From 9315d1465e26f03f92a2c00c68afd7a8a50be690 Mon Sep 17 00:00:00 2001 From: Aaron Greengrass Date: Mon, 30 Dec 2013 10:33:58 -0800 Subject: [PATCH] Expands ldap to deal with nonstandard ldap configs. This patch addresses: LDAP not requiring username or password (anonymous bind) This is required to support configurations where LDAP is on a secure network, and anonymous bind is enabled. LDAP using a self signed SSL cert (verify ssl on or off) This is required to support configurations where LDAP requires SSL, but ssl is using an internal or self signed certificate, and therefore fails cert checks. This also covers testing conditions where a consumer might use OS with LDAP+ssl unsigned. LDAP using a nonstandard cn naming convention (ie email address). This is required to deal with an edge case where 'cn' in ldap might be something other than a bare username. Gerrit pulls the ssh username from that value and will not accept a non-alphanumeric address. By setting 'accountSshUserName' in puppet, that is setable. LDAP prepopulating account Full name. Gerrit has a configuration option to pull Full Name from LDAP, this change exposes that option. Change-Id: Ibd41d59ff98e406b42e1e14cc17e23b3d6211d58 --- modules/gerrit/manifests/init.pp | 3 +++ modules/gerrit/templates/gerrit.config.erb | 7 +++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/modules/gerrit/manifests/init.pp b/modules/gerrit/manifests/init.pp index b7de7b588e..c56117148d 100644 --- a/modules/gerrit/manifests/init.pp +++ b/modules/gerrit/manifests/init.pp @@ -104,6 +104,9 @@ class gerrit( $ldap_password = '', $ldap_account_pattern = '', $ldap_account_email_address = '', + $ldap_sslverify = true, + $ldap_ssh_account_name = '', + $ldap_accountfullname = '', $email = '', $smtpserver = 'localhost', $sendemail_from = 'MIXED', diff --git a/modules/gerrit/templates/gerrit.config.erb b/modules/gerrit/templates/gerrit.config.erb index a4d6efd650..01f128ba32 100644 --- a/modules/gerrit/templates/gerrit.config.erb +++ b/modules/gerrit/templates/gerrit.config.erb @@ -26,10 +26,13 @@ [ldap] server = <%= ldap_server %> accountBase = <%= ldap_account_base %> - username = <%= ldap_username %> - password = <%= ldap_password %> + <% if ldap_username -%>username = <%= ldap_username %><%end%> + <% if ldap_password -%>password = <%= ldap_password %><%end%> + <% if ldap_accountfullname -%>accountFullName = <%= ldap_accountfullname %><%end%> accountPattern = <%= ldap_account_pattern %> accountEmailAddress = <%= ldap_account_email_address %> + sslVerify = <%= ldap_sslverify %> + <% if @ldap_ssh_account_name -%>accountSshUserName = <%= ldap_ssh_account_name %><%end%> <% end %> [sendemail] smtpServer = <%= smtpserver %>