puppetlabs/vmpooler
2
0
Fork 0
mirror of https://github.com/puppetlabs/vmpooler.git synced 2026-01-26 01:58:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add ability to use bind_as with a service account

Browse source
This commit is contained in:
Jake Spain 2023-08-18 17:36:12 -04:00
parent 7813470288
commit fdbb0f3a77
No known key found for this signature in database
GPG key ID: BC1C4DA0A085E113
5 changed files with 185 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

30
lib/vmpooler/api/helpers.rb
View file

@ -68,7 +68,7 @@ module Vmpooler
end
end
def authenticate_ldap(port, host, encryption_hash, user_object, base, username_str, password_str)
def authenticate_ldap(port, host, encryption_hash, user_object, base, username_str, password_str, service_account_hash = nil)
tracer.in_span(
"Vmpooler::API::Helpers.#{__method__}",
attributes: {
@ -79,6 +79,14 @@ module Vmpooler
},
kind: :client
) do
if service_account_hash
username = service_account_hash[:user_dn]
password = service_account_hash[:password]
else
username = "#{user_object}=#{username_str},#{base}"
password = password_str
end
ldap = Net::LDAP.new(
:host => host,
:port => port,
@ -86,12 +94,22 @@ module Vmpooler
:base => base,
:auth => {
:method => :simple,
:username => "#{user_object}=#{username_str},#{base}",
:password => password_str
:username => username,
:password => password
}
)
return true if ldap.bind
if service_account_hash
return true if ldap.bind_as(
:base => base,
:filter => "(#{user_object}=#{username_str})",
:password => password_str
)
elsif ldap.bind
return true
else
return false
end
return false
end
@ -116,6 +134,7 @@ module Vmpooler
:method => :start_tls,
:tls_options => { :ssl_version => 'TLSv1' }
}
service_account_hash = auth[:ldap]['service_account_hash']
unless ldap_base.is_a? Array
ldap_base = ldap_base.split
@ -134,7 +153,8 @@ module Vmpooler
search_user_obj,
search_base,
username_str,
password_str
password_str,
service_account_hash
)
return true if result
end