LDAP authentication is handled by master daemon
* dicos/29_one-master.xml: new template to manage * tmpl/ldap_auth.conf: import from eole-one-frontend Ref: #21703
This commit is contained in:
parent
05d37c6569
commit
daf0700d15
@ -5,6 +5,8 @@
|
||||
<file filelist='onesinglenode' name='/etc/one/vmm_exec/vmm_exec_kvm.conf' rm='True' mkdir='True'/>
|
||||
<file filelist='onesinglenode' name='/etc/one/oned.conf' rm='True'/>
|
||||
<file filelist='onesinglenode' name='/var/lib/one/remotes/vnm/OpenNebulaNetwork.conf' rm='True' mkdir='True'/>
|
||||
<file filelist='onesinglenode' name='/etc/one/auth/ldap_auth.conf'/>
|
||||
|
||||
<service>opennebula</service>
|
||||
|
||||
<service_access service='one-ssh'>
|
||||
|
72
tmpl/ldap_auth.conf
Normal file
72
tmpl/ldap_auth.conf
Normal file
@ -0,0 +1,72 @@
|
||||
# ---------------------------------------------------------------------------- #
|
||||
# Copyright 2002-2017, OpenNebula Project, OpenNebula Systems #
|
||||
# #
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
|
||||
# not use this file except in compliance with the License. You may obtain #
|
||||
# a copy of the License at #
|
||||
# #
|
||||
# http://www.apache.org/licenses/LICENSE-2.0 #
|
||||
# #
|
||||
# Unless required by applicable law or agreed to in writing, software #
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, #
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
|
||||
# See the License for the specific language governing permissions and #
|
||||
# limitations under the License. #
|
||||
# ---------------------------------------------------------------------------- #
|
||||
|
||||
server 1:
|
||||
# Ldap user able to query, if not set connects as anonymous. For
|
||||
# Active Directory append the domain name. Example:
|
||||
# Administrator@my.domain.com
|
||||
#:user: 'admin'
|
||||
#:password: 'password'
|
||||
|
||||
# Ldap authentication method
|
||||
:auth_method: :simple
|
||||
|
||||
# Ldap server
|
||||
:host: %%adresse_ip_ldap
|
||||
:port: %%ldap_port
|
||||
%if %%getVar('ldap_tls', 'non') == 'oui'
|
||||
|
||||
# Uncomment this line for tls conections
|
||||
:encryption: :simple_tls
|
||||
%end if
|
||||
|
||||
# base hierarchy where to search for users and groups
|
||||
:base: %%ldap_base_dn
|
||||
|
||||
# group the users need to belong to. If not set any user will do
|
||||
#:group: 'cn=cloud,ou=groups,dc=domain'
|
||||
|
||||
# field that holds the user name, if not set 'cn' will be used
|
||||
:user_field: 'uid'
|
||||
|
||||
# for Active Directory use this user_field instead
|
||||
#:user_field: 'sAMAccountName'
|
||||
|
||||
# field name for group membership, by default it is 'member'
|
||||
#:group_field: 'member'
|
||||
|
||||
# user field that that is in in the group group_field, if not set 'dn' will be used
|
||||
#:user_group_field: 'dn'
|
||||
|
||||
# Generate mapping file from group template info
|
||||
:mapping_generate: true
|
||||
|
||||
# Seconds a mapping file remain untouched until the next regeneration
|
||||
:mapping_timeout: 300
|
||||
|
||||
# Name of the mapping file in OpenNebula var diretory
|
||||
:mapping_filename: server1.yaml
|
||||
|
||||
# Key from the OpenNebula template to map to an AD group
|
||||
:mapping_key: GROUP_DN
|
||||
|
||||
# Default group ID used for users in an AD group not mapped
|
||||
:mapping_default: 1
|
||||
|
||||
# List the order the servers are queried
|
||||
:order:
|
||||
- server 1
|
||||
%end if
|
Loading…
Reference in New Issue
Block a user