Astra linux domain support
Added support ALD
This commit is contained in:
parent
31f11627e1
commit
4a16f02414
@ -25,6 +25,8 @@ ldap_users:
|
|||||||
name_attribute: sAMAccountName
|
name_attribute: sAMAccountName
|
||||||
# lowercase name for use as PG role name
|
# lowercase name for use as PG role name
|
||||||
lowercase_name: true
|
lowercase_name: true
|
||||||
|
# uppercase name for use as PG role name
|
||||||
|
uppercase_name: false
|
||||||
# Add lowercase name *and* original name for use as PG role names (useful for migrating between case types)
|
# Add lowercase name *and* original name for use as PG role names (useful for migrating between case types)
|
||||||
bothcase_name: false
|
bothcase_name: false
|
||||||
|
|
||||||
@ -36,8 +38,13 @@ ldap_groups:
|
|||||||
name_attribute: cn
|
name_attribute: cn
|
||||||
# lowercase name for use as PG role name
|
# lowercase name for use as PG role name
|
||||||
lowercase_name: false
|
lowercase_name: false
|
||||||
|
# uppercase name for use as PG role name
|
||||||
|
uppercase_name: false
|
||||||
# this attribute must reference to all member DN's of the given group
|
# this attribute must reference to all member DN's of the given group
|
||||||
member_attribute: member
|
member_attribute: "memberuid"
|
||||||
|
# True if use Astra Linux Domain
|
||||||
|
ald_domain: true
|
||||||
|
|
||||||
|
|
||||||
# Connection parameters to PostgreSQL server
|
# Connection parameters to PostgreSQL server
|
||||||
# see also: http://rubydoc.info/gems/pg/PG/Connection#initialize-instance_method
|
# see also: http://rubydoc.info/gems/pg/PG/Connection#initialize-instance_method
|
||||||
|
@ -20,12 +20,12 @@ mapping:
|
|||||||
"lowercase_name":
|
"lowercase_name":
|
||||||
type: bool
|
type: bool
|
||||||
required: no
|
required: no
|
||||||
"uppercase_name":
|
|
||||||
type: bool
|
|
||||||
required: no
|
|
||||||
"bothcase_name":
|
"bothcase_name":
|
||||||
type: bool
|
type: bool
|
||||||
required: no
|
required: no
|
||||||
|
"uppercase_name":
|
||||||
|
type: bool
|
||||||
|
required: no
|
||||||
|
|
||||||
"ldap_groups":
|
"ldap_groups":
|
||||||
type: map
|
type: map
|
||||||
@ -43,15 +43,18 @@ mapping:
|
|||||||
"lowercase_name":
|
"lowercase_name":
|
||||||
type: bool
|
type: bool
|
||||||
required: no
|
required: no
|
||||||
"uppercase_name":
|
|
||||||
type: bool
|
|
||||||
required: no
|
|
||||||
"bothcase_name":
|
"bothcase_name":
|
||||||
type: bool
|
type: bool
|
||||||
required: no
|
required: no
|
||||||
|
"uppercase_name":
|
||||||
|
type: bool
|
||||||
|
required: no
|
||||||
"member_attribute":
|
"member_attribute":
|
||||||
type: str
|
type: str
|
||||||
required: yes
|
required: yes
|
||||||
|
"ald_domain":
|
||||||
|
type: bool
|
||||||
|
required: no
|
||||||
|
|
||||||
"pg_connection":
|
"pg_connection":
|
||||||
type: any
|
type: any
|
||||||
|
@ -61,7 +61,6 @@ class Application
|
|||||||
log.warn "user attribute #{ldap_user_conf[:name_attribute].inspect} not defined for #{entry.dn}"
|
log.warn "user attribute #{ldap_user_conf[:name_attribute].inspect} not defined for #{entry.dn}"
|
||||||
next
|
next
|
||||||
end
|
end
|
||||||
|
|
||||||
log.info "found user-dn: #{entry.dn}"
|
log.info "found user-dn: #{entry.dn}"
|
||||||
|
|
||||||
names = if ldap_user_conf[:bothcase_name]
|
names = if ldap_user_conf[:bothcase_name]
|
||||||
@ -99,7 +98,6 @@ class Application
|
|||||||
log.warn "user attribute #{ldap_group_conf[:name_attribute].inspect} not defined for #{entry.dn}"
|
log.warn "user attribute #{ldap_group_conf[:name_attribute].inspect} not defined for #{entry.dn}"
|
||||||
next
|
next
|
||||||
end
|
end
|
||||||
|
|
||||||
log.info "found group-dn: #{entry.dn}"
|
log.info "found group-dn: #{entry.dn}"
|
||||||
|
|
||||||
names = if ldap_group_conf[:bothcase_name]
|
names = if ldap_group_conf[:bothcase_name]
|
||||||
@ -256,8 +254,13 @@ class Application
|
|||||||
MatchedMembership = Struct.new :role_name, :has_member, :state
|
MatchedMembership = Struct.new :role_name, :has_member, :state
|
||||||
|
|
||||||
def match_memberships(ldap_roles, pg_roles)
|
def match_memberships(ldap_roles, pg_roles)
|
||||||
|
ldap_group_conf = @config[:ldap_groups]
|
||||||
hash_of_arrays = Hash.new { |h, k| h[k] = [] }
|
hash_of_arrays = Hash.new { |h, k| h[k] = [] }
|
||||||
ldap_by_dn = ldap_roles.inject(hash_of_arrays){|h,r| h[r.dn] << r; h }
|
if ldap_group_conf[:ald_domain]
|
||||||
|
ldap_by_dn = ldap_roles.inject(hash_of_arrays){|h,r| h[r.name] << r; h }
|
||||||
|
else
|
||||||
|
ldap_by_dn = ldap_roles.inject(hash_of_arrays){|h,r| h[r.dn] << r; h }
|
||||||
|
end
|
||||||
ldap_by_m2m = ldap_roles.inject([]) do |a,r|
|
ldap_by_m2m = ldap_roles.inject([]) do |a,r|
|
||||||
next a unless r.member_dns
|
next a unless r.member_dns
|
||||||
a + r.member_dns.flat_map do |dn|
|
a + r.member_dns.flat_map do |dn|
|
||||||
|
Reference in New Issue
Block a user