-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Why I did it To support LDAP feature - How I did it Similar to Radius/Tacacs authentication methods, the SONiC device is the LDAP client. Installed the Debian LDAP packages related to making SONiC able to function as an LDAP client. More description in the following HLD: sonic-net/SONiC#1487 - How to verify it Do LDAP configuration according to the HLD, then connect to the SONiC switch by using a user that exists in your LDAP server.
- Loading branch information
1 parent
7129232
commit afdc5d0
Showing
7 changed files
with
219 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
16 changes: 16 additions & 0 deletions
16
src/sonic-yang-models/tests/yang_model_tests/tests/ldap.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| { | ||
| "LDAP_TABLE": { | ||
| "desc": "Configure LDAP global fields." | ||
| }, | ||
| "LDAP_INVALID_TIMEOUT_TEST": { | ||
| "desc": "LDAP global configuration with invalid timeout value in LDAP table.", | ||
| "eStr": "LDAP timeout must be 1..60" | ||
| }, | ||
| "LDAP_SERVER_TEST" : { | ||
| "desc": "LDAP server configuration in LDAP_SERVER table." | ||
| }, | ||
| "LDAP_SERVER_INVALID_PRIORITY_TEST": { | ||
| "desc": "LDAP server configuration with invalid priority value in LDAP_SERVER table.", | ||
| "eStr": "LDAP server priority must be 1..8" | ||
| } | ||
| } |
61 changes: 61 additions & 0 deletions
61
src/sonic-yang-models/tests/yang_model_tests/tests_config/ldap.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| { | ||
| "LDAP_TABLE": { | ||
| "sonic-system-ldap:sonic-system-ldap": { | ||
| "sonic-system-ldap:LDAP": { | ||
| "global":{ | ||
| "bind_dn": "test_bind", | ||
| "bind_password": "secret", | ||
| "bind_timeout": "5", | ||
| "version": "3", | ||
| "base_dn": "test_base", | ||
| "port": "389", | ||
| "timeout": "5" | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "LDAP_INVALID_TIMEOUT_TEST": { | ||
| "sonic-system-ldap:sonic-system-ldap": { | ||
| "sonic-system-ldap:LDAP": { | ||
| "global": { | ||
| "bind_dn": "test_bind", | ||
| "bind_password": "secret", | ||
| "bind_timeout": "5", | ||
| "version": "3", | ||
| "base_dn": "test_base", | ||
| "port": "389", | ||
| "timeout": 150 | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "LDAP_SERVER_TEST": { | ||
| "sonic-system-ldap:sonic-system-ldap": { | ||
| "sonic-system-ldap:LDAP_SERVER": { | ||
| "LDAP_SERVER_LIST": [ | ||
| { | ||
| "hostname": "192.168.1.1", | ||
| "priority": 1 | ||
| }, | ||
| { | ||
| "hostname": "ldap_server_1", | ||
| "priority": 2 | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| }, | ||
|
|
||
| "LDAP_SERVER_INVALID_PRIORITY_TEST": { | ||
| "sonic-system-ldap:sonic-system-ldap": { | ||
| "sonic-system-ldap:LDAP_SERVER": { | ||
| "LDAP_SERVER_LIST": [ | ||
| { | ||
| "hostname": "192.168.1.1", | ||
| "priority": 70 | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
108 changes: 108 additions & 0 deletions
108
src/sonic-yang-models/yang-models/sonic-system-ldap.yang
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,108 @@ | ||
| module sonic-system-ldap { | ||
| yang-version 1.1; | ||
| namespace "http://github.com/Azure/sonic-system-ldap"; | ||
| prefix ssys-ldap; | ||
|
|
||
| import ietf-inet-types { | ||
| prefix inet; | ||
| } | ||
|
|
||
| description "LDAP YANG Module for SONiC OS"; | ||
|
|
||
| revision 2023-10-01 { | ||
| description "First Revision"; | ||
| } | ||
|
|
||
| container sonic-system-ldap { | ||
|
|
||
| container LDAP_SERVER { | ||
| list LDAP_SERVER_LIST { | ||
| max-elements 8; | ||
| key "hostname"; | ||
|
|
||
| leaf hostname { | ||
| type inet:host; | ||
| description | ||
| "LDAP server's Domain name or IP address (IPv4 or IPv6)"; | ||
| } | ||
|
|
||
| leaf priority { | ||
| default 1; | ||
| type uint8 { | ||
| range "1..8" { | ||
| error-message "LDAP server priority must be 1..8"; | ||
| } | ||
| } | ||
| description "Server priority"; | ||
| } | ||
| } | ||
| } | ||
|
|
||
| container LDAP { | ||
|
|
||
| container global { | ||
|
|
||
|
|
||
| leaf bind_dn { | ||
| type string { | ||
| length "1..65"; | ||
| } | ||
| description | ||
| 'LDAP global bind dn'; | ||
| } | ||
|
|
||
| leaf bind_password { | ||
| type string { | ||
| length "1..65"; | ||
| pattern "[^ #,]*" { | ||
| error-message 'LDAP shared secret (Valid chars are ASCII printable except SPACE, "#", and ",")'; | ||
| } | ||
| } | ||
| description "Shared secret used for encrypting the communication"; | ||
| } | ||
|
|
||
| leaf bind_timeout { | ||
| default 5; | ||
| type uint16 { | ||
| range "1..120" { | ||
| error-message "Ldap bind timeout must be 1..120"; | ||
| } | ||
| } | ||
| description "Ldap bind timeout"; | ||
| } | ||
|
|
||
| leaf version { | ||
| default 3; | ||
| type uint16 { | ||
| range "1..3" { | ||
| error-message "Ldap version must be 1..3"; | ||
| } | ||
| } | ||
| description "Ldap version"; | ||
| } | ||
|
|
||
| leaf base_dn { | ||
| type string { | ||
| length "1..65"; | ||
| } | ||
| description "Ldap user base dn"; | ||
| } | ||
|
|
||
| leaf port { | ||
| type inet:port-number; | ||
| default 389; | ||
| description "TCP port to communicate with LDAP server"; | ||
| } | ||
|
|
||
| leaf timeout { | ||
| description "Ldap timeout duration in sec"; | ||
| type uint16 { | ||
| range "1..60" { | ||
| error-message "LDAP timeout must be 1..60"; | ||
| } | ||
| } | ||
| } | ||
| } /* container global */ | ||
| } /* container LDAP */ | ||
| }/* container sonic-system-ldap */ | ||
| }/* end of module sonic-system-ldap */ |