added support to sync memberships from ldap

2021-03-09 18:30:52 +01:00 · 2021-03-09 18:30:52 +01:00 · d077b94e92
commit d077b94e92
parent 2c64104b60
5 changed files with 55 additions and 16 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -19,4 +19,20 @@ mailman:
    key: "{{ lookup('password', '/dev/null length=128') }}"
  list_defaults:
    settings: {}
+    ldap:
+      member:
+        enabled: False
+        dn: ~
+        filter: ~
+        username_attr: ~
+      moderator:
+        enabled: False
+        dn: ~
+        filter: ~
+        username_attr: ~
+      owner:
+        enabled: False
+        dn: ~
+        filter: ~
+        username_attr: ~
  lists: {}
--- a/filter_plugins/filters.py
+++ b/filter_plugins/filters.py
@ -0,0 +1,15 @@
+#!/usr/bin/env python3
+
+from ansible.plugins.filter.core import combine
+
+def expand_lists_with_defaults(input_dict, defaults):
+	output_dict = {}
+	for i in input_dict.keys():
+		output_dict[i] = combine({'name': i}, defaults, input_dict[i], recursive=True)
+	return output_dict
+
+class FilterModule(object):
+	def filters(self):
+		return {
+				'expand_dict_keys_with_defaults': expand_lists_with_defaults
+			}
--- a/tasks/list.yml
+++ b/tasks/list.yml
@ -1,10 +0,0 @@
- set_fact:
-    current_list: "{{ {}|combine(mailman.list_defaults, {'name': listname}, mailman.lists[listname], recursive=True) }}"
-
- name: "setup mailing list ( {{ current_list.name }} )"
-  mailman_list:
-    api_url: "http://{{ mailman.api.hostname }}:{{ mailman.api.port }}/{{ mailman.api.version }}"
-    api_user: "{{ mailman.api.admin.name }}"
-    api_password: "{{ mailman.api.admin.pw }}"
-    name: "{{ current_list.name }}"
-    settings: "{{ current_list.settings }}"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -12,9 +12,12 @@

 - name: install mailman addons via pip
  notify: restart mailman
+  loop:
+    - git+https://git.cccv.de/infra/uffd/django-auth-ldap-remoteuser.git
+    - git+https://git.cccv.de/infra/uffd/postorius-ldap-membership-management.git
  pip:
    executable: pip3
-    name: git+https://git.cccv.de/infra/uffd/django-auth-ldap-remoteuser.git
+    name: "{{ item }}" 

 - name: add ldap sync job
  when: mailman.web.ldap.sync|d(False)
@ -54,8 +57,14 @@
 - name: flush handlers to get mailman ready
  meta: flush_handlers

- name: setup mailing lists
-  include_tasks: list.yml
-  loop: "{{ mailman.lists.keys()|list }}"
+- name: "setup mailing list ( {{ current_list.key }} )"
+  notify: restart mailman-web
+  loop: "{{ mailman.lists|expand_dict_keys_with_defaults(mailman.list_defaults)|dict2items }}"
  loop_control:
-    loop_var: listname
+    loop_var: current_list
+  mailman_list:
+    api_url: "http://{{ mailman.api.hostname }}:{{ mailman.api.port }}/{{ mailman.api.version }}"
+    api_user: "{{ mailman.api.admin.name }}"
+    api_password: "{{ mailman.api.admin.pw }}"
+    name: "{{ current_list.value.name }}"
+    settings: "{{ current_list.value.settings }}"
--- a/templates/mailman-web.py.j2
+++ b/templates/mailman-web.py.j2
@ -69,6 +69,9 @@ INSTALLED_APPS = (
 {% if mailman.web.remote_user and mailman.web.ldap %}
    'django_auth_ldap_remoteuser',
 {% endif %}
+{% if mailman.web.ldap %}
+    'postorius_ldap_membership_management',
+{% endif %}
 )

 AUTHENTICATION_BACKENDS = (
@ -223,7 +226,7 @@ AUTH_LDAP_CONNECTION_OPTIONS = {{ mailman.web.ldap.options|d('{}') }}
 AUTH_LDAP_USER_DN_TEMPLATE = "{{ mailman.web.ldap.user_filter|d('') }}"
 AUTH_LDAP_USER_SEARCH = {{ mailman.web.ldap.user_search|d('None') }}
 AUTH_LDAP_USER_SEARCH_ALL_NAME = {{ mailman.web.ldap.user_search_all_name|d('None') }}
-AUTH_LDAP_USER_ATTR_MAP = {"first_name": "givenName", "last_name": "sn", "email": "mail"}
+AUTH_LDAP_USER_ATTR_MAP = {"first_name": "cn", "email": "mail"}

 AUTH_LDAP_GROUP_SEARCH = {{ mailman.web.ldap.group_search|d('') }}
 AUTH_LDAP_GROUP_TYPE = {{ mailman.web.ldap.group_type|d('') }}
@ -236,8 +239,14 @@ AUTH_LDAP_FIND_GROUP_PERMS = True
 AUTH_LDAP_REQUIRE_GROUP = "{{ mailman.web.ldap.group_require|d('') }}"
 AUTH_LDAP_DENY_GROUP = "{{ mailman.web.ldap.group_require|d('') }}"
 AUTH_LDAP_USER_FLAGS_BY_GROUP = {{ mailman.web.ldap.mappings|d({})|to_json }}
+
+null = None
+true = True
+false = False
+LDAP_MEMBERSHIP_SYNC = {{ mailman.lists|expand_dict_keys_with_defaults(mailman.list_defaults)|to_json }}
 {% endif %}

 SESSION_EXPIRE_SECONDS = {{ mailman.web.session_timeout }}
 HYPERKITTY_ENABLE_GRAVATAR = False
 HYPERKITTY_ALLOW_WEB_POSTING = False
+