Merge pull request #312 from cmurphy/fix_305

Make LDAP section more configurable
xbezdick · Feb 23, 2015 · eb3d546 · eb3d546
2 parents 50b9eb3 + ed77028
commit eb3d546
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -239,6 +239,14 @@ LDAP server to use for auth.
 
 User DN pattern for LDAP auth.
 
+####`ldap_other_bind`
+
+How to bind to the LDAP server. Defaults to 'anon'.
+
+####`ldap_config_variables`
+
+Hash of other LDAP config variables.
+
 ####`ldap_use_ssl`
 
 Boolean, set to true to use SSL for the LDAP server.

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -49,9 +49,11 @@
   $ldap_auth                  = $rabbitmq::params::ldap_auth,
   $ldap_server                = $rabbitmq::params::ldap_server,
   $ldap_user_dn_pattern       = $rabbitmq::params::ldap_user_dn_pattern,
+  $ldap_other_bind            = $rabbitmq::params::ldap_other_bind,
   $ldap_use_ssl               = $rabbitmq::params::ldap_use_ssl,
   $ldap_port                  = $rabbitmq::params::ldap_port,
   $ldap_log                   = $rabbitmq::params::ldap_log,
+  $ldap_config_variables      = $rabbitmq::params::ldap_config_variables,
   $stomp_port                 = $rabbitmq::params::stomp_port,
   $version                    = $rabbitmq::params::version,
   $wipe_db_on_cookie_change   = $rabbitmq::params::wipe_db_on_cookie_change,
@@ -108,6 +110,8 @@
   validate_bool($ldap_auth)
   validate_string($ldap_server)
   validate_string($ldap_user_dn_pattern)
+  validate_string($ldap_other_bind)
+  validate_hash($ldap_config_variables)
   validate_bool($ldap_use_ssl)
   validate_re($ldap_port, '\d+')
   validate_bool($ldap_log)

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -105,9 +105,11 @@
   $ldap_auth                  = false
   $ldap_server                = 'ldap'
   $ldap_user_dn_pattern       = 'cn=username,ou=People,dc=example,dc=com'
+  $ldap_other_bind            = 'anon'
   $ldap_use_ssl               = false
   $ldap_port                  = '389'
   $ldap_log                   = false
+  $ldap_config_variables      = {}
   $stomp_port                 = '6163'
   $wipe_db_on_cookie_change   = false
   $cluster_partition_handling = 'ignore'

diff --git a/spec/classes/rabbitmq_spec.rb b/spec/classes/rabbitmq_spec.rb
@@ -404,13 +404,15 @@
 
       describe 'configuring ldap authentication' do
         let :params do
-          { :config_stomp         => true,
-            :ldap_auth            => true,
-            :ldap_server          => 'ldap.example.com',
-            :ldap_user_dn_pattern => 'ou=users,dc=example,dc=com',
-            :ldap_use_ssl         => false,
-            :ldap_port            => '389',
-            :ldap_log             => true
+          { :config_stomp          => true,
+            :ldap_auth             => true,
+            :ldap_server           => 'ldap.example.com',
+            :ldap_user_dn_pattern  => 'ou=users,dc=example,dc=com',
+            :ldap_other_bind       => 'as_user',
+            :ldap_use_ssl          => false,
+            :ldap_port             => '389',
+            :ldap_log              => true,
+            :ldap_config_variables => { 'foo' => 'bar' }
           }
         end
 
@@ -419,10 +421,10 @@
         it 'should contain ldap parameters' do
           verify_contents(subject, 'rabbitmq.config',
                           ['[', '  {rabbit, [', '    {auth_backends, [rabbit_auth_backend_internal, rabbit_auth_backend_ldap]},', '  ]}',
-                            '  {rabbitmq_auth_backend_ldap, [', '    {other_bind, anon},',
+                            '  {rabbitmq_auth_backend_ldap, [', '    {other_bind, as_user},',
                             '    {servers, ["ldap.example.com"]},',
                             '    {user_dn_pattern, "ou=users,dc=example,dc=com"},', '    {use_ssl, false},',
-                            '    {port, 389},', '    {log, true}'])
+                            '    {port, 389},', '    {foo, bar},', '    {log, true}'])
         end
       end
 
@@ -432,9 +434,11 @@
             :ldap_auth            => true,
             :ldap_server          => 'ldap.example.com',
             :ldap_user_dn_pattern => 'ou=users,dc=example,dc=com',
+            :ldap_other_bind      => 'as_user',
             :ldap_use_ssl         => false,
             :ldap_port            => '389',
-            :ldap_log             => true
+            :ldap_log             => true,
+            :ldap_config_variables => { 'foo' => 'bar' }
           }
         end
 
@@ -443,10 +447,10 @@
         it 'should contain ldap parameters' do
           verify_contents(subject, 'rabbitmq.config',
                           ['[', '  {rabbit, [', '    {auth_backends, [rabbit_auth_backend_internal, rabbit_auth_backend_ldap]},', '  ]}',
-                            '  {rabbitmq_auth_backend_ldap, [', '    {other_bind, anon},',
+                            '  {rabbitmq_auth_backend_ldap, [', '    {other_bind, as_user},',
                             '    {servers, ["ldap.example.com"]},',
                             '    {user_dn_pattern, "ou=users,dc=example,dc=com"},', '    {use_ssl, false},',
-                            '    {port, 389},', '    {log, true}'])
+                            '    {port, 389},', '    {foo, bar},', '    {log, true}'])
         end
       end
 

diff --git a/templates/rabbitmq.config.erb b/templates/rabbitmq.config.erb
@@ -81,11 +81,16 @@
 <%- if @ldap_auth -%>,
 % Configure the LDAP authentication plugin
   {rabbitmq_auth_backend_ldap, [
-    {other_bind, anon},
+    {other_bind, <%= @ldap_other_bind %>},
     {servers, ["<%= @ldap_server %>"]},
     {user_dn_pattern, "<%= @ldap_user_dn_pattern %>"},
     {use_ssl, <%= @ldap_use_ssl %>},
     {port, <%= @ldap_port %>},
+<% if @ldap_config_variables -%>
+<%- @ldap_config_variables.keys.sort.each do |key| -%>
+    {<%= key %>, <%= @ldap_config_variables[key] %>},
+<%- end -%>
+<%- end -%>
     {log, <%= @ldap_log %>}
   ]}
 <%- end -%>