Sunday, March 10, 2024

Ldap integrauon with Redhat Ansible AAP or Ansible Community Tower Part 2

 Now Lets start with the Ansible IT part you need to have working AAP setup

Go to settings and the LDAP settings in that Enter the below values

Ldap server URI :  ldap://192.168.1.17:389

ldap bind dn:  cn=admin,dc=example,dc=org

ldap bind password : admin

ldap group type : PosixGroup Type







Ldap User Search : 

[

  "OU=users,dc=example,dc=org",

  "SCOPE_SUBTREE",

  "(uid=%(user)s)"

]

Ldap Group Search:

[

  "dc=example,dc=org",

  "SCOPE_SUBTREE",

  "(objectClass=group)"

]

Ldap User Attribute map:

{

  "email": "mail",

  "first_name": "givenName",

  "last_name": "sn"

}

Ldap Group Type Parameters:

{

  "name_attr": "cn"

}

Ldap User Flag By Group:

{

  "is_superuser": [

    "cn=superusers,ou=users,dc=example,dc=org"

  ],

  "is_system_auditor": [

    "cn=auditors,ou=groups,dc=example,dc=org"

  ]

}
















save all the settings and try login using nrathi ,kjha and lrathi

if you login using nrathi it will be System Administrator

if you login using kjha it will be Nornal User

if you login using lrathi it will be system auditor

And thats how its done...! Enjoy



Posted by at No comments:
Labels: ,

Ldap integrauon with Redhat Ansible AAP or Ansible Community Tower Part 1

 In order to achieve this in POC we need to have Below prerequisites we need at least two VM's 

1  Ansible Controler / Ansible Tower

OS: Redhat 9  

 IP : 192.168.1.11

2 Ldap Server

OS: redhat 9 

IP : 192.168.1.17

    On the ldap server there is podman installed by default if not install podman its a alternative to docker

launch a podman container with ldap with below command

 # podman run -p 389:389 -p 636:636 --name my-openldap-container osixia/openldap:1.5.0 --env LDAP_ADMIN_PASSWORD="admin"

if you are not an expert with ldap and required GUI then launch another podman container

#  podman run -p 443:443  --env PHPLDAPADMIN_LDAP_HOSTS=192.168.1.17         --detach osixia/phpldapadmin:0.9.0

Once you done with launching two containers you need to test that they are working/ in running state 

[root@localhost ~]# podman ps

CONTAINER ID  IMAGE                                COMMAND     CREATED       STATUS       PORTS                                       NAMES

d560d0d2d420  docker.io/osixia/phpldapadmin:0.9.0              10 hours ago  Up 10 hours  0.0.0.0:443->443/tcp                        suspicious_albattani

116f874f9da6  docker.io/osixia/openldap:1.5.0                  10 hours ago  Up 10 hours  0.0.0.0:389->389/tcp, 0.0.0.0:636->636/tcp  my-openldap-container

[root@localhost ~]# 

  open a brower and hit https://192.168.1.17/phpldapadmin


in the username cn=admin,dc=example,dc=org and in password admin  these are the default values for ldap server to login 

you need to create bunch of groups and users in the ldap to keep the things simple i have shared the export here



# LDIF Export for dc=example,dc=org
# Server: 192.168.1.17 (192.168.1.17)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 9
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on March 7, 2024 11:09 pm
# Version: 1.2.5

version: 1

# Entry 1: dc=example,dc=org
dn: dc=example,dc=org
dc: example
o: Example Inc.
objectclass: top
objectclass: dcObject
objectclass: organization

# Entry 2: ou=groups,dc=example,dc=org
dn: ou=groups,dc=example,dc=org
objectclass: