/
jaas-loginmodule.conf
77 lines (70 loc) · 3.95 KB
/
jaas-loginmodule.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
{% macro JettyCachingLdapLoginModule(module) %}
com.dtolabs.rundeck.jetty.jaas.{{module}} {{ getv("/rundeck/jaas/ldap/flag", "required") }}
debug="{{ getv("/rundeck/jaas/ldap/debug", "true") }}"
contextFactory="{{ getv("/rundeck/jaas/ldap/contextfactory", "com.sun.jndi.ldap.LdapCtxFactory") }}"
providerUrl="{{ getv("/rundeck/jaas/ldap/providerurl") }}"
bindDn="{{ getv("/rundeck/jaas/ldap/binddn") }}"
bindPassword="{{ getv("/rundeck/jaas/ldap/bindpassword") }}"
authenticationMethod="{{ getv("/rundeck/jaas/ldap/authenticationmode", "simple") }}"
forceBindingLogin="{{ getv("/rundeck/jaas/ldap/forcebindinglogin", "true") }}"
forceBindingLoginUseRootContextForRoles="{{ getv("/rundeck/jaas/ldap/forcebindingloginuserootcontextforroles", "true") }}"
userBaseDn="{{ getv("/rundeck/jaas/ldap/userbasedn") }}"
userRdnAttribute="{{ getv("/rundeck/jaas/ldap/userrdnattribute", "cn") }}"
userIdAttribute="{{ getv("/rundeck/jaas/ldap/useridattribute", "cn") }}"
userPasswordAttribute="{{ getv("/rundeck/jaas/ldap/userpasswordattribute", "userPassword") }}"
userObjectClass="{{ getv("/rundeck/jaas/ldap/userobjectclass", "person") }}"
roleBaseDn="{{ getv("/rundeck/jaas/ldap/rolebasedn") }}"
roleNameAttribute="{{ getv("/rundeck/jaas/ldap/rolenameattribute", "cn") }}"
roleMemberAttribute="{{ getv("/rundeck/jaas/ldap/rolememberattribute", "uniqueMember") }}"
roleObjectClass="{{ getv("/rundeck/jaas/ldap/roleobjectclass", "groupOfUniqueNames") }}"
rolePrefix="{{ getv("/rundeck/jaas/ldap/roleprefix", "") }}"
cacheDurationMillis="{{ getv("/rundeck/jaas/ldap/cachedurationmillis", "600000") }}"
reportStatistics="{{ getv("/rundeck/jaas/ldap/reportstatistics", "true") }}"
{% if exists("/rundeck/jaas/ldap/roleusernamememberattribute") -%}
roleUsernameMemberAttribute="{{ getv("/rundeck/jaas/ldap/roleusernamememberattribute") }}"
{% endif %}
{% if exists("/rundeck/jaas/ldap/ignoreroles") -%}
ignoreRoles={{ getv("/rundeck/jaas/ldap/ignoreroles") }}
{% endif %}
{% if exists("/rundeck/jaas/ldap/storepass") -%}
storePass={{ getv("/rundeck/jaas/ldap/storepass") }}
{% endif %}
{% if exists("/rundeck/jaas/ldap/clearpass") -%}
clearPass={{ getv("/rundeck/jaas/ldap/clearpass") }}
{% endif %}
{% if exists("/rundeck/jaas/ldap/usefirstpass") -%}
useFirstPass={{ getv("/rundeck/jaas/ldap/usefirstpass") }}
{% endif %}
{% if exists("/rundeck/jaas/ldap/tryfirstpass") -%}
tryFirstPass={{ getv("/rundeck/jaas/ldap/tryfirstpass") }}
{% endif %}
{% if exists("/rundeck/jaas/ldap/userlastnameattribute") -%}
userLastNameAttribute={{ getv("/rundeck/jaas/ldap/userlastnameattribute") }}
{% endif %}
{% if exists("/rundeck/jaas/ldap/userfirstnameattribute") -%}
userFirstNameAttribute={{ getv("/rundeck/jaas/ldap/userfirstnameattribute") }}
{% endif %}
{% if exists("/rundeck/jaas/ldap/useremailattribute") -%}
userEmailAttribute={{ getv("/rundeck/jaas/ldap/useremailattribute") }}
{% endif %}
;
{% endmacro %}
{% macro PropertyFileLoginModule() %}
org.eclipse.jetty.jaas.spi.PropertyFileLoginModule {{ getv("rundeck/jaas/file/required", "required") }}
debug="true"
file="/home/rundeck/server/config/realm.properties";
{% endmacro %}
rundeck {
{% for module in getvs("/rundeck/jaas/modules/*") %}
{% if module == "JettyCachingLdapLoginModule" -%}
{{ JettyCachingLdapLoginModule("JettyCachingLdapLoginModule") }}
{% elif module == "JettyCombinedLdapLoginModule" -%}
{{ JettyCachingLdapLoginModule("JettyCombinedLdapLoginModule") }}
{% elif module == "PropertyFileLoginModule" -%}
{{ PropertyFileLoginModule() }}
{% endif %}
{% endfor %}
{% if not exists("/rundeck/jaas/modules/0") -%}
{{ PropertyFileLoginModule() }}
{% endif %}
};