diff --git a/README.md b/README.md index 781061d4e..d23d3168d 100644 --- a/README.md +++ b/README.md @@ -239,6 +239,14 @@ LDAP server to use for auth. User DN pattern for LDAP auth. +####`ldap_other_bind` + +How to bind to the LDAP server. Defaults to 'anon'. + +####`ldap_config_variables` + +Hash of other LDAP config variables. + ####`ldap_use_ssl` Boolean, set to true to use SSL for the LDAP server. diff --git a/manifests/init.pp b/manifests/init.pp index d4a331934..a7a50ccae 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -49,9 +49,11 @@ $ldap_auth = $rabbitmq::params::ldap_auth, $ldap_server = $rabbitmq::params::ldap_server, $ldap_user_dn_pattern = $rabbitmq::params::ldap_user_dn_pattern, + $ldap_other_bind = $rabbitmq::params::ldap_other_bind, $ldap_use_ssl = $rabbitmq::params::ldap_use_ssl, $ldap_port = $rabbitmq::params::ldap_port, $ldap_log = $rabbitmq::params::ldap_log, + $ldap_config_variables = $rabbitmq::params::ldap_config_variables, $stomp_port = $rabbitmq::params::stomp_port, $version = $rabbitmq::params::version, $wipe_db_on_cookie_change = $rabbitmq::params::wipe_db_on_cookie_change, @@ -108,6 +110,8 @@ validate_bool($ldap_auth) validate_string($ldap_server) validate_string($ldap_user_dn_pattern) + validate_string($ldap_other_bind) + validate_hash($ldap_config_variables) validate_bool($ldap_use_ssl) validate_re($ldap_port, '\d+') validate_bool($ldap_log) diff --git a/manifests/params.pp b/manifests/params.pp index b09d7620a..f699b0db8 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -105,9 +105,11 @@ $ldap_auth = false $ldap_server = 'ldap' $ldap_user_dn_pattern = 'cn=username,ou=People,dc=example,dc=com' + $ldap_other_bind = 'anon' $ldap_use_ssl = false $ldap_port = '389' $ldap_log = false + $ldap_config_variables = {} $stomp_port = '6163' $wipe_db_on_cookie_change = false $cluster_partition_handling = 'ignore' diff --git a/spec/classes/rabbitmq_spec.rb b/spec/classes/rabbitmq_spec.rb index 4a547780a..6741d2daa 100644 --- a/spec/classes/rabbitmq_spec.rb +++ b/spec/classes/rabbitmq_spec.rb @@ -404,13 +404,15 @@ describe 'configuring ldap authentication' do let :params do - { :config_stomp => true, - :ldap_auth => true, - :ldap_server => 'ldap.example.com', - :ldap_user_dn_pattern => 'ou=users,dc=example,dc=com', - :ldap_use_ssl => false, - :ldap_port => '389', - :ldap_log => true + { :config_stomp => true, + :ldap_auth => true, + :ldap_server => 'ldap.example.com', + :ldap_user_dn_pattern => 'ou=users,dc=example,dc=com', + :ldap_other_bind => 'as_user', + :ldap_use_ssl => false, + :ldap_port => '389', + :ldap_log => true, + :ldap_config_variables => { 'foo' => 'bar' } } end @@ -419,10 +421,10 @@ it 'should contain ldap parameters' do verify_contents(subject, 'rabbitmq.config', ['[', ' {rabbit, [', ' {auth_backends, [rabbit_auth_backend_internal, rabbit_auth_backend_ldap]},', ' ]}', - ' {rabbitmq_auth_backend_ldap, [', ' {other_bind, anon},', + ' {rabbitmq_auth_backend_ldap, [', ' {other_bind, as_user},', ' {servers, ["ldap.example.com"]},', ' {user_dn_pattern, "ou=users,dc=example,dc=com"},', ' {use_ssl, false},', - ' {port, 389},', ' {log, true}']) + ' {port, 389},', ' {foo, bar},', ' {log, true}']) end end @@ -432,9 +434,11 @@ :ldap_auth => true, :ldap_server => 'ldap.example.com', :ldap_user_dn_pattern => 'ou=users,dc=example,dc=com', + :ldap_other_bind => 'as_user', :ldap_use_ssl => false, :ldap_port => '389', - :ldap_log => true + :ldap_log => true, + :ldap_config_variables => { 'foo' => 'bar' } } end @@ -443,10 +447,10 @@ it 'should contain ldap parameters' do verify_contents(subject, 'rabbitmq.config', ['[', ' {rabbit, [', ' {auth_backends, [rabbit_auth_backend_internal, rabbit_auth_backend_ldap]},', ' ]}', - ' {rabbitmq_auth_backend_ldap, [', ' {other_bind, anon},', + ' {rabbitmq_auth_backend_ldap, [', ' {other_bind, as_user},', ' {servers, ["ldap.example.com"]},', ' {user_dn_pattern, "ou=users,dc=example,dc=com"},', ' {use_ssl, false},', - ' {port, 389},', ' {log, true}']) + ' {port, 389},', ' {foo, bar},', ' {log, true}']) end end diff --git a/templates/rabbitmq.config.erb b/templates/rabbitmq.config.erb index c81096552..da48e4227 100644 --- a/templates/rabbitmq.config.erb +++ b/templates/rabbitmq.config.erb @@ -81,11 +81,16 @@ <%- if @ldap_auth -%>, % Configure the LDAP authentication plugin {rabbitmq_auth_backend_ldap, [ - {other_bind, anon}, + {other_bind, <%= @ldap_other_bind %>}, {servers, ["<%= @ldap_server %>"]}, {user_dn_pattern, "<%= @ldap_user_dn_pattern %>"}, {use_ssl, <%= @ldap_use_ssl %>}, {port, <%= @ldap_port %>}, +<% if @ldap_config_variables -%> +<%- @ldap_config_variables.keys.sort.each do |key| -%> + {<%= key %>, <%= @ldap_config_variables[key] %>}, +<%- end -%> +<%- end -%> {log, <%= @ldap_log %>} ]} <%- end -%>