puppetlabs/vmpooler
2
0
Fork 0
mirror of https://github.com/puppetlabs/vmpooler.git synced 2026-01-26 01:58:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

(DIO-2621) Make LDAP encryption configurable

Browse source 
Prior to this, the encryption settings for LDAP auth were hard coded to
start_tls on port 389 with TLSv1. These are still the defaults, as
insecure as they are, so as to not break existing users. This change
facilitates replacing the defaults so that simple_tls over port 636 via
TLS1.2 can be used.
This commit is contained in:
Gene Liverman 2021-09-14 15:01:05 -04:00
parent 5f0d41412c
commit 5cd7658ab4
No known key found for this signature in database
GPG key ID: 3AF83985B6C857C6
4 changed files with 123 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

5
lib/vmpooler.rb
View file

@ -119,6 +119,11 @@ module Vmpooler
parsed_config[:auth][:ldap]['port'] = string_to_int(ENV['LDAP_PORT']) if ENV['LDAP_PORT']
parsed_config[:auth][:ldap]['base'] = ENV['LDAP_BASE'] if ENV['LDAP_BASE']
parsed_config[:auth][:ldap]['user_object'] = ENV['LDAP_USER_OBJECT'] if ENV['LDAP_USER_OBJECT']
if parsed_config[:auth]['provider'] == 'ldap' && parsed_config[:auth][:ldap].key?('encryption')
parsed_config[:auth][:ldap]['encryption'] = parsed_config[:auth][:ldap]['encryption']
elsif parsed_config[:auth]['provider'] == 'ldap'
parsed_config[:auth][:ldap]['encryption'] = {}
end
end
# Create an index of pool aliases