Skip to content

Feature/auth with multiple ldap dbs #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 2, 2022
Merged

Feature/auth with multiple ldap dbs #19

merged 2 commits into from
Jun 2, 2022
+1,148 −639

Conversation

groldan
Copy link
Member

@groldan groldan commented Jun 1, 2022
edited
Loading

Configuration structure changed to support multiple LDAP databases as authentication source:

georchestra:
  gateway:
    security:
      ldap:
        # Multiple LDAP data sources are supported. The first key defines a simple
        # name for them. The `default` one here, disabled by default, is pre-configured
        # to use Georchestra's default OpenLDAP database.
        # You should usually just enable it in the georchestra dataidr's gateway.yml
        # with georchestra.gateway.security.ldap.default.enabled: true
        default:
          enabled: true
        ldap2:
          # Sample additional LDAP database configuration. Disabled. Enable and
          # tweak as needed if you want to authenticate against multiple LDAP databases.
          # Can also change the 'ldap2' key to something meaningful to you.
          enabled: false
          extended: true
          url: ${ldapScheme}://${ldapHost}:${ldapPort}
          baseDn: ${ldapBaseDn:dc=georchestra,dc=org}
          users:
            rdn: ${ldapUsersRdn:ou=users}
            searchFilter: ${ldapUserSearchFilter:(uid={0})}
            pendingUsersSearchBaseDN: ou=pendingusers
            protectedUsers: geoserver_privileged_user
          roles:
            rdn: ${ldapRolesRdn:ou=roles}
            searchFilter: ${ldapRolesSearchFilter:(member={0})}
            protectedRoles: ADMINISTRATOR, EXTRACTORAPP, GN_.*, ORGADMIN, REFERENT, USER, SUPERUSER
          orgs:
            rdn: ${ldapOrgsRdn:ou=orgs}
            orgTypes: Association,Company,NGO,Individual,Other
            pendingOrgSearchBaseDN: ou=pendingorgs

@groldan groldan force-pushed the feature/auth_with_multiple_ldap_dbs branch 4 times, most recently from 4c8407a to c81e90c Compare June 2, 2022 00:37
@groldan groldan force-pushed the feature/auth_with_multiple_ldap_dbs branch from c81e90c to 9398c63 Compare June 2, 2022 11:24
@groldan groldan marked this pull request as ready for review June 2, 2022 11:30
@groldan groldan merged commit 4bddbff into georchestra:main Jun 2, 2022
@groldan groldan deleted the feature/auth_with_multiple_ldap_dbs branch June 2, 2022 11:31
pmauduit
pmauduit reviewed Jun 10, 2022
View reviewed changes
Makefile
./mvnw package -f gateway/ -Pdocker -ntp -DskipTests && \
echo tagging georchestra/gateway:$${TAG} as georchestra/gateway:latest && \
docker tag georchestra/gateway:$${TAG} georchestra/gateway:latest && \
docker images|grep "georchestra/gateway"|grep latest
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

still needed ? was the purpose of it to debug of the gh action ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess so...

@pmauduit
Copy link
Member

Finished the late-review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pmauduit pmauduit

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@groldan @pmauduit