fws
/
ansible-roles
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to 2021-01-08 12:00

Browse Source
master
Daniel Berteaud 3 years ago
parent 351c5a89c0
commit 4e74c360a8
3 changed files with 30 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      roles/grafana/defaults/main.yml
  2. 7
      roles/lemonldap_ng/defaults/main.yml
  3. 28
      roles/lemonldap_ng/templates/llng_headers.inc.j2

2
roles/grafana/defaults/main.yml
Unescape View File

@ -67,7 +67,7 @@ grafana_auth_base:
attributes:
name: givenName
surname: sn
username: "{{ ad_auth | default(False) | ternary('samaccountname','uid') }}"
username: "{{ ad_auth | default(False) | ternary('sAMAccountName','uid') }}"
member_of: "{{ ad_auth | default(False) | ternary('memberOf','cn') }}"
email: mail
group_mappings:

7
roles/lemonldap_ng/defaults/main.yml
Unescape View File

@ -61,3 +61,10 @@ llng_db_user: lemonldapng
llng_handler_db_user: lemonldapnghandler
# llng_db_pass: s3cr3t.
# llng_handler_db_pass
# List of headers to protect. Those will be cleared for unauthenticated users
llng_protected_headers:
- Auth-User
- User-Name
- User-Groups
- User-Mail

28
roles/lemonldap_ng/templates/llng_headers.inc.j2
Unescape View File

@ -18,16 +18,32 @@ auth_request_set $headername9 $upstream_http_headername9;
auth_request_set $headervalue9 $upstream_http_headervalue9;
auth_request_set $headername10 $upstream_http_headername10;
auth_request_set $headervalue10 $upstream_http_headervalue10;
auth_request_set $headername11 $upstream_http_headername11;
auth_request_set $headervalue11 $upstream_http_headervalue11;
auth_request_set $headername12 $upstream_http_headername12;
auth_request_set $headervalue12 $upstream_http_headervalue12;
auth_request_set $headername13 $upstream_http_headername13;
auth_request_set $headervalue13 $upstream_http_headervalue13;
auth_request_set $headername14 $upstream_http_headername14;
auth_request_set $headervalue14 $upstream_http_headervalue14;
auth_request_set $headername15 $upstream_http_headername15;
auth_request_set $headervalue15 $upstream_http_headervalue15;
auth_request_set $lmcookie $upstream_http_cookie;
access_by_lua '
i = 1
ngx.req.set_header("Cookie",ngx.var.lmcookie)
while true do
if ngx.var["headername"..i] ~= nil then
ngx.req.set_header(ngx.var["headername"..i],ngx.var["headervalue"..i])
else
break
if ngx.var.lmremote_user ~= nil and ngx.var.lmremote_user ~= "" then
while true do
if ngx.var["headername"..i] ~= nil then
ngx.req.set_header(ngx.var["headername"..i],ngx.var["headervalue"..i])
else
break
end
i = i +1
end
i = i +1
else
{% for header in llng_protected_headers %}
ngx.req.set_header("{{ header }}",nil)
{% endfor %}
end
';

Write Preview
Loading…
Cancel
Save