Add possibility to set auth_backend to ldap
next to the already existing possibilities db and external. If auth_backend is set to ldap an ldap ressource and an ldap authentication configuration is generated. Also support for ldap encryption is added.
This commit is contained in:
Stefan Kleindl
parent
475e0c9cfc
commit
5a786c6d49
5 changed files with 151 additions and 39 deletions
|
|
@ -78,6 +78,16 @@ class icingaweb2::config (
|
|||
auth_section => 'icingaweb2',
|
||||
}
|
||||
}
|
||||
'ldap': {
|
||||
icingaweb2::config::authentication_ldap { 'LDAP Authentication':
|
||||
auth_section => 'icingaweb2',
|
||||
auth_resource => 'ldap',
|
||||
user_class => $::icingaweb2::auth_ldap_user_class,
|
||||
user_name_attribute => $::icingaweb2::auth_ldap_user_name_attribute,
|
||||
filter => $::icingaweb2::auth_ldap_filter,
|
||||
base_dn => $::icingaweb2::auth_ldap_base_dn,
|
||||
}
|
||||
}
|
||||
default: {}
|
||||
}
|
||||
|
||||
|
|
@ -139,6 +149,17 @@ class icingaweb2::config (
|
|||
resource_password => $::icingaweb2::ido_db_pass,
|
||||
}
|
||||
|
||||
if $::icingaweb2::auth_backend == 'ldap' {
|
||||
icingaweb2::config::resource_ldap { 'ldap':
|
||||
resource_host => $::icingaweb2::ldap_host,
|
||||
resource_bind_dn => $::icingaweb2::ldap_bind_dn,
|
||||
resource_bind_pw => $::icingaweb2::ldap_bind_pw,
|
||||
resource_port => $::icingaweb2::ldap_port,
|
||||
resource_root_dn => $::icingaweb2::ldap_root_dn,
|
||||
resource_encryption => $::icingaweb2::ldap_encryption,
|
||||
}
|
||||
}
|
||||
|
||||
# Configure roles.ini
|
||||
icingaweb2::config::roles { 'Admins':
|
||||
role_users => $::icingaweb2::admin_users,
|
||||
|
|
|
|||
|
|
@ -1,12 +1,13 @@
|
|||
# Define for setting IcingaWeb2 LDAP Resource
|
||||
#
|
||||
define icingaweb2::config::resource_ldap (
|
||||
$resource_bind_dn = undef,
|
||||
$resource_bind_pw = undef,
|
||||
$resource_host = undef,
|
||||
$resource_name = $title,
|
||||
$resource_port = undef,
|
||||
$resource_root_dn = undef,
|
||||
$resource_bind_dn = undef,
|
||||
$resource_bind_pw = undef,
|
||||
$resource_host = undef,
|
||||
$resource_name = $title,
|
||||
$resource_port = undef,
|
||||
$resource_root_dn = undef,
|
||||
$resource_encryption = undef,
|
||||
) {
|
||||
Ini_Setting {
|
||||
ensure => present,
|
||||
|
|
@ -49,5 +50,12 @@ define icingaweb2::config::resource_ldap (
|
|||
setting => 'bind_pw',
|
||||
value => "\"${resource_bind_pw}\"",
|
||||
}
|
||||
}
|
||||
|
||||
if $::icingaweb2::ldap_encryption {
|
||||
ini_setting { "icingaweb2 resources ${title} encryption":
