class HttpdConfigmapGenerator::ActiveDirectory
Constants
- AUTH
- KERBEROS_KEYTAB_FILE
- REALM_COMMAND
Public Instance Methods
configure(opts)
click to toggle source
# File lib/httpd_configmap_generator/active_directory.rb, line 44 def configure(opts) update_hostname(opts[:host]) join_ad_realm realm_permit_all configure_pam configure_sssd update_kerberos_keytab_permissions enable_kerberos_dns_lookups config_map = ConfigMap.new(opts) config_map.generate(AUTH[:type], realm, persistent_files) config_map.save(opts[:output]) rescue => err log_command_error(err) raise err end
configured?()
click to toggle source
# File lib/httpd_configmap_generator/active_directory.rb, line 60 def configured? File.exist?(SSSD_CONFIG) end
domain()
click to toggle source
Calls superclass method
# File lib/httpd_configmap_generator/active_directory.rb, line 75 def domain @domain ||= opts[:ad_domain] if opts[:ad_domain].present? @domain ||= super @domain end
optional_options()
click to toggle source
Calls superclass method
# File lib/httpd_configmap_generator/active_directory.rb, line 20 def optional_options super.merge( :ad_realm => { :description => "Active Directory Realm" }, :ad_server => { :description => "Active Directory Server" } ) end
persistent_files()
click to toggle source
# File lib/httpd_configmap_generator/active_directory.rb, line 27 def persistent_files %w( /etc/krb5.keytab /etc/krb5.conf /etc/nsswitch.conf /etc/openldap/ldap.conf /etc/pam.d/fingerprint-auth-ac /etc/pam.d/httpd-auth /etc/pam.d/password-auth-ac /etc/pam.d/postlogin-ac /etc/pam.d/smartcard-auth-ac /etc/pam.d/system-auth-ac /etc/sssd/sssd.conf /etc/sysconfig/authconfig ) end
realm()
click to toggle source
Calls superclass method
# File lib/httpd_configmap_generator/active_directory.rb, line 68 def realm @realm ||= opts[:ad_realm] if opts[:ad_realm].present? @realm ||= domain @realm ||= super @realm = @realm.upcase end
required_options()
click to toggle source
Calls superclass method
# File lib/httpd_configmap_generator/active_directory.rb, line 10 def required_options super.merge( :host => { :description => "Application Domain", :short => "-h" }, :ad_domain => { :description => "Active Directory Domain" }, :ad_user => { :description => "Active Directory User" }, :ad_password => { :description => "Active Directory Password" } ) end
unconfigure()
click to toggle source
# File lib/httpd_configmap_generator/active_directory.rb, line 64 def unconfigure return unless configured? end
Private Instance Methods
configure_sssd()
click to toggle source
# File lib/httpd_configmap_generator/active_directory.rb, line 83 def configure_sssd info_msg("Configuring SSSD Service") sssd = Sssd.new(opts) sssd.load(SSSD_CONFIG) sssd.configure_domain(domain) sssd.section("domain/#{domain}")["ad_server"] = opts[:ad_server] if opts[:ad_server].present? sssd.section("sssd")["domains"] = domain sssd.section("sssd")["default_domain_suffix"] = domain sssd.add_service("pam") sssd.configure_ifp debug_msg("- Creating #{SSSD_CONFIG}") sssd.save(SSSD_CONFIG) end
join_ad_realm()
click to toggle source
# File lib/httpd_configmap_generator/active_directory.rb, line 97 def join_ad_realm info_msg("Joining the AD Realm ...") debug_msg(" - realm join #{realm} ...") command_run!(REALM_COMMAND, :params => ["join", domain, "-U", opts[:ad_user]], :stdin_data => opts[:ad_password]) end
realm_permit_all()
click to toggle source
# File lib/httpd_configmap_generator/active_directory.rb, line 103 def realm_permit_all info_msg("Allowing AD Users to Login ...") command_run!(REALM_COMMAND, :params => ["permit", "--all"]) end
update_kerberos_keytab_permissions()
click to toggle source
# File lib/httpd_configmap_generator/active_directory.rb, line 108 def update_kerberos_keytab_permissions info_msg("Updating Kerberos keytab permissions ...") FileUtils.chown("apache", "root", KERBEROS_KEYTAB_FILE) FileUtils.chmod(0o640, KERBEROS_KEYTAB_FILE) end