Actions
Bug #4678
closed
Bug #4403: Authentification to Rudder from LDAP should not require to touch WAR file
Migration script for LDAP authentication
Status:
Released
Priority:
1 (highest)
Assignee:
Category:
System integration
Target version:
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:
Description
Create a migration script for LDAP authentication parameters, as defined in #4403:
#########################
# LDAP Authentication #############################################################
#########################
#
# Be default, both authentication and authorization are handle in the rudder-users.xml
# file. But you may want to rely on your existing entreprise Active Directory or LDAP
# to take care of the authentication part. The following parameters allow to configure
# such an LDAP authentication scheme.
# The chosen LDAP procedure is a typical bind/search/rebind, in which an application
# connection (bind) is used to search (search) for an user entry given some base and
# filter parameters, and then, a bind (rebind) is tried on that entry with the
# credential provided by the user.
# That allows to seperate the user DN (especially RDN) from the search criteria.
#
# Be careful, the authorization is still done in the rudder-user.xml, what means
# that each user should have access to Rudder MUST have a line in that file.
# Without that line, the user can have a successful LDAP authentication, but
# won't be able to do or see anything in Rudder (safe logout).
#
#
# Use the LDAP authentication
# When set to true, passwords in rudder-users.xml are ignored and the
# authentication is delegated to the LDAP server configured below.
# By convention, when LDAP authentication is enable, "password" field in
# rudder-users.xml are set to ""
#
# Boolean, default to false
#
rudder.auth.ldap.enable=false
#
# Connection URL to the LDAP server, in the form:
# ldap://hostname:port/base_dn
#
rudder.auth.ldap.connection.url=ldap://ldap.mycorp.com:389/dc=mycorp,dc=com
#
# Bind DN used by Rudder to do the search
# LDAP dn, no default value.
#
rudder.auth.ldap.connection.bind.dn=cn=admin,dc=mycorp,dc=com
#
# Bind password used by Rudder to do the search.
# String, no default value.
#
rudder.auth.ldap.connection.bind.password=secret
#
# Search base and filter to use to find the user.
# The search base can be left empty.
# In the filter, {0} denotes the value provided as
# login by the user.
#
rudder.auth.ldap.searchbase=ou=People
rudder.auth.ldap.filter=(&(uuid={0})(objectclass=person))
#
# An AD example would be:
#
#rudder.auth.ldap.searchbase=
#rudder.auth.ldap.filter=(&(sAMAccountName={0})(objectclass=user))
Updated by François ARMAND over 10 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Vincent MEMBRÉ
- Pull Request set to https://github.com/Normation/rudder-packages/pull/278
Updated by François ARMAND over 10 years ago
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
Applied in changeset commit:b851394a7fb9e7c138dc470c4b69dfaadf4d6356.
Updated by Jonathan CLARKE over 10 years ago
Applied in changeset commit:ad19ad01bf653be20cacc9223cb1554a3a9b3e01.
Updated by Vincent MEMBRÉ over 10 years ago
- Project changed from 34 to Rudder
- Category set to System integration
- Parent task set to #4403
Updated by Vincent MEMBRÉ over 10 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 2.10.0, which was released today.
Check out:
- The release announcement: http://www.rudder-project.org/pipermail/rudder-announce/2014-March/000085.html
- The full ChangeLog: http://www.rudder-project.org/foswiki/bin/view/System/Documentation:ChangeLog210
- Download information: https://www.rudder-project.org/site/get-rudder/downloads/
Actions