|
||||
section => $resource_name,
|
||||
setting => 'encryption',
|
||||
value => "\"${resource_encryption}\"",
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,18 @@
|
|||
# $auth_backend::
|
||||
# Default:
|
||||
#
|
||||
# $auth_ldap_base_dn:: LDAP base dn.
|
||||
# Default: undef
|
||||
#
|
||||
# $auth_ldap_filter:: LDAP authentication filter.
|
||||
# Default: undef
|
||||
#
|
||||
# $auth_ldap_user_class:: LDAP authentication user class.
|
||||
# Default: inetOrgPerson
|
||||
#
|
||||
# $auth_ldap_user_name_attribute:: LDAP authentication user name attribute.
|
||||
# Default: uid
|
||||
#
|
||||
# $auth_resource::
|
||||
# Default:
|
||||
#
|
||||
|
|
@ -67,6 +79,25 @@
|
|||
# Options: git, package
|
||||
# Default: git.
|
||||
#
|
||||
# $ldap_bind_dn:: LDAP bind dn
|
||||
# Default: undef
|
||||
#
|
||||
# $ldap_bind_pw:: LDAP bind pw
|
||||
# Default: undef
|
||||
#
|
||||
# $ldap_encryption:: LDAP encryption method
|
||||
# Allowed values are "starttls" and "ldaps".
|
||||
# Default: undef
|
||||
#
|
||||
# $ldap_host:: LDAP hostname
|
||||
# Default: undef
|
||||
#
|
||||
# $ldap_port:: LDAP bind port
|
||||
# Default: 389
|
||||
#
|
||||
# $ldap_root_dn:: LDAP root dn
|
||||
# Default: undef
|
||||
#
|
||||
# $log_application::
|
||||
# Default:
|
||||
#
|
||||
|
|
@ -175,6 +206,10 @@ class icingaweb2 (
|
|||
$admin_permissions = $::icingaweb2::params::admin_permissions,
|
||||
$admin_users = $::icingaweb2::params::admin_users,
|
||||
$auth_backend = $::icingaweb2::params::auth_backend,
|
||||
$auth_ldap_base_dn = $::icingaweb2::params::auth_base_dn,
|
||||
$auth_ldap_filter = $::icingaweb2::params::auth_ldap_filter,
|
||||
$auth_ldap_user_class = $::icingaweb2::params::auth_ldap_user_class,
|
||||
$auth_ldap_user_name_attribute = $::icingaweb2::params::auth_ldap_user_name_attribute,
|
||||
$auth_resource = $::icingaweb2::params::auth_resource,
|
||||
$config_dir = $::icingaweb2::params::config_dir,
|
||||
$config_dir_mode = $::icingaweb2::params::config_dir_mode,
|
||||
|
|
@ -193,6 +228,12 @@ class icingaweb2 (
|
|||
$ido_db_user = $::icingaweb2::params::ido_db_user,
|
||||
$ido_type = $::icingaweb2::params::ido_type,
|
||||
$install_method = $::icingaweb2::params::install_method,
|
||||
$ldap_bind_dn = $::icingaweb2::params::ldap_bind_dn,
|
||||
$ldap_bind_pw = $::icingaweb2::params::ldap_bind_pw,
|
||||
$ldap_encryption = $::icingaweb2::params::ldap_encryption,
|
||||
$ldap_host = $::icingaweb2::params::ldap_host,
|
||||
$ldap_port = $::icingaweb2::params::ldap_port,
|
||||
$ldap_root_dn = $::icingaweb2::params::ldap_root_dn,
|
||||
$log_application = $::icingaweb2::params::log_application,
|
||||
$log_level = $::icingaweb2::params::log_level,
|
||||
$log_method = $::icingaweb2::params::log_method,
|
||||
|
|
@ -266,6 +307,21 @@ class icingaweb2 (
|
|||
validate_string($template_resources)
|
||||
validate_string($template_roles)
|
||||
|
||||
if $::icingaweb2::auth_backend == 'ldap' {
|
||||
validate_integer($ldap_port)
|
||||
validate_string($auth_ldap_base_dn)
|
||||
validate_string($auth_ldap_filter)
|
||||
validate_string($auth_ldap_user_class)
|
||||
validate_string($auth_ldap_user_name_attribute)
|
||||
validate_string($ldap_host)
|
||||
validate_string($ldap_bind_dn)
|
||||
validate_string($ldap_bind_pw)
|
||||
validate_string($ldap_root_dn)
|
||||
if $::icingaweb2::ldap_encryption {
|
||||
validate_re( $ldap_encryption, '^(ldaps|starttls)$', "\$ldap_encryption must be either 'ldaps' or 'starttls', got '${ldap_encryption}'")
|
||||
}
|
||||
}
|
||||
|
||||
if $::icingaweb2::manage_apache_vhost {
|
||||
validate_string($template_apache)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,37 +10,47 @@ class icingaweb2::params {
