1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-22 21:50:55 +00:00

hologram: Enable configuring LDAP authorization

In AdRoll/hologram#62 support was added to hologram to configure
LDAP-based authorization of which roles a user was allowed to get
credentials for. This adds the ability to configure that.

Additionally, AdRoll/hologram/#94 added support to customize the LDAP
group query, so this also feeds that configuration through.

fixes #37393
This commit is contained in:
Joel Thompson 2018-03-20 07:26:23 +00:00 committed by Jörg Thalheim
parent d6d140f159
commit fe2e4d6fb9

View file

@ -12,9 +12,12 @@ let
dn = cfg.ldapBindDN;
password = cfg.ldapBindPassword;
};
insecureldap = cfg.ldapInsecure;
userattr = cfg.ldapUserAttr;
baseDN = cfg.ldapBaseDN;
insecureldap = cfg.ldapInsecure;
userattr = cfg.ldapUserAttr;
baseDN = cfg.ldapBaseDN;
enableldapRoles = cfg.enableLdapRoles;
roleAttr = cfg.roleAttr;
groupClassAttr = cfg.groupClassAttr;
};
aws = {
account = cfg.awsAccount;
@ -70,6 +73,24 @@ in {
description = "Password of account to use to query the LDAP server";
};
enableLdapRoles = mkOption {
type = types.bool;
default = false;
description = "Whether to assign user roles based on the user's LDAP group memberships";
};
groupClassAttr = mkOption {
type = types.str;
default = "groupOfNames";
description = "The objectclass attribute to search for groups when enableLdapRoles is true";
};
roleAttr = mkOption {
type = types.str;
default = "businessCategory";
description = "Which LDAP group attribute to search for authorized role ARNs";
};
awsAccount = mkOption {
type = types.str;
description = "AWS account number";