infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

Ipsilon: fix attribute mapping for GPG & SSH

Browse source 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2020-10-21 11:59:34 +02:00
parent 33452ed8f9
commit a2f74a447e
No known key found for this signature in database
GPG key ID: 31584CFEB9BF64AD
2 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
roles/ipsilon/tasks/main.yml
View file

@ -312,7 +312,7 @@
replace:
path: /etc/sssd/sssd.conf
regexp: ^ldap_user_extra_attrs = [\w,\s]+$
replace: ldap_user_extra_attrs = mail, street, locality, st, postalCode, telephoneNumber, givenname, sn, fasTimeZone, fasLocale, fasIRCNick, fasGPGKeyId, fasCreationTime, fasStatusNote, fasRHBZEmail, fasGitHubUsername, fasGitLabUsername, fasWebsiteURL, fasIsPrivate
replace: ldap_user_extra_attrs = mail, street, locality, st, postalCode, telephoneNumber, givenname, sn, fasTimeZone, fasLocale, fasIRCNick, fasGPGKeyId, fasCreationTime, fasStatusNote, fasRHBZEmail, fasGitHubUsername, fasGitLabUsername, fasWebsiteURL, fasIsPrivate, ipaSshPubKey
tags:
- ipsilon
- config
@ -323,7 +323,7 @@
replace:
path: /etc/sssd/sssd.conf
regexp: ^user_attributes = [\w,\s+]+$
replace: user_attributes = +mail, +street, +locality, +st, +postalCode, +telephoneNumber, +givenname, +sn, +fasTimeZone, +fasLocale, +fasIRCNick, +fasGPGKeyId, +fasCreationTime, +fasStatusNote, +fasRHBZEmail, +fasGitHubUsername, +fasGitLabUsername, +fasWebsiteURL, +fasIsPrivate
replace: user_attributes = +mail, +street, +locality, +st, +postalCode, +telephoneNumber, +givenname, +sn, +fasTimeZone, +fasLocale, +fasIRCNick, +fasGPGKeyId, +fasCreationTime, +fasStatusNote, +fasRHBZEmail, +fasGitHubUsername, +fasGitLabUsername, +fasWebsiteURL, +fasIsPrivate, +ipaSshPubKey
tags:
- ipsilon
- config

4
roles/ipsilon/templates/configuration.conf
View file

@ -53,7 +53,7 @@ openidc tos url=https://fedoraproject.org/wiki/Legal:PrivacyPolicy
openidc idp sig key id=20161031-sig
openidc allow dynamic client registration=False
{% if env == 'staging' %}
openidc default attribute mapping=[["*", "*"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"], ["_username", "nickname"], ["_username", "preferred_username"], ["fasIRCNick", "ircnick"], ["fasLocale", "locale"], ["fasTimeZone", "zoneinfo"], ["fasTimeZone", "timezone"], ["fasGPGKeyId", "gpgkeyids"], ["fasIsPrivate", "privacy"], ["fullname", "human_name"], ["nsAccountLock", "locked"]]
openidc default attribute mapping=[["*", "*"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"], ["_username", "nickname"], ["_username", "preferred_username"], ["fasIRCNick", "ircnick"], ["fasLocale", "locale"], ["fasTimeZone", "zoneinfo"], ["fasTimeZone", "timezone"], ["fasGPGKeyId", "gpg_keyid"], ["ipaSshPubKey", "ssh_key"], ["fasIsPrivate", "privacy"], ["fullname", "human_name"], ["nsAccountLock", "locked"]]
{% else %}
openidc default attribute mapping=[["*", "*"], ["timezone", "zoneinfo"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"], ["_username", "preferred_username"]]
{% endif %}
@ -69,7 +69,7 @@ openid database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{
openid untrusted roots=
openid enabled extensions=Fedora Teams,Attribute Exchange,CLAs,Simple Registration,API
{% if env == 'staging' %}
openid default attribute mapping=[["*", "*"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"], ["_username", "nickname"], ["_username", "preferred_username"], ["fasIRCNick", "ircnick"], ["fasLocale", "locale"], ["fasTimeZone", "zoneinfo"], ["fasTimeZone", "timezone"], ["fasGPGKeyId", "gpgkeyids"], ["fasIsPrivate", "privacy"], ["fullname", "human_name"], ["nsAccountLock", "locked"]]
openid default attribute mapping=[["*", "*"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"], ["_username", "nickname"], ["_username", "preferred_username"], ["fasIRCNick", "ircnick"], ["fasLocale", "locale"], ["fasTimeZone", "zoneinfo"], ["fasTimeZone", "timezone"], ["fasGPGKeyId", "gpg_keyid"], ["ipaSshPubKey", "ssh_key"], ["fasIsPrivate", "privacy"], ["fullname", "human_name"], ["nsAccountLock", "locked"]]
{% else %}
openid default attribute mapping=[["*", "*"], ["timezone", "zoneinfo"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"], ["_username", "preferred_username"]]
{% endif %}