This is an automated email from the ASF dual-hosted git repository. sebb pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push: new 0f898584 Add extra aliases 0f898584 is described below commit 0f8985840e5b50dad0d16e925d59029fc3cddb11 Author: Sebb <s...@apache.org> AuthorDate: Fri Jan 19 14:19:19 2024 +0000 Add extra aliases --- docker-config/25-authz_ldap_group_membership.conf | 58 +++++++++++++++++------ 1 file changed, 43 insertions(+), 15 deletions(-) diff --git a/docker-config/25-authz_ldap_group_membership.conf b/docker-config/25-authz_ldap_group_membership.conf index 2c6b2115..1ce8054e 100644 --- a/docker-config/25-authz_ldap_group_membership.conf +++ b/docker-config/25-authz_ldap_group_membership.conf @@ -1,8 +1,16 @@ +# LDAP Authentication: check for valid user +<AuthnProviderAlias ldap ldap-people> + AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" + AuthLDAPBindDN <%= ldapbinddn %> + AuthLDAPBindPassword "<%= ldapbindpw %>" + AuthLDAPRemoteUserAttribute uid +</AuthnProviderAlias> + # LDAP alias: ASF member <AuthzProviderAlias ldap-group ldap-alias-member cn=member,ou=groups,dc=apache,dc=org> - AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid" - AuthLDAPBindDN <%= ldapbinddn%> - AuthLDAPBindPassword "<%= ldapbindpw%>" + AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" + AuthLDAPBindDN <%= ldapbinddn %> + AuthLDAPBindPassword "<%= ldapbindpw %>" AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDN Off AuthLDAPMaxSubGroupDepth 0 @@ -10,9 +18,9 @@ # LDAP alias: ASF committer <AuthzProviderAlias ldap-group ldap-alias-committer cn=committers,ou=role,ou=groups,dc=apache,dc=org> - AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid" - AuthLDAPBindDN <%= ldapbinddn%> - AuthLDAPBindPassword "<%= ldapbindpw%>" + AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" + AuthLDAPBindDN <%= ldapbinddn %> + AuthLDAPBindPassword "<%= ldapbindpw %>" AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDN on AuthLDAPMaxSubGroupDepth 0 @@ -20,9 +28,9 @@ # LDAP alias: PMC chair <AuthzProviderAlias ldap-group ldap-alias-pmc-chair cn=pmc-chairs,ou=groups,ou=services,dc=apache,dc=org> - AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid" - AuthLDAPBindDN <%= ldapbinddn%> - AuthLDAPBindPassword "<%= ldapbindpw%>" + AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" + AuthLDAPBindDN <%= ldapbinddn %> + AuthLDAPBindPassword "<%= ldapbindpw %>" AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDN on AuthLDAPMaxSubGroupDepth 0 @@ -30,9 +38,9 @@ # LDAP alias: Incubator PMC <AuthzProviderAlias ldap-group ldap-alias-incubator-pmc cn=incubator,ou=project,ou=groups,dc=apache,dc=org> - AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid" - AuthLDAPBindDN <%= ldapbinddn%> - AuthLDAPBindPassword "<%= ldapbindpw%>" + AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" + AuthLDAPBindDN <%= ldapbinddn %> + AuthLDAPBindPassword "<%= ldapbindpw %>" AuthLDAPGroupAttribute owner AuthLDAPGroupAttributeIsDN on AuthLDAPMaxSubGroupDepth 0 @@ -40,9 +48,29 @@ # LDAP alias: Secretary <AuthzProviderAlias ldap-group ldap-alias-secretary cn=asf-secretary,ou=groups,ou=services,dc=apache,dc=org> - AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid" - AuthLDAPBindDN <%= ldapbinddn%> - AuthLDAPBindPassword "<%= ldapbindpw%>" + AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" + AuthLDAPBindDN <%= ldapbinddn %> + AuthLDAPBindPassword "<%= ldapbindpw %>" + AuthLDAPGroupAttribute member + AuthLDAPGroupAttributeIsDN on + AuthLDAPMaxSubGroupDepth 0 +</AuthzProviderAlias> + +# LDAP alias: infrastructure +<AuthzProviderAlias ldap-group ldap-alias-infrastructure cn=infrastructure,ou=groups,ou=services,dc=apache,dc=org> + AuthLDAPUrl "ldaps://ldap-us.apache.org:636 ldap-eu.apache.org:636/ou=people,dc=apache,dc=org?uid" + AuthLDAPBindDN cn=nss_p6,ou=users,ou=services,dc=apache,dc=org + AuthLDAPBindPassword "exec:/usr/bin/asfldapsearch --pwd" + AuthLDAPGroupAttribute member + AuthLDAPGroupAttributeIsDN on + AuthLDAPMaxSubGroupDepth 0 +</AuthzProviderAlias> + +# LDAP alias: apldap +<AuthzProviderAlias ldap-group ldap-alias-apldap cn=apldap,ou=groups,ou=services,dc=apache,dc=org> + AuthLDAPUrl "ldaps://ldap-us.apache.org:636 ldap-eu.apache.org:636/ou=people,dc=apache,dc=org?uid" + AuthLDAPBindDN cn=nss_p6,ou=users,ou=services,dc=apache,dc=org + AuthLDAPBindPassword "exec:/usr/bin/asfldapsearch --pwd" AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDN on AuthLDAPMaxSubGroupDepth 0