Configuration du mode d'authentification (ajout ldap).

Ref #7421 @145m
2014-09-30 09:59:25 +02:00 · 2014-09-30 09:59:25 +02:00 · c34ef79b1a
parent 37dde54e46
commit c34ef79b1a
3 changed files with 46 additions and 4 deletions
--- a/dicos/99_one-frontend.xml
+++ b/dicos/99_one-frontend.xml
@ -3,6 +3,7 @@
    <files>
        <service type='service'>opennebula-sunstone</service>
        <file filelist='onefrontend' name='/etc/one/sunstone-server.conf' rm='True' mkdir='True'/>
+        <file filelist='onefrontend' name='/etc/one/auth/ldap_auth.conf' source='sunstone-ldap_auth.conf' rm='True' mkdir='True'/>
        <service_access service='sunstone'>
            <port port_type="SymLinkOption">port_sunstone</port>
            <port port_type="SymLinkOption">vnc_proxy_port_sunstone</port>
@ -26,9 +27,7 @@
            <variable name='langue_sunstone' type='string' description="Langue par défaut de l'interface" mode='expert'>
                <value>fr_FR</value>
            </variable>
-            <variable name='sunstone_auth' type='string' description="Mode d'authentification des utilisateurs" mode='expert'>
-                <value>sunstone</value>
-            </variable>
+            <variable name='sunstone_auth_modes' type='string' description="Modes supplémentaires d'authentification des utilisateurs" mode='expert' multi='True' />
        </family>
    </variables>

@ -36,6 +35,9 @@
        <fill name='calc_val' target='ip_sunstone'>
            <param type='eole' name='valeur'>adresse_ip_eth0</param>
        </fill>
+        <check name='valid_enum' target='sunstone_auth_modes'>
+            <param>['ldap']</param>
+        </check>
        <condition name='disabled_if_in' source='activer_onefrontend'>
            <param>non</param>
            <!--target type='filelist'>onefrontend</target-->
--- a/tmpl/sunstone-ldap_auth.conf
+++ b/tmpl/sunstone-ldap_auth.conf
@ -0,0 +1,36 @@
+%if 'ldap' in %%getVar('sunstone_auth_modes')
+server 1:
+    # Ldap user able to query, if not set connects as anonymous. For
+    # Active Directory append the domain name. Example:
+    # Administrator@my.domain.com
+    #:user: 'admin'
+    #:password: 'password'
+
+    # Ldap authentication method
+
+    # Ldap server
+    :host: %%adresse_ip_ldap
+%if %%getVar('ldap_tls', 'non') == 'oui'
+    :auth_method: :simple_tls
+    :port: 636
+%else
+    :auth_method: :simple
+    :port: 389
+%end if
+
+    # base hierarchy where to search for users and groups
+    :base: %%ldap_base_dn
+
+    # group the users need to belong to. If not set any user will do
+    #:group: 'cn=cloud,ou=groups,dc=domain'
+
+    # field that holds the user name, if not set 'cn' will be used
+    :user_field: 'uid'
+
+    # for Active Directory use this user_field instead
+    #:user_field: 'sAMAccountName'
+
+# List the order the servers are queried
+:order:
+    - server 1
+%end if
--- a/tmpl/sunstone-server.conf
+++ b/tmpl/sunstone-server.conf
@ -65,7 +65,11 @@
 #   driver defined for the user
 #
 #:auth: sunstone
-:auth: %%sunstone_auth
+%if %%getVar('sunstone_auth_modes', []) == []
+:auth: sunstone
+%else
+:auth: opennebula
+%end if

 # Authentication driver to communicate with OpenNebula core
 #   cipher, for symmetric cipher encryption of tokens