Configuration du mode d'authentification (ajout ldap).

Ref #7421 @145m
This commit is contained in:
Benjamin Bohard 2014-09-30 09:59:25 +02:00
parent 37dde54e46
commit c34ef79b1a
3 changed files with 46 additions and 4 deletions

View File

@ -3,6 +3,7 @@
<files>
<service type='service'>opennebula-sunstone</service>
<file filelist='onefrontend' name='/etc/one/sunstone-server.conf' rm='True' mkdir='True'/>
<file filelist='onefrontend' name='/etc/one/auth/ldap_auth.conf' source='sunstone-ldap_auth.conf' rm='True' mkdir='True'/>
<service_access service='sunstone'>
<port port_type="SymLinkOption">port_sunstone</port>
<port port_type="SymLinkOption">vnc_proxy_port_sunstone</port>
@ -26,9 +27,7 @@
<variable name='langue_sunstone' type='string' description="Langue par défaut de l'interface" mode='expert'>
<value>fr_FR</value>
</variable>
<variable name='sunstone_auth' type='string' description="Mode d'authentification des utilisateurs" mode='expert'>
<value>sunstone</value>
</variable>
<variable name='sunstone_auth_modes' type='string' description="Modes supplémentaires d'authentification des utilisateurs" mode='expert' multi='True' />
</family>
</variables>
@ -36,6 +35,9 @@
<fill name='calc_val' target='ip_sunstone'>
<param type='eole' name='valeur'>adresse_ip_eth0</param>
</fill>
<check name='valid_enum' target='sunstone_auth_modes'>
<param>['ldap']</param>
</check>
<condition name='disabled_if_in' source='activer_onefrontend'>
<param>non</param>
<!--target type='filelist'>onefrontend</target-->

View File

@ -0,0 +1,36 @@
%if 'ldap' in %%getVar('sunstone_auth_modes')
server 1:
# Ldap user able to query, if not set connects as anonymous. For
# Active Directory append the domain name. Example:
# Administrator@my.domain.com
#:user: 'admin'
#:password: 'password'
# Ldap authentication method
# Ldap server
:host: %%adresse_ip_ldap
%if %%getVar('ldap_tls', 'non') == 'oui'
:auth_method: :simple_tls
:port: 636
%else
:auth_method: :simple
:port: 389
%end if
# base hierarchy where to search for users and groups
:base: %%ldap_base_dn
# group the users need to belong to. If not set any user will do
#:group: 'cn=cloud,ou=groups,dc=domain'
# field that holds the user name, if not set 'cn' will be used
:user_field: 'uid'
# for Active Directory use this user_field instead
#:user_field: 'sAMAccountName'
# List the order the servers are queried
:order:
- server 1
%end if

View File

@ -65,7 +65,11 @@
# driver defined for the user
#
#:auth: sunstone
:auth: %%sunstone_auth
%if %%getVar('sunstone_auth_modes', []) == []
:auth: sunstone
%else
:auth: opennebula
%end if
# Authentication driver to communicate with OpenNebula core
# cipher, for symmetric cipher encryption of tokens