mirror of
https://github.com/ansible/awx.git
synced 2024-10-30 22:21:13 +03:00
Merge pull request #2432 from Numblesix/ldap-doc
Added some Doc for FREEipa Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
This commit is contained in:
commit
f1a4a62304
@ -2,11 +2,64 @@
|
||||
The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network.
|
||||
|
||||
# Configure LDAP Authentication
|
||||
Please see the Tower documentation as well as Ansible blog posts for basic LDAP configuration.
|
||||
Please see the Tower documentation as well as Ansible blog posts for basic LDAP configuration.
|
||||
|
||||
LDAP Authentication provides duplicate sets of configuration fields for authentication with up to six different LDAP servers.
|
||||
LDAP Authentication provides duplicate sets of configuration fields for authentication with up to six different LDAP servers.
|
||||
The default set of configuration fields take the form `AUTH_LDAP_<field name>`. Configuration fields for additional ldap servers are numbered `AUTH_LDAP_<n>_<field name>`.
|
||||
|
||||
## Test environment setup
|
||||
|
||||
Please see README.md of this repository: https://github.com/jangsutsr/deploy_ldap.git.
|
||||
|
||||
|
||||
# Basic setup for FreeIPA
|
||||
|
||||
LDAP Server URI (append if you have multiple LDAPs)
|
||||
`ldaps://{{serverip1}}:636`
|
||||
|
||||
LDAP BIND DN (How to create a bind account in [FreeIPA](https://www.freeipa.org/page/Creating_a_binddn_for_Foreman)
|
||||
`uid=awx-bind,cn=sysaccounts,cn=etc,dc=example,dc=com`
|
||||
|
||||
LDAP BIND PASSWORD
|
||||
`{{yourbindaccountpassword}}`
|
||||
|
||||
LDAP USER DN TEMPLATE
|
||||
`uid=%(user)s,cn=users,cn=accounts,dc=example,dc=com`
|
||||
|
||||
LDAP GROUP TYPE
|
||||
`NestedMemberDNGroupType`
|
||||
|
||||
LDAP GROUP SEARCH
|
||||
```
|
||||
[
|
||||
"cn=groups,cn=accounts,dc=example,dc=com",
|
||||
"SCOPE_SUBTREE",
|
||||
"(objectClass=groupOfNames)"
|
||||
]
|
||||
```
|
||||
|
||||
LDAP USER ATTRIBUTE MAP
|
||||
```
|
||||
{
|
||||
"first_name": "givenName",
|
||||
"last_name": "sn",
|
||||
"email": "mail"
|
||||
}
|
||||
```
|
||||
|
||||
LDAP USER FLAGS BY GROUP
|
||||
```
|
||||
{
|
||||
"is_superuser": "cn={{superusergroupname}},cn=groups,cn=accounts,dc=example,dc=com"
|
||||
}
|
||||
```
|
||||
|
||||
LDAP ORGANIZATION MAP
|
||||
```
|
||||
{
|
||||
"{{yourorganizationname}}": {
|
||||
"admins": "cn={{admingroupname}},cn=groups,cn=accounts,dc=example,dc=com",
|
||||
"remove_admins": false
|
||||
}
|
||||
}
|
||||
```
|
||||
|
Loading…
Reference in New Issue
Block a user