Dear all, I have the question about role base access control to webvirtmgr.
So, I'm new in the project, and I try to setup ldap base login (I use samba4 as a my production ldap server). We LOVE OpenSource :)
I have created the following config for me (I hope it will be good for other peolpe as an expample). It is suitable for webvirtmgr v 4.8.9:
/home/webvirtmgr/webvirtmgr/webvirtmgr/local/local_settings.py
import os
DEBUG = False
TEMPLATE_DEBUG = DEBUG
import ldap
from django_auth_ldap.config import LDAPSearch, ActiveDirectoryGroupType
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
)
AUTH_LDAP_GLOBAL_OPTIONS = {
ldap.OPT_X_TLS_REQUIRE_CERT: False,
}
AUTH_LDAP_SERVER_URI = "ldap://domainctrl"
AUTH_LDAP_BIND_DN = "CN=xxx,CN=Users,DC=company,DC=ru"
AUTH_LDAP_BIND_PASSWORD = "xxx"
AUTH_LDAP_USER_SEARCH = LDAPSearch("CN=Users,DC=company,DC=ru",
ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("CN=Users,DC=company,DC=ru",
ldap.SCOPE_SUBTREE, "(objectClass=group)"
)
AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType()
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_active": ["CN=kvm,CN=Users,DC=company,DC=ru"],
}
TIME_JS_REFRESH = 2000
ALLOWED_HOSTS = ['*']
TIME_ZONE = 'Europe/Moscow'
LANGUAGE_CODE = 'ru-RU'
SITE_ID = 1
USE_I18N = True
USE_L10N = True
USE_TZ = True
After that, you can login to webvirtmgr if you belong to kvm group.
So, my question is about:
# "is_staff": "CN=kvm,CN=Users,DC=company,DC=ru",
# "is_superuser": "CN=kvm,CN=Users,DC=company,DC=ru"
I have seen that is doesn't matter with this settings.
Can I have some group with a poor privileged? For example access to "$vm1" or "$vm2"? Or just allow to reboot machine without destroy it, and so on?
I have an understand about hard to implement that, but maybe.
And my second question is about: How I can add my example to setup section of documentation? It is so hard for new people to setup LDAP implement in django. I think it will be good for other gays.
And my last question is about: How can I debug LDAP and other settings? I have setup in my local_settings.py without success
import ldap, logging
from django_auth_ldap.config import LDAPSearch, ActiveDirectoryGroupType
logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.setLevel(logging.DEBUG)
After that I have setup a path for log file in: gunicorn.conf.py: logfile = ... Without succes too. So I cannot see any logs in /var/log/supervisor about LDAP. So, how can I debug LDAP settings? I just use tcpdump for that now :) .
Thank for all. I hope my post will help you with a basic ldap setup.
Dear all, I have the question about role base access control to webvirtmgr.
So, I'm new in the project, and I try to setup ldap base login (I use samba4 as a my production ldap server). We LOVE OpenSource :)
I have created the following config for me (I hope it will be good for other peolpe as an expample). It is suitable for webvirtmgr v 4.8.9:
After that, you can login to webvirtmgr if you belong to kvm group.
So, my question is about:
I have seen that is doesn't matter with this settings.
Can I have some group with a poor privileged? For example access to "$vm1" or "$vm2"? Or just allow to reboot machine without destroy it, and so on?
I have an understand about hard to implement that, but maybe.
And my second question is about: How I can add my example to setup section of documentation? It is so hard for new people to setup LDAP implement in django. I think it will be good for other gays.
And my last question is about: How can I debug LDAP and other settings? I have setup in my local_settings.py without success
After that I have setup a path for log file in: gunicorn.conf.py: logfile = ... Without succes too. So I cannot see any logs in /var/log/supervisor about LDAP. So, how can I debug LDAP settings? I just use tcpdump for that now :) .
Thank for all. I hope my post will help you with a basic ldap setup.