Hi,
Please find Redhat Doc if it helps.......
Mapping between organization admins/users and LDAP groups
The org mapping parameters controls what users are placed into what Tower
organizations relative to their LDAP group
memberships. Some things to note:
- Keys are organization names.
- Organizations will be created if not present.
- Values are dictionaries defining the options for each organization's
membership.
- For each organization it is possible to specify what groups are
automatically users of the organization and also what
groups can administer the organization.
- admins: None, True/False, string or list/tuple of strings.
- If None, organization admins will not be updated based on LDAP
values.
- If True, all users in LDAP will automatically be added as admins
of the organization.
- If False, no LDAP users will be automatically added as admins of
the organiation.
- If a string or list of strings, specifies the group DN(s) that
will be added of the organization if they match any of the
specified groups.
- remove_admins: True/False. Defaults to True.
- If True, a user who is not an member of the given groups will be
removed from the organization's administrative list.
- users: None, True/False, string or list/tuple of strings. Same
rules apply as for admins.
- remove_users: True/False. Defaults to True. Same rules as apply for
remove_admins
Here is an example input for Organization mapping:
{
"Test Org": {
"admins": "CN=Domain Admins,CN=Users,DC=example,DC=com",
"users": ["CN=Domain Users,CN=Users,DC=example,DC=com"],
"remove_users" : "True",
"remove_admins" : "True"
},
"Test Org 2": {
"admins": ["CN=Administrators,CN=Builtin,DC=example,DC=com"],
"users": "True",
"remove_users" : "True",
"remove_admins" : "True"
}
}
Mapping between team members (users) and LDAP groups.
The team mapping parameters controls what users are placed into what
Tower teams relative to their LDAP group
memberships. Some things to note:
- Keys are team names (will be created if not present).
- Values are dictionaries of options for each team's membership,
where each can contain the following parameters:
- organization: string. The name of the organization to which the
team belongs. The team will be created if the combination of
organization and team name does not exist. The organization will first
be created if it does not exist.
- users: None, True/False, string or list/tuple of strings.
- If None, team members will not be updated.
- If True/False, all LDAP users will be added/removed as team members.
- If a string or list of strings, specifies the group DN(s).
User will be added as a team member if the user is a member of ANY of
these groups.
- remove: True/False. Defaults to False. If True, a user who is
not a member of the given groups will be removed from the team.
Here is an example input for Team mapping:
{
"My Team": {
"organization": "Test Org",
"users": ["CN=Domain Users,CN=Users,DC=example,DC=com"],
"remove": "True"
},
"Other Team": {
"organization": "Test Org 2",
"users": "CN=Other Users,CN=Users,DC=example,DC=com",
"remove": "False"
}
}
With Regards
Raju Das
On Thu, Sep 10, 2020 at 10:02 AM Prasad Shetty <[email protected]> wrote:
> Hello Everyone-
>
> I was trying to setup a SAML team map in AWX . I am able to achieve the
> same using LDAP but in SAML it bit confusing. Could you please help me on
> the same. If anyone already configured. Please share the real example
> configuration for my reference.
>
>
> SAML ORGANIZATION ATTRIBUTE MAPPING
> SAML TEAM MAP
> SAML TEAM ATTRIBUTE MAPPING
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAKG6amcUQY%2BKrFtjLvS4anrLdN2pPe2DGstoWgyNKQB9e0OCGA%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CAKG6amcUQY%2BKrFtjLvS4anrLdN2pPe2DGstoWgyNKQB9e0OCGA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAApSnDCV3OgoyQVo783MVjzebG22fAFBKXCvPVgmiV%2BnLSRX3Q%40mail.gmail.com.
