Configurable login method, list of admins or search
This commit is contained in:
parent
2c98e83332
commit
03f691d38d
|
|
@ -29,6 +29,13 @@ Examples:
|
|||
password => "1234",
|
||||
password_salt => "5678",
|
||||
tree_suffix => "dc=wikimedia,dc=de",
|
||||
admins => [
|
||||
"cn=admin,dc=wikimedia,dc=de",
|
||||
],
|
||||
login_search_dn=>"cn=admin,dc=wikimedia,dc=de",
|
||||
login_search_suffix=>"dc=wikimedia,dc=de",
|
||||
login_search_password=>"123",
|
||||
login_method=>"search" # or "listi or search allowed"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -100,6 +100,10 @@ class wmdeit_ldap::lam(
|
|||
generate("/bin/sh","-c", "echo -n $password_salt | openssl base64")
|
||||
, '\n', "\n "))
|
||||
|
||||
$base64pw = base64( 'encode',"LAM_OBFUSCATE:${conf['login_search_password']}")
|
||||
$spw = strip (regsubst(
|
||||
generate("/bin/sh","-c", "echo -n '$base64pw' | /usr/bin/rot13")
|
||||
, '\n', "\n "))
|
||||
|
||||
wmdeit_ldap::lam::config {$name:
|
||||
encoded_password => $encoded_password,
|
||||
|
|
@ -107,6 +111,22 @@ class wmdeit_ldap::lam(
|
|||
suffix_user => $conf['suffix_user'],
|
||||
suffix_group => $conf['suffix_group'],
|
||||
tree_suffix => $conf['tree_suffix'],
|
||||
admins => $conf['admins'],
|
||||
login_method => $conf['login_method'] ? {undef => "list", default => $conf['login_method']},
|
||||
login_search_suffix => $conf['login_search_suffix'],
|
||||
login_search_dn => $conf['login_search_dn'],
|
||||
login_search_filter => $conf['login_search_filter'] ? {
|
||||
undef => "uid=%USER%",
|
||||
default => $conf['login_search_filter']
|
||||
},
|
||||
|
||||
login_search_password => $conf['login_search_password'] ? {
|
||||
undef => "",
|
||||
default => $spw
|
||||
},
|
||||
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -120,7 +140,14 @@ define wmdeit_ldap::lam::config
|
|||
$tree_suffix,
|
||||
$suffix_user = "ou=People,$tree_suffix",
|
||||
$suffix_group = "ou=Groups,$tree_suffix",
|
||||
$docroot = $::wmdeit_ldap::lam::docroot
|
||||
$docroot = $::wmdeit_ldap::lam::docroot,
|
||||
$admins = [],
|
||||
$login_method = "search",
|
||||
$login_search_suffix = "",
|
||||
$login_search_dn = "",
|
||||
$login_search_filter = "",
|
||||
$login_search_password = "",
|
||||
|
||||
){
|
||||
if (!$suffix_user) or (!$suffix_group) {
|
||||
fail("no suffix_user or suffix_group given")
|
||||
|
|
|
|||
|
|
@ -10,7 +10,13 @@ ServerURL: ldap://localhost:389
|
|||
# list of users who are allowed to use LDAP Account Manager
|
||||
# names have to be seperated by semicolons
|
||||
# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
|
||||
Admins: cn=admin,dc=wikimedia,dc=de
|
||||
Admins: <%- s='' -%>
|
||||
<%- @admins.each do | admin | -%>
|
||||
<%= s %><%= admin -%>
|
||||
<%- s=';' -%>
|
||||
<%- end -%>
|
||||
|
||||
#=admin,dc=wikimedia,dc=de
|
||||
|
||||
# password to change these preferences via webfrontend (default: lam)
|
||||
#Passwd: {SSHA}T7uRmkbOgzr9k0BVJi1GvqqwJJQ= iaZAeQ==
|
||||
|
|
@ -98,23 +104,23 @@ accessLevel: 100
|
|||
|
||||
|
||||
# Login method.
|
||||
loginMethod: list
|
||||
loginMethod: <%= @login_method %>
|
||||
|
||||
|
||||
# Search suffix for LAM login.
|
||||
loginSearchSuffix: dc=yourdomain,dc=org
|
||||
loginSearchSuffix: <%= @login_search_suffix %>
|
||||
|
||||
|
||||
# Search filter for LAM login.
|
||||
loginSearchFilter: uid=%USER%
|
||||
loginSearchFilter: <%= @login_search_filter %>
|
||||
|
||||
|
||||
# Bind DN for login search.
|
||||
loginSearchDN:
|
||||
loginSearchDN: <%= @login_search_dn %>
|
||||
|
||||
|
||||
# Bind password for login search.
|
||||
loginSearchPassword:
|
||||
loginSearchPassword: <%= @login_search_password %>
|
||||
|
||||
|
||||
# HTTP authentication for LAM login.
|
||||
|
|
|
|||
Loading…
Reference in New Issue