1
0
mirror of https://github.com/ansible/awx.git synced 2024-10-30 13:55:31 +03:00
awx/docs/auth/ldap.md
2019-09-23 13:17:26 -04:00

2.1 KiB

LDAP

The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network.

Configure LDAP Authentication

Please see the Tower documentation as well as Ansible blog post for basic LDAP configuration.

LDAP Authentication provides duplicate sets of configuration fields for authentication with up to six different LDAP servers. The default set of configuration fields take the form AUTH_LDAP_<field name>. Configuration fields for additional LDAP servers are numbered AUTH_LDAP_<n>_<field name>.

Test Environment Setup

Please see README.md of this repository: https://github.com/ansible/deploy_ldap

Basic Setup for FreeIPA

LDAP Server URI (append if you have multiple LDAPs)
ldaps://{{serverip1}}:636

LDAP BIND DN (How to create a bind account in FreeIPA
uid=awx-bind,cn=sysaccounts,cn=etc,dc=example,dc=com

LDAP BIND PASSWORD
{{yourbindaccountpassword}}

LDAP USER DN TEMPLATE
uid=%(user)s,cn=users,cn=accounts,dc=example,dc=com

LDAP GROUP TYPE
NestedMemberDNGroupType

LDAP GROUP SEARCH

[
"cn=groups,cn=accounts,dc=example,dc=com",
"SCOPE_SUBTREE",
"(objectClass=groupOfNames)"
]

LDAP USER ATTRIBUTE MAP

{
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}

LDAP USER FLAGS BY GROUP

{
"is_superuser": "cn={{superusergroupname}},cn=groups,cn=accounts,dc=example,dc=com"
}

LDAP ORGANIZATION MAP

{
"{{yourorganizationname}}": {
"admins": "cn={{admingroupname}},cn=groups,cn=accounts,dc=example,dc=com",
"remove_admins": false
}
}