Project

General

Profile

Actions
Copy link

Bug #4678

closed

Bug #4403: Authentification to Rudder from LDAP should not require to touch WAR file

Migration script for LDAP authentication

Added by François ARMAND over 10 years ago. Updated over 10 years ago.

Status:
Released
Priority:
1 (highest)
Assignee:
Vincent MEMBRÉ
Category:
System integration
Target version:
2.10.0
Pull Request:
https://github.com/Normation/rudder-p...
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

Create a migration script for LDAP authentication parameters, as defined in #4403:

#########################
# LDAP Authentication    #############################################################
#########################

#
# Be default, both authentication and authorization are handle in the rudder-users.xml
# file. But you may want to rely on your existing entreprise Active Directory or LDAP
# to take care of the authentication part. The following parameters allow to configure
# such an LDAP authentication scheme. 
# The chosen LDAP procedure is a typical bind/search/rebind, in which an application
# connection (bind) is used to search (search) for an user entry given some base and 
# filter parameters, and then, a bind (rebind) is tried on that entry with the 
# credential provided by the user. 
# That allows to seperate the user DN (especially RDN) from the search criteria. 
#
# Be careful, the authorization is still done in the rudder-user.xml, what means
# that each user should have access to Rudder MUST have a line in that file. 
# Without that line, the user can have a successful LDAP authentication, but
# won't be able to do or see anything in Rudder (safe logout). 
# 

#
# Use the LDAP authentication
# When set to true, passwords in rudder-users.xml are ignored and the 
# authentication is delegated to the LDAP server configured below. 
# By convention, when LDAP authentication is enable, "password" field in
# rudder-users.xml are set to "" 
#
# Boolean, default to false
#
rudder.auth.ldap.enable=false

#
# Connection URL to the LDAP server, in the form:
# ldap://hostname:port/base_dn
#
rudder.auth.ldap.connection.url=ldap://ldap.mycorp.com:389/dc=mycorp,dc=com

#
# Bind DN used by Rudder to do the search
# LDAP dn, no default value.
#
rudder.auth.ldap.connection.bind.dn=cn=admin,dc=mycorp,dc=com

#
# Bind password used by Rudder to do the search.
# String, no default value. 
#
rudder.auth.ldap.connection.bind.password=secret

#
# Search base and filter to use to find the user. 
# The search base can be left empty. 
# In the filter, {0} denotes the value provided as
# login by the user. 
#
rudder.auth.ldap.searchbase=ou=People
rudder.auth.ldap.filter=(&(uuid={0})(objectclass=person))

#
# An AD example would be:
# 
#rudder.auth.ldap.searchbase=
#rudder.auth.ldap.filter=(&(sAMAccountName={0})(objectclass=user))

Subtasks 1 (0 open1 closed)

Bug #4679: Correct a typo in the LDAP filter exampleReleasedJonathan CLARKE2014-03-27Actions
Actions
Copy link

Also available in: Atom PDF