Update to 2021-01-08 12:00

master
Daniel Berteaud 4 years ago
parent 351c5a89c0
commit 4e74c360a8
  1. 2
      roles/grafana/defaults/main.yml
  2. 7
      roles/lemonldap_ng/defaults/main.yml
  3. 16
      roles/lemonldap_ng/templates/llng_headers.inc.j2

@ -67,7 +67,7 @@ grafana_auth_base:
attributes: attributes:
name: givenName name: givenName
surname: sn surname: sn
username: "{{ ad_auth | default(False) | ternary('samaccountname','uid') }}" username: "{{ ad_auth | default(False) | ternary('sAMAccountName','uid') }}"
member_of: "{{ ad_auth | default(False) | ternary('memberOf','cn') }}" member_of: "{{ ad_auth | default(False) | ternary('memberOf','cn') }}"
email: mail email: mail
group_mappings: group_mappings:

@ -61,3 +61,10 @@ llng_db_user: lemonldapng
llng_handler_db_user: lemonldapnghandler llng_handler_db_user: lemonldapnghandler
# llng_db_pass: s3cr3t. # llng_db_pass: s3cr3t.
# llng_handler_db_pass # llng_handler_db_pass
# List of headers to protect. Those will be cleared for unauthenticated users
llng_protected_headers:
- Auth-User
- User-Name
- User-Groups
- User-Mail

@ -18,10 +18,21 @@ auth_request_set $headername9 $upstream_http_headername9;
auth_request_set $headervalue9 $upstream_http_headervalue9; auth_request_set $headervalue9 $upstream_http_headervalue9;
auth_request_set $headername10 $upstream_http_headername10; auth_request_set $headername10 $upstream_http_headername10;
auth_request_set $headervalue10 $upstream_http_headervalue10; auth_request_set $headervalue10 $upstream_http_headervalue10;
auth_request_set $headername11 $upstream_http_headername11;
auth_request_set $headervalue11 $upstream_http_headervalue11;
auth_request_set $headername12 $upstream_http_headername12;
auth_request_set $headervalue12 $upstream_http_headervalue12;
auth_request_set $headername13 $upstream_http_headername13;
auth_request_set $headervalue13 $upstream_http_headervalue13;
auth_request_set $headername14 $upstream_http_headername14;
auth_request_set $headervalue14 $upstream_http_headervalue14;
auth_request_set $headername15 $upstream_http_headername15;
auth_request_set $headervalue15 $upstream_http_headervalue15;
auth_request_set $lmcookie $upstream_http_cookie; auth_request_set $lmcookie $upstream_http_cookie;
access_by_lua ' access_by_lua '
i = 1 i = 1
ngx.req.set_header("Cookie",ngx.var.lmcookie) ngx.req.set_header("Cookie",ngx.var.lmcookie)
if ngx.var.lmremote_user ~= nil and ngx.var.lmremote_user ~= "" then
while true do while true do
if ngx.var["headername"..i] ~= nil then if ngx.var["headername"..i] ~= nil then
ngx.req.set_header(ngx.var["headername"..i],ngx.var["headervalue"..i]) ngx.req.set_header(ngx.var["headername"..i],ngx.var["headervalue"..i])
@ -30,4 +41,9 @@ access_by_lua '
end end
i = i +1 i = i +1
end end
else
{% for header in llng_protected_headers %}
ngx.req.set_header("{{ header }}",nil)
{% endfor %}
end
'; ';

Loading…
Cancel
Save