-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathmain.yml
77 lines (73 loc) · 1.91 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
---
# satellite-auth vars
# Authentication defaults
sat_auth_global:
default_org_id: 1
default_loc_id: 2
# Define additional users with role assignments
sat_local_users:
- username: "viewer-user"
password: "viewonly"
email: "viewer-user@yourdomain.com"
first_name: "Viewer"
last_name: "User"
organizations:
- "Your Organization"
locations:
- "Your Location"
default_org_id: "{{ sat_auth_global.default_org_id }}"
default_loc_id: "{{ sat_auth_global.default_loc_id }}"
administrator: no
roles:
- "Viewer"
# Define LDAP or AD authentication source
sat_auth_source:
# Active Directory Server
- name: "Active_Directory"
encryption: yes
server: "ad-server.yourdomain.com"
port: 636
type: "active_directory"
bind_user: "DOM\\bind-user"
bind_pass: "BIND-PASSWORD"
base_dn: "dc=ad,dc=yourdomain,dc=com"
filter: "(objectCategory=person)"
group_base_dn: "dc=ad,dc=yourdomain,dc=com"
create_accounts: yes
group_sync: no
attribute_mappings:
login: "sAMAccountName"
fname: "givenName"
lname: "sn"
email: "mail"
photo: "thumbnailPhoto"
# # List certificates required to verify the certificate chain for the LDAP server
# certificates:
# - issuing_ca.pem
# - server.pem
# - root_ca.pem
# Group mappings for internal to external groups
sat_ldap_group_maps:
- name: "Sat_Admins"
mapto: [ 'AD-ADMIN-GROUP' ]
admin: yes
roles:
- "Discovery Reader"
- "Discovery Manager"
- "Boot disk access"
- "Tasks Manager"
- "Tasks Reader"
- "Red Hat Access Logs"
- "Access Insights Viewer"
- "Access Insights Admin"
- "Manager"
- "Edit partition tables"
- "View hosts"
- "Edit hosts"
- "Viewer"
- "Site manager"
- name: "Sat_Viewers"
mapto: [ 'AD-READONLY-GROUP' ]
admin: no
roles:
- "Viewer"