(whimsy) branch master updated: Add extra aliases

Fri, 19 Jan 2024 06:20:27 -0800 

This is an automated email from the ASF dual-hosted git repository.

sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git


The following commit(s) were added to refs/heads/master by this push:
     new 0f898584 Add extra aliases
0f898584 is described below

commit 0f8985840e5b50dad0d16e925d59029fc3cddb11
Author: Sebb <s...@apache.org>
AuthorDate: Fri Jan 19 14:19:19 2024 +0000

    Add extra aliases
---
 docker-config/25-authz_ldap_group_membership.conf | 58 +++++++++++++++++------
 1 file changed, 43 insertions(+), 15 deletions(-)

diff --git a/docker-config/25-authz_ldap_group_membership.conf 
b/docker-config/25-authz_ldap_group_membership.conf
index 2c6b2115..1ce8054e 100644
--- a/docker-config/25-authz_ldap_group_membership.conf
+++ b/docker-config/25-authz_ldap_group_membership.conf
@@ -1,8 +1,16 @@
+# LDAP Authentication: check for valid user
+<AuthnProviderAlias ldap ldap-people>
+  AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
+  AuthLDAPBindDN <%= ldapbinddn %>
+  AuthLDAPBindPassword "<%= ldapbindpw %>"
+  AuthLDAPRemoteUserAttribute uid
+</AuthnProviderAlias>
+
 # LDAP alias: ASF member
 <AuthzProviderAlias ldap-group ldap-alias-member 
cn=member,ou=groups,dc=apache,dc=org>
-   AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
-   AuthLDAPBindDN <%= ldapbinddn%>
-   AuthLDAPBindPassword "<%= ldapbindpw%>"
+   AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
+   AuthLDAPBindDN <%= ldapbinddn %>
+   AuthLDAPBindPassword "<%= ldapbindpw %>"
    AuthLDAPGroupAttribute memberUid
    AuthLDAPGroupAttributeIsDN Off
    AuthLDAPMaxSubGroupDepth 0
@@ -10,9 +18,9 @@
 
 # LDAP alias: ASF committer
 <AuthzProviderAlias ldap-group ldap-alias-committer 
cn=committers,ou=role,ou=groups,dc=apache,dc=org>
-  AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
-  AuthLDAPBindDN <%= ldapbinddn%>
-  AuthLDAPBindPassword "<%= ldapbindpw%>"
+  AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
+  AuthLDAPBindDN <%= ldapbinddn %>
+  AuthLDAPBindPassword "<%= ldapbindpw %>"
   AuthLDAPGroupAttribute member
   AuthLDAPGroupAttributeIsDN on
   AuthLDAPMaxSubGroupDepth 0
@@ -20,9 +28,9 @@
 
 # LDAP alias: PMC chair
 <AuthzProviderAlias ldap-group ldap-alias-pmc-chair 
cn=pmc-chairs,ou=groups,ou=services,dc=apache,dc=org>
-  AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
-  AuthLDAPBindDN <%= ldapbinddn%>
-  AuthLDAPBindPassword "<%= ldapbindpw%>"
+  AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
+  AuthLDAPBindDN <%= ldapbinddn %>
+  AuthLDAPBindPassword "<%= ldapbindpw %>"
   AuthLDAPGroupAttribute member
   AuthLDAPGroupAttributeIsDN on
   AuthLDAPMaxSubGroupDepth 0
@@ -30,9 +38,9 @@
 
 # LDAP alias: Incubator PMC
 <AuthzProviderAlias ldap-group ldap-alias-incubator-pmc 
cn=incubator,ou=project,ou=groups,dc=apache,dc=org>
-  AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
-  AuthLDAPBindDN <%= ldapbinddn%>
-  AuthLDAPBindPassword "<%= ldapbindpw%>"
+  AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
+  AuthLDAPBindDN <%= ldapbinddn %>
+  AuthLDAPBindPassword "<%= ldapbindpw %>"
   AuthLDAPGroupAttribute owner
   AuthLDAPGroupAttributeIsDN on
   AuthLDAPMaxSubGroupDepth 0
@@ -40,9 +48,29 @@
 
 # LDAP alias: Secretary
 <AuthzProviderAlias ldap-group ldap-alias-secretary 
cn=asf-secretary,ou=groups,ou=services,dc=apache,dc=org>
-  AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
-  AuthLDAPBindDN <%= ldapbinddn%>
-  AuthLDAPBindPassword "<%= ldapbindpw%>"
+  AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
+  AuthLDAPBindDN <%= ldapbinddn %>
+  AuthLDAPBindPassword "<%= ldapbindpw %>"
+  AuthLDAPGroupAttribute member
+  AuthLDAPGroupAttributeIsDN on
+  AuthLDAPMaxSubGroupDepth 0
+</AuthzProviderAlias>
+
+# LDAP alias: infrastructure
+<AuthzProviderAlias ldap-group ldap-alias-infrastructure 
cn=infrastructure,ou=groups,ou=services,dc=apache,dc=org>
+  AuthLDAPUrl "ldaps://ldap-us.apache.org:636 
ldap-eu.apache.org:636/ou=people,dc=apache,dc=org?uid"
+  AuthLDAPBindDN cn=nss_p6,ou=users,ou=services,dc=apache,dc=org
+  AuthLDAPBindPassword "exec:/usr/bin/asfldapsearch --pwd"
+  AuthLDAPGroupAttribute member
+  AuthLDAPGroupAttributeIsDN on
+  AuthLDAPMaxSubGroupDepth 0
+</AuthzProviderAlias>
+
+# LDAP alias: apldap
+<AuthzProviderAlias ldap-group ldap-alias-apldap 
cn=apldap,ou=groups,ou=services,dc=apache,dc=org>
+  AuthLDAPUrl "ldaps://ldap-us.apache.org:636 
ldap-eu.apache.org:636/ou=people,dc=apache,dc=org?uid"
+  AuthLDAPBindDN cn=nss_p6,ou=users,ou=services,dc=apache,dc=org
+  AuthLDAPBindPassword "exec:/usr/bin/asfldapsearch --pwd"
   AuthLDAPGroupAttribute member
   AuthLDAPGroupAttributeIsDN on
   AuthLDAPMaxSubGroupDepth 0

Reply via email to