Merge branch 'fub_ldap' into 'master'

Fix ldap key issues See merge request !30

Merge branch 'fub_ldap' into 'master'
1f05e92e · Martin Bergemann · b045f57a · fb4050be · 1f05e92e · 1f05e92e
Commit 1f05e92e authored 2 years ago by Martin Bergemann
--- a/assets/config/inventory.toml
+++ b/assets/config/inventory.toml
@@ -183,6 +183,22 @@ ldap_user_base = "cn=users,cn=accounts,dc=dkrz,dc=de"
 ldap_group_base = "cn=groups,cn=accounts,dc=dkrz,dc=de"
 ## distinguished name (dn) for the ldap user
 ldap_user_dn = "uid=dkrzagent,cn=sysaccounts,cn=etc,dc=dkrz,dc=de"
+## use encrypted ldap connection (needs to be configured)
+auth_ldap_start_tls = false
+## Set ldap last name search key
+ldap_last_name_field = "givenname"
+## Set ldap first name search key
+ldap_first_name_field = "sn"
+## Set ldap email earch key
+ldap_email_name_field = "mail"
+# Set the ldap group class name
+ldap_group_class = "groupOfNames"
+# Set the ldap group type, available values are are [posix, nested]
+ldap_group_type = "nested"
+# Set the ldap tools class for users
+ldap_model = "MiklipUserInformation"
+
+
 ## set the passwd for the ldap user
 ldap_user_pw = "dkrzprox"
 #######

--- a/assets/playbooks/core-server-playbook.yml
+++ b/assets/playbooks/core-server-playbook.yml
@@ -61,6 +61,7 @@
        state: directory
        mode: "3775"
      become: "{{'yes' if core_ansible_become_user is defined else 'no' }}"
+      ignore_errors: true
      when: core_scheduler_output_dir | length != 0
    - name: Creating preview path
      file:
@@ -120,7 +121,7 @@
        chdir: /tmp/evaluation_system
      environment:
        PYTHON3: "{{ ansible_python_interpreter }}"
-        EVALUATION_SYSTEM_CONFIG_FILE: "{{ core_root_dir }}/{{eval_path}}"
+        EVALUATION_SYSTEM_CONFIG_FILE: "/tmp/evaluation_system/evaluation_system.conf"
      become: "{{'yes' if core_ansible_become_user is defined else 'no' }}"
    - name: Copying Public key file
      copy:

--- a/src/freva_deployment/__init__.py
+++ b/src/freva_deployment/__init__.py
-__version__ = "2205.1.6"
+__version__ = "2205.1.7"
 AVAILABLE_PYTHON_VERSIONS = ["3.7", "3.8", "3.9", "3.10"]
 AVAILABLE_CONDA_ARCHS = [
    "Linux-x86_64",

--- a/src/freva_deployment/ui/deployment_tui/deploy_forms.py
+++ b/src/freva_deployment/ui/deployment_tui/deploy_forms.py
@@ -219,6 +219,13 @@ class WebScreen(BaseForm):
    certificates: list[str] = ["public", "private", "chain"]
    """The type of certificate files this step needs."""

+    def get_index(self, choices: list[str], key: str):
+        """Get the key value pair for a combo box"""
+        for nn, choice in enumerate(choices):
+            if choice == key:
+                return nn
+        return 0
+
    def _add_widgets(self) -> None:
        """Add widgets to the screen."""
        self.list_keys = "contacts", "address", "scheduler_host"
@@ -423,6 +430,70 @@ class WebScreen(BaseForm):
                ),
                True,
            ),
+            ldap_first_name_field=(
+                self.add_widget_intelligent(
+                    npyscreen.TitleText,
+                    name=(f"{self.num}Ldap search search key for first name"),
+                    value=cfg.get(
+                        "ldap_first_name_field",
+                        "givenname",
+                    ),
+                ),
+                False,
+            ),
+            ldap_last_name_field=(
+                self.add_widget_intelligent(
+                    npyscreen.TitleText,
+                    name=(f"{self.num}Ldap search search key for last name"),
+                    value=cfg.get(
+                        "ldap_last_name_field",
+                        "sn",
+                    ),
+                ),
+                False,
+            ),
+            ldap_email_field=(
+                self.add_widget_intelligent(
+                    npyscreen.TitleText,
+                    name=(f"{self.num}Ldap search search key for email addr"),
+                    value=cfg.get(
+                        "ldap_email_field",
+                        "mail",
+                    ),
+                ),
+                False,
+            ),
+            ldap_group_class=(
+                self.add_widget_intelligent(
+                    npyscreen.TitleText,
+                    name=(f"{self.num}Ldap object class"),
+                    value=cfg.get(
+                        "ldap_group_class",
+                        "groupOfNames",
+                    ),
+                ),
+                True,
+            ),
+            ldap_group_type=(
+                self.add_widget_intelligent(
+                    npyscreen.TitleCombo,
+                    name=(f"{self.num}Ldap group type"),
+                    value=self.get_index(
+                        ["posix", "nested"],
+                        cast(str, cfg.get("ldap_group_type", "nested")),
+                    ),
+                    values=["posix", "nested"],
+                ),
+                True,
+            ),
+            ldap_model=(
+                self.add_widget_intelligent(
+                    npyscreen.TitleText,
+                    name=(f"{self.num}Ldap tools class to be used for authentication."),
+                    value=cfg.get("ldap_model", "MiklipUserInformation"),
+                ),
+                True,
+            ),
            ansible_python_interpreter=(
                self.add_widget_intelligent(
                    npyscreen.TitleFilename,