Uploaded image for project: 'Automation Hub'
  1. Automation Hub
  2. AAH-2146

Test and enable all LDAP params in installer's inventory and ldap_extra_settings

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • QE
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      We need to enable all LDAP params in installer's inventory and ldap_extra_settings in order to make all LDAP tests pass in the pipelines (https://main-jenkins-csb-aap.apps.ocp-c1.prod.psi.redhat.com/job/AAPQA/job/Nightly/). It's necessary to test it before though.

       

      These are the LDAP params that hub needs:

       

       

      PULP_AUTHENTICATION_BACKEND_PRESET=ldap
PULP_AUTH_LDAP_SERVER_URI="ldap://idp.testing.ansible.com:389"
PULP_AUTH_LDAP_BIND_DN="uid=tower_all,cn=users,cn=accounts,dc=testing,dc=ansible,dc=com"
PULP_AUTH_LDAP_BIND_PASSWORD="Th1sP4ssd"
PULP_AUTH_LDAP_USER_SEARCH_BASE_DN="cn=users,cn=accounts,dc=testing,dc=ansible,dc=com"
PULP_AUTH_LDAP_USER_SEARCH_SCOPE="SUBTREE"
PULP_AUTH_LDAP_USER_SEARCH_FILTER="(uid=%(user)s)"
PULP_AUTH_LDAP_GROUP_SEARCH_BASE_DN="cn=groups,cn=accounts,dc=testing,dc=ansible,dc=com"
PULP_AUTH_LDAP_GROUP_SEARCH_SCOPE="SUBTREE"
PULP_AUTH_LDAP_GROUP_SEARCH_FILTER = "(objectClass=posixGroup)"
PULP_AUTH_LDAP_USER_ATTR_MAP={first_name="givenName", last_name="sn", email="mail"}
PULP_AUTH_LDAP_MIRROR_GROUPS=true
PULP_AUTH_LDAP_USER_FLAGS_BY_GROUP__is_superuser="cn=bobsburgers_admins,cn=groups,cn=accounts,dc=testing,dc=ansible,dc=com"
PULP_AUTH_LDAP_MIRROR_GROUPS_EXCEPT=['dreamland']
PULP_AUTH_LDAP_GROUP_TYPE_CLASS="django_auth_ldap.config:MemberDNGroupType"
PULP_AUTH_LDAP_GROUP_TYPE_PARAMS={name_attr="cn", member_attr="member"}

       

      These are the params that are accepted in the installer's inventory:

      automationhub_authentication_backend="ldap"  automationhub_ldap_server_uri="ldap://idp.testing.ansible.com:389"
automationhub_ldap_bind_dn="uid=tower_all,cn=users,cn=accounts,dc=testing,dc=ansible,dc=com"
automationhub_ldap_bind_password="Th1sP4ssd"
automationhub_ldap_user_search_base_dn="cn=users,cn=accounts,dc=testing,dc=ansible,dc=com"
automationhub_ldap_group_search_base_dn="cn=groups,cn=accounts,dc=testing,dc=ansible,dc=com"
automationhub_ldap_group_type_class="django_auth_ldap.config:MemberDNGroupType"

      So we need to use another file to pass the rest of the params:

      #ldapextras.yml 
---
ldap_extra_settings:
  AUTH_LDAP_GROUP_TYPE_PARAMS: '@json {"name_attr": "cn", "member_attr": "member"}'

      This params are not being passed:

      PULP_AUTH_LDAP_USER_ATTR_MAP
PULP_AUTH_LDAP_MIRROR_GROUPS
PULP_AUTH_LDAP_USER_FLAGS_BY_GROUP__is_superuser
PULP_AUTH_LDAP_MIRROR_GROUPS_EXCEPT

       

      check this out for more details
      https://access.redhat.com/solutions/6977153

            Unassigned Unassigned
            ctorrens@redhat.com Christian Torrens
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: