[debian-edu-commits] [Git][debian-edu/debian-edu-config][master] Restrict Icinga web GUI administration using a dedicated group
Wolfgang Schweer (@schweer-guest)
gitlab at salsa.debian.org
Mon Aug 16 17:09:12 BST 2021
Wolfgang Schweer pushed to branch master at Debian Edu / debian-edu-config
Commits:
fff38a54 by Wolfgang Schweer at 2021-08-16T18:07:09+02:00
Restrict Icinga web GUI administration using a dedicated group
ldap-bootstrap/gosa.ldif: Add group icinga-admins.
tools/edu-icinga-setup: Adjust configuration files (HERE documents) to use
icinga-admins group for administrator role.
Signed-off-by: Wolfgang Schweer <wschweer at arcor.de>
- - - - -
3 changed files:
- debian/changelog
- ldap-bootstrap/gosa.ldif
- share/debian-edu-config/tools/edu-icinga-setup
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,13 @@
+debian-edu-config (2.12.1) UNRELEASED; urgency=medium
+
+ * Start on 2.12.1 as Debian 12 (bookworm) is targeted.
+ * Restrict Icinga web GUI administration using a dedicated group.
+ - ldap-bootstrap/gosa.ldif: Add group icinga-admins.
+ - tools/edu-icinga-setup: Adjust configuration files (HERE documents) to use
+ icinga-admins group for administrator role.
+
+ -- Wolfgang Schweer <wschweer at arcor.de> Mon, 16 Aug 2021 17:56:10 +0200
+
debian-edu-config (2.11.56) unstable; urgency=medium
[ Wolfgang Schweer ]
=====================================
ldap-bootstrap/gosa.ldif
=====================================
@@ -4,7 +4,7 @@
## define 4 groups: teachers, students. jradmins and nonetblk
## define templates to add a teacher or a student.
## define access roles: admin-role, and jradmin-role
-## define access group: gosa-admins
+## define access groups: gosa-admins, printer-admins, icinga-admins
########################################################
## gosa-config:
@@ -117,6 +117,14 @@ description: Printer Operators
gidNumber: 60010
memberUid: $FIRSTUSERNAME
+dn: cn=icinga-admins,ou=group,dc=skole,dc=skolelinux,dc=no
+objectClass: top
+objectClass: posixGroup
+cn: icinga-admins
+description: Icinga Administrators
+gidNumber: 60020
+memberUid: $FIRSTUSERNAME
+
################### Templates ########################
# Groups and user templates for teachers and students
=====================================
share/debian-edu-config/tools/edu-icinga-setup
=====================================
@@ -7,7 +7,7 @@
# Author/Copyright: Wolfgang Schweer <wschweer at arcor.de>
# Licence: GPL2+
# first edited: 2020-03-23
-# last edited: 2020-04-11
+# last edited: 2021-08-16
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -82,7 +82,6 @@ setup_icinga() {
domain = ""
resource = "icingaweb_ldap"
EOF
-
# config.ini
cat <<- EOF > /etc/icingaweb2/config.ini
[global]
@@ -101,18 +100,18 @@ setup_icinga() {
[icingaweb2]
resource = "icingaweb_ldap"
user_backend = "icingaweb2"
- group_class = "group"
+ group_class = "posixGroup"
group_filter = ""
- group_name_attribute = "gid"
- group_member_attribute = "member"
- base_dn = ""
+ group_name_attribute = "cn"
+ group_member_attribute = "memberUid"
+ base_dn = "dc=skole,dc=skolelinux,dc=no"
backend = "ldap"
EOF
# roles.ini
cat <<- EOF > /etc/icingaweb2/roles.ini
[Administrators]
- users = "$FIRSTUSERNAME"
+ groups = "icinga-admins"
permissions = "*"
EOF
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/fff38a54f0d5f61c6f3e4c94fbce53c56de8dc19
--
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/fff38a54f0d5f61c6f3e4c94fbce53c56de8dc19
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20210816/05cfc797/attachment-0001.htm>
More information about the debian-edu-commits
mailing list