Merge branch 'feature/140-ldap_application_accounts' of kosmos/chef into master
This commit is contained in:
gregkare
commit
081222b75c
@ -1,23 +1,23 @@
|
|||||||
{
|
{
|
||||||
"id": "mediawiki",
|
"id": "mediawiki",
|
||||||
"db_pass": {
|
"db_pass": {
|
||||||
"encrypted_data": "KfJnSZ5/8WBYXik5TE1SOZTZMhMObSzZpXX17Mygwx0eGqo29sBIQwbAI0+A\nKfe1N4DuyyQpBjNDpmi+yiIjBuG4RfUj\n",
|
"encrypted_data": "bkvlD9N8a2EAoBDRcJ5Yhio7vQPnc5qMxH3Of/A/epieJZXBudkYrDaQZmbu\nSwYseFveqEleys4IbI+zTOaBN5LejDpH\n",
|
||||||
"iv": "zGkF0xLeyjXA1aUc\n",
|
"iv": "OPbDsQjNBP7Yabsx\n",
|
||||||
"auth_tag": "7U/g32H1SfJHdZSECmgU1A==\n",
|
"auth_tag": "0cl2nkL0V07cWC5SZjNXBA==\n",
|
||||||
"version": 3,
|
"version": 3,
|
||||||
"cipher": "aes-256-gcm"
|
"cipher": "aes-256-gcm"
|
||||||
},
|
},
|
||||||
"ldap_user": {
|
"ldap_user": {
|
||||||
"encrypted_data": "CerXTmZNO3mbzevNFn/qbtdeOWx37qFOyCuKznRw9I+nSl+hZ3dP6PUJ+iIg\nSAM2ebvwHyXC1Jz+Aah0AFjw+D+7\n",
|
"encrypted_data": "+iKtv/pB8rU0kJYlhr/KNUM63uG5RpDUCduW9sakxwaMs7V5JetSdaUmabIk\np8EiF5FDvYLUWqq5SOblTfPELMY3C0j5XwgxDKo=\n",
|
||||||
"iv": "wi5xB/lUm3AQtkTZ\n",
|
"iv": "ynjajkZHawmcE81H\n",
|
||||||
"auth_tag": "WhdFRt/rlkfmBb9pb9tkvw==\n",
|
"auth_tag": "cxcsojaQW8dFZHR50QnZjw==\n",
|
||||||
"version": 3,
|
"version": 3,
|
||||||
"cipher": "aes-256-gcm"
|
"cipher": "aes-256-gcm"
|
||||||
},
|
},
|
||||||
"ldap_password": {
|
"ldap_password": {
|
||||||
"encrypted_data": "RZmfQbctKnPGJm97ZMMrtDFGYx8sPzlJIy3saeUXugEEL3HtE39s\n",
|
"encrypted_data": "Kb5/RiGyXEf0X4KAgprCrZU+lFaWYuu6gjSXanujWxXx5YUdQLzZ\n",
|
||||||
"iv": "taEQ/4xRIrQCIkR9\n",
|
"iv": "U1JBexbrnmJ4HNSZ\n",
|
||||||
"auth_tag": "2mdevdW0Oh/l/cKCyePW3Q==\n",
|
"auth_tag": "LDeG8mOM5iLxy/VslTakSg==\n",
|
||||||
"version": 3,
|
"version": 3,
|
||||||
"cipher": "aes-256-gcm"
|
"cipher": "aes-256-gcm"
|
||||||
}
|
}
|
||||||
|
|||||||
@ -4,7 +4,7 @@ maintainer_email 'ops@kosmos.org'
|
|||||||
license 'MIT'
|
license 'MIT'
|
||||||
description 'Installs/Configures kosmos-ejabberd'
|
description 'Installs/Configures kosmos-ejabberd'
|
||||||
long_description 'Installs/Configures kosmos-ejabberd'
|
long_description 'Installs/Configures kosmos-ejabberd'
|
||||||
version '0.2.0'
|
version '0.2.1'
|
||||||
chef_version '>= 12.14' if respond_to?(:chef_version)
|
chef_version '>= 12.14' if respond_to?(:chef_version)
|
||||||
|
|
||||||
# The `issues_url` points to the location where issues for this cookbook are
|
# The `issues_url` points to the location where issues for this cookbook are
|
||||||
|
|||||||
@ -112,6 +112,8 @@ ldap_base = "cn=users,dc=kosmos,dc=org"
|
|||||||
admin_users = ejabberd_credentials['admins']
|
admin_users = ejabberd_credentials['admins']
|
||||||
|
|
||||||
hosts.each do |host|
|
hosts.each do |host|
|
||||||
|
ldap_rootdn = "uid=xmpp,ou=#{host[:name]},cn=applications,dc=kosmos,dc=org"
|
||||||
|
|
||||||
postgresql_database host[:sql_database] do
|
postgresql_database host[:sql_database] do
|
||||||
owner 'ejabberd'
|
owner 'ejabberd'
|
||||||
action :create
|
action :create
|
||||||
@ -134,6 +136,7 @@ hosts.each do |host|
|
|||||||
host: host,
|
host: host,
|
||||||
ldap_base: ldap_base,
|
ldap_base: ldap_base,
|
||||||
ldap_server: ldap_domain,
|
ldap_server: ldap_domain,
|
||||||
|
ldap_rootdn: ldap_rootdn,
|
||||||
ldap_encryption_type: ldap_encryption_type
|
ldap_encryption_type: ldap_encryption_type
|
||||||
notifies :run, "execute[ejabberdctl reload_config]", :delayed
|
notifies :run, "execute[ejabberdctl reload_config]", :delayed
|
||||||
end
|
end
|
||||||
|
|||||||
@ -14,12 +14,12 @@ host_config:
|
|||||||
<% if @host[:ldap_enabled] -%>
|
<% if @host[:ldap_enabled] -%>
|
||||||
auth_method: ldap
|
auth_method: ldap
|
||||||
ldap_servers: ["<%= @ldap_server %>"]
|
ldap_servers: ["<%= @ldap_server %>"]
|
||||||
ldap_rootdn: "cn=xmpp,ou=<%= @host[:name] %>,<%= @ldap_base %>"
|
ldap_rootdn: "<%= @ldap_rootdn %>"
|
||||||
ldap_password: "<%= @host[:ldap_password] %>"
|
ldap_password: "<%= @host[:ldap_password] %>"
|
||||||
ldap_encrypt: <%= @ldap_encryption_type %>
|
ldap_encrypt: <%= @ldap_encryption_type %>
|
||||||
ldap_tls_verify: hard # when TLS is enabled, don't proceed if a cert is invalid
|
ldap_tls_verify: hard # when TLS is enabled, don't proceed if a cert is invalid
|
||||||
ldap_base: "ou=<%= @host[:name] %>,<%= @ldap_base %>"
|
ldap_base: "ou=<%= @host[:name] %>,<%= @ldap_base %>"
|
||||||
ldap_filter: "(nsRole=cn=xmpp_role,ou=<%= @host[:name] %>,<%= @ldap_base %>)"
|
ldap_filter: "(objectClass=person)"
|
||||||
<% end -%>
|
<% end -%>
|
||||||
|
|
||||||
append_host_config:
|
append_host_config:
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user