Merge "Add support for LDAP groups"
This commit is contained in:
commit
cc2d02840e
|
@ -29,6 +29,18 @@ class plugin_ldap::controller {
|
||||||
$user_allow_update = false
|
$user_allow_update = false
|
||||||
$user_allow_delete = false
|
$user_allow_delete = false
|
||||||
|
|
||||||
|
$group_tree_dn = $::fuel_settings['ldap']['group_tree_dn']
|
||||||
|
$group_filter = $::fuel_settings['ldap']['group_filter']
|
||||||
|
$group_objectclass = $::fuel_settings['ldap']['group_objectclass']
|
||||||
|
$group_id_attribute = $::fuel_settings['ldap']['group_id_attribute']
|
||||||
|
$group_name_attribute = $::fuel_settings['ldap']['group_name_attribute']
|
||||||
|
$group_member_attribute = $::fuel_settings['ldap']['group_member_attribute']
|
||||||
|
$group_desc_attribute = $::fuel_settings['ldap']['group_desc_attribute']
|
||||||
|
|
||||||
|
$group_allow_create = false
|
||||||
|
$group_allow_update = false
|
||||||
|
$group_allow_delete = false
|
||||||
|
|
||||||
$domain = $::fuel_settings['ldap']['domain']
|
$domain = $::fuel_settings['ldap']['domain']
|
||||||
|
|
||||||
file { '/etc/keystone/domains':
|
file { '/etc/keystone/domains':
|
||||||
|
@ -65,6 +77,16 @@ class plugin_ldap::controller {
|
||||||
"${domain}/ldap/user_allow_create": value => $user_allow_create;
|
"${domain}/ldap/user_allow_create": value => $user_allow_create;
|
||||||
"${domain}/ldap/user_allow_update": value => $user_allow_update;
|
"${domain}/ldap/user_allow_update": value => $user_allow_update;
|
||||||
"${domain}/ldap/user_allow_delete": value => $user_allow_delete;
|
"${domain}/ldap/user_allow_delete": value => $user_allow_delete;
|
||||||
|
"${domain}/ldap/group_tree_dn": value => $group_tree_dn;
|
||||||
|
"${domain}/ldap/group_filter": value => $group_filter;
|
||||||
|
"${domain}/ldap/group_objectclass": value => $group_objectclass;
|
||||||
|
"${domain}/ldap/group_id_attribute": value => $group_id_attribute;
|
||||||
|
"${domain}/ldap/group_name_attribute": value => $group_name_attribute;
|
||||||
|
"${domain}/ldap/group_member_attribute": value => $group_member_attribute;
|
||||||
|
"${domain}/ldap/group_desc_attribute": value => $group_desc_attribute;
|
||||||
|
"${domain}/ldap/group_allow_create": value => $group_allow_create;
|
||||||
|
"${domain}/ldap/group_allow_update": value => $group_allow_update;
|
||||||
|
"${domain}/ldap/group_allow_delete": value => $group_allow_delete;
|
||||||
} ~>
|
} ~>
|
||||||
service { 'httpd':
|
service { 'httpd':
|
||||||
name => "$apache::params::service_name",
|
name => "$apache::params::service_name",
|
||||||
|
|
|
@ -86,3 +86,45 @@ attributes:
|
||||||
description: 'LDAP attribute mapped to enabled/disabled.'
|
description: 'LDAP attribute mapped to enabled/disabled.'
|
||||||
weight: 66
|
weight: 66
|
||||||
type: "text"
|
type: "text"
|
||||||
|
group_tree_dn:
|
||||||
|
value: 'ou=Groups,dc=example,dc=com'
|
||||||
|
label: 'Groups Tree DN'
|
||||||
|
description: 'Search base for groups.'
|
||||||
|
weight: 75
|
||||||
|
type: "text"
|
||||||
|
group_filter:
|
||||||
|
value: ''
|
||||||
|
label: 'Group Filter'
|
||||||
|
description: 'LDAP search filter for groups.'
|
||||||
|
weight: 80
|
||||||
|
type: "text"
|
||||||
|
group_objectclass:
|
||||||
|
value: 'groupOfNames'
|
||||||
|
label: 'Group Object Class'
|
||||||
|
description: 'LDAP objectclass for groups.'
|
||||||
|
weight: 85
|
||||||
|
type: "text"
|
||||||
|
group_id_attribute:
|
||||||
|
value: 'cn'
|
||||||
|
label: 'Group ID Attribute'
|
||||||
|
description: 'LDAP attribute mapped to group id.'
|
||||||
|
weight: 90
|
||||||
|
type: "text"
|
||||||
|
group_name_attribute:
|
||||||
|
value: 'ou'
|
||||||
|
label: 'Group Name Attribute'
|
||||||
|
description: 'LDAP attribute mapped to group name.'
|
||||||
|
weight: 95
|
||||||
|
type: "text"
|
||||||
|
group_member_attribute:
|
||||||
|
value: 'member'
|
||||||
|
label: 'Group Member Attribute'
|
||||||
|
description: 'LDAP attribute that maps user to group.'
|
||||||
|
weight: 100
|
||||||
|
type: "text"
|
||||||
|
group_desc_attribute:
|
||||||
|
value: 'description'
|
||||||
|
label: 'Group description Attribute'
|
||||||
|
description: 'LDAP attribute mapped to description.'
|
||||||
|
weight: 105
|
||||||
|
type: "text"
|
||||||
|
|
Loading…
Reference in New Issue