openshift adm group sync/prune (#125)

2026-05-14 13:32:18 +00:00 · 2022-01-20 17:23:30 +01:00
parent eb11821b3c
commit 0a1a647e37
23 changed files with 3150 additions and 0 deletions
--- a/molecule/default/roles/openshift_adm_groups/templates/rfc2307/sync-config.j2
+++ b/molecule/default/roles/openshift_adm_groups/templates/rfc2307/sync-config.j2
@@ -0,0 +1,105 @@
+simple:
+    kind: LDAPSyncConfig
+    apiVersion: v1
+    url: "{{ ldap_server_uri }}"
+    insecure: true
+    rfc2307:
+        groupsQuery:
+            baseDN: "ou=groups,ou=rfc2307,{{ ldap_root }}"
+            scope: sub
+            derefAliases: never
+            filter: (objectclass=groupOfNames)
+        groupUIDAttribute: dn
+        groupNameAttributes: [ cn ]
+        groupMembershipAttributes: [ member ]
+        usersQuery:
+            baseDN: "ou=people,ou=rfc2307,{{ ldap_root }}"
+            scope: sub
+            derefAliases: never
+        userUIDAttribute: dn
+        userNameAttributes: [ mail ]
+user_defined:
+    kind: LDAPSyncConfig
+    apiVersion: v1
+    url: "{{ ldap_server_uri }}"
+    insecure: true
+    groupUIDNameMapping:
+        "cn=admins,ou=groups,ou=rfc2307,{{ ldap_root }}": ansible-admins
+        "cn=developers,ou=groups,ou=rfc2307,{{ ldap_root }}": ansible-devs
+    rfc2307:
+        groupsQuery:
+            baseDN: "ou=groups,ou=rfc2307,{{ ldap_root }}"
+            scope: sub
+            derefAliases: never
+            filter: (objectclass=groupOfNames)
+        groupUIDAttribute: dn
+        groupNameAttributes: [ cn ]
+        groupMembershipAttributes: [ member ]
+        usersQuery:
+            baseDN: "ou=people,ou=rfc2307,{{ ldap_root }}"
+            scope: sub
+            derefAliases: never
+        userUIDAttribute: dn
+        userNameAttributes: [ mail ]
+partially_user_defined:
+    kind: LDAPSyncConfig
+    apiVersion: v1
+    url: "{{ ldap_server_uri }}"
+    insecure: true
+    groupUIDNameMapping:
+        "cn=admins,ou=groups,ou=rfc2307,{{ ldap_root }}": ansible-admins
+    rfc2307:
+        groupsQuery:
+            baseDN: "ou=groups,ou=rfc2307,{{ ldap_root }}"
+            scope: sub
+            derefAliases: never
+            filter: (objectclass=groupOfNames)
+        groupUIDAttribute: dn
+        groupNameAttributes: [ cn ]
+        groupMembershipAttributes: [ member ]
+        usersQuery:
+            baseDN: "ou=people,ou=rfc2307,{{ ldap_root }}"
+            scope: sub
+            derefAliases: never
+        userUIDAttribute: dn
+        userNameAttributes: [ mail ]
+dn_everywhere:
+    kind: LDAPSyncConfig
+    apiVersion: v1
+    url: "{{ ldap_server_uri }}"
+    insecure: true
+    rfc2307:
+        groupsQuery:
+            baseDN: "ou=groups,ou=rfc2307,{{ ldap_root }}"
+            scope: sub
+            derefAliases: never
+            filter: (objectclass=groupOfNames)
+        groupUIDAttribute: dn
+        groupNameAttributes: [ dn ]
+        groupMembershipAttributes: [ member ]
+        usersQuery:
+            baseDN: "ou=people,ou=rfc2307,{{ ldap_root }}"
+            scope: sub
+            derefAliases: never
+        userUIDAttribute: dn
+        userNameAttributes: [ dn ]
+out_scope:
+    kind: LDAPSyncConfig
+    apiVersion: v1
+    url: "{{ ldap_server_uri }}"
+    insecure: true
+    rfc2307:
+        groupsQuery:
+            baseDN: "ou=groups,ou=outrfc2307,{{ ldap_root }}"
+            scope: sub
+            derefAliases: never
+            filter: (objectclass=groupOfNames)
+        groupUIDAttribute: dn
+        groupNameAttributes: [ cn ]
+        groupMembershipAttributes: [ member ]
+        usersQuery:
+            baseDN: "ou=people,ou=outrfc2307,{{ ldap_root }}"
+            scope: sub
+            derefAliases: never
+        userUIDAttribute: dn
+        userNameAttributes: [ sn ]