On 10/20/2014 11:52 AM, lvroyce0210(a)gmail.com wrote:
From: Royce Lv <lvroyce(a)linux.vnet.ibm.com>
Add LDAP configuration to specify LDAP server,
search base and filter for query user.
Signed-off-by: Royce Lv <lvroyce(a)linux.vnet.ibm.com>
---
src/kimchi.conf.in | 9 +++++++++
src/kimchi/config.py.in | 5 +++++
2 files changed, 14 insertions(+)
diff --git a/src/kimchi.conf.in b/src/kimchi.conf.in
index ea39292..5c54d4e 100644
--- a/src/kimchi.conf.in
+++ b/src/kimchi.conf.in
@@ -43,3 +43,12 @@
[display]
# Port for websocket proxy to listen on
#display_proxy_port = 64667
+
+[authentication]
+# Authentication method, available option: pam, ldap.
+# method = pam
+
+# Following fields need to be specified if using LDAP.
+# ldap_server = "localhost"
+# ldap_search_base = "ou=People, dc=kimchi, dc=org"
+# ldap_search_filter = "uid=%(username)s"
We should keep the default values in blank as the default authentication
method is PAM.
And to guide user to input the right values we can add some samples:
# Following fields need to be specified if using LDAP
# LDAP server. Specify an IP or hostname.
# Example: localhost
# ldap_server = ""
# LDAP search base. Specify the search base value.
# Example: "ou=People, dc=kimchi, dc=org"
# ldap_search_base = ""
# LDAP search filter. Specify the search filter in a python format.
# Example: "uid=%(username)s"
# ldap_search_filter = ""
diff --git a/src/kimchi/config.py.in b/src/kimchi/config.py.in
index 097c017..887fe63 100644
--- a/src/kimchi/config.py.in
+++ b/src/kimchi/config.py.in
@@ -259,6 +259,11 @@ def _get_config():
config.set("server", "environment", "production")
config.set("server", "federation", "off")
config.set('server', 'max_body_size', '4*1024*1024')
+ config.add_section("authentication")
+ config.set("authentication", "method", "pam")
+ config.set("authentication", "ldap_server", "")
+ config.set("authentication", "ldap_search_base", "")
+ config.set("authentication", "ldap_search_filter",
"")
config.add_section("logging")
config.set("logging", "log_dir", paths.log_dir)
config.set("logging", "log_level", DEFAULT_LOG_LEVEL)