Add LDAP logins and password resets, config, etc.

2020-11-10 11:36:06 +01:00
parent 5e6a7cabd6
commit 674b0a0ff5
40 changed files with 988 additions and 7 deletions
--- a/config/ldap.yml
+++ b/config/ldap.yml
@@ -0,0 +1,56 @@
+## Authorizations
+# Uncomment out the merging for each environment that you'd like to include.
+# You can also just copy and paste the tree (do not include the "authorizations") to each
+# environment if you need something different per environment.
+authorizations: &AUTHORIZATIONS
+  allow_unauthenticated_bind: false
+  # group_base: ou=groups,dc=test,dc=com
+  ## Requires config.ldap_check_group_membership in devise.rb be true
+  # Can have multiple values, must match all to be authorized
+  # required_groups:
+    # If only a group name is given, membership will be checked against "uniqueMember"
+    # - cn=admins,ou=groups,dc=test,dc=com
+    # - cn=users,ou=groups,dc=test,dc=com
+    # If an array is given, the first element will be the attribute to check against, the second the group name
+    # - ["moreMembers", "cn=users,ou=groups,dc=test,dc=com"]
+  ## Requires config.ldap_check_attributes in devise.rb to be true
+  ## Can have multiple attributes and values, must match all to be authorized
+  # require_attribute:
+  #   objectClass: inetOrgPerson
+    # authorizationRole: postsAdmin
+  ## Requires config.ldap_check_attributes_presence in devise.rb to be true
+  ## Can have multiple attributes set to true or false to check presence, all must match all to be authorized
+  require_attribute_presence:
+    mail: true
+
+## Environment
+
+development:
+  host: 192.168.33.10
+  port: 389
+  attribute: cn
+  base: ou=kosmos.org,cn=users,dc=kosmos,dc=org
+  admin_user: "cn=Directory Manager"
+  admin_password: localpass
+  # ssl: false
+  # <<: *AUTHORIZATIONS
+
+test:
+  host: localhost
+  port: 3389
+  attribute: cn
+  base: ou=kosmos.org,cn=users,dc=kosmos,dc=org
+  admin_user: "cn=Directory Manager"
+  admin_password: adminpass
+  # ssl: false
+  # <<: *AUTHORIZATIONS
+
+production:
+  host: ldap.kosmos.org
+  port: 636
+  attribute: cn
+  base: ou=kosmos.org,cn=users,dc=kosmos,dc=org
+  admin_user: "cn=Directory Manager"
+  admin_password: writtenbychef
+  ssl: simple_tls
+  # <<: *AUTHORIZATIONS