BryanDavis has uploaded a new change for review. https://gerrit.wikimedia.org/r/297536
Change subject: striker: use uid based distinguished names ...................................................................... striker: use uid based distinguished names Match Wikimedia production LDAP by using uid as the distinguished name for users (not setup by the LdapAuthentication extension unfortunately). Change-Id: Ie8f7de6d01244776ea95cdd113cad4fd111f1c0b --- M puppet/modules/role/templates/striker/VagrantRoleStriker.wiki.erb M puppet/modules/role/templates/striker/ldap_check.erb M puppet/modules/role/templates/striker/ldap_data.erb M puppet/modules/role/templates/striker/striker.ini.erb 4 files changed, 12 insertions(+), 11 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/vagrant refs/changes/36/297536/1 diff --git a/puppet/modules/role/templates/striker/VagrantRoleStriker.wiki.erb b/puppet/modules/role/templates/striker/VagrantRoleStriker.wiki.erb index c74cc2e..0f77ee6 100644 --- a/puppet/modules/role/templates/striker/VagrantRoleStriker.wiki.erb +++ b/puppet/modules/role/templates/striker/VagrantRoleStriker.wiki.erb @@ -17,6 +17,7 @@ ** LDAP Hostname: <kbd>127.0.0.1</kbd> ** Base Distinguised Name: <kbd>ou=People,dc=wmftest,dc=net</kbd> ** Search Attributes <kbd>cn</kbd> +** Check the "Always Search" checkbox * [<%= @phabricator_url %>/auth/link/ldap:self/ Connect admin user with ldapwiki account] diff --git a/puppet/modules/role/templates/striker/ldap_check.erb b/puppet/modules/role/templates/striker/ldap_check.erb index 9ed9567..a5c6086 100644 --- a/puppet/modules/role/templates/striker/ldap_check.erb +++ b/puppet/modules/role/templates/striker/ldap_check.erb @@ -1 +1 @@ -/usr/bin/ldapsearch -x -D '<%= scope['::role::ldapauth::admin_dn'] %>' -w '<%= scope['::role::ldapauth::admin_password'] %>' -b '<%= scope['::role::ldapauth::base_dn'] %>' '(cn=Admin)' | grep -q 'cn: Admin' +/usr/bin/ldapsearch -x -D '<%= scope['::role::ldapauth::admin_dn'] %>' -w '<%= scope['::role::ldapauth::admin_password'] %>' -b '<%= scope['::role::ldapauth::base_dn'] %>' '(uid=admin)' | grep -q 'cn: Admin' diff --git a/puppet/modules/role/templates/striker/ldap_data.erb b/puppet/modules/role/templates/striker/ldap_data.erb index ce26fdc..4c04071 100755 --- a/puppet/modules/role/templates/striker/ldap_data.erb +++ b/puppet/modules/role/templates/striker/ldap_data.erb @@ -5,7 +5,7 @@ objectClass: top description: Tools -dn: cn=Admin,<%= scope['::role::ldapauth::user_base_dn'] %> +dn: uid=admin,<%= scope['::role::ldapauth::user_base_dn'] %> objectClass: person objectClass: inetOrgPerson objectClass: organizationalPerson @@ -27,30 +27,30 @@ objectClass: posixGroup objectClass: top cn: wmf -gidNumber: 5001 -member: cn=Admin,<%= scope['::role::ldapauth::user_base_dn'] %> +gidNumber: 5000 +member: uid=admin,<%= scope['::role::ldapauth::user_base_dn'] %> dn: cn=project-tools,ou=groups,<%= scope['::role::ldapauth::base_dn'] %> objectClass: groupOfNames objectClass: posixGroup objectClass: top cn: project-tools -gidNumber: 5002 -member: cn=admin,<%= scope['::role::ldapauth::user_base_dn'] %> +gidNumber: 5001 +member: uid=admin,<%= scope['::role::ldapauth::user_base_dn'] %> dn: cn=tools.admin,ou=servicegroups,<%= scope['::role::ldapauth::base_dn'] %> objectClass: groupOfNames objectClass: posixGroup objectClass: top cn: tools.admin -gidNumber: 50001 -member: cn=Admin,<%= scope['::role::ldapauth::user_base_dn'] %> +gidNumber: 5002 +member: uid=admin,<%= scope['::role::ldapauth::user_base_dn'] %> dn: cn=tools.example,ou=servicegroups,<%= scope['::role::ldapauth::base_dn'] %> objectClass: groupOfNames objectClass: posixGroup objectClass: top cn: tools.example -gidNumber: 50002 -member: cn=Admin,<%= scope['::role::ldapauth::user_base_dn'] %> +gidNumber: 5003 +member: uid=admin,<%= scope['::role::ldapauth::user_base_dn'] %> LIDF diff --git a/puppet/modules/role/templates/striker/striker.ini.erb b/puppet/modules/role/templates/striker/striker.ini.erb index 9834e61..ce8ec7f 100644 --- a/puppet/modules/role/templates/striker/striker.ini.erb +++ b/puppet/modules/role/templates/striker/striker.ini.erb @@ -15,7 +15,7 @@ TLS = false BASE_DN = <%= scope['::role::ldapauth::base_dn'] %> -USER_DN_TEMPLATE = cn=%(user)s,<%= scope['::role::ldapauth::user_base_dn'] %> +USER_SEARCH_BASE = <%= scope['::role::ldapauth::user_base_dn'] %> STAFF_GROUP_DN = cn=wmf,ou=groups,<%= scope['::role::ldapauth::base_dn'] %> SUPERUSER_GROUP_DN = cn=tools.admin,ou=servicegroups,<%= scope['::role::ldapauth::base_dn'] %> -- To view, visit https://gerrit.wikimedia.org/r/297536 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie8f7de6d01244776ea95cdd113cad4fd111f1c0b Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/vagrant Gerrit-Branch: master Gerrit-Owner: BryanDavis <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
