/salt-eauth-rest-caching-ldap

Primary LanguagePythonBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

caching_ldap

caching_ldap is an REST authorization API for Salt's External Authentication System (eauth) using the eauth rest.

You send in a username, password doesn't matter since we just authorize not authenticate, and caching_ldap give back an eauth ACL for that user which is expanded from cached LDAP groups refreshed on an interval.

Usage

  1. Configure your external_auth for your salt-master and salt-api:

    eauth_acl_module: rest
external_auth:
  rest:
    ^url: http://localhost:8080/v1/login
    'admins%':
      - '.*'
    'users%':
      - 'test.ping'
      - 'state.highstate'

  2. Deploy this Flask-app on your salt master.

    $ cd salt-eauth-rest-caching-ldap
$ python3 -mvenv .
$ source bin/activate
$ pip3 install .

  3. Serve wsgi.py with an WGSI server.