Today we will talk about FreeIPA authentication and how it can be used to authenticate users in Ansible Tower.
FreeIPA is an integrated Identity and Authentication solution for *NIX environments. It can also work with any other solution which can authenticate users from LDAP. A FreeIPA server provides centralized authentication, authorization and account information to manage the security aspects of a network of computers.
Ansible Tower is designed to be your hub for all automation tasks including server provisioning, server or devices configuration management and infrastructure deployment.
In order to have FreeIPA work with Ansible Tower we need to have setup a new user group for users who will use Ansible Tower and a Ansible Tower server already running.
FreeIPA group can be created in Identity -> Groups. Then users can be added to this group.
For Ansible Tower in the first part of the configuration we will need to set-up the following:
Now we will need to add some other configuration in the following blocks on the same page:
- LDAP GROUP SEARCH
[
"cn=groups,cn=accounts,dc=openthreat,dc=ro",
"SCOPE_SUBTREE",
"(objectClass=groupOfNames)"
]- LDAP USER ATTRIBUTE MAP
{
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}- LDAP GROUP TYPE PARAMETERS
{
"name_attr": "cn",
"member_attr": "member"
}- LDAP USER FLAGS BY GROUP
{
"is_superuser": [
"CN=awx_group,cn=groups,cn=accounts,dc=openthreat,dc=ro"
]
}All users from FreeIPA as configured before will have automatically admin rights.
0 Comments