_dn: "People,dc=example,dc=com"
+bookstack_ldap_bind_dn: "false"
+bookstack_ldap_bind_pw: "false"
+bookstack_ldap_user_filter: "(&(uid=${user}))"
+bookstack_ldap_version: "3"
+bookstack_ldap_id_attribute: "uid"
+bookstack_ldap_mail_attribute: "mail"
+bookstack_ldap_dn_attribute: "cn"
+bookstack_ldap_tls_force: "false"
+```
+Default locale
+```yml
+bookstack_lang: en
+```
 ## Examples
 ```yml
 - hosts: all
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -9,6 +9,8 @@ bookstack_git_url: https://github.com/BookStackApp/BookStack.git
 ############
 # ENV FILE
 ############
+bookstack_lang: en
+
 bookstack_host: localhost
 bookstack_db_name: bookstackdb
 bookstack_db_user: bookstackuser
@@ -23,3 +25,15 @@ bookstack_smtp_port: "1025"
 bookstack_smtp_username: "null"
 bookstack_smtp_password: "null"
 bookstack_smtp_encryption: "null"
+
+bookstack_use_ldap_auth: false
+bookstack_ldap_server: "ldaps://example.com:636"
+bookstack_ldap_base_dn: "People,dc=example,dc=com"
+bookstack_ldap_bind_dn: "false"
+bookstack_ldap_bind_pw: "false"
+bookstack_ldap_user_filter: "(&(uid=${user}))"
+bookstack_ldap_version: "3"
+bookstack_ldap_id_attribute: "uid"
+bookstack_ldap_mail_attribute: "mail"
+bookstack_ldap_dn_attribute: "cn"
+bookstack_ldap_tls_force: "false"
diff --git a/templates/env.j2 b/templates/env.j2
@@ -2,6 +2,7 @@
 # Used for encryption where needed.
 # Run `php artisan key:generate` to generate a valid key.
 APP_KEY=SomeKey
+APP_LANG={{ bookstack_lang }}
 
 # Application URL
 # Remove the hash below and set a URL if using BookStack behind
@@ -31,5 +32,25 @@ MAIL_USERNAME={{ bookstack_smtp_username }}
 MAIL_PASSWORD={{ bookstack_smtp_password }}
 MAIL_ENCRYPTION={{ bookstack_smtp_encryption }}
 
+{% if bookstack_use_ldap_auth is true %}
+AUTH_METHOD=ldap
+LDAP_SERVER={{ bookstack_ldap_server }}
+LDAP_BASE_DN=ou={{ bookstack_ldap_base_dn }}
+LDAP_DN={{ bookstack_ldap_bind_dn }}
+LDAP_PASS=false{{ bookstack_ldap_bind_pw }}
 
-# A full list of options can be found in the '.env.example.complete' file.
+LDAP_USER_FILTER={{ bookstack_ldap_user_filter }}
+LDAP_VERSION={{ bookstack_ldap_version }}
+
+LDAP_ID_ATTRIBUTE={{ bookstack_ldap_id_attribute }}
+LDAP_EMAIL_ATTRIBUTE={{ bookstack_ldap_mail_attribute }}
+
+# Set the property to use for a user's display name. Defaults to 'cn'
+LDAP_DISPLAY_NAME_ATTRIBUTE={{ bookstack_ldap_dn_attribute }}
+
+# Force TLS to be used for LDAP communication.
+# Use this if you can but your LDAP support will need to support it and
+# you may need to import your certificate to the BookStack host machine.
+# Defaults to 'false'.
+LDAP_START_TLS={{ bookstack_ldap_tls_force }}
+{% endif %}