|
|||
$manage_user = true
|
||||
|
||||
# Template variables
|
||||
$admin_permissions = '*'
|
||||
$admin_users = 'icingaadmin'
|
||||
$auth_backend = 'db'
|
||||
$auth_resource = 'icingaweb_db'
|
||||
$ido_db = 'mysql'
|
||||
$ido_db_host = 'localhost'
|
||||
$ido_db_name = 'icingaweb2'
|
||||
$ido_db_pass = 'icingaweb2'
|
||||
$ido_db_port = '3306'
|
||||
$ido_db_user = 'icingaweb2'
|
||||
$ido_type = 'db'
|
||||
$log_application = 'icingaweb2'
|
||||
$log_level = 'ERROR'
|
||||
$log_method = 'syslog'
|
||||
$log_resource = 'icingaweb_db'
|
||||
$log_store = 'db'
|
||||
$pkg_repo_version = 'release'
|
||||
$template_auth = 'icingaweb2/authentication.ini.erb'
|
||||
$template_config = 'icingaweb2/config.ini.erb'
|
||||
$template_resources='icingaweb2/resources.ini.erb'
|
||||
$template_roles = 'icingaweb2/roles.ini.erb'
|
||||
$template_apache = 'icingaweb2/apache2.conf.erb'
|
||||
$web_db = 'mysql'
|
||||
$web_db_host = 'localhost'
|
||||
$web_db_name = 'icingaweb2'
|
||||
$web_db_pass = 'icingaweb2'
|
||||
$web_db_port = '3306'
|
||||
$web_db_prefix = 'icingaweb2_'
|
||||
$web_db_user = 'icingaweb2'
|
||||
$web_type = 'db'
|
||||
$initialize = false
|
||||
$admin_permissions = '*'
|
||||
$admin_users = 'icingaadmin'
|
||||
$auth_backend = 'db'
|
||||
$auth_ldap_base_dn = undef
|
||||
$auth_ldap_filter = undef
|
||||
$auth_ldap_user_class = 'inetOrgPerson'
|
||||
$auth_ldap_user_name_attribute = 'uid'
|
||||
$auth_resource = 'icingaweb_db'
|
||||
$ido_db = 'mysql'
|
||||
$ido_db_host = 'localhost'
|
||||
$ido_db_name = 'icingaweb2'
|
||||
$ido_db_pass = 'icingaweb2'
|
||||
$ido_db_port = '3306'
|
||||
$ido_db_user = 'icingaweb2'
|
||||
$ido_type = 'db'
|
||||
$ldap_bind_dn = undef
|
||||
$ldap_bind_pw = undef
|
||||
$ldap_encryption = undef
|
||||
$ldap_host = undef
|
||||
$ldap_port = '389'
|
||||
$ldap_root_dn = undef
|
||||
$log_application = 'icingaweb2'
|
||||
$log_level = 'ERROR'
|
||||
$log_method = 'syslog'
|
||||
$log_resource = 'icingaweb_db'
|
||||
$log_store = 'db'
|
||||
$pkg_repo_version = 'release'
|
||||
$template_auth = 'icingaweb2/authentication.ini.erb'
|
||||
$template_config = 'icingaweb2/config.ini.erb'
|
||||
$template_resources ='icingaweb2/resources.ini.erb'
|
||||
$template_roles = 'icingaweb2/roles.ini.erb'
|
||||
$template_apache = 'icingaweb2/apache2.conf.erb'
|
||||
$web_db = 'mysql'
|
||||
$web_db_host = 'localhost'
|
||||
$web_db_name = 'icingaweb2'
|
||||
$web_db_pass = 'icingaweb2'
|
||||
$web_db_port = '3306'
|
||||
$web_db_prefix = 'icingaweb2_'
|
||||
$web_db_user = 'icingaweb2'
|
||||
$web_type = 'db'
|
||||
$initialize = false
|
||||
|
||||
case $::osfamily {
|
||||
'RedHat': {
|
||||
|
|
|
|||
|
|
@ -63,7 +63,24 @@ describe 'icingaweb2', :type => :class do
|
|||
end
|
||||
|
||||
describe 'with parameter: auth_backend' do
|
||||
pending
|
||||
context 'auth_backend => db' do
|
||||
let (:params) { { :auth_backend => 'db' } }
|
||||
it {
|
||||
should contain_icingaweb2__config__authentication_database('Local Database Authentication').with('auth_section' => 'icingaweb2')
|
||||
}
|
||||
end
|
||||
context 'auth_backend => external' do
|
||||
let (:params) { { :auth_backend => 'external' } }
|
||||
it {
|
||||
should contain_icingaweb2__config__authentication_external('External Authentication').with('auth_section' => 'icingaweb2')
|
||||
}
|
||||
end
|
||||
context 'auth_backend => ldap' do
|
||||
let (:params) { { :auth_backend => 'ldap' } }
|
||||
it {
|
||||
should contain_icingaweb2__config__authentication_ldap('LDAP Authentication').with('auth_section' => 'icingaweb2')
|
||||
}
|
||||
end
|
||||
end
|
||||
|
||||
describe 'with parameter: auth_resource' do
|
||||
|
|
|
|||
Loading…
Reference in a new issue