Thank you Raju I am currently using LDAP mapping and it is working fine.I was looking very specifically SAML mapping options.
On Thu, 10 Sep, 2020, 10:50 am Raju Das, <[email protected]> wrote: > Hi, > > Please find Redhat Doc if it helps....... > > Mapping between organization admins/users and LDAP groups > > The org mapping parameters controls what users are placed into what Tower > organizations relative to their LDAP group > memberships. Some things to note: > > - Keys are organization names. > - Organizations will be created if not present. > - Values are dictionaries defining the options for each organization's > membership. > - For each organization it is possible to specify what groups are > automatically users of the organization and also what > groups can administer the organization. > > - admins: None, True/False, string or list/tuple of strings. > - If None, organization admins will not be updated based on LDAP > values. > - If True, all users in LDAP will automatically be added as > admins of the organization. > - If False, no LDAP users will be automatically added as admins > of the organiation. > - If a string or list of strings, specifies the group DN(s) that > will be added of the organization if they match any of the specified > groups. > - remove_admins: True/False. Defaults to True. > - If True, a user who is not an member of the given groups will > be removed from the organization's administrative list. > - users: None, True/False, string or list/tuple of strings. Same > rules apply as for admins. > - remove_users: True/False. Defaults to True. Same rules as apply > for remove_admins > > Here is an example input for Organization mapping: > > { > "Test Org": { > "admins": "CN=Domain Admins,CN=Users,DC=example,DC=com", > "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"], > "remove_users" : "True", > "remove_admins" : "True" > }, > "Test Org 2": { > "admins": ["CN=Administrators,CN=Builtin,DC=example,DC=com"], > "users": "True", > "remove_users" : "True", > "remove_admins" : "True" > } > } > > Mapping between team members (users) and LDAP groups. > > The team mapping parameters controls what users are placed into what Tower > teams relative to their LDAP group > memberships. Some things to note: > > - Keys are team names (will be created if not present). > - Values are dictionaries of options for each team's membership, where > each can contain the following parameters: > - organization: string. The name of the organization to which the team > belongs. The team will be created if the combination of organization and team > name does not exist. The organization will first be created if it does not > exist. > - users: None, True/False, string or list/tuple of strings. > - If None, team members will not be updated. > - If True/False, all LDAP users will be added/removed as team > members. > - If a string or list of strings, specifies the group DN(s). User > will be added as a team member if the user is a member of ANY of these groups. > - remove: True/False. Defaults to False. If True, a user who is not a > member of the given groups will be removed from the team. > > Here is an example input for Team mapping: > > { > "My Team": { > "organization": "Test Org", > "users": ["CN=Domain Users,CN=Users,DC=example,DC=com"], > "remove": "True" > }, > "Other Team": { > "organization": "Test Org 2", > "users": "CN=Other Users,CN=Users,DC=example,DC=com", > "remove": "False" > } > } > > With Regards > > Raju Das > > > > On Thu, Sep 10, 2020 at 10:02 AM Prasad Shetty <[email protected]> wrote: > >> Hello Everyone- >> >> I was trying to setup a SAML team map in AWX . I am able to achieve the >> same using LDAP but in SAML it bit confusing. Could you please help me on >> the same. If anyone already configured. Please share the real example >> configuration for my reference. >> >> >> SAML ORGANIZATION ATTRIBUTE MAPPING >> SAML TEAM MAP >> SAML TEAM ATTRIBUTE MAPPING >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CAKG6amcUQY%2BKrFtjLvS4anrLdN2pPe2DGstoWgyNKQB9e0OCGA%40mail.gmail.com >> <https://groups.google.com/d/msgid/ansible-project/CAKG6amcUQY%2BKrFtjLvS4anrLdN2pPe2DGstoWgyNKQB9e0OCGA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAApSnDCV3OgoyQVo783MVjzebG22fAFBKXCvPVgmiV%2BnLSRX3Q%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAApSnDCV3OgoyQVo783MVjzebG22fAFBKXCvPVgmiV%2BnLSRX3Q%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAKG6amfN4BynG9EqAsOsfc9_3K-DB7_F8z%3DBo2UjGfY-GYupXw%40mail.gmail.com.
