Andrew Bogott has submitted this change and it was merged.
Change subject: Use ldap auth for librenms
......................................................................
Use ldap auth for librenms
Bug: T107702
Change-Id: Iaf76eaf0abc08f0e03857abec0e211990532dcfe
---
M manifests/role/librenms.pp
1 file changed, 23 insertions(+), 1 deletion(-)
Approvals:
Andrew Bogott: Looks good to me, approved
Alexandros Kosiaris: Looks good to me, but someone else must approve
jenkins-bot: Verified
diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp
index 87c6ccd..80ee9ff 100644
--- a/manifests/role/librenms.pp
+++ b/manifests/role/librenms.pp
@@ -12,6 +12,9 @@
package { 'librenms/librenms':
provider => 'trebuchet',
}
+ package { 'php5-ldap':
+ ensure => present,
+ }
$config = {
'title_image' =>
'//upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Wmf_logo_horiz_pms.svg/140px-Wmf_logo_horiz_pms.svg.png',
@@ -50,7 +53,26 @@
'kernel time sync enabled',
],
- 'auth_mechanism' => 'mysql',
+ 'auth_mechanism' => 'ldap',
+ 'auth_ldap_server' => 'ldap://ldap-labs.eqiad.wikimedia.org
ldap://ldap-labs.codfw.wikimedia.org',
+ 'auth_ldap_starttls' => 'require',
+ 'auth_ldap_port' => 389,
+
+ # This is dumb -- the code requires us to specify the dn rather
+ # than doing a search, so logins will require 'shell name' rather
+ # than the more-traditional 'wikitech name'
+ 'auth_ldap_prefix' => 'uid=',
+ 'auth_ldap_suffix' => ',ou=people,dc=wikimedia,dc=org',
+ 'login_message' => 'Log in with your ldap shell name (NOT the full
name used on wikitech) and password.',
+
+ # In our schema, a group is a list of user dns called 'member'
+ 'auth_ldap_groupbase' => 'ou=groups,dc=wikimedia,dc=org',
+ 'auth_ldap_groupmemberattr' => 'member',
+ 'auth_ldap_groupmembertype' => 'fulldn',
+
+ # Give all ops full read/write permissions
+ 'auth_ldap_group' => ['cn=ops,ou=groups,dc=wikimedia,dc=org'],
+ 'auth_ldap_groups' => {'ops' => {'level' => 10}},
}
class { '::librenms':
--
To view, visit https://gerrit.wikimedia.org/r/282830
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Iaf76eaf0abc08f0e03857abec0e211990532dcfe
Gerrit-PatchSet: 9
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: Elukey <[email protected]>
Gerrit-Reviewer: Faidon Liambotis <[email protected]>
Gerrit-Reviewer: Filippo Giunchedi <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
