Aaron Greengrass 9315d1465e Expands ldap to deal with nonstandard ldap configs.
This patch addresses:

LDAP not requiring username or password (anonymous bind)
  This is required to support configurations where LDAP is on a secure network,
  and anonymous bind is enabled.

LDAP using a self signed SSL cert (verify ssl on or off)
  This is required to support configurations where LDAP requires SSL, but ssl is
  using an internal or self signed certificate, and therefore fails cert checks.
  This also covers testing conditions where a consumer might use OS with LDAP+ssl
  unsigned.

LDAP using a nonstandard cn naming convention (ie email address).
  This is required to deal with an edge case where 'cn' in ldap might be something
  other than a bare username.  Gerrit pulls the ssh username from that value and
  will not accept a non-alphanumeric address.  By setting 'accountSshUserName' in
  puppet, that is setable.

LDAP prepopulating account Full name.
  Gerrit has a configuration option to pull Full Name from LDAP, this change exposes
  that option.

Change-Id: Ibd41d59ff98e406b42e1e14cc17e23b3d6211d58
2013-12-30 13:04:39 -08:00

119 lines
3.2 KiB
Plaintext

# This file is managed by puppet.
# https://git.openstack.org/cgit/openstack-infra/config
[gerrit]
basePath = git
canonicalWebUrl = <%= canonicalweburl %>
[database]
type = MYSQL
hostname = localhost
database = reviewdb
username = gerrit2
<% if database_poollimit != "" -%>
poolLimit = <%= database_poollimit %>
<% end -%>
connectionpool = true
[auth]
<% if gerrit_contributor_agreement -%>
contributorAgreements = true
<% end -%>
type = <%= gerrit_auth_type %>
cookieSecure = true
<% if gerrit_auth_type == 'OPENID_SSO' -%>
openIdSsoUrl = <%= openidssourl %>
<% end -%>
<% if gerrit_auth_type == 'LDAP' -%>
[ldap]
server = <%= ldap_server %>
accountBase = <%= ldap_account_base %>
<% if ldap_username -%>username = <%= ldap_username %><%end%>
<% if ldap_password -%>password = <%= ldap_password %><%end%>
<% if ldap_accountfullname -%>accountFullName = <%= ldap_accountfullname %><%end%>
accountPattern = <%= ldap_account_pattern %>
accountEmailAddress = <%= ldap_account_email_address %>
sslVerify = <%= ldap_sslverify %>
<% if @ldap_ssh_account_name -%>accountSshUserName = <%= ldap_ssh_account_name %><%end%>
<% end %>
[sendemail]
smtpServer = <%= smtpserver %>
from = <%= sendemail_from %>
[container]
user = gerrit2
javaHome = <%= java_home %>
<% if container_heaplimit != "" -%>
heapLimit = <%= container_heaplimit %>
<% end -%>
[core]
<% if core_packedgitopenfiles != "" -%>
packedGitOpenFiles = <%= core_packedgitopenfiles %>
<% end -%>
<% if core_packedgitlimit != "" -%>
packedGitLimit = <%= core_packedgitlimit %>
<% end -%>
<% if core_packedgitwindowsize != "" -%>
packedGitWindowSize = <%= core_packedgitwindowsize %>
<% end -%>
[sshd]
listenAddress = <%= sshd_listen_address %>
<% if sshd_threads != "" -%>
threads = <%= sshd_threads %>
<% end -%>
[httpd]
listenUrl = proxy-https://*:8081/
<% if httpd_maxwait != "" -%>
maxWait = <%= httpd_maxwait %>
<% end -%>
<% if httpd_acceptorthreads != "" -%>
acceptorThreads = <%= httpd_acceptorthreads %>
<% end -%>
<% if httpd_minthreads != "" -%>
minThreads = <%= httpd_minthreads %>
<% end -%>
<% if httpd_maxthreads != "" -%>
maxThreads = <%= httpd_maxthreads %>
<% end -%>
[cache]
directory = cache
[cache "web_sessions"]
maxAge = 1d
[user]
email = <%= email %>
<% commentlinks.each do |commentlink| -%>
[commentlink "<%= commentlink['name'] %>"]
match = "<%= commentlink['match'] %>"
<% if commentlink['link'] != "" -%>
link = "<%= commentlink['link'] %>"
<% end -%>
<% if commentlink['html'] != "" -%>
html = "<%= commentlink['html'] %>"
<% end -%>
<% end -%>
[theme]
backgroundColor = ffffff
topMenuColor = ffffff
textColor = 264d69
trimColor = eef3f5
selectionColor = d1e6ea
changeTableOutdatedColor = f5cccc
tableOddRowColor = ffffff
tableEvenRowColor = f5f5ff
[melody]
monitoring = <%= enable_melody %>
session = <%= melody_session %>
<% if gitweb or cgit -%>
[gitweb]
<% if gitweb -%>
revision = "?p=${project}.git;a=commitdiff;h=${commit}"
<% else -%>
type = cgit
<% end -%>
<% if scope.lookupvar("gerrit::web_repo_url") -%>
url = "<%= scope.lookupvar('gerrit::web_repo_url') %>"
<% end -%>
<% end -%>
<% if contactstore == true -%>
[contactstore]
appsec = <%= contactstore_appsec %>
url = <%= contactstore_url %>
<% end -%>