mirror of
https://github.com/ansible/awx.git
synced 2026-03-23 03:45:01 -02:30
Remove LDAP authentication (#15546)
Remove LDAP authentication from AWX
This commit is contained in:
Djebran Lezzoum
committed by
jessicamack
jessicamack
parent
6dea7bfe17
commit
f22b192fb4
@@ -146,31 +146,6 @@ services:
|
||||
depends_on:
|
||||
- postgres
|
||||
{% endif %}
|
||||
{% if enable_ldap|bool %}
|
||||
ldap:
|
||||
image: bitnami/openldap:2
|
||||
container_name: tools_ldap_1
|
||||
hostname: ldap
|
||||
user: "{{ ansible_user_uid }}"
|
||||
networks:
|
||||
- awx
|
||||
ports:
|
||||
- "389:1389"
|
||||
- "636:1636"
|
||||
environment:
|
||||
LDAP_ADMIN_USERNAME: admin
|
||||
LDAP_ADMIN_PASSWORD: admin
|
||||
LDAP_CUSTOM_LDIF_DIR: /opt/bitnami/openldap/ldiffs
|
||||
LDAP_ENABLE_TLS: "yes"
|
||||
LDAP_LDAPS_PORT_NUMBER: 1636
|
||||
LDAP_TLS_CERT_FILE: /opt/bitnami/openldap/certs/{{ ldap_public_key_file_name }}
|
||||
LDAP_TLS_CA_FILE: /opt/bitnami/openldap/certs/{{ ldap_public_key_file_name }}
|
||||
LDAP_TLS_KEY_FILE: /opt/bitnami/openldap/certs/{{ ldap_private_key_file_name }}
|
||||
volumes:
|
||||
- 'openldap_data:/bitnami/openldap'
|
||||
- '../../docker-compose/_sources/ldap_certs:/opt/bitnami/openldap/certs'
|
||||
- '../../docker-compose/_sources/ldap_diffs:/opt/bitnami/openldap/ldiffs'
|
||||
{% endif %}
|
||||
{% if enable_splunk|bool %}
|
||||
splunk:
|
||||
image: splunk/splunk:latest
|
||||
@@ -376,11 +351,6 @@ volumes:
|
||||
redis_socket_{{ container_postfix }}:
|
||||
name: tools_redis_socket_{{ container_postfix }}
|
||||
{% endfor -%}
|
||||
{% if enable_ldap|bool %}
|
||||
openldap_data:
|
||||
name: tools_ldap_1
|
||||
driver: local
|
||||
{% endif %}
|
||||
{% if enable_vault|bool %}
|
||||
hashicorp_vault_data:
|
||||
name: tools_vault_1
|
||||
|
||||
@@ -1,99 +0,0 @@
|
||||
dn: dc=example,dc=org
|
||||
objectClass: dcObject
|
||||
objectClass: organization
|
||||
dc: example
|
||||
o: example
|
||||
|
||||
dn: ou=users,dc=example,dc=org
|
||||
ou: users
|
||||
objectClass: organizationalUnit
|
||||
|
||||
dn: cn=awx_ldap_admin,ou=users,dc=example,dc=org
|
||||
mail: admin@example.org
|
||||
sn: LdapAdmin
|
||||
cn: awx_ldap_admin
|
||||
objectClass: top
|
||||
objectClass: person
|
||||
objectClass: organizationalPerson
|
||||
objectClass: inetOrgPerson
|
||||
userPassword: admin123
|
||||
givenName: awx
|
||||
|
||||
dn: cn=awx_ldap_auditor,ou=users,dc=example,dc=org
|
||||
mail: auditor@example.org
|
||||
sn: LdapAuditor
|
||||
cn: awx_ldap_auditor
|
||||
objectClass: top
|
||||
objectClass: person
|
||||
objectClass: organizationalPerson
|
||||
objectClass: inetOrgPerson
|
||||
userPassword: audit123
|
||||
givenName: awx
|
||||
|
||||
dn: cn=awx_ldap_unpriv,ou=users,dc=example,dc=org
|
||||
mail: unpriv@example.org
