Tâche #30871
Distribution EOLE - Scénario #30863: Traitement express MEN (43-45)
Pouvoir personnaliser la liste des AuthorizedUserGroups
100%
Description
Aujourd'hui la liste des AuthorizedUserGroups est en dure et correspond à un schéma "scribe" :
"AuthorizedUserGroups": [
"CN=Domain Admins,CN=Users",
"CN=professeurs,OU=local,OU=groupes,OU=§§numero_etab,OU=§§nom_academie,OU=education"
],
Sur un Seth le groupe professeur peut être ailleurs.
Il faudrait pouvoir le personnaliser.
Associated revisions
Veyon: extract and configure the autorised user groups
On Seth, the groups can be moved in whatever “OU” in the Active
Directory.
We need to extract the wanted groups DN in the LDAP:
- configure the LDAP connection for salt master
- add a salt master scheduler to extract the groups in a YAML file
- dicos/20_workstation_manager.xml: new variable to configure LDAP
extract filters and new templates to configure the scheduler.
- tmpl/master-ldap.conf: configure the connection to the Active
Directory LDAP server.
- tmpl/schedule-veyon.conf: configure the salt master scheduler by
calling a `.sls` outside the `file_roots` by using `state.template`.
- tmpl/veyon-extract-ldap-authorized-user-groups.sls: lookup the Veyon
authorized user groups and store them in
`/var/lib/eole/config/veyon.yaml`
Ref: #30871
Revert "Veyon: extract and configure the autorised user groups"
This reverts commit 8ff2de94dec3467d0d92bad4a4598b2293cc0cf5 for 2.7.1.
Ref: #30871
Veyon configuration must be generated after instance
During instance, the start of salt-master is done before AD is
populated so the veyon AuthorizedUserGroups can't be extracted
directly.
- postservice/30-eole-workstation-manager: restart the salt-master if
the veyon configuration file is not generated.
Ref: #30871
Veyon configuration is managed by eole-workstation-manager
There is no need to make a template of “veyon-config.js”
Ref: #30871
Veyon: configure “AuthorizedUserGroups” from pillar
Ref: #30871
Update changelog and VERSION for 2.7.1
Ref: #30871
Extracting Veyon authorized user groups requires python3-ldap
Ref: #30871
Extracting Veyon authorized user groups requires python3-ldap
Ref: #30871
cherry picked for 2.8.1 from commit 3477bf3bafb0446142863d16905dd25699552172
The parent directory of Veyon configuration must exists
Ref: #30871
History
#1 Updated by Daniel Dehennin almost 3 years ago
- Assigned To set to Daniel Dehennin
- Parent task set to #30863
#2 Updated by Daniel Dehennin almost 3 years ago
- Status changed from Nouveau to En cours
Le plus simple est de passer par le pillar qui est un template creole.
- Creole définie la liste des groupes (dico ou template)
- Cette liste est passée en tant que pillar
#3 Updated by Daniel Dehennin almost 3 years ago
La liste des groupes n’est configurable qu’à partir de 2.8.0 car en 2.7 salt-master est trop ancien.
#4 Updated by Daniel Dehennin almost 3 years ago
- Status changed from En cours to Résolu
- % Done changed from 0 to 100
#5 Updated by Daniel Dehennin almost 3 years ago
La liste des groupes autorisés est mise à jour une fois par heure.
#6 Updated by Gilles Grandgérard almost 3 years ago
- Status changed from Résolu to Fermé
- Remaining (hours) set to 0.0