From c34ef79b1a2d01ca39def167cef8fde2368b81cd Mon Sep 17 00:00:00 2001 From: Benjamin Bohard Date: Tue, 30 Sep 2014 09:59:25 +0200 Subject: [PATCH] Configuration du mode d'authentification (ajout ldap). Ref #7421 @145m --- dicos/99_one-frontend.xml | 8 +++++--- tmpl/sunstone-ldap_auth.conf | 36 ++++++++++++++++++++++++++++++++++++ tmpl/sunstone-server.conf | 6 +++++- 3 files changed, 46 insertions(+), 4 deletions(-) create mode 100644 tmpl/sunstone-ldap_auth.conf diff --git a/dicos/99_one-frontend.xml b/dicos/99_one-frontend.xml index ce6cdbf..afd5021 100644 --- a/dicos/99_one-frontend.xml +++ b/dicos/99_one-frontend.xml @@ -3,6 +3,7 @@ opennebula-sunstone + port_sunstone vnc_proxy_port_sunstone @@ -26,9 +27,7 @@ fr_FR - - sunstone - + @@ -36,6 +35,9 @@ adresse_ip_eth0 + + ['ldap'] + non diff --git a/tmpl/sunstone-ldap_auth.conf b/tmpl/sunstone-ldap_auth.conf new file mode 100644 index 0000000..9929e54 --- /dev/null +++ b/tmpl/sunstone-ldap_auth.conf @@ -0,0 +1,36 @@ +%if 'ldap' in %%getVar('sunstone_auth_modes') +server 1: + # Ldap user able to query, if not set connects as anonymous. For + # Active Directory append the domain name. Example: + # Administrator@my.domain.com + #:user: 'admin' + #:password: 'password' + + # Ldap authentication method + + # Ldap server + :host: %%adresse_ip_ldap +%if %%getVar('ldap_tls', 'non') == 'oui' + :auth_method: :simple_tls + :port: 636 +%else + :auth_method: :simple + :port: 389 +%end if + + # base hierarchy where to search for users and groups + :base: %%ldap_base_dn + + # group the users need to belong to. If not set any user will do + #:group: 'cn=cloud,ou=groups,dc=domain' + + # field that holds the user name, if not set 'cn' will be used + :user_field: 'uid' + + # for Active Directory use this user_field instead + #:user_field: 'sAMAccountName' + +# List the order the servers are queried +:order: + - server 1 +%end if diff --git a/tmpl/sunstone-server.conf b/tmpl/sunstone-server.conf index d3022bc..cb2627e 100644 --- a/tmpl/sunstone-server.conf +++ b/tmpl/sunstone-server.conf @@ -65,7 +65,11 @@ # driver defined for the user # #:auth: sunstone -:auth: %%sunstone_auth +%if %%getVar('sunstone_auth_modes', []) == [] +:auth: sunstone +%else +:auth: opennebula +%end if # Authentication driver to communicate with OpenNebula core # cipher, for symmetric cipher encryption of tokens