Project

General

Profile

Bug #4678

Updated by François ARMAND over 10 years ago

Create a migration script for LDAP authentication parameters, as defined in #4403: 

 <pre> 
 > ######################### 
 > # LDAP Authentication      ############################################################# 
 > ######################### 

 
 >  
 > # 
 > # Be default, both authentication and authorization are handle in the rudder-users.xml 
 > # file. But you may want to rely on your existing entreprise Active Directory or LDAP 
 > # to take care of the authentication part. The following parameters allow to configure 
 > # such an LDAP authentication scheme.  
 > # The chosen LDAP procedure is a typical bind/search/rebind, in which an application 
 > # connection (bind) is used to search (search) for an user entry given some base and  
 > # filter parameters, and then, a bind (rebind) is tried on that entry with the  
 > # credential provided by the user.  
 > # That allows to seperate the user DN (especially RDN) from the search criteria.  
 > # 
 > # Be careful, the authorization is still done in the rudder-user.xml, what means 
 > # that each user should have access to Rudder MUST have a line in that file.  
 > # Without that line, the user can have a successful LDAP authentication, but 
 > # won't be able to do or see anything in Rudder (safe logout).  
 > #  

  
 >  
 > # 
 > # Use the LDAP authentication 
 > # When set to true, passwords in rudder-users.xml are ignored and the  
 > # authentication is delegated to the LDAP server configured below.  
 > # By convention, when LDAP authentication is enable, "password" field in 
 > # rudder-users.xml are set to ""  
 > # 
 > # Boolean, default to false 
 > # 
 > rudder.auth.ldap.enable=false 

 
 >  
 > # 
 > # Connection URL to the LDAP server, in the form: 
 > # ldap://hostname:port/base_dn 
 > # 
 > rudder.auth.ldap.connection.url=ldap://ldap.mycorp.com:389/dc=mycorp,dc=com 

 
 >  
 > # 
 > # Bind DN used by Rudder to do the search 
 > # LDAP dn, no default value. 
 > # 
 > rudder.auth.ldap.connection.bind.dn=cn=admin,dc=mycorp,dc=com 

 
 >  
 > # 
 > # Bind password used by Rudder to do the search. 
 > # String, no default value.  
 > # 
 > rudder.auth.ldap.connection.bind.password=secret 

 
 >  
 > # 
 > # Search base and filter to use to find the user.  
 > # The search base can be left empty.  
 > # In the filter, {0} denotes the value provided as 
 > # login by the user.  
 > # 
 > rudder.auth.ldap.searchbase=ou=People 
 > rudder.auth.ldap.filter=(&(uuid={0})(objectclass=person)) 

 
 >  
 > # 
 > # An AD example would be: 
 > #  
 > #rudder.auth.ldap.searchbase= 
 > #rudder.auth.ldap.filter=(&(sAMAccountName={0})(objectclass=user)) 

 </pre> 

 
 >

Back