Skip to content

Commit b5b5c88

Browse files
clevesqueclevesque
authored
Allow complex expressions in external authentication LDAP search filters (#163)
* Add option for complex LDAP search filters. Older implementation assumed all ldap filters end with "={0}". This newer implementation allows the user to craft any legal filter expression, including complex compound expressions, like ((&(member={0})(objectclass=posixgroup)(!(cn=admin))). This example would handle the IPA group search filter for ECS 1.5.x Signed-off-by: Chuck Levesque <clevesque@cloudera.com>
1 parent 90c8f98 commit b5b5c88

File tree

1 file changed

+9
-1
lines changed

1 file changed

+9
-1
lines changed

roles/cloudera_manager/external_auth/templates/external_auth_configs.j2

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,16 +14,24 @@ LDAP_BIND_DN: {{ auth_provider.ldap_bind_user_dn | default(None) }}
1414
LDAP_BIND_PW: {{ auth_provider.ldap_bind_password | default(None) }}
1515
LDAP_DN_PATTERN: {{ auth_provider.ldap_dn_pattern | default(None) }}
1616
LDAP_GROUP_SEARCH_BASE: {{ auth_provider.ldap_search_base.group | default(None) }}
17+
{% if auth_provider.ldap_search_filter.group is defined %}
18+
LDAP_GROUP_SEARCH_FILTER: "{{ auth_provider.ldap_search_filter.group }}"
19+
{% else %}
1720
LDAP_GROUP_SEARCH_FILTER: "({{ auth_provider.ldap_attribute.member | default('member') }}={0})"
21+
{% endif %}
1822
LDAP_TYPE: {{ auth_provider.type | cloudera.cluster.to_ldap_type_enum | default(None) }}
1923
LDAP_URL: {{ auth_provider.ldap_url | default(None) }}
2024
LDAP_USER_SEARCH_BASE: {{ auth_provider.ldap_search_base.user | default(None) }}
25+
{% if auth_provider.ldap_search_filter.user is defined %}
26+
LDAP_USER_SEARCH_FILTER: "{{ auth_provider.ldap_search_filter.user }}"
27+
{% else % }
2128
LDAP_USER_SEARCH_FILTER: "({{ auth_provider.ldap_attribute.user | default('sAMAccountName') }}={0})"
29+
{% endif %}
2230
NT_DOMAIN: {{ auth_provider.domain | default(None) }}
2331
{% if cloudera_manager_version is version('7.1.0','>=') %}
2432
FRONTEND_URL: {{ frontend_url | default(None) }}
2533
PROXYUSER_KNOX_GROUPS: "{{ proxyuser_knox_groups | default('*') }}"
2634
PROXYUSER_KNOX_USERS: "{{ proxyuser_knox_users | default('*') }}"
2735
PROXYUSER_KNOX_HOSTS: "{{ proxyuser_knox_hosts | default('*') }}"
2836
PROXYUSER_KNOX_PRINCIPAL: "{{ proxyuser_knox_principal | default('knox') }}"
29-
{% endif %}
37+
{% endif %}

0 commit comments

Comments
 (0)