Bug #4678
Updated by François ARMAND about 10 years ago
Create a migration script for LDAP authentication parameters, as defined in #4403: <pre> > ######################### > # LDAP Authentication ############################################################# > ######################### > > # > # Be default, both authentication and authorization are handle in the rudder-users.xml > # file. But you may want to rely on your existing entreprise Active Directory or LDAP > # to take care of the authentication part. The following parameters allow to configure > # such an LDAP authentication scheme. > # The chosen LDAP procedure is a typical bind/search/rebind, in which an application > # connection (bind) is used to search (search) for an user entry given some base and > # filter parameters, and then, a bind (rebind) is tried on that entry with the > # credential provided by the user. > # That allows to seperate the user DN (especially RDN) from the search criteria. > # > # Be careful, the authorization is still done in the rudder-user.xml, what means > # that each user should have access to Rudder MUST have a line in that file. > # Without that line, the user can have a successful LDAP authentication, but > # won't be able to do or see anything in Rudder (safe logout). > # > > # > # Use the LDAP authentication > # When set to true, passwords in rudder-users.xml are ignored and the > # authentication is delegated to the LDAP server configured below. > # By convention, when LDAP authentication is enable, "password" field in > # rudder-users.xml are set to "" > # > # Boolean, default to false > # > rudder.auth.ldap.enable=false > > # > # Connection URL to the LDAP server, in the form: > # ldap://hostname:port/base_dn > # > rudder.auth.ldap.connection.url=ldap://ldap.mycorp.com:389/dc=mycorp,dc=com > > # > # Bind DN used by Rudder to do the search > # LDAP dn, no default value. > # > rudder.auth.ldap.connection.bind.dn=cn=admin,dc=mycorp,dc=com > > # > # Bind password used by Rudder to do the search. > # String, no default value. > # > rudder.auth.ldap.connection.bind.password=secret > > # > # Search base and filter to use to find the user. > # The search base can be left empty. > # In the filter, {0} denotes the value provided as > # login by the user. > # > rudder.auth.ldap.searchbase=ou=People > rudder.auth.ldap.filter=(&(uuid={0})(objectclass=person)) > > # > # An AD example would be: > # > #rudder.auth.ldap.searchbase= > #rudder.auth.ldap.filter=(&(sAMAccountName={0})(objectclass=user)) </pre> >