search

Confluex / Zuul

Keymaster and Gatekeeper - Application Configuration Management
http://confluex.com
Apache License 2.0
42 stars 32 forks source link

Unable to integrate With Generic LDAP #66

Closed rakhibigdata closed 10 years ago

rakhibigdata commented 10 years ago

Hi mcantrell this is Rakesh.T, Can you please help to integrate ZUUL with LDAP. If you provide one example that will helps a lot ...... We already tried with example from the below link as you gave earlier in ZUUL doc , Still we are unable reach our goal... could you please help me furtherly....?

https://github.com/mcantrell/Zuul/wiki/Security ( not worked out)

mcantrell commented 10 years ago

You'll need to adjust the ldap.user.search.filter to use your id attribute. For instance, if your LDAP uses the uid attribute, then set it to:

ldap.user.search.filter=uid={0}

If your groups objectClass is groupOfNames, the group filter should be ok. If not, let me know what objectClass you're using and I'll see if I can help. Your ldap.username property should be a the full distinguishedName for the user you wish to authenticate with. For example:

ldap.username=cn=My Application,ou=Users,dc=acme,dc=com
rakhibigdata commented 10 years ago

Hi actually we are trying the below properties(ldap.properties)

-- Example Active Directory Configuration

ldap.url=ldap://dramultp.IND.domain.Companyname.com:389 ldap.username=cn=Directory Manager ldap.userDn=dc=IND,dc=domain,dc=companyname,dc=com ldap.password=sw123

ldap.root.dn=dc=IND,dc=domain,dc=companyname,dc=com

ldap.dn.ROLE_SYSTEM_ADMIN=cn=Zuul System Admins,ou=Groups,dc=IND,dc=domain,dc=companyname,dc=com ldap.dn.ROLE_ADMIN=cn=Zuul Admins,ou=Groups,dc=IND,dc=domain,dc=companyname,dc=com ldap.dn.ROLE_USER=cn=Zuul Users,ou=Groups,dc=IND,dc=domain,dc=companyname,dc=com ldap.group.search.base=ou=Groups,dc=IND,dc=domain,dc=companyname,dc=com ldap.group.role.attribute=distinguishedName ldap.group.filter=member={0} ldap.user.search.base=ou=People,dc=IND,dc=domain,dc=companyname,dc=com ldap.user.search.filter=samAccountName={0}

Can you please observe the above file. And help me to integrate ZUUL with LDAP....

mcantrell commented 10 years ago

Try the following:

ldap.url=ldap://ldap.acme.com:389
ldap.username=cn=Directory Manager,dc=IND,dc=domain,dc=companyname,dc=com
ldap.password=**********
ldap.dn.ROLE_SYSTEM_ADMIN=cn=Zuul System Admins,ou=Groups,dc=IND,dc=domain,dc=companyname,dc=com
ldap.dn.ROLE_ADMIN=cn=Zuul Admins,ou=Groups,dc=IND,dc=domain,dc=companyname,dc=com
ldap.dn.ROLE_USER=cn=Zuul Users,ou=Groups,dc=IND,dc=domain,dc=companyname,dc=com
ldap.group.search.base=ou=Groups,dc=IND,dc=domain,dc=companyname,dc=com
ldap.group.role.attribute=distinguishedName
ldap.group.filter=member={0}
ldap.user.search.base=ou=People,dc=IND,dc=domain,dc=companyname,dc=com
ldap.user.search.filter=uid={0}
eddumelendez commented 10 years ago

You can review this post. I hope this help you.

http://eddumelendez.github.io/blog/2014/08/11/zuul-application-configuration-management/

mcantrell commented 10 years ago

That's great! Thank you very much. I'll link this from the README if you don't mind?

eddumelendez commented 10 years ago

It's ok for me. Thanks to you to take it into account :)