-
Task
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
None
-
False
-
-
False
-
-
We need to enable all LDAP params in installer's inventory and ldap_extra_settings in order to make all LDAP tests pass in the pipelines (https://main-jenkins-csb-aap.apps.ocp-c1.prod.psi.redhat.com/job/AAPQA/job/Nightly/). It's necessary to test it before though.
These are the LDAP params that hub needs:
PULP_AUTHENTICATION_BACKEND_PRESET=ldap PULP_AUTH_LDAP_SERVER_URI="ldap://idp.testing.ansible.com:389" PULP_AUTH_LDAP_BIND_DN="uid=tower_all,cn=users,cn=accounts,dc=testing,dc=ansible,dc=com" PULP_AUTH_LDAP_BIND_PASSWORD="Th1sP4ssd" PULP_AUTH_LDAP_USER_SEARCH_BASE_DN="cn=users,cn=accounts,dc=testing,dc=ansible,dc=com" PULP_AUTH_LDAP_USER_SEARCH_SCOPE="SUBTREE" PULP_AUTH_LDAP_USER_SEARCH_FILTER="(uid=%(user)s)" PULP_AUTH_LDAP_GROUP_SEARCH_BASE_DN="cn=groups,cn=accounts,dc=testing,dc=ansible,dc=com" PULP_AUTH_LDAP_GROUP_SEARCH_SCOPE="SUBTREE" PULP_AUTH_LDAP_GROUP_SEARCH_FILTER = "(objectClass=posixGroup)" PULP_AUTH_LDAP_USER_ATTR_MAP={first_name="givenName", last_name="sn", email="mail"} PULP_AUTH_LDAP_MIRROR_GROUPS=true PULP_AUTH_LDAP_USER_FLAGS_BY_GROUP__is_superuser="cn=bobsburgers_admins,cn=groups,cn=accounts,dc=testing,dc=ansible,dc=com" PULP_AUTH_LDAP_MIRROR_GROUPS_EXCEPT=['dreamland'] PULP_AUTH_LDAP_GROUP_TYPE_CLASS="django_auth_ldap.config:MemberDNGroupType" PULP_AUTH_LDAP_GROUP_TYPE_PARAMS={name_attr="cn", member_attr="member"}
These are the params that are accepted in the installer's inventory:
automationhub_authentication_backend="ldap" automationhub_ldap_server_uri="ldap://idp.testing.ansible.com:389" automationhub_ldap_bind_dn="uid=tower_all,cn=users,cn=accounts,dc=testing,dc=ansible,dc=com" automationhub_ldap_bind_password="Th1sP4ssd" automationhub_ldap_user_search_base_dn="cn=users,cn=accounts,dc=testing,dc=ansible,dc=com" automationhub_ldap_group_search_base_dn="cn=groups,cn=accounts,dc=testing,dc=ansible,dc=com" automationhub_ldap_group_type_class="django_auth_ldap.config:MemberDNGroupType"
So we need to use another file to pass the rest of the params:
#ldapextras.yml
---
ldap_extra_settings:
AUTH_LDAP_GROUP_TYPE_PARAMS: '@json {"name_attr": "cn", "member_attr": "member"}'
This params are not being passed:
PULP_AUTH_LDAP_USER_ATTR_MAP PULP_AUTH_LDAP_MIRROR_GROUPS PULP_AUTH_LDAP_USER_FLAGS_BY_GROUP__is_superuser PULP_AUTH_LDAP_MIRROR_GROUPS_EXCEPT
check this out for more details
https://access.redhat.com/solutions/6977153