Allow hybrid LDAP + properties file group authentication

[Zophar78]

Could you add this feature? There's a good example here:
https://github.com/coiouhkc/rundeck-hybrid-login

The idea is to have a LDAP authentication and map user roles based on properties file. The above example is case sensitive which should be case insensitive.

Thanks,
Pierre

[chemphill]

👍 This would be an extremely useful feature

[davebotelho]

Yes please. We would require this ability because we do not have an LDAP autogroup for everyone in our company. Also, just the option to use LDAP as authentication without roles would be helpful.

[Zophar78]

Have updated the hybrid-login module for rundeck 2.0.x... Works fine for me. In case of you'll find it here:
https://github.com/Zophar78/rundeck-hybrid-login

[davebotelho]

I’m going to try it out today.

From: Pierre Hanselmann [mailto:notifications@github.com]
Sent: Friday, March 28, 2014 11:32 AM
To: rundeck/rundeck
Cc: Botelho, David
Subject: Re: [rundeck] Allow hybrid LDAP + properties file group authentication (#608)

Have updated the hybrid-login module for rundeck 2.0.x... Works fine for me. In case of you'll find it here:
https://github.com/Zophar78/rundeck-hybrid-login

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/608#issuecomment-38932137.

[davebotelho]

Looks like its authenticating correctly using LDAP but I’m still facing the !role issue because now every users must have a role. That’s still a problem for us as we do not define roles in LDAP for each user.

Thanks,
Dave

From: Pierre Hanselmann [mailto:notifications@github.com]
Sent: Friday, March 28, 2014 11:32 AM
To: rundeck/rundeck
Cc: Botelho, David
Subject: Re: [rundeck] Allow hybrid LDAP + properties file group authentication (#608)

Have updated the hybrid-login module for rundeck 2.0.x... Works fine for me. In case of you'll find it here:
https://github.com/Zophar78/rundeck-hybrid-login

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/608#issuecomment-38932137.

[Zophar78]

Hey Greg any news on this one?
Still looking a way to get my users auth through LDAP and roles assigned by file....
It works with this one : https://github.com/Zophar78/rundeck-hybrid-login

I'm looking for a more "standard" way to do it (Seems you've implmented that for PAM). Why i'm not able to use something like this (looks like roles are totally ignored):

MyLoginModule {
com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule required
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
providerUrl="ldap://xxx.xxx.com:3268"
bindDn="xxxxx"
bindPassword="xxxxx
authenticationMethod="simple"
forceBindingLogin="true"
userBaseDn="OU=Organizations,DC=mycompany,DC=com"
userRdnAttribute="cn"
userIdAttribute="cn"
userPasswordAttribute="unicodePwd"
userObjectClass="user"
roleBaseDn="OU=Organizations,DC=mycompany,DC=com"
roleNameAttribute="cn"
roleMemberAttribute="member"
roleObjectClass="group"
cacheDurationMillis="300000"
reportStatistics="true"
nestedGroups="false";

org.rundeck.jaas.jetty.JettyRolePropertyFileLoginModule required
  debug="true"
  useFirstPass="true"
  file="/etc/rundeck/role.properties";

};

Auth works but role assignment seems not processed:
2015-03-20 14:26:48.690:INFO:cdrjj.JettyCachingLdapLoginModule:Login attempts: 1, Hits: 0, Ratio: 0%.
2015-03-20 14:26:48.723:INFO:cdrjj.JettyCachingLdapLoginModule:Attempting authentication: CN=NNHanselPi,OU=xxxx,OU=Users and Groups,OU=Switzerland,OU=EUR,OU=Organizations,DC=mycompany,DC=com

And i get the !Role exception message.... Any feedback?

[gschueler]

The JettyCachingLdapLoginModule module still doesn't support the storePass feature, which is needed. Sorry I will try to queue this for 2.5 release

[Zophar78]

Don't be sorry you're doing an awsome job! Thanks for the update.