Add support for bind dn and bind pwd on the command line. #16979
Conversation
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1538813 When mode is ldaps certificates must be provided. When mode is ldap, bind dn and bind pwd must be provided, either in the authentication settings or on the command line. e.g: miqldap_to_sssd -b "cn=Manager,dc=example,dc=com" -p "password" -d "example.com"
|
@miq-bot add_label bug |
|
@miq-bot add_label gaprindashvili/yes |
|
@miq-bot add_label authentication |
|
@miq-bot assign @gtanzillo |
|
@abellotti and @bdunne Please review. Thank you! JoeV |
|
Checked commit jvlcek@6b5df3e with ruby 2.3.3, rubocop 0.52.0, haml-lint 0.20.0, and yamllint 1.10.0 |
| it 'does not modify basedn_domain if providedn' do | ||
| subject = described_class.new(:basedn_domain => "example.com") | ||
| it 'when mode is ldap and bind dn is nil raises an error' do | ||
| expect(MiqLdapToSssd::LOGGER).to receive(:fatal) |
There was a problem hiding this comment.
@bdunne Thank you for the question.
Yes, the bind dn must be provided. It can be provided in 1 of 2 ways.
1 - From the appliance configuration as stored in: Settings.authentication[:bind_dn]
2- If not configured on the appliance the user must provide it as an argument to the miqldap_to_sssd script.
If it is not provided in either of these two ways the miqldap_to_sssd script will raise an error indicating it is missing.
Arguments bind-dn and bind-pwd were added to miqldap_to_sssd in PR: ManageIQ/manageiq#16979 This PR updates the miqldap-to-sssd blog post to include descriptions of these two new arguments.
…ndpwd Add support for bind dn and bind pwd on the command line. (cherry picked from commit 8aea84d) Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1552785
|
Gaprindashvili backport details: |
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1538813
When mode is ldap, bind dn and bind pwd must be provided, either
in the authentication settings or on the command line.
Steps for Testing/QA
e.g.: