Intégration hydra-ldap-v1

defaults/main.yml

@@ -12,6 +12,7 @@ cadoles_pod_shibboleth_sp_v3_package_version: '*'
 cadoles_pod_hydra_remote_user_v1_package_version: '*'
 cadoles_pod_hydra_passwordless_v1_package_version: '*'
 cadoles_pod_hydra_oidc_v1_package_version: '*'
+cadoles_pod_hydra_ldap_v1_package_version: '*'
 
 # Hydra database configuration
 hydra_use_external_database: no
@@ -30,6 +31,7 @@ haproxy_hydra_dispatcher_base_path: /auth/dispatcher
 haproxy_hydra_passwordless_base_path: /auth/passwordless
 haproxy_hydra_saml_base_path: /auth/saml
 haproxy_hydra_oidc_base_path: /auth/oidc
+haproxy_hydra_ldap_base_path: /auth/ldap
 haproxy_oidc_test_base_path: /auth/test
 
 haproxy_forwarded_proto: https
@@ -178,4 +180,27 @@ hydra_oidc_attributes_rewrite_rules:
   birthplace:
     - consent.session.id_token.birthplace
   birthcountry:
-    - consent.session.id_token.birthcountry
+    - consent.session.id_token.birthcountry
+
+# Hydra LDAP configuration
+
+enable_hydra_ldap: no
+hydra_ldap_app_title: LDAP
+hydra_ldap_app_description: Authentification via LDAP
+hydra_ldap_app_icon_url:
+hydra_ldap_dev_mode: false
+hydra_ldap_attributes_rewrite_rules:
+  email:
+    - consent.session.id_token.email
+hydra_ldap_endpoints: []
+hydra_ldap_bind_dn:
+hydra_ldap_bind_password:
+hydra_ldap_base_dn:
+hydra_ldap_user_search_query: "(&(objectClass=inetOrgPerson)(|(uid=%[1]s)(mail=%[1]s)))"
+hydra_ldap_role_search_query: "(&(memberUid=%[1]s)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=posixGroup)))"
+hydra_ldap_attr_claims: "sn:family_name,givenName:given_name,mail:email"
+hydra_ldap_role_base_dn:
+hydra_ldap_role_attr: cn
+hydra_ldap_use_tls: false
+hydra_ldap_role_claim: roles
+hydra_ldap_claim_scopes: "name:profile,family_name:profile,given_name:profile,email:email,roles:roles"