From e6e5388b22b9f030a9fde99e38199966a8f33e61 Mon Sep 17 00:00:00 2001 From: Zolfa Date: Thu, 11 Jun 2020 16:42:42 +0200 Subject: [PATCH] ldap: use `uid` instead of `cn` for usernames --- roles/icinga2/templates/icingaweb2/authentication.ini.j2 | 2 +- roles/ldap/tasks/3_provision_tree.yaml | 8 ++++---- roles/matrix-synapse/templates/homeserver.yaml.j2 | 2 +- roles/nextcloud/tasks/main.yaml | 9 +++++---- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/roles/icinga2/templates/icingaweb2/authentication.ini.j2 b/roles/icinga2/templates/icingaweb2/authentication.ini.j2 index b8db82d..0905934 100644 --- a/roles/icinga2/templates/icingaweb2/authentication.ini.j2 +++ b/roles/icinga2/templates/icingaweb2/authentication.ini.j2 @@ -1,7 +1,7 @@ [ldap-user-auth] user_class = "inetOrgPerson" filter = "authorizedService=icinga2" -user_name_attribute = "cn" +user_name_attribute = "uid" backend = "ldap" base_dn = "ou=People,{{ ldap_basedn }}" resource = "icingaweb2-users-ldap" diff --git a/roles/ldap/tasks/3_provision_tree.yaml b/roles/ldap/tasks/3_provision_tree.yaml index 2651bd6..ddc60b2 100644 --- a/roles/ldap/tasks/3_provision_tree.yaml +++ b/roles/ldap/tasks/3_provision_tree.yaml @@ -67,7 +67,7 @@ - name: 'provisioning tree - test users' ldap_entry: - dn: 'cn={{ item.key }},ou=People,{{ ldap_basedn }}' + dn: 'uid={{ item.key }},ou=People,{{ ldap_basedn }}' objectClass: - 'inetOrgPerson' - 'authorizedServiceObject' @@ -80,7 +80,7 @@ - name: 'provisioning tree - test users passwd' ldap_passwd: - dn: 'cn={{ item.key }},ou=People,{{ ldap_basedn }}' + dn: 'uid={{ item.key }},ou=People,{{ ldap_basedn }}' passwd: '{{ item.value.password }}' bind_dn: 'cn=admin,{{ ldap_basedn }}' bind_pw: '{{ ldap_passwd }}' @@ -88,7 +88,7 @@ - name: 'provisioning tree - authorizedService' ldap_attr: - dn: 'cn={{ item.key }},ou=People,{{ ldap_basedn }}' + dn: 'uid={{ item.key }},ou=People,{{ ldap_basedn }}' name: 'authorizedService' values: '{{ item.value.authorizedServices }}' bind_dn: 'cn=admin,{{ ldap_basedn }}' @@ -100,7 +100,7 @@ ldap_attr: dn: 'cn=admin,ou=Group,{{ ldap_basedn }}' name: 'member' - values: 'cn={{ item.key }},ou=People,{{ ldap_basedn }}' + values: 'uid={{ item.key }},ou=People,{{ ldap_basedn }}' bind_dn: 'cn=admin,{{ ldap_basedn }}' bind_pw: '{{ ldap_passwd }}' loop: '{{ ldap_users_admin|dict2items }}' diff --git a/roles/matrix-synapse/templates/homeserver.yaml.j2 b/roles/matrix-synapse/templates/homeserver.yaml.j2 index 138cbcd..99d40d5 100644 --- a/roles/matrix-synapse/templates/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/homeserver.yaml.j2 @@ -1561,7 +1561,7 @@ password_providers: start_tls: true base: "ou=People,{{ ldap_basedn }}" attributes: - uid: "cn" + uid: "uid" mail: "mail" name: "sn" bind_dn: "cn={{ host_fqdn }},ou=Server,{{ ldap_basedn }}" diff --git a/roles/nextcloud/tasks/main.yaml b/roles/nextcloud/tasks/main.yaml index 76bcbf7..f88ea70 100644 --- a/roles/nextcloud/tasks/main.yaml +++ b/roles/nextcloud/tasks/main.yaml @@ -217,20 +217,21 @@ ldap_base: 'ou=People,{{ ldap_basedn }}' ldap_base_users: 'ou=People,{{ ldap_basedn }}' ldap_base_groups: 'ou=Group,{{ ldap_basedn }}' - ldap_login_filter: '(&(cn=%uid)(authorizedService=nextcloud))' + ldap_login_filter: '(&(uid=%uid)(authorizedService=nextcloud))' ldap_user_filter: '(authorizedService=nextcloud)' ldap_userlist_filter: '(authorizedService=nextcloud)' - ldap_group_filter: '(objectClass=groupOfNames)' + ldap_group_filter: '(&(objectClass=groupOfNames)(authorizedService=nextcloud))' ldap_group_display_name: 'description' ldap_group_member_assoc_attribute: 'member' ldap_attributes_for_user_search: 'cn' ldap_attributes_for_group_search: 'cn' - ldap_display_name: 'sn' + ldap_display_name: 'cn' + ldap_display_name2: 'uid' ldap_email_attr: 'mail' ldap_tls: '{{ 1 if ldap_tls_enabled else 0 }}' ldap_experienced_admin: '1' ldap_configuration_active: '1' - ldap_expert_username_attr: 'cn' + ldap_expert_username_attr: 'uid' ldap_paging_size: '0' tags: - 'ldap'