| *** dbpiv has quit IRC | 00:05 | |
| ara-slack | sean.kang: Hi, I have a question about the external authentication for ARA API. Does ARA support LDAP authentication? | 02:04 |
|---|---|---|
| dmsimard | @sean.kang: I haven't done it, it's not documented for ara but it should be doable :) | 02:10 |
| dmsimard | I saw your issue but haven't got around to it, we can use that to figure it out: https://github.com/ansible-community/ara/issues/196 | 02:10 |
| ara-slack | sean.kang: That is the issue I opened. | 02:11 |
| dmsimard | I think there's two different ways to approach it -- one is at the webserver level (i.e, apache with mod_ldap), the other is with the api backend (django/django-rest-framework) | 02:12 |
| ara-slack | sean.kang: So it is doable at the current state and it doesn't require application level code change? | 02:12 |
| dmsimard | this would be a good starting point and we should probably add it to the docs: https://github.com/ansible-community/ara/issues/124#issuecomment-617841597 | 02:16 |
| ara-slack | sean.kang: Thank you. I will have a look. | 02:17 |
| dmsimard | I don't have a ldap implementation handy to test with but if you manage to figure it out, we can add it to the docs :) | 02:17 |
| ara-slack | sean.kang: I have done something similar with NetBox which is based on Django so I thought the LDAP authentication had to be supported in application level. https://netbox.readthedocs.io/en/stable/installation/6-ldap/ | 02:22 |
| ara-slack | That apache module based LDAP authentication looks quite different. | 02:22 |
| dmsimard | in your use case would ldap be used only for the web interface authentication ? or for the callback plugin too ? | 02:30 |
| dmsimard | if authentication is required for writes, the callback needs to authenticate somehow | 02:30 |
| ara-slack | sean.kang: both | 02:31 |
| dmsimard | so to record a playbook, the ldap password would need to be in an ansible.cfg or exported through an env var | 02:32 |
| dmsimard | are you okay with that ? I mean you can create regular accounts in django manually instead | 02:33 |
| ara-slack | sean.kang: sorry. i was in a meeting. | 02:53 |
| ara-slack | sean.kang: we use docker containers to run playbooks and credentials can be put as environment variables. | 02:55 |
| dmsimard | I'm off for now, don't have a solution for you right now but we can summarize our discussion and findings in the issue | 03:35 |
| ara-slack | sean.kang: thank you again | 03:42 |
| *** evrardjp has quit IRC | 05:33 | |
| *** evrardjp has joined #ara | 05:33 | |
| *** TKersten has joined #ara | 06:26 | |
| *** mgariepy has quit IRC | 12:02 | |
| *** dbpiv has joined #ara | 13:03 | |
| *** mgariepy has joined #ara | 13:09 | |
| *** etienne has joined #ara | 15:18 | |
| *** mgariepy has quit IRC | 16:04 | |
| *** TKersten has left #ara | 16:21 | |
| *** mgariepy has joined #ara | 16:41 | |
| *** dbpiv has quit IRC | 16:50 | |
| *** dbpiv has joined #ara | 16:53 | |
| *** dbpiv has quit IRC | 17:15 | |
| *** dbpiv has joined #ara | 17:43 | |
| *** dbpiv has quit IRC | 19:14 | |
| *** dbpiv has joined #ara | 19:58 | |
| *** dbpiv has quit IRC | 20:04 | |
| *** _KaszpiR_ has quit IRC | 21:49 | |
| *** _KaszpiR_ has joined #ara | 21:50 | |
| *** _KaszpiR_ has quit IRC | 23:07 | |
| *** _KaszpiR_ has joined #ara | 23:31 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!