Browse Source

ldap: use `uid` instead of `cn` for usernames

python3
Zolfa 5 years ago
parent
commit
e6e5388b22
Signed by: zolfa GPG Key ID: E1A43B038C4D6616
4 changed files with 11 additions and 10 deletions
  1. +1
    -1
      roles/icinga2/templates/icingaweb2/authentication.ini.j2
  2. +4
    -4
      roles/ldap/tasks/3_provision_tree.yaml
  3. +1
    -1
      roles/matrix-synapse/templates/homeserver.yaml.j2
  4. +5
    -4
      roles/nextcloud/tasks/main.yaml

+ 1
- 1
roles/icinga2/templates/icingaweb2/authentication.ini.j2 View File

@ -1,7 +1,7 @@
[ldap-user-auth] [ldap-user-auth]
user_class = "inetOrgPerson" user_class = "inetOrgPerson"
filter = "authorizedService=icinga2" filter = "authorizedService=icinga2"
user_name_attribute = "cn"
user_name_attribute = "uid"
backend = "ldap" backend = "ldap"
base_dn = "ou=People,{{ ldap_basedn }}" base_dn = "ou=People,{{ ldap_basedn }}"
resource = "icingaweb2-users-ldap" resource = "icingaweb2-users-ldap"

+ 4
- 4
roles/ldap/tasks/3_provision_tree.yaml View File

@ -67,7 +67,7 @@
- name: 'provisioning tree - test users' - name: 'provisioning tree - test users'
ldap_entry: ldap_entry:
dn: 'cn={{ item.key }},ou=People,{{ ldap_basedn }}'
dn: 'uid={{ item.key }},ou=People,{{ ldap_basedn }}'
objectClass: objectClass:
- 'inetOrgPerson' - 'inetOrgPerson'
- 'authorizedServiceObject' - 'authorizedServiceObject'
@ -80,7 +80,7 @@
- name: 'provisioning tree - test users passwd' - name: 'provisioning tree - test users passwd'
ldap_passwd: ldap_passwd:
dn: 'cn={{ item.key }},ou=People,{{ ldap_basedn }}'
dn: 'uid={{ item.key }},ou=People,{{ ldap_basedn }}'
passwd: '{{ item.value.password }}' passwd: '{{ item.value.password }}'
bind_dn: 'cn=admin,{{ ldap_basedn }}' bind_dn: 'cn=admin,{{ ldap_basedn }}'
bind_pw: '{{ ldap_passwd }}' bind_pw: '{{ ldap_passwd }}'
@ -88,7 +88,7 @@
- name: 'provisioning tree - authorizedService' - name: 'provisioning tree - authorizedService'
ldap_attr: ldap_attr:
dn: 'cn={{ item.key }},ou=People,{{ ldap_basedn }}'
dn: 'uid={{ item.key }},ou=People,{{ ldap_basedn }}'
name: 'authorizedService' name: 'authorizedService'
values: '{{ item.value.authorizedServices }}' values: '{{ item.value.authorizedServices }}'
bind_dn: 'cn=admin,{{ ldap_basedn }}' bind_dn: 'cn=admin,{{ ldap_basedn }}'
@ -100,7 +100,7 @@
ldap_attr: ldap_attr:
dn: 'cn=admin,ou=Group,{{ ldap_basedn }}' dn: 'cn=admin,ou=Group,{{ ldap_basedn }}'
name: 'member' name: 'member'
values: 'cn={{ item.key }},ou=People,{{ ldap_basedn }}'
values: 'uid={{ item.key }},ou=People,{{ ldap_basedn }}'
bind_dn: 'cn=admin,{{ ldap_basedn }}' bind_dn: 'cn=admin,{{ ldap_basedn }}'
bind_pw: '{{ ldap_passwd }}' bind_pw: '{{ ldap_passwd }}'
loop: '{{ ldap_users_admin|dict2items }}' loop: '{{ ldap_users_admin|dict2items }}'


+ 1
- 1
roles/matrix-synapse/templates/homeserver.yaml.j2 View File

@ -1561,7 +1561,7 @@ password_providers:
start_tls: true start_tls: true
base: "ou=People,{{ ldap_basedn }}" base: "ou=People,{{ ldap_basedn }}"
attributes: attributes:
uid: "cn"
uid: "uid"
mail: "mail" mail: "mail"
name: "sn" name: "sn"
bind_dn: "cn={{ host_fqdn }},ou=Server,{{ ldap_basedn }}" bind_dn: "cn={{ host_fqdn }},ou=Server,{{ ldap_basedn }}"


+ 5
- 4
roles/nextcloud/tasks/main.yaml View File

@ -217,20 +217,21 @@
ldap_base: 'ou=People,{{ ldap_basedn }}' ldap_base: 'ou=People,{{ ldap_basedn }}'
ldap_base_users: 'ou=People,{{ ldap_basedn }}' ldap_base_users: 'ou=People,{{ ldap_basedn }}'
ldap_base_groups: 'ou=Group,{{ ldap_basedn }}' ldap_base_groups: 'ou=Group,{{ ldap_basedn }}'
ldap_login_filter: '(&(cn=%uid)(authorizedService=nextcloud))'
ldap_login_filter: '(&(uid=%uid)(authorizedService=nextcloud))'
ldap_user_filter: '(authorizedService=nextcloud)' ldap_user_filter: '(authorizedService=nextcloud)'
ldap_userlist_filter: '(authorizedService=nextcloud)' ldap_userlist_filter: '(authorizedService=nextcloud)'
ldap_group_filter: '(objectClass=groupOfNames)'
ldap_group_filter: '(&(objectClass=groupOfNames)(authorizedService=nextcloud))'
ldap_group_display_name: 'description' ldap_group_display_name: 'description'
ldap_group_member_assoc_attribute: 'member' ldap_group_member_assoc_attribute: 'member'
ldap_attributes_for_user_search: 'cn' ldap_attributes_for_user_search: 'cn'
ldap_attributes_for_group_search: 'cn' ldap_attributes_for_group_search: 'cn'
ldap_display_name: 'sn'
ldap_display_name: 'cn'
ldap_display_name2: 'uid'
ldap_email_attr: 'mail' ldap_email_attr: 'mail'
ldap_tls: '{{ 1 if ldap_tls_enabled else 0 }}' ldap_tls: '{{ 1 if ldap_tls_enabled else 0 }}'
ldap_experienced_admin: '1' ldap_experienced_admin: '1'
ldap_configuration_active: '1' ldap_configuration_active: '1'
ldap_expert_username_attr: 'cn'
ldap_expert_username_attr: 'uid'
ldap_paging_size: '0' ldap_paging_size: '0'
tags: tags:
- 'ldap' - 'ldap'


Loading…
Cancel
Save