mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-22 21:50:55 +00:00
hologram: Enable configuring LDAP authorization
In AdRoll/hologram#62 support was added to hologram to configure LDAP-based authorization of which roles a user was allowed to get credentials for. This adds the ability to configure that. Additionally, AdRoll/hologram/#94 added support to customize the LDAP group query, so this also feeds that configuration through. fixes #37393
This commit is contained in:
parent
d6d140f159
commit
fe2e4d6fb9
|
@ -12,9 +12,12 @@ let
|
|||
dn = cfg.ldapBindDN;
|
||||
password = cfg.ldapBindPassword;
|
||||
};
|
||||
insecureldap = cfg.ldapInsecure;
|
||||
userattr = cfg.ldapUserAttr;
|
||||
baseDN = cfg.ldapBaseDN;
|
||||
insecureldap = cfg.ldapInsecure;
|
||||
userattr = cfg.ldapUserAttr;
|
||||
baseDN = cfg.ldapBaseDN;
|
||||
enableldapRoles = cfg.enableLdapRoles;
|
||||
roleAttr = cfg.roleAttr;
|
||||
groupClassAttr = cfg.groupClassAttr;
|
||||
};
|
||||
aws = {
|
||||
account = cfg.awsAccount;
|
||||
|
@ -70,6 +73,24 @@ in {
|
|||
description = "Password of account to use to query the LDAP server";
|
||||
};
|
||||
|
||||
enableLdapRoles = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to assign user roles based on the user's LDAP group memberships";
|
||||
};
|
||||
|
||||
groupClassAttr = mkOption {
|
||||
type = types.str;
|
||||
default = "groupOfNames";
|
||||
description = "The objectclass attribute to search for groups when enableLdapRoles is true";
|
||||
};
|
||||
|
||||
roleAttr = mkOption {
|
||||
type = types.str;
|
||||
default = "businessCategory";
|
||||
description = "Which LDAP group attribute to search for authorized role ARNs";
|
||||
};
|
||||
|
||||
awsAccount = mkOption {
|
||||
type = types.str;
|
||||
description = "AWS account number";
|
||||
|
|
Loading…
Reference in a new issue