salt.auth.ldap

Provide authentication using simple LDAP binds

depends:
  • ldap Python module

salt.auth.ldap.auth(username, password)

Simple LDAP auth

salt.auth.ldap.groups(username, **kwargs)

Authenticate against an LDAP group

Behavior is highly dependent on if Active Directory is in use.

AD handles group membership very differently than OpenLDAP. See the External Authentication documentation for a thorough discussion of available parameters for customizing the search.

OpenLDAP allows you to search for all groups in the directory and returns members of those groups. Then we check against the username entered.

salt.auth.ldap.process_acl(auth_list, opts=None)

Query LDAP, retrieve list of minion_ids from an OU or other search. For each minion_id returned from the LDAP search, copy the perms matchers into the auth dictionary :param auth_list: :param opts: __opts__ for when __opts__ is not injected :return: Modified auth list.