LDAP authentication is handled by master daemon
* dicos/29_one-master.xml: new template to manage * tmpl/ldap_auth.conf: import from eole-one-frontend Ref: #21703
This commit is contained in:
parent
05d37c6569
commit
daf0700d15
|
@ -5,6 +5,8 @@
|
||||||
<file filelist='onesinglenode' name='/etc/one/vmm_exec/vmm_exec_kvm.conf' rm='True' mkdir='True'/>
|
<file filelist='onesinglenode' name='/etc/one/vmm_exec/vmm_exec_kvm.conf' rm='True' mkdir='True'/>
|
||||||
<file filelist='onesinglenode' name='/etc/one/oned.conf' rm='True'/>
|
<file filelist='onesinglenode' name='/etc/one/oned.conf' rm='True'/>
|
||||||
<file filelist='onesinglenode' name='/var/lib/one/remotes/vnm/OpenNebulaNetwork.conf' rm='True' mkdir='True'/>
|
<file filelist='onesinglenode' name='/var/lib/one/remotes/vnm/OpenNebulaNetwork.conf' rm='True' mkdir='True'/>
|
||||||
|
<file filelist='onesinglenode' name='/etc/one/auth/ldap_auth.conf'/>
|
||||||
|
|
||||||
<service>opennebula</service>
|
<service>opennebula</service>
|
||||||
|
|
||||||
<service_access service='one-ssh'>
|
<service_access service='one-ssh'>
|
||||||
|
|
|
@ -0,0 +1,72 @@
|
||||||
|
# ---------------------------------------------------------------------------- #
|
||||||
|
# Copyright 2002-2017, OpenNebula Project, OpenNebula Systems #
|
||||||
|
# #
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
|
||||||
|
# not use this file except in compliance with the License. You may obtain #
|
||||||
|
# a copy of the License at #
|
||||||
|
# #
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0 #
|
||||||
|
# #
|
||||||
|
# Unless required by applicable law or agreed to in writing, software #
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, #
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
|
||||||
|
# See the License for the specific language governing permissions and #
|
||||||
|
# limitations under the License. #
|
||||||
|
# ---------------------------------------------------------------------------- #
|
||||||
|
|
||||||
|
server 1:
|
||||||
|
# Ldap user able to query, if not set connects as anonymous. For
|
||||||
|
# Active Directory append the domain name. Example:
|
||||||
|
# Administrator@my.domain.com
|
||||||
|
#:user: 'admin'
|
||||||
|
#:password: 'password'
|
||||||
|
|
||||||
|
# Ldap authentication method
|
||||||
|
:auth_method: :simple
|
||||||
|
|
||||||
|
# Ldap server
|
||||||
|
:host: %%adresse_ip_ldap
|
||||||
|
:port: %%ldap_port
|
||||||
|
%if %%getVar('ldap_tls', 'non') == 'oui'
|
||||||
|
|
||||||
|
# Uncomment this line for tls conections
|
||||||
|
:encryption: :simple_tls
|
||||||
|
%end if
|
||||||
|
|
||||||
|
# base hierarchy where to search for users and groups
|
||||||
|
:base: %%ldap_base_dn
|
||||||
|
|
||||||
|
# group the users need to belong to. If not set any user will do
|
||||||
|
#:group: 'cn=cloud,ou=groups,dc=domain'
|
||||||
|
|
||||||
|
# field that holds the user name, if not set 'cn' will be used
|
||||||
|
:user_field: 'uid'
|
||||||
|
|
||||||
|
# for Active Directory use this user_field instead
|
||||||
|
#:user_field: 'sAMAccountName'
|
||||||
|
|
||||||
|
# field name for group membership, by default it is 'member'
|
||||||
|
#:group_field: 'member'
|
||||||
|
|
||||||
|
# user field that that is in in the group group_field, if not set 'dn' will be used
|
||||||
|
#:user_group_field: 'dn'
|
||||||
|
|
||||||
|
# Generate mapping file from group template info
|
||||||
|
:mapping_generate: true
|
||||||
|
|
||||||
|
# Seconds a mapping file remain untouched until the next regeneration
|
||||||
|
:mapping_timeout: 300
|
||||||
|
|
||||||
|
# Name of the mapping file in OpenNebula var diretory
|
||||||
|
:mapping_filename: server1.yaml
|
||||||
|
|
||||||
|
# Key from the OpenNebula template to map to an AD group
|
||||||
|
:mapping_key: GROUP_DN
|
||||||
|
|
||||||
|
# Default group ID used for users in an AD group not mapped
|
||||||
|
:mapping_default: 1
|
||||||
|
|
||||||
|
# List the order the servers are queried
|
||||||
|
:order:
|
||||||
|
- server 1
|
||||||
|
%end if
|
Loading…
Reference in New Issue