[Pki-devel] [PATCH] pki-cfu-0090-Ticket-1531-Directory-auth-plugin-requires-LDAP-anon.patch
Christina Fu
cfu at redhat.com
Wed Aug 5 23:43:16 UTC 2015
This patch is for ticket
https://fedorahosted.org/pki/ticket/1531 Directory auth plugin requires
LDAP anonymous binds
This patch adds a feature to allow a directory based authentication
plugin
to use bound ldap conneciton instead of anonymous.
Two files need to be edited
1. <instance>/conf/password.conf
add a "tag" and the password of the binding user dn to the file
e.g. externalLDAP=password123
2. <instance>/ca/CS.cfg
add the tag to cms.passwordlist:
e.g. cms.passwordlist=internaldb,replicationdb,externalLDAP
add the prefix of the auths entry for the authentication instance
e.g. externalLDAP.prefix=auths.instance.UserDirEnrollment
add relevant entries to the authenticaiton instance
e.g. auths.instance.UserDirEnrollment.ldap.ldapBoundConn=true
auths.instance.UserDirEnrollment.ldap.ldapauth.authtype=BasicAuth
auths.instance.UserDirEnrollment.ldap.ldapauth.bindDN=uid=rhcs,ou=serviceaccounts,dc=EXAMPLE,dc=com
auths.instance.UserDirEnrollment.ldap.ldapauth.bindPWPrompt=externalLDAP
The code has been tested to work.
The code (in its plugin form) has also been tested to work successfully
with an ldap server that has its anonymous bind turned off.
thanks,
Christina
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-cfu-0090-Ticket-1531-Directory-auth-plugin-requires-LDAP-anon.patch
Type: text/x-patch
Size: 8270 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20150805/ebf54d65/attachment.bin>
More information about the Pki-devel
mailing list