LDAP

[odinu]

Hi. This is what I've been able to come up with for LDAP. It seems to work. I only tested on Centos 7 because that's what was easiest for me, so unfortunately I don't know what the 'openldap-devel' package is called on other distros, to add it to the list of dependencies in _setup/1prepare.sh My /etc/vespene/settings.d/ldap.py is kind of useless because of too many specific settings which vary depending on how your LDAP server is set up. I replaced those parameters with '' and copy pasted the file here. It's just a basic example, I haven't have time to properly configure the groups and things, but logging in works.

[CLAassistant]

All committers have signed the CLA.

[mpdehaan]

This looks perfect and I'll get around to testing on my instance shortly. I think the only one thing I would change is naming 'ldap.py' to 'authentication.py' or something, because it's not really LDAP specific.

I think that's good enough to get started. I need to verify that those modules without the C-libraries installed don't crash the stock install, but that should be the only barrier to merging this. And even then, we could add a try/except around the Import if that proved to be the case.

Will test out shortly and let you know!

After we get this merged in we can add a bit about pointers to the LDAP config docs online for those that want to get this going.

I suspect some folks will want SAML instead, but as I don't have Okta or anything like that around, I'll leave those additions for those that may want to add them.

Thanks again, this is awesome!

[odinu]

I changed the naming. Unfortunately I think the modules do crash the stock install. It would be nice to add the equivalent of 'openldap-devel' as a dependency for every supported distro but I don't know how to do that quickly. If you don't have an automated way of testing I could just install a VM with each OS and test there. I will help with the docs although I can't offer much advice, but regarding SAML and Okta, I know nothing about them so I won't be able to help.

[mpdehaan]

Excellent!

Yeah no problem there on Okta/SAML bits. I have some friends who have a SAML setup so when they need it perhaps it will get added. That's something people don't usually worry about unless they have them.

I'll probably get around to testing/tweaking this after Thanksgiving - I can basically guard the LDAP import stuff behind a LDAP_ENABLED = True/False or something and it should be harmless enough, and shouldn't be too painful. I can test by first running it without installing the packages and seeing what happens.

If it doesn't import them if a flag isn't set, we can let those trying to get LDAP going on other platforms to worry about updating setup instructions and the docs can point at that.

Thank you!

[mpdehaan]

Merged in, thanks!

I decided to remove the two LDAP libraries from requirements.txt and comment out the import, but leave authentication.py having them commented out with install instructions.

The LDAP libraries for CentOS are still in the setup scripts - this way, other installs won't fail trying to install without knowing what their LDAP situation is for now.

Thanks very much for this and glad to see it basically just worked out!

[odinu]

Thanks for merging and for all the help you offered. I will try to contribute more if I can.