Browse Source

Merge "Add support for LDAP groups"

Jenkins 3 years ago
parent
commit
cc2d02840e

+ 22
- 0
deployment_scripts/puppet/modules/plugin_ldap/manifests/controller.pp View File

@@ -29,6 +29,18 @@ class plugin_ldap::controller {
29 29
   $user_allow_update      = false
30 30
   $user_allow_delete      = false
31 31
 
32
+  $group_tree_dn          = $::fuel_settings['ldap']['group_tree_dn']
33
+  $group_filter           = $::fuel_settings['ldap']['group_filter']
34
+  $group_objectclass      = $::fuel_settings['ldap']['group_objectclass']
35
+  $group_id_attribute     = $::fuel_settings['ldap']['group_id_attribute']
36
+  $group_name_attribute   = $::fuel_settings['ldap']['group_name_attribute']
37
+  $group_member_attribute = $::fuel_settings['ldap']['group_member_attribute']
38
+  $group_desc_attribute   = $::fuel_settings['ldap']['group_desc_attribute']
39
+
40
+  $group_allow_create     = false
41
+  $group_allow_update     = false
42
+  $group_allow_delete     = false
43
+
32 44
   $domain                 = $::fuel_settings['ldap']['domain']
33 45
 
34 46
   file { '/etc/keystone/domains':
@@ -65,6 +77,16 @@ class plugin_ldap::controller {
65 77
     "${domain}/ldap/user_allow_create":      value => $user_allow_create;
66 78
     "${domain}/ldap/user_allow_update":      value => $user_allow_update;
67 79
     "${domain}/ldap/user_allow_delete":      value => $user_allow_delete;
80
+    "${domain}/ldap/group_tree_dn":          value => $group_tree_dn;
81
+    "${domain}/ldap/group_filter":           value => $group_filter;
82
+    "${domain}/ldap/group_objectclass":      value => $group_objectclass;
83
+    "${domain}/ldap/group_id_attribute":     value => $group_id_attribute;
84
+    "${domain}/ldap/group_name_attribute":   value => $group_name_attribute;
85
+    "${domain}/ldap/group_member_attribute": value => $group_member_attribute;
86
+    "${domain}/ldap/group_desc_attribute":   value => $group_desc_attribute;
87
+    "${domain}/ldap/group_allow_create":     value => $group_allow_create;
88
+    "${domain}/ldap/group_allow_update":     value => $group_allow_update;
89
+    "${domain}/ldap/group_allow_delete":     value => $group_allow_delete;
68 90
   } ~>
69 91
   service { 'httpd':
70 92
     name     => "$apache::params::service_name",

+ 42
- 0
environment_config.yaml View File

@@ -86,3 +86,45 @@ attributes:
86 86
     description: 'LDAP attribute mapped to enabled/disabled.'
87 87
     weight: 66
88 88
     type: "text"
89
+  group_tree_dn:
90
+    value: 'ou=Groups,dc=example,dc=com'
91
+    label: 'Groups Tree DN'
92
+    description: 'Search base for groups.'
93
+    weight: 75
94
+    type: "text"
95
+  group_filter:
96
+    value: ''
97
+    label: 'Group Filter'
98
+    description: 'LDAP search filter for groups.'
99
+    weight: 80
100
+    type: "text"
101
+  group_objectclass:
102
+    value: 'groupOfNames'
103
+    label: 'Group Object Class'
104
+    description: 'LDAP objectclass for groups.'
105
+    weight: 85
106
+    type: "text"
107
+  group_id_attribute:
108
+    value: 'cn'
109
+    label: 'Group ID Attribute'
110
+    description: 'LDAP attribute mapped to group id.'
111
+    weight: 90
112
+    type: "text"
113
+  group_name_attribute:
114
+    value: 'ou'
115
+    label: 'Group Name Attribute'
116
+    description: 'LDAP attribute mapped to group name.'
117
+    weight: 95
118
+    type: "text"
119
+  group_member_attribute:
120
+    value: 'member'
121
+    label: 'Group Member Attribute'
122
+    description: 'LDAP attribute that maps user to group.'
123
+    weight: 100
124
+    type: "text"
125
+  group_desc_attribute:
126
+    value: 'description'
127
+    label: 'Group description Attribute'
128
+    description: 'LDAP attribute mapped to description.'
129
+    weight: 105
130
+    type: "text"

Loading…
Cancel
Save