adding a canevas for role definition
This commit is contained in:
kakwa
parent
37953e0099
commit
d6b595bc7d
|
|
@ -43,16 +43,6 @@ log.access_handler = 'none'
|
|||
# log level
|
||||
log.level = 'info'
|
||||
|
||||
|
||||
#####################################
|
||||
# Form configuration #
|
||||
#####################################
|
||||
# redirect to zone page after adding/deleting a record
|
||||
# if 'on', redirects to zone page
|
||||
# if 'off', stays on a summary page
|
||||
form.add.redirect = 'on'
|
||||
form.del.redirect = 'on'
|
||||
|
||||
# session configuration
|
||||
# activate session
|
||||
tools.sessions.on = True
|
||||
|
|
@ -69,66 +59,24 @@ tools.sessions.timeout = 10
|
|||
# templates directory
|
||||
template_dir = '/usr/share/ldapcherry/templates/'
|
||||
|
||||
[backends]
|
||||
|
||||
ldap.module = 'ldapcherry.backends.ldap'
|
||||
ad.module = 'ldapcherry.backends.ad'
|
||||
|
||||
# authentification parameters
|
||||
[auth]
|
||||
|
||||
######################################
|
||||
# parameters for auth module 'none' #
|
||||
######################################
|
||||
# this module disable authentification
|
||||
# (if you use other means of authentification)
|
||||
# Auth mode
|
||||
# * and: user must authenticate on all backends
|
||||
# * or: user must authenticate on one of the backend
|
||||
# * none: disable authentification
|
||||
# * custom: custom authentification module (need auth.module param)
|
||||
auth.mode = 'or'
|
||||
|
||||
# auth module to load
|
||||
auth.module = 'ldapcherry.auth.modNone'
|
||||
# optional http header handling.
|
||||
# useful if username is transmitted by header
|
||||
# (permits nominative logs).
|
||||
# if activated, this header presence
|
||||
# in each request is mandatory.
|
||||
#auth.none.user_header_name = 'AUTH_USER'
|
||||
# custom auth module to load
|
||||
#auth.module = 'ldapcherry.auth.modNone'
|
||||
|
||||
#######################################
|
||||
## parameters for auth module 'ldap' #
|
||||
#######################################
|
||||
# This module is used for ldap authentification
|
||||
|
||||
## name of the auth module
|
||||
#auth.module = 'ldapcherry.auth.modLdap'
|
||||
## base dn where to search user
|
||||
#auth.ldap.userdn = 'ou=People,dc=example,dc=org'
|
||||
## ldap login filter
|
||||
#auth.ldap.user.filter.tmpl = '(uid=%(login)s)'
|
||||
## base dn for group
|
||||
## (if empty, all user in userdn can access ldapcherry)
|
||||
#auth.ldap.groupdn = 'cn=itpeople,ou=Groups,dc=example,dc=org'
|
||||
## ldap group filter
|
||||
#auth.ldap.group.filter.tmpl = '(member=%(userdn)s)'
|
||||
## bind dn
|
||||
#auth.ldap.binddn = 'cn=ldapcherry,dc=example,dc=org'
|
||||
## bind password
|
||||
#auth.ldap.bindpassword = 'password'
|
||||
## ldap uri
|
||||
#auth.ldap.uri = 'ldaps://ldap.ldapcherry.org'
|
||||
## ldap CA file (use for ssl/tls)
|
||||
#auth.ldap.ca = '/etc/ldapcherry/TEST-cacert.pem'
|
||||
## enable starttls (default off)
|
||||
##auth.ldap.starttls = 'on'
|
||||
## check certificat (default on)
|
||||
##auth.ldap.checkcert = 'off'
|
||||
|
||||
##########################################
|
||||
# parameters for auth module 'htpasswd' #
|
||||
##########################################
|
||||
# This module is used for htpasswd file
|
||||
# user database
|
||||
#
|
||||
# name of the auth module
|
||||
#auth.module = 'ldapcherry.auth.modHtpasswd'
|
||||
# path to htpasswd file
|
||||
#auth.htpasswd.file = '/etc/ldapcherry/users.db'
|
||||
|
||||
# enable cherrypy static handling
|
||||
# to comment if static content are handled otherwise
|
||||
[/static]
|
||||
tools.staticdir.on = True
|
||||
tools.staticdir.dir = '/usr/share/ldapcherry/static/'
|
||||
|
|
|
|||
|
|
@ -0,0 +1,48 @@
|
|||
admin-lv3:
|
||||
display_name: Administrators Level 3
|
||||
LC_admins: True
|
||||
backends:
|
||||
- backend_name: ldap
|
||||
groups:
|
||||
- cn=dns admins,ou=group,dc=example,dc=com
|
||||
- cn=nagios admins,ou=group,dc=example,dc=com
|
||||
- cn=puppet admins,ou=group,dc=example,dc=com
|
||||
- cn=users,ou=group,dc=example,dc=com
|
||||
- backend_name: ad
|
||||
groups:
|
||||
- Domain Users
|
||||
- Administrators
|
||||
- Domain Controllers
|
||||
|
||||
admin-lv2:
|
||||
display_name: Administrators Level 2
|
||||
backends:
|
||||
- backend_name: ldap
|
||||
groups:
|
||||
- cn=nagios admins,ou=group,dc=example,dc=com
|
||||
- cn=users,ou=group,dc=example,dc=com
|
||||
- backend_name: ad
|
||||
groups:
|
||||
- Domain Users
|
||||
|
||||
developpers:
|
||||
diplay_name: Developpers
|
||||
backends:
|
||||
- backend_name: ldap
|
||||
groups:
|
||||
- cn=nagios user,ou=group,dc=example,dc=com
|
||||
- cn=developpers,ou=group,dc=example,dc=com
|
||||
- cn=users,ou=group,dc=example,dc=com
|
||||
- backend_name: ad
|
||||
groups:
|
||||
- Domain Users
|
||||
|
||||
users:
|
||||
diplay_name: Simple Users
|
||||
backends:
|
||||
- backend_name: ldap
|
||||
groups:
|
||||
- cn=users,ou=group,dc=example,dc=com
|
||||
- backend_name: ad
|
||||
groups:
|
||||
- Domain Users
|
||||
Loading…
Reference in New Issue