Skip to content

Add LDAP feature support #80

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
liat-grozovik merged 4 commits into from
May 7, 2024
+1,177 −9
Merged

Add LDAP feature support #80

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
641d206
Add LDAP feature support
davidpil2002 Oct 19, 2023
900fde5
ldap: Add LDAP unittests in hostcfgd
davidpil2002 Oct 26, 2023
8105f4d
ldap: Fix dict return when item not exists
davidpil2002 Mar 18, 2024
ed10ab9
ldap: fix dir home syntax when using sed
davidpil2002 Mar 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions data/templates/common-auth-sonic.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,15 @@ auth [success=2 default=ignore] pam_exec.so /usr/sbin/cache_radius
# Local
auth [success=done new_authtok_reqd=done default=ignore{{ ' auth_err=die maxtries=die' if not auth['failthrough'] }}] pam_unix.so nullok try_first_pass

{% elif auth['login'] == 'ldap,local' %}
auth [success=2 default=ignore] pam_ldap.so minimum_uid=1000 try_first_pass
auth [success=1 default=ignore] pam_unix.so nullok try_first_pass
{% elif auth['login'] == 'local,ldap' %}
auth [success=2 default=ignore] pam_unix.so nullok try_first_pass
auth [success=1 default=ignore] pam_ldap.so minimum_uid=1000 try_first_pass
{% elif auth['login'] == 'ldap' %}
auth [success=1 default=ignore] pam_ldap.so minimum_uid=1000 try_first_pass

{% else %}
auth [success=1 default=ignore] pam_unix.so nullok try_first_pass

Expand Down
17 changes: 17 additions & 0 deletions data/templates/ldap.conf.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{{ ldap_cfg.cfg_servers(servers) }}

base {{ ldap_cfg.cfg_base(servers) }}

ldap_version {{ ldap_cfg.cfg_version(servers) }}

binddn {{ ldap_cfg.cfg_bind(servers) }}

bindpw {{ ldap_cfg.cfg_bindpw(servers) }}

port {{ ldap_cfg.cfg_port(servers) }}

scope {{ ldap_cfg.cfg_scope(servers) }}

timelimit {{ ldap_cfg.cfg_timeout(servers) }}

bind_timelimit {{ ldap_cfg.cfg_bind_timeout(servers) }}
41 changes: 41 additions & 0 deletions data/templates/nslcd.conf.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.

# The user and group nslcd should run as.
uid nslcd
gid nslcd

# The location at which the LDAP server(s) should be reachable.
{{ ldap_cfg.cfg_servers(servers) }}

# The search base that will be used for all queries.
base {{ ldap_cfg.cfg_base(servers) }}


# The LDAP protocol version to use.
ldap_version {{ ldap_cfg.cfg_version(servers) }}

# The DN to bind with for normal lookups.
binddn {{ ldap_cfg.cfg_bind(servers) }}
bindpw {{ ldap_cfg.cfg_bindpw(servers) }}

# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com

# SSL options
#ssl off
#tls_reqcert never
tls_cacertfile /etc/ssl/certs/ca-certificates.crt

# The search scope.
scope {{ ldap_cfg.cfg_scope(servers) }}

timelimit {{ ldap_cfg.cfg_timeout(servers) }}

bind_timelimit {{ ldap_cfg.cfg_bind_timeout(servers) }}

nss_initgroups_ignoreusers ALLLOCAL

nss_min_uid 1000

Loading