Allow to pass a list of LDAP servers
Change-Id: Ie1670bb591e0c76fdf1e00cf783149324c9890ce Closes-Bug: #1624002
This commit is contained in:
parent
46bada8ee6
commit
ce21fa8ed5
|
@ -49,6 +49,9 @@ class lma_logging_analytics::kibana_authentication (
|
|||
if empty($ldap_servers) {
|
||||
fail('ldap_servers list parameter is empty')
|
||||
}
|
||||
if ! is_array($ldap_servers) {
|
||||
fail('ldap_servers list parameter must be an array')
|
||||
}
|
||||
if ! $ldap_port { fail('Missing ldap_port parameter')}
|
||||
if ! $ldap_protocol { fail('Missing ldap_protocol parameter')}
|
||||
if ! $ldap_bind_dn { fail('Missing ldap_bind_dn parameter')}
|
||||
|
@ -68,9 +71,8 @@ class lma_logging_analytics::kibana_authentication (
|
|||
$apache_modules = concat($default_apache_modules, ['ldap', 'authnz_ldap'])
|
||||
|
||||
# LDAP url is used by apache::custom_config
|
||||
$ldap_urls = suffix($ldap_servers, ":${ldap_port}/${ldap_user_search_base_dns}?${ldap_user_attribute}?sub?${ldap_user_search_filter}")
|
||||
|
||||
$ldap_url = join($ldap_urls, ' ')
|
||||
$ldap_servers_url = join(suffix($ldap_servers, ":${ldap_port}"), ' ')
|
||||
$ldap_url = "${ldap_servers_url}/${ldap_user_search_base_dns}?${ldap_user_attribute}?sub?${ldap_user_search_filter}"
|
||||
} else {
|
||||
$apache_modules = $default_apache_modules
|
||||
}
|
||||
|
|
|
@ -35,6 +35,7 @@ describe 'lma_logging_analytics::kibana_authentication' do
|
|||
should contain_file('/etc/apache2/kibana.htpasswd')
|
||||
}
|
||||
end
|
||||
|
||||
describe 'ldap parameters' do
|
||||
let(:params) do
|
||||
{:listen_address => '127.0.0.1', :listen_port => 80,
|
||||
|
@ -59,6 +60,32 @@ describe 'lma_logging_analytics::kibana_authentication' do
|
|||
should contain_file('/etc/apache2/kibana.htpasswd')
|
||||
}
|
||||
end
|
||||
|
||||
describe 'ldap parameters with several ldap servers' do
|
||||
let(:params) do
|
||||
{:listen_address => '127.0.0.1', :listen_port => 80,
|
||||
:kibana_address => '127.0.0.1', :kibana_port => 5106,
|
||||
:username => 'foouser', :password => 'foopass',
|
||||
:ldap_enabled => true,
|
||||
:ldap_protocol => 'ldap',
|
||||
:ldap_port => 389,
|
||||
:ldap_servers => ['ldap.foo1.fr', 'ldap.foo2.fr'],
|
||||
:ldap_bind_dn => 'cn=admin,dc=example,dc=com',
|
||||
:ldap_bind_password => 'foopass',
|
||||
:ldap_user_search_base_dns => 'ou=groups,dc=example,dc=com',
|
||||
:ldap_user_search_filter => '(&(objectClass=posixGroup)(memberUid=%s))',
|
||||
:ldap_user_attribute => 'uid',
|
||||
}
|
||||
end
|
||||
|
||||
it {
|
||||
should contain_class('apache')
|
||||
should contain_apache__custom_config('kibana-proxy').
|
||||
with_content(/ldap:\/\/ldap.foo1.fr:389 ldap.foo2.fr:389/)
|
||||
should contain_htpasswd('foouser')
|
||||
}
|
||||
end
|
||||
|
||||
describe 'ldap parameters are missing' do
|
||||
let(:params) do
|
||||
{:listen_address => '127.0.0.1', :listen_port => 80,
|
||||
|
|
Loading…
Reference in New Issue