StackLight

Bug #1648464
Comment #4

Comment 4 for bug 1648464

Revision history for this message

Michał Górniak (p4cket) wrote on 2017-03-15:

hey,
to make it working with AD ldap we need to change this files

--- fuel-plugin-lma-infrastructure-alerting/deployment_scripts/puppet/modules/nagios/templates/apache_vhost_ubuntu.conf.erb 2016-11-22 13:03:40.000000000 +0300
+++ /Users/packet/Desktop/screens/plugins/lma_infrastructure_alerting-1.0/deployment_scripts/puppet/modules/nagios/templates/apache_vhost_ubuntu.conf.erb 2016-11-17 12:26:53.000000000 +0300
@@ -54,7 +54,8 @@ LDAPVerifyServerCert off
     AuthBasicAuthoritative on
     <RequireAny>
     require user <%= @user %>
- Require ldap-group <%= @ldap_admin_group_dn %>
+ Require ldap-attribute memberOf="<%= @ldap_admin_group_dn %>"
+ Require ldap-group "<%= @ldap_admin_group_dn %>"
     </RequireAny>
<% else -%>
     require valid-user

diff -ruNp modules/lma_logging_analytics/templates/apache_kibana_proxy.conf.erb /Users/packet/Desktop/screens/plugins/elasticsearch_kibana-1.0/deployment_scripts/puppet/modules/lma_logging_analytics/templates/apache_kibana_proxy.conf.erb
--- modules/lma_logging_analytics/templates/apache_kibana_proxy.conf.erb 2016-11-22 13:06:40.000000000 +0300
+++ /Users/packet/Desktop/screens/plugins/elasticsearch_kibana-1.0/deployment_scripts/puppet/modules/lma_logging_analytics/templates/apache_kibana_proxy.conf.erb 2016-11-17 12:28:50.000000000 +0300
@@ -30,7 +30,8 @@ LDAPVerifyServerCert off
     AuthBasicAuthoritative on
     <RequireAny>
     require user <%= @username %>
- Require ldap-group <%= @ldap_admin_group_dn %>
+ Require ldap-group "<%= @ldap_admin_group_dn %>"
+ Require ldap-attribute memberOf="<%= @ldap_admin_group_dn %>"
     </RequireAny>
<% else -%>
     require valid-user
diff -ruNp modules/lma_logging_analytics/templates/apache_kibana_proxy_viewer.conf.erb /Users/packet/Desktop/screens/plugins/elasticsearch_kibana-1.0/deployment_scripts/puppet/modules/lma_logging_analytics/templates/apache_kibana_proxy_viewer.conf.erb
--- modules/lma_logging_analytics/templates/apache_kibana_proxy_viewer.conf.erb 2016-11-22 13:06:40.000000000 +0300
+++ /Users/packet/Desktop/screens/plugins/elasticsearch_kibana-1.0/deployment_scripts/puppet/modules/lma_logging_analytics/templates/apache_kibana_proxy_viewer.conf.erb 2016-11-17 12:28:27.000000000 +0300
@@ -26,8 +26,10 @@
     AuthBasicAuthoritative on
     <RequireAny>
     require user <%= @username %>
- Require ldap-group <%= @ldap_viewer_group_dn %>
- Require ldap-group <%= @ldap_admin_group_dn %>
+ Require ldap-attribute memberOf="<%= @ldap_viewer_group_dn %>"
+ Require ldap-attribute memberOf="<%= @ldap_admin_group_dn %>"
+ Require ldap-group "<%= @ldap_viewer_group_dn %>"
+ Require ldap-group "<%= @ldap_admin_group_dn %>"
     </RequireAny>
<% else -%>
     require valid-user

But i think we should give user to possibility to modify this whole file in web UI, because user should have possibility to modify all parameters all AD can have different settings and can require different parameters

hey,
to make it working with AD ldap we need to change this files

--- fuel-plugin-lma-infrastructure-alerting/deployment_scripts/puppet/modules/nagios/templates/apache_vhost_ubuntu.conf.erb	2016-11-22 13:03:40.000000000 +0300
+++ /Users/packet/Desktop/screens/plugins/lma_infrastructure_alerting-1.0/deployment_scripts/puppet/modules/nagios/templates/apache_vhost_ubuntu.conf.erb	2016-11-17 12:26:53.000000000 +0300
@@ -54,7 +54,8 @@ LDAPVerifyServerCert off
     AuthBasicAuthoritative on
     <RequireAny>
     require user <%= @user %>
-    Require ldap-group <%= @ldap_admin_group_dn %>
+    Require ldap-attribute memberOf="<%= @ldap_admin_group_dn %>"
+    Require ldap-group "<%= @ldap_admin_group_dn %>"
     </RequireAny>
 <% else -%>
     require valid-user

diff -ruNp modules/lma_logging_analytics/templates/apache_kibana_proxy.conf.erb /Users/packet/Desktop/screens/plugins/elasticsearch_kibana-1.0/deployment_scripts/puppet/modules/lma_logging_analytics/templates/apache_kibana_proxy.conf.erb
--- modules/lma_logging_analytics/templates/apache_kibana_proxy.conf.erb	2016-11-22 13:06:40.000000000 +0300
+++ /Users/packet/Desktop/screens/plugins/elasticsearch_kibana-1.0/deployment_scripts/puppet/modules/lma_logging_analytics/templates/apache_kibana_proxy.conf.erb	2016-11-17 12:28:50.000000000 +0300
@@ -30,7 +30,8 @@ LDAPVerifyServerCert off
     AuthBasicAuthoritative on
     <RequireAny>
     require user <%= @username %>
-    Require ldap-group <%= @ldap_admin_group_dn %>
+    Require ldap-group "<%= @ldap_admin_group_dn %>"
+    Require ldap-attribute memberOf="<%= @ldap_admin_group_dn %>"
     </RequireAny>
 <% else -%>
     require valid-user
diff -ruNp modules/lma_logging_analytics/templates/apache_kibana_proxy_viewer.conf.erb /Users/packet/Desktop/screens/plugins/elasticsearch_kibana-1.0/deployment_scripts/puppet/modules/lma_logging_analytics/templates/apache_kibana_proxy_viewer.conf.erb
--- modules/lma_logging_analytics/templates/apache_kibana_proxy_viewer.conf.erb	2016-11-22 13:06:40.000000000 +0300
+++ /Users/packet/Desktop/screens/plugins/elasticsearch_kibana-1.0/deployment_scripts/puppet/modules/lma_logging_analytics/templates/apache_kibana_proxy_viewer.conf.erb	2016-11-17 12:28:27.000000000 +0300
@@ -26,8 +26,10 @@
     AuthBasicAuthoritative on
     <RequireAny>
     require user <%= @username %>
-    Require ldap-group <%= @ldap_viewer_group_dn %>
-    Require ldap-group <%= @ldap_admin_group_dn %>
+    Require ldap-attribute memberOf="<%= @ldap_viewer_group_dn %>"
+    Require ldap-attribute memberOf="<%= @ldap_admin_group_dn %>"
+    Require ldap-group "<%= @ldap_viewer_group_dn %>"
+    Require ldap-group "<%= @ldap_admin_group_dn %>"
     </RequireAny>
 <% else -%>
     require valid-user