blob: 92114e2284c159699fa8ab7c1bdf38458dddf764 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
store_uri = file:///srv/nix-cache?secret-key=/var/lib/hydra/priv.key
include /var/lib/hydra/git.conf
<dynamicruncommand>
enable = 1
</dynamicruncommand>
<ldap>
<config>
<credential>
class = Password
password_field = password
password_type = self_check
</credential>
<store>
class = LDAP
ldap_server = 10.10.0.1
<ldap_server_options>
timeout = 30
debug = 2
</ldap_server_options>
binddn = "cn=hydra,ou=users,dc=hydra,dc=vapor,dc=systems"
include ldap-password.conf
start_tls = 0
<start_tls_options>
verify = none
</start_tls_options>
user_basedn = "ou=users,dc=hydra,dc=vapor,dc=systems"
user_filter = "(&(objectClass=inetOrgPerson)(cn=%s))"
user_scope = one
user_field = cn
<user_search_options>
deref = always
</user_search_options>
# Important for role mappings to work:
use_roles = 1
role_basedn = "ou=groups,dc=hydra,dc=vapor,dc=systems"
role_filter = "(&(objectClass=groupOfNames)(member=%s))"
role_scope = one
role_field = cn
role_value = dn
<role_search_options>
deref = always
</role_search_options>
</store>
</config>
<role_mapping>
# Make all users in the hydra_admin group Hydra admins
admin = admin
# Allow all users in the dev group to restart jobs and cancel builds
dev = restart-jobs
dev = cancel-build
</role_mapping>
</ldap>
|
