Allow to pass a list of LDAP servers
Change-Id: Ie1670bb591e0c76fdf1e00cf783149324c9890ce Closes-Bug: #1624002
This commit is contained in:
parent
46bada8ee6
commit
ce21fa8ed5
|
@ -49,6 +49,9 @@ class lma_logging_analytics::kibana_authentication (
|
||||||
if empty($ldap_servers) {
|
if empty($ldap_servers) {
|
||||||
fail('ldap_servers list parameter is empty')
|
fail('ldap_servers list parameter is empty')
|
||||||
}
|
}
|
||||||
|
if ! is_array($ldap_servers) {
|
||||||
|
fail('ldap_servers list parameter must be an array')
|
||||||
|
}
|
||||||
if ! $ldap_port { fail('Missing ldap_port parameter')}
|
if ! $ldap_port { fail('Missing ldap_port parameter')}
|
||||||
if ! $ldap_protocol { fail('Missing ldap_protocol parameter')}
|
if ! $ldap_protocol { fail('Missing ldap_protocol parameter')}
|
||||||
if ! $ldap_bind_dn { fail('Missing ldap_bind_dn parameter')}
|
if ! $ldap_bind_dn { fail('Missing ldap_bind_dn parameter')}
|
||||||
|
@ -68,9 +71,8 @@ class lma_logging_analytics::kibana_authentication (
|
||||||
$apache_modules = concat($default_apache_modules, ['ldap', 'authnz_ldap'])
|
$apache_modules = concat($default_apache_modules, ['ldap', 'authnz_ldap'])
|
||||||
|
|
||||||
# LDAP url is used by apache::custom_config
|
# LDAP url is used by apache::custom_config
|
||||||
$ldap_urls = suffix($ldap_servers, ":${ldap_port}/${ldap_user_search_base_dns}?${ldap_user_attribute}?sub?${ldap_user_search_filter}")
|
$ldap_servers_url = join(suffix($ldap_servers, ":${ldap_port}"), ' ')
|
||||||
|
$ldap_url = "${ldap_servers_url}/${ldap_user_search_base_dns}?${ldap_user_attribute}?sub?${ldap_user_search_filter}"
|
||||||
$ldap_url = join($ldap_urls, ' ')
|
|
||||||
} else {
|
} else {
|
||||||
$apache_modules = $default_apache_modules
|
$apache_modules = $default_apache_modules
|
||||||
}
|
}
|
||||||
|
|
|
@ -35,6 +35,7 @@ describe 'lma_logging_analytics::kibana_authentication' do
|
||||||
should contain_file('/etc/apache2/kibana.htpasswd')
|
should contain_file('/etc/apache2/kibana.htpasswd')
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'ldap parameters' do
|
describe 'ldap parameters' do
|
||||||
let(:params) do
|
let(:params) do
|
||||||
{:listen_address => '127.0.0.1', :listen_port => 80,
|
{:listen_address => '127.0.0.1', :listen_port => 80,
|
||||||
|
@ -59,6 +60,32 @@ describe 'lma_logging_analytics::kibana_authentication' do
|
||||||
should contain_file('/etc/apache2/kibana.htpasswd')
|
should contain_file('/etc/apache2/kibana.htpasswd')
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'ldap parameters with several ldap servers' do
|
||||||
|
let(:params) do
|
||||||
|
{:listen_address => '127.0.0.1', :listen_port => 80,
|
||||||
|
:kibana_address => '127.0.0.1', :kibana_port => 5106,
|
||||||
|
:username => 'foouser', :password => 'foopass',
|
||||||
|
:ldap_enabled => true,
|
||||||
|
:ldap_protocol => 'ldap',
|
||||||
|
:ldap_port => 389,
|
||||||
|
:ldap_servers => ['ldap.foo1.fr', 'ldap.foo2.fr'],
|
||||||
|
:ldap_bind_dn => 'cn=admin,dc=example,dc=com',
|
||||||
|
:ldap_bind_password => 'foopass',
|
||||||
|
:ldap_user_search_base_dns => 'ou=groups,dc=example,dc=com',
|
||||||
|
:ldap_user_search_filter => '(&(objectClass=posixGroup)(memberUid=%s))',
|
||||||
|
:ldap_user_attribute => 'uid',
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it {
|
||||||
|
should contain_class('apache')
|
||||||
|
should contain_apache__custom_config('kibana-proxy').
|
||||||
|
with_content(/ldap:\/\/ldap.foo1.fr:389 ldap.foo2.fr:389/)
|
||||||
|
should contain_htpasswd('foouser')
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
describe 'ldap parameters are missing' do
|
describe 'ldap parameters are missing' do
|
||||||
let(:params) do
|
let(:params) do
|
||||||
{:listen_address => '127.0.0.1', :listen_port => 80,
|
{:listen_address => '127.0.0.1', :listen_port => 80,
|
||||||
|
|
Loading…
Reference in New Issue