FreeIPA Auth Adaptor for LibreTime

Allow delegating user authentication to FreeIPA rather than having it be checked against the database.
2017-03-18 19:15:20 +01:00 · 2017-03-18 19:15:20 +01:00 · aa5bc06d74
commit aa5bc06d74
parent a01c7c23ec
8 changed files with 371 additions and 2 deletions
--- a/airtime_mvc/build/airtime.example.conf
+++ b/airtime_mvc/build/airtime.example.conf
@ -42,6 +42,11 @@
 # station_id:        The Airtime station name.
 #                    Only used in saas, needed for compatibility.
 #
+# auth:              Auth adaptor to user
+#                    Set to local to use the default db auth or specifiy 
+#                    a class like LibreTime_Auth_Adaptor_FreeIpa to replace
+#                    the built-in adaptor
+#
 [general]
 api_key =
 web_server_user = www-data
@ -51,6 +56,7 @@ base_dir = /
 cache_ahead_hours = 1
 airtime_dir =
 station_id =
+auth = local
 #
 # ----------------------------------------------------------------------

@ -308,3 +314,38 @@ soundcloud_redirect_uri = http://libretime.example.org/soundcloud_callback.php
 facebook_app_id = 0
 facebook_app_url = http://example.org
 facebook_app_api_key = 0
+
+# 
+# ----------------------------------------------------------------------
+#                          L D A P
+# ----------------------------------------------------------------------
+#
+# hostname:       Hostname of LDAP server
+#
+# binddn:         Complete DN of user used to bind to LDAP
+#
+# password:       Password for binddn user
+#
+# account_domain: Domain part of username
+#
+# basedn:         base search DN
+#
+# filter_field:   Name of the uid field for searching
+#                 Usually uid, may be cn
+#
+# groupmap_*:     Map LibreTime user types to LDAP groups
+#                 Lets LibreTime assign user types based on the
+#                 group a given user is in.
+#
+[ldap]
+hostname = ldap.example.org
+binddn = 'uid=libretime,cn=sysaccounts,cn=etc,dc=int,dc=example,dc=org'
+password = hackme
+account_domain = INT.EXAMPLE.ORG
+basedn = 'cn=users,cn=accounts,dc=int,dc=example,dc=org'
+filter_field = uid
+groupmap_guest = 'cn=guest,cn=groups,cn=accounts,dc=int,dc=example,dc=org'
+groupmap_host = 'cn=host,cn=groups,cn=accounts,dc=int,dc=example,dc=org'
+groupmap_program_manager = 'cn=program_manager,cn=groups,cn=accounts,dc=int,dc=example,dc=org'
+groupmap_admin = 'cn=admins,cn=groups,cn=accounts,dc=int,dc=example,dc=org'
+groupmap_superadmin = 'cn=superadmin,cn=groups,cn=accounts,dc=int,dc=example,dc=org'