Provide authentication using simple LDAP binds
depends: |
|
---|
salt.auth.ldap.
auth
(username, password)¶Simple LDAP auth
salt.auth.ldap.
expand_ldap_entries
(entries, opts=None)¶Parameters: |
|
---|---|
Returns: | Dictionary with all allowed operations |
Takes the ldap subtree in the external_auth config option and expands it with actual minion names
ldap(OU=webservers,dc=int,dc=bigcompany,dc=com) - test.ping - service.restart
ldap(OU=Domain Controllers,dc=int,dc=bigcompany,dc=com) - allowed_fn_list_attribute^
This function only gets called if auth.ldap.activedirectory = True
salt.auth.ldap.
groups
(username, **kwargs)¶Authenticate against an LDAP group
Behavior is highly dependent on if Active Directory is in use.
AD handles group membership very differently than OpenLDAP. See the External Authentication documentation for a thorough discussion of available parameters for customizing the search.
OpenLDAP allows you to search for all groups in the directory and returns members of those groups. Then we check against the username entered.