From 464800702b52a5f3d91ca2fdc4c18fe6ab0eb63e Mon Sep 17 00:00:00 2001 From: Jesus Manuel Gallego Romero Date: Thu, 8 Jun 2023 18:36:46 +0200 Subject: [PATCH 1/4] support several ldap servers --- templates/config.xml.j2 | 44 +++++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/templates/config.xml.j2 b/templates/config.xml.j2 index 9277126..55d1d86 100644 --- a/templates/config.xml.j2 +++ b/templates/config.xml.j2 @@ -503,27 +503,29 @@ --> {% if clickhouse_ldap is defined -%} - <{{ clickhouse_ldap.servername }}> - {% if clickhouse_ldap.host is defined -%}{{ clickhouse_ldap.host }}{% endif -%} - {% if clickhouse_ldap.port is defined -%}{{ clickhouse_ldap.port }}{% endif -%} - {% if clickhouse_ldap.bind_dn is defined -%}{{ clickhouse_ldap.bind_dn }}{% endif -%} - {% if clickhouse_ldap.base_dn is defined or clickhouse_ldap.scope or clickhouse_ldap.search_filter -%} - {% if clickhouse_auth_backend == 'AD' -%}{% endif -%} - {% if clickhouse_ldap.base_dn is defined -%}{{ clickhouse_ldap.base_dn }}{% endif -%} - {% if clickhouse_ldap.scope is defined -%}{{ clickhouse_ldap.scope }}{% endif -%} - {% if clickhouse_ldap.search_filter is defined -%}{{ clickhouse_ldap.search_filter }}{% endif -%} - {% if clickhouse_auth_backend == 'AD' -%}{% endif -%} - {% endif -%} - {% if clickhouse_ldap.verification_cooldown is defined -%}{{ clickhouse_ldap.verification_cooldown }}{% endif -%} - {% if clickhouse_ldap.enable_tls is defined -%}{{ clickhouse_ldap.enable_tls }}{% endif -%} - {% if clickhouse_ldap.tls_minimum_protocol_version is defined -%}{{ clickhouse_ldap.tls_minimum_protocol_version }}{% endif -%} - {% if clickhouse_ldap.tls_require_cert is defined -%}{{ clickhouse_ldap.tls_require_cert }}{% endif -%} - {% if clickhouse_ldap.tls_cert_file is defined -%}{{ clickhouse_ldap.tls_cert_file }}{% endif -%} - {% if clickhouse_ldap.tls_key_file is defined -%}{{ clickhouse_ldap.tls_key_file }}{% endif -%} - {% if clickhouse_ldap.tls_ca_cert_file is defined -%}{{ clickhouse_ldap.tls_ca_cert_file }}{% endif -%} - {% if clickhouse_ldap.tls_ca_cert_dir is defined -%}{{ clickhouse_ldap.tls_ca_cert_dir }}{% endif -%} - {% if clickhouse_ldap.tls_cipher_suite is defined -%}{{ clickhouse_ldap.tls_cipher_suite }}{% endif -%} - + {% for ldap_server in clickhouse_ldap %} + <{{ ldap_server.servername }}> + {% if ldap_server.host is defined -%}{{ ldap_server.host }}{% endif -%} + {% if ldap_server.port is defined -%}{{ ldap_server.port }}{% endif -%} + {% if ldap_server.bind_dn is defined -%}{{ ldap_server.bind_dn }}{% endif -%} + {% if ldap_server.base_dn is defined or ldap_server.scope or ldap_server.search_filter -%} + {% if clickhouse_auth_backend == 'AD' -%}{% endif -%} + {% if ldap_server.base_dn is defined -%}{{ ldap_server.base_dn }}{% endif -%} + {% if ldap_server.scope is defined -%}{{ ldap_server.scope }}{% endif -%} + {% if ldap_server.search_filter is defined -%}{{ ldap_server.search_filter }}{% endif -%} + {% if clickhouse_auth_backend == 'AD' -%}{% endif -%} + {% endif -%} + {% if ldap_server.verification_cooldown is defined -%}{{ ldap_server.verification_cooldown }}{% endif -%} + {% if ldap_server.enable_tls is defined -%}{{ ldap_server.enable_tls }}{% endif -%} + {% if ldap_server.tls_minimum_protocol_version is defined -%}{{ ldap_server.tls_minimum_protocol_version }}{% endif -%} + {% if ldap_server.tls_require_cert is defined -%}{{ ldap_server.tls_require_cert }}{% endif -%} + {% if ldap_server.tls_cert_file is defined -%}{{ ldap_server.tls_cert_file }}{% endif -%} + {% if ldap_server.tls_key_file is defined -%}{{ ldap_server.tls_key_file }}{% endif -%} + {% if ldap_server.tls_ca_cert_file is defined -%}{{ ldap_server.tls_ca_cert_file }}{% endif -%} + {% if ldap_server.tls_ca_cert_dir is defined -%}{{ ldap_server.tls_ca_cert_dir }}{% endif -%} + {% if ldap_server.tls_cipher_suite is defined -%}{{ ldap_server.tls_cipher_suite }}{% endif -%} + + {% endfor %} {% endif -%} From f9564acb975ba8c6fbd9ce04661c67f51bca0d54 Mon Sep 17 00:00:00 2001 From: Jesus Manuel Gallego Romero Date: Fri, 9 Jun 2023 11:54:22 +0200 Subject: [PATCH 2/4] support several role mappings --- templates/config.xml.j2 | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/templates/config.xml.j2 b/templates/config.xml.j2 index 55d1d86..20def6a 100644 --- a/templates/config.xml.j2 +++ b/templates/config.xml.j2 @@ -624,23 +624,29 @@ --> {% if clickhouse_user_directories_ldap is defined -%} + {% for user_directory in clickhouse_user_directories_ldap -%} - {{ clickhouse_user_directories_ldap.server }} - {% if clickhouse_user_directories_ldap.roles is defined -%} + {{ user_directory.server }} + {% if user_directory.roles is defined -%} - {% for role in clickhouse_user_directories_ldap.roles -%} + {% for role in user_directory.roles -%} <{{ role }} /> {% endfor -%} {% endif -%} + {% if user_directory.role_mappings is defined -%} + {% for role_mapping in user_directory.role_mappings -%} - {{ clickhouse_user_directories_ldap.base_dn }} - {{ clickhouse_user_directories_ldap.scope }} - {{ clickhouse_user_directories_ldap.search_filter }} - {{ clickhouse_user_directories_ldap.attribute }} - {{ clickhouse_user_directories_ldap.prefix }} + {{ role_mapping.base_dn }} + {{ role_mapping.scope }} + {{ role_mapping.search_filter }} + {{ role_mapping.attribute }} + {{ role_mapping.prefix }} + {% endfor -%} + {% endif -%} + {% endfor -%} {% endif -%} From 3c39409d26de71e7fefedcda346a10b688ed0432 Mon Sep 17 00:00:00 2001 From: Jesus Manuel Gallego Romero Date: Fri, 9 Jun 2023 12:00:34 +0200 Subject: [PATCH 3/4] update comments in default as guide --- defaults/main.yml | 43 ++++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 06e16a3..2bfc5cf 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -251,31 +251,32 @@ clickhouse_auth_backend: AD # LDAP # clickhouse_ldap: -# serverame: -# host: -# port: -# bind_dn: -# base_dn: -# scope: -# search_filter: -# verification_cooldown: -# enable_tls: -# tls_minimum_protocol_version: -# tls_require_cert: -# tls_cert_file: -# tls_key_file: -# tls_ca_cert_file: -# tls_ca_cert_dir: -# tls_cipher_suite: +# - serverame: +# host: +# port: +# bind_dn: +# base_dn: +# scope: +# search_filter: +# verification_cooldown: +# enable_tls: +# tls_minimum_protocol_version: +# tls_require_cert: +# tls_cert_file: +# tls_key_file: +# tls_ca_cert_file: +# tls_ca_cert_dir: +# tls_cipher_suite: # clickhouse_user_directories_ldap: # server: # roles: [] -# base_dn: -# scope: -# search_filter: -# attribute: -# prefix: +# role_mappings: +# - base_dn: +# scope: +# search_filter: +# attribute: +# prefix: # Kerberos # clickhouse_kerberos: From c36aed4fdbbb83c93381dee6bdc54621160c2ab9 Mon Sep 17 00:00:00 2001 From: Jesus Manuel Gallego Romero Date: Fri, 9 Jun 2023 12:11:32 +0200 Subject: [PATCH 4/4] update changelog --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 59bb89d..fc3a8bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ This project adheres to [Semantic Versioning](http://semver.org/) and [Keep a ch ## [Unreleased](https://github.com/idealista/clickhouse_role/tree/develop) +## [3.3.5(https://github.com/idealista/clickhouse_role/tree/3.3.5 (2023-06-09) + +### :heavy_plus_sign: Added + +- [#56](https://github.com/idealista/clickhouse_role/issues/56) Add support for several ldap servers and role mappings + ## [3.3.4(https://github.com/idealista/clickhouse_role/tree/3.3.4 (2023-05-29) ### :heavy_plus_sign: Added