|
|
|
|
|
|
|
|
# Do not disable this unless it is absolutely clear what this does. |
|
|
# Do not disable this unless it is absolutely clear what this does. |
|
|
{{ get_config('rotate_aes_key', 'True') }} |
|
|
{{ get_config('rotate_aes_key', 'True') }} |
|
|
|
|
|
|
|
|
|
|
|
# Unique ID attribute name for the user. For Active Directory should be set |
|
|
|
|
|
# to 'sAMAccountName'. Default value is 'memberUid'. |
|
|
|
|
|
{{ get_config('auth.ldap.accountattributename', 'memberUid') }} |
|
|
|
|
|
|
|
|
|
|
|
# Set this to True if LDAP is Active Directory. Default is False |
|
|
|
|
|
{{ get_config('auth.ldap.activedirectory', False) }} |
|
|
|
|
|
|
|
|
|
|
|
# Bind to LDAP anonymously to determine group membership |
|
|
|
|
|
# Active Directory does not allow anonymous binds without special configuration |
|
|
|
|
|
{{ get_config('auth.ldap.anonymous', False) }} |
|
|
|
|
|
|
|
|
|
|
|
# The base DN under which users can be found in LDAP |
|
|
|
|
|
{{ get_config('auth.ldap.basedn', '') }} |
|
|
|
|
|
|
|
|
|
|
|
# The user Salt authenticates to search for a users' Distinguished Name and |
|
|
|
|
|
# group membership. |
|
|
|
|
|
{{ get_config('auth.ldap.binddn', '') }} |
|
|
|
|
|
|
|
|
|
|
|
# The bind password to go along with the bind dn (binddn). |
|
|
|
|
|
{{ get_config('auth.ldap.bindpw', '') }} |
|
|
|
|
|
|
|
|
|
|
|
# The filter used to find the DN associated with a user. For most LDAPs use |
|
|
|
|
|
# the value {% raw %}'uid={{ username }}'{% endraw %}. For Active Directory use the value |
|
|
|
|
|
# {% raw %}'sAMAccountName={{username}}'{% endraw %}. |
|
|
|
|
|
{{ get_config('auth.ldap.filter', '') }} |
|
|
|
|
|
|
|
|
|
|
|
# The attribute used for user group membership. Defaults to 'memberOf' |
|
|
|
|
|
{{ get_config('auth.ldap.groupattribute', 'memberOf') }} |
|
|
|
|
|
|
|
|
|
|
|
# LDAP group class. Use 'group' for Active Directory. Defaults to 'posixGroup' |
|
|
|
|
|
{{ get_config('auth.ldap.groupclass', 'posixGroup') }} |
|
|
|
|
|
|
|
|
|
|
|
# To specify an OU that contains group data. Not used for Active Directory |
|
|
|
|
|
# Default value: 'Groups' |
|
|
|
|
|
{{ get_config('auth.ldap.groupou', 'Groups') }} |
|
|
|
|
|
|
|
|
|
|
|
# Allows the administrator to strip off a certain set of domain names |
|
|
|
|
|
# so the hostnames looked up in the directory service can match the minion IDs. |
|
|
|
|
|
{{ get_config('auth.ldap.minion_stripdomains', []) }} |
|
|
|
|
|
|
|
|
|
|
|
# Verify server's TLS certificate. Default value: False |
|
|
|
|
|
{{ get_config('auth.ldap.no_verify', False) }} |
|
|
|
|
|
|
|
|
|
|
|
# Only for Active Directory. Default value: 'person' |
|
|
|
|
|
{{ get_config('auth.ldap.persontype', 'person') }} |
|
|
|
|
|
|
|
|
|
|
|
# Port to connect via. Default value: '389' |
|
|
|
|
|
{{ get_config('auth.ldap.port', '389') }} |
|
|
|
|
|
|
|
|
|
|
|
# LDAP scope level, almost always 2. Default value: 2 |
|
|
|
|
|
{{ get_config('auth.ldap.scope', 2) }} |
|
|
|
|
|
|
|
|
|
|
|
# Server to auth against. Default value: 'localhost' |
|
|
|
|
|
{{ get_config('auth.ldap.server', 'localhost') }} |
|
|
|
|
|
|
|
|
|
|
|
# Use TLS when connecting. Default value: False |
|
|
|
|
|
{{ get_config('auth.ldap.tls', False) }} |
|
|
|
|
|
|
|
|
|
|
|
# Server specified in URI format. Overrides .ldap.server, .ldap.port, |
|
|
|
|
|
# .ldap.tls. Default value: '' |
|
|
|
|
|
{{ get_config('auth.ldap.uri', '') }} |
|
|
|
|
|
|
|
|
##### Salt-SSH Configuration ##### |
|
|
##### Salt-SSH Configuration ##### |
|
|
########################################## |
|
|
########################################## |
|
|
|
|
|
|