Puppet Enterprise - AD authentication with multiple "default" roles

asked 2013-11-08 14:00:35 -0500

cbowles gravatar image

updated 2013-11-08 14:01:06 -0500

We've got Active Directory configured as third-party authentication per http://docs.puppetlabs.com/pe/latest/console_config.html#configuring-third-party-authentication-services .

Currently, we are pointing to a single AD group using a filter directive in rubycas-server/config.yml:

filter: (memberOf=CN=FOO,OU=Org,DC=edu)

This is referenced via console-auth/casclientconfig.yml with a default_role of read-write:

activedirectoryldap: default_role: read-write
description: Active Directory

However, I'd like to be able to also add folks to a different AD group and be able to give them read-only access to Puppet Enterprise.

Any idea if this is possible?

edit retag flag offensive close merge delete

Comments

If you're using Puppet Enterprise, this might be better asked through their Zendesk portal at support.puppetlabs.com. I agree this would be nice, but I don't know ...(more)

Ancillas gravatar imageAncillas ( 2013-11-14 15:57:52 -0500 )edit