|
||||
sn: LdapUnpriv
|
||||
cn: awx_ldap_unpriv
|
||||
objectClass: top
|
||||
objectClass: person
|
||||
objectClass: organizationalPerson
|
||||
objectClass: inetOrgPerson
|
||||
givenName: awx
|
||||
userPassword: unpriv123
|
||||
|
||||
dn: ou=groups,dc=example,dc=org
|
||||
ou: groups
|
||||
objectClass: top
|
||||
objectClass: organizationalUnit
|
||||
|
||||
dn: cn=awx_users,ou=groups,dc=example,dc=org
|
||||
cn: awx_users
|
||||
objectClass: top
|
||||
objectClass: groupOfNames
|
||||
member: cn=awx_ldap_admin,ou=users,dc=example,dc=org
|
||||
member: cn=awx_ldap_auditor,ou=users,dc=example,dc=org
|
||||
member: cn=awx_ldap_unpriv,ou=users,dc=example,dc=org
|
||||
member: cn=awx_ldap_org_admin,ou=users,dc=example,dc=org
|
||||
|
||||
dn: cn=awx_admins,ou=groups,dc=example,dc=org
|
||||
cn: awx_admins
|
||||
objectClass: top
|
||||
objectClass: groupOfNames
|
||||
member: cn=awx_ldap_admin,ou=users,dc=example,dc=org
|
||||
|
||||
dn: cn=awx_auditors,ou=groups,dc=example,dc=org
|
||||
cn: awx_auditors
|
||||
objectClass: top
|
||||
objectClass: groupOfNames
|
||||
member: cn=awx_ldap_auditor,ou=users,dc=example,dc=org
|
||||
|
||||
dn: cn=awx_ldap_org_admin,ou=users,dc=example,dc=org
|
||||
mail: org.admin@example.org
|
||||
sn: LdapOrgAdmin
|
||||
cn: awx_ldap_org_admin
|
||||
objectClass: top
|
||||
objectClass: person
|
||||
objectClass: organizationalPerson
|
||||
objectClass: inetOrgPerson
|
||||
givenName: awx
|
||||
userPassword: orgadmin123
|
||||
|
||||
dn: cn=awx_org_admins,ou=groups,dc=example,dc=org
|
||||
cn: awx_org_admins
|
||||
objectClass: top
|
||||
objectClass: groupOfNames
|
||||
member: cn=awx_ldap_org_admin,ou=users,dc=example,dc=org
|
||||
|
||||
{% if enable_ldap|bool and enable_vault|bool %}
|
||||
dn: cn={{ vault_ldap_username }},ou=users,dc=example,dc=org
|
||||
changetype: add
|
||||
mail: vault@example.org
|
||||
sn: LdapVaultAdmin
|
||||
cn: {{ vault_ldap_username }}
|
||||
objectClass: top
|
||||
objectClass: person
|
||||
objectClass: organizationalPerson
|
||||
objectClass: inetOrgPerson
|
||||
userPassword: {{ vault_ldap_password }}
|
||||
givenName: awx
|
||||
{% endif %}
|
||||
@@ -42,10 +42,6 @@ OPTIONAL_API_URLPATTERN_PREFIX = '{{ api_urlpattern_prefix }}'
|
||||
# Enable the following line to turn on database settings logging.
|
||||
# LOGGING['loggers']['awx.conf']['level'] = 'DEBUG'
|
||||
|
||||
# Enable the following lines to turn on LDAP auth logging.
|
||||
# LOGGING['loggers']['django_auth_ldap']['handlers'] = ['console']
|
||||
# LOGGING['loggers']['django_auth_ldap']['level'] = 'DEBUG'
|
||||
|
||||
{% if enable_otel|bool %}
|
||||
LOGGING['handlers']['otel'] |= {
|
||||
'class': 'awx.main.utils.handlers.OTLPHandler',
|
||||
|
||||
Reference in New Issue
Block a user