From 3142c1c058e3f302049c6e4d5a11d50dabdc7564 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Fri, 20 Nov 2020 14:15:14 +0100
Subject: [PATCH] Supporto a bind autenticato per ldap.

---
 defaults/main.yml                    | 4 ++++
 templates/epas-docker-compose.yml.j2 | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index 39981a3..e04cc1d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -48,3 +48,7 @@ epas_ldap_base_dn: 'ou=People,dc=example,dc=org'
 epas_ldap_login_return_uri: '/.'
 epas_ldap_eppn_attribute_name: 'eduPersonPrincipalName'
 epas_ldap_starttls_enabled: 'false'
+epas_ldap_authenticated_bind: False
+epas_ldap_bind_principal: 'cn=readuser,ou=People,o=example,c=org'
+#epas_ldap_bind_credentials: 'use a vault file'
+
diff --git a/templates/epas-docker-compose.yml.j2 b/templates/epas-docker-compose.yml.j2
index d5c40a9..7a0b97a 100644
--- a/templates/epas-docker-compose.yml.j2
+++ b/templates/epas-docker-compose.yml.j2
@@ -66,6 +66,10 @@ services:
       - LDAP_DN_BASE={{ epas_ldap_base_dn }}          # DN per la ricerca degli utenti su LDAP, per esempio ou=People,dc=iit,dc=cnr,dc=it
       - LDAP_LOGIN_RETURN={{ epas_ldap_login_return_uri }} # default: /. Indirizzo relativo di reindirizzamento dopo il login LDAP.
       - LDAP_EPPN_ATTRIBUTE_NAME={{ epas_ldap_eppn_attribute_name }}  # default: eduPersonPrincipalName. Campo LDAP utilizzato per il mapping con il campo eppn presente in ePAS.
+{% if epas_ldap_authenticated_bind %}
+      - LDAP_ADMIN_PRINCIPAL={{ epas_ldap_bind_principal }}
+      - LDAP_ADMIN_CREDENTIALS={{ epas_ldap_bind_credentials }}
+{% endif %}
       #### Invio Segnalazioni via email
       #- REPORT_TO=${REPORT_TO}                 # default: epas@iit.cnr.it
       #- REPORT_FROM=${REPORT_FROM}             # default: segnalazioni@epas.tools.iit.cnr.it