lsc is installed and a posixgroup -> groupofnames syncher is configured
This commit is contained in:
parent
2ed29c601f
commit
baae769be1
|
|
@ -259,9 +259,18 @@ class wmdeit_ldap (
|
|||
file {"/etc/default/lsc":
|
||||
ensure => file,
|
||||
content => template("wmdeit_ldap/lsc.erb")
|
||||
} ->
|
||||
file {"/etc/lsc/lsc.xml":
|
||||
ensure => file,
|
||||
content => template("wmdeit_ldap/lsc.xml.erb")
|
||||
} ->
|
||||
service {"lsc":
|
||||
ensure => running,
|
||||
subscribe => File["/etc/lsc/lsc.xml"],
|
||||
}
|
||||
|
||||
|
||||
|
||||
# openldap::server::globalconf { 'TLSVerifyClient':
|
||||
# ensure => present,
|
||||
# value => { "TLSVerifyClient"=>"never" }
|
||||
|
|
|
|||
|
|
@ -0,0 +1,177 @@
|
|||
<?xml version="1.0" ?>
|
||||
<!--
|
||||
In the following file, comments are describing each node. Elements are
|
||||
referenced through XPath expression, whereas attributes are prefixed with
|
||||
'@'
|
||||
|
||||
//lsc Root node of the XML configuration file
|
||||
@xmlns XML Schema validation is not ready yet (Reserved for futur use)
|
||||
@id optional, added by XML API
|
||||
@revision mandatory, used by the Web Administration Interface to version
|
||||
this file
|
||||
-->
|
||||
<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd" revision="0">
|
||||
|
||||
<!-- ./connections Connections list node, must contain at least two connections -->
|
||||
|
||||
<connections>
|
||||
<ldapConnection>
|
||||
<name>ldap-conn</name>
|
||||
<!-- ./url mandatory, the JNDI URL -->
|
||||
<url>ldap://localhost:389/dc=wikimedia,dc=de</url>
|
||||
<!-- ./username mandatory, the DN to bind with -->
|
||||
<username>cn=admin,dc=wikimedia,dc=de</username>
|
||||
<!-- ./password mandatory, credentials to bind with -->
|
||||
<password>123</password>
|
||||
<!-- ./authentication mandatory, must contain either
|
||||
ANONYMOUS, SIMPLE, SASL, GSSAPI or DIGEST_MD5 -->
|
||||
<authentication>SIMPLE</authentication>
|
||||
<!-- ./referral mandatory, must contain either IGNORE,
|
||||
THROUGH, THROW or FOLLOW -->
|
||||
<referral>IGNORE</referral>
|
||||
<!-- ./derefAliases mandatory, must contain either NEVER,
|
||||
SEARCH, FIND, ALWAYS -->
|
||||
<derefAliases>NEVER</derefAliases>
|
||||
<!-- ./version mandatory, must contain either VERSION_2, VERSION_3 -->
|
||||
<version>VERSION_3</version>
|
||||
<!-- ./pageSize optional, specify the paged size when searching -->
|
||||
<pageSize>-1</pageSize>
|
||||
<!-- ./factory mandatory, points to LDAP Context Factory,
|
||||
com.sun.jndi.ldap.LdapCtxFactory for a SUN JDK -->
|
||||
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
|
||||
<!-- ./tlsActivated optional, specify if SSL/TLS is activated
|
||||
to connect to the LDAP server -->
|
||||
<tlsActivated>false</tlsActivated>
|
||||
</ldapConnection>
|
||||
</connections>
|
||||
|
||||
<tasks>
|
||||
<task>
|
||||
<name>groupsync</name>
|
||||
<bean>org.lsc.beans.SimpleBean</bean>
|
||||
|
||||
<ldapSourceService>
|
||||
<name>group-source-service</name>
|
||||
<connection reference="ldap-conn" />
|
||||
<baseDn>dc=wikimedia,dc=de</baseDn>
|
||||
<pivotAttributes>
|
||||
<string>cn</string>
|
||||
</pivotAttributes>
|
||||
<fetchedAttributes>
|
||||
<string>cn</string>
|
||||
<string>memberUid</string>
|
||||
</fetchedAttributes>
|
||||
<getAllFilter><![CDATA[(objectClass=posixGroup)]]></getAllFilter>
|
||||
<getOneFilter><![CDATA[(&(objectClass=posixGroup)(cn={cn}))]]></getOneFilter>
|
||||
<cleanFilter><![CDATA[(&(objectClass=posixGroup)(cn={cn}))]]></cleanFilter>
|
||||
</ldapSourceService>
|
||||
<ldapDestinationService>
|
||||
<name>group-dst-service</name>
|
||||
<connection reference="ldap-conn" />
|
||||
<baseDn>dc=wikimedia,dc=de</baseDn>
|
||||
<pivotAttributes>
|
||||
<string>cn</string>
|
||||
</pivotAttributes>
|
||||
<fetchedAttributes>
|
||||
<string>cn</string>
|
||||
<string>member</string>
|
||||
<string>objectClass</string>
|
||||
</fetchedAttributes>
|
||||
<getAllFilter><![CDATA[(objectClass=groupeOfNames)]]></getAllFilter>
|
||||
<getOneFilter><![CDATA[(&(objectClass=groupOfNames)(cn={cn}))]]></getOneFilter>
|
||||
</ldapDestinationService>
|
||||
|
||||
<propertiesBasedSyncOptions>
|
||||
<mainIdentifier>js:"cn=" + javax.naming.ldap.Rdn.escapeValue(srcBean.getDatasetFirstValueById("cn").toLowerCase()) + ",dc=wikimedia,dc=de"</mainIdentifier>
|
||||
<defaultDelimiter>;</defaultDelimiter>
|
||||
<defaultPolicy>FORCE</defaultPolicy>
|
||||
<conditions>
|
||||
<create>true</create>
|
||||
<update>true</update>
|
||||
<delete>true</delete>
|
||||
<changeId>true</changeId>
|
||||
</conditions>
|
||||
<dataset>
|
||||
<name>objectclass</name>
|
||||
<policy>KEEP</policy>
|
||||
<createValues>
|
||||
<string>"groupOfNames"</string>
|
||||
<string>"posixGroup"</string>
|
||||
<string>"top"</string>
|
||||
</createValues>
|
||||
</dataset>
|
||||
<dataset>
|
||||
<name>member</name>
|
||||
<policy>FORCE</policy>
|
||||
<forceValues>
|
||||
<string>
|
||||
<![CDATA[rjs:
|
||||
var membersSrcUid = srcBean.getDatasetValuesById("memberUid");
|
||||
var membersDstDn = new java.util.ArrayList();
|
||||
for (var i=0; i<membersSrcUid.size(); i++) {
|
||||
var memberSrcUid = membersSrcUid.get(i);
|
||||
var dn = "uid=" + memberSrcUid + ",ou=users,dc=example1000,dc=com";
|
||||
membersDstDn.add(dn);
|
||||
}
|
||||
membersDstDn
|
||||
]]>
|
||||
</string>
|
||||
</forceValues>
|
||||
</dataset>
|
||||
|
||||
|
||||
</propertiesBasedSyncOptions>
|
||||
|
||||
</task>
|
||||
</tasks>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<!-- ./audits Audits list node -->
|
||||
<audits>
|
||||
|
||||
<!--./audit Audit node, here a CSV audit, may also be a LDIF or any contributed audit type -->
|
||||
<csvAudit>
|
||||
<!-- ./name mandatory, audit name -->
|
||||
<name>csv</name>
|
||||
<!-- ./append optional, default to false, specify to create a new log file or to append to the existing one -->
|
||||
<append>true</append>
|
||||
<!-- ./operations optional, comma separated list of operations (create, delete, update or rename) -->
|
||||
<operations>create, delete</operations>
|
||||
<!-- ./file mandatory, define the location of the file where the CSV data will be written -->
|
||||
<file>/tmp/dump.csv</file>
|
||||
<!-- ./datasets optional, comma separated list of datasets modification to log -->
|
||||
<datasets>cn, dn</datasets>
|
||||
<!-- ./separator optional, default to ";", specify the values separator -->
|
||||
<separator>,</separator>
|
||||
</csvAudit>
|
||||
</audits>
|
||||
|
||||
<!-- ./security This mandatory node contains the security settings used by LSC -->
|
||||
<security>
|
||||
<!-- ./encryption This optional node contains the encryption settings -->
|
||||
<encryption>
|
||||
<!-- ./keyfile This optional node contains the keyfile location -->
|
||||
<keyfile>etc/lsc.key</keyfile>
|
||||
<!-- ./algorithm This optional node contains the encryption algorithm -->
|
||||
<algorithm>AES</algorithm>
|
||||
<!-- ./strength This optional node contains the algorithm key length -->
|
||||
<strength>128</strength>
|
||||
</encryption>
|
||||
</security>
|
||||
</lsc>
|
||||
Loading…
Reference in New Issue