Commit 3d99e590 authored by Clément OUDOT's avatar Clément OUDOT
Browse files

Access rules for profile and photo sharing (#10)

parent c70d9d06
......@@ -71,6 +71,8 @@ Configuration parameters are set as environment variables.
| LEMONLDAP2_OIDCPUB | Path to OIDC public key |
| LEMONLDAP2_SAMLPRIV | Path to SAML private key |
| LEMONLDAP2_SAMLPUB | Path to SAML public key or certificate |
| LEMONLDAP2_UNPROTECT_PHOTO_URL | Allow unauthenticated access to user photo |
| LEMONLDAP2_UNPROTECT_PROFILE_URL | Allow unauthenticated access to user profile |
| LSC_LDAP_PASSWORD | Password of LSC service account |
| LSC_LDAP_USERNAME | Identifier of LSC service account |
| POSTGRES_HOST | Host of database server |
......
......@@ -48,6 +48,9 @@
lemonldap2_fusiondirectory_host: "{{ lookup('env', 'FUSIONDIRECTORY_HOST') }}"
lemonldap2_fusiondirectory_port: "{{ lookup('env', 'FUSIONDIRECTORY_PORT') }}"
lemonldap2_unprotect_profile_url: "{{ lookup('env', 'LEMONLDAP2_UNPROTECT_PROFILE_URL') | default(0, true) }}"
lemonldap2_unprotect_photo_url: "{{ lookup('env', 'LEMONLDAP2_UNPROTECT_PHOTO_URL') | default(0, true) }}"
tasks:
- name: LemonLDAP main configuration file
template:
......
......@@ -88,6 +88,20 @@
- name: "locationRules/{{ lemonldap2_fusiondirectory_name }}.{{ lemonldap2_domain }}/default"
value: "inGroup('access-fusiondirectory')"
- name: Unprotect profile URL
lemonldap_config:
name: "locationRules:{{ lemonldap2_whitepages_name }}.{{ lemonldap2_domain }}:^/index\\.php\\?page=display&dn="
value: "unprotect"
sep: ":"
when: lemonldap2_unprotect_profile_url|bool
- name: Unprotect photo URL
lemonldap_config:
name: "locationRules:{{ lemonldap2_whitepages_name }}.{{ lemonldap2_domain }}:^/photo\\.php\\?dn="
value: "unprotect"
sep: ":"
when: lemonldap2_unprotect_photo_url|bool
- name: Set Portal configuration
lemonldap_config:
name: "{{ item.name }}"
......
......@@ -17,6 +17,8 @@ LEMONLDAP2_OIDCPRIV=/etc/lemonldap-ng-keys/oidc.key
LEMONLDAP2_OIDCPUB=/etc/lemonldap-ng-keys/oidc_pub.key
LEMONLDAP2_SAMLPRIV=/etc/lemonldap-ng-keys/saml.key
LEMONLDAP2_SAMLPUB=/etc/lemonldap-ng-keys/saml.pem
LEMONLDAP2_UNPROTECT_PHOTO_URL=1
LEMONLDAP2_UNPROTECT_PROFILE_URL=0
POSTGRES_HOST=10.0.2.2
POSTGRES_PASSWORD=secret
POSTGRES_PORT=33432
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment