opendev/system-config
Code Issues Proposed changes

Expands ldap to deal with nonstandard ldap configs.

Browse Source 
This patch addresses:

LDAP not requiring username or password (anonymous bind)
  This is required to support configurations where LDAP is on a secure network,
  and anonymous bind is enabled.

LDAP using a self signed SSL cert (verify ssl on or off)
  This is required to support configurations where LDAP requires SSL, but ssl is
  using an internal or self signed certificate, and therefore fails cert checks.
  This also covers testing conditions where a consumer might use OS with LDAP+ssl
  unsigned.

LDAP using a nonstandard cn naming convention (ie email address).
  This is required to deal with an edge case where 'cn' in ldap might be something
  other than a bare username.  Gerrit pulls the ssh username from that value and
  will not accept a non-alphanumeric address.  By setting 'accountSshUserName' in
  puppet, that is setable.

LDAP prepopulating account Full name.
  Gerrit has a configuration option to pull Full Name from LDAP, this change exposes
  that option.

Change-Id: Ibd41d59ff98e406b42e1e14cc17e23b3d6211d58
This commit is contained in:
Aaron Greengrass 2013-12-30 10:33:58 -08:00 committed by Aaron Greengrass
parent a6d4a971a1
commit 9315d1465e
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules/gerrit/manifests/init.pp
View File

@ -104,6 +104,9 @@ class gerrit(
$ldap_password = '',
$ldap_account_pattern = '',
$ldap_account_email_address = '',
$ldap_sslverify = true,
$ldap_ssh_account_name = '',
$ldap_accountfullname = '',
$email = '',
$smtpserver = 'localhost',
$sendemail_from = 'MIXED',

7
modules/gerrit/templates/gerrit.config.erb
View File

@ -26,10 +26,13 @@
[ldap]
server = <%= ldap_server %>
accountBase = <%= ldap_account_base %>
username = <%= ldap_username %>
password = <%= ldap_password %>
<% if ldap_username -%>username = <%= ldap_username %><%end%>
<% if ldap_password -%>password = <%= ldap_password %><%end%>
<% if ldap_accountfullname -%>accountFullName = <%= ldap_accountfullname %><%end%>
accountPattern = <%= ldap_account_pattern %>
accountEmailAddress = <%= ldap_account_email_address %>
sslVerify = <%= ldap_sslverify %>
<% if @ldap_ssh_account_name -%>accountSshUserName = <%= ldap_ssh_account_name %><%end%>
<% end %>
[sendemail]
smtpServer = <%= smtpserver %>