eole-one-master/tmpl/ldap_auth.conf

74 lines
2.8 KiB
Plaintext

# ---------------------------------------------------------------------------- #
# Copyright 2002-2017, OpenNebula Project, OpenNebula Systems #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
# ---------------------------------------------------------------------------- #
%if %%getVar('sunstone_auth_modes', None) == 'ldap'
server 1:
# Ldap user able to query, if not set connects as anonymous. For
# Active Directory append the domain name. Example:
# Administrator@my.domain.com
#:user: 'admin'
#:password: 'password'
# Ldap authentication method
:auth_method: :simple
# Ldap server
:host: %%adresse_ip_ldap
:port: %%ldap_port
%if %%getVar('ldap_tls', 'non') == 'oui'
# Uncomment this line for tls conections
:encryption: :simple_tls
%end if
# base hierarchy where to search for users and groups
:base: %%ldap_base_dn
# group the users need to belong to. If not set any user will do
#:group: 'cn=cloud,ou=groups,dc=domain'
# field that holds the user name, if not set 'cn' will be used
:user_field: 'uid'
# for Active Directory use this user_field instead
#:user_field: 'sAMAccountName'
# field name for group membership, by default it is 'member'
#:group_field: 'member'
# user field that that is in in the group group_field, if not set 'dn' will be used
#:user_group_field: 'dn'
# Generate mapping file from group template info
:mapping_generate: true
# Seconds a mapping file remain untouched until the next regeneration
:mapping_timeout: 300
# Name of the mapping file in OpenNebula var diretory
:mapping_filename: server1.yaml
# Key from the OpenNebula template to map to an AD group
:mapping_key: GROUP_DN
# Default group ID used for users in an AD group not mapped
:mapping_default: 1
# List the order the servers are queried
:order:
- server 1
%end if