Defined Type: icingaweb2::config::authmethod

Defined in:
manifests/config/authmethod.pp

Summary

Manage Icinga Web 2 authentication methods. Auth methods may be chained by setting proper ordering.

Overview

Examples:

Create an authentication method (db) and reference to a resource:

icingaweb2::config::authmethod { 'db-auth':
  backend  => 'db',
  resource => 'my-sql',
  order    => 20,
}

Create a LDAP authmethod:

icingaweb2::config::authmethod { 'ldap-auth':
  backend                  => 'ldap',
  resource                 => 'my-ldap',
  ldap_user_class          => 'user',
  ldap_filter              => '(memberof:1.2.840.113556.1.4.1941:=CN=monitoring,OU=groups,DC=icinga,DC=com)',
  ldap_user_name_attribute => 'userPrincipalName',
  order                    => '05',
}

Parameters:

  • backend (Enum['external', 'ldap', 'msldap', 'db']) (defaults to: undef)

    Select between ‘external’, ‘ldap’, ‘msldap’ or ‘db’. Each backend may require other settings.

  • resource (Optional[String]) (defaults to: undef)

    The name of the resource defined in resources.ini.

  • ldap_user_class (Optional[String]) (defaults to: undef)

    LDAP user class. Only valid if ‘backend` is `ldap` or `msldap`.

  • ldap_user_name_attribute (Optional[String]) (defaults to: undef)

    LDAP attribute which contains the username. Only valid if ‘backend` is `ldap` or `msldap`.

  • ldap_filter (Optional[String]) (defaults to: undef)

    LDAP search filter. Only valid if ‘backend` is `ldap` or `msladap`.

  • ldap_base_dn (Optional[String]) (defaults to: undef)

    LDAP base DN. Only valid if ‘backend` is `ldap` or `msldap`.

  • domain (Optional[String]) (defaults to: undef)

    Domain for domain-aware authentication

  • order (Variant[String, Integer]) (defaults to: '01')

    Multiple authentication methods can be chained. The order of entries in the authentication configuration determines the order of the authentication methods.



46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'manifests/config/authmethod.pp', line 46

define icingaweb2::config::authmethod(
  Enum['external', 'ldap', 'msldap', 'db'] $backend                  = undef,
  Optional[String]                         $resource                 = undef,
  Optional[String]                         $ldap_user_class          = undef,
  Optional[String]                         $ldap_user_name_attribute = undef,
  Optional[String]                         $ldap_filter              = undef,
  Optional[String]                         $ldap_base_dn             = undef,
  Optional[String]                         $domain                   = undef,
  Variant[String, Integer]                 $order                    = '01',
) {

  $conf_dir = $::icingaweb2::globals::conf_dir

  case $backend {
    'external': {
      $settings = {
        'backend' => $backend,
      }
    }
    'ldap', 'msldap': {
      $settings = {
        'backend'             => $backend,
        'resource'            => $resource,
        'user_class'          => $ldap_user_class,
        'user_name_attribute' => $ldap_user_name_attribute,
        'filter'              => $ldap_filter,
        'base_dn'             => $ldap_base_dn,
        'domain'              => $domain,
      }
    }
    'db': {
      $settings = {
        'backend'  => $backend,
        'resource' => $resource,
        'domain'   => $domain,
      }
    }
    default: {
      fail('The backend type you provided is not supported.')
    }
  }

  icingaweb2::inisection { "authmethod-${title}":
    section_name => $title,
    target       => "${conf_dir}/authentication.ini",
    settings     => delete_undef_values($settings),
    order        => $order,
  }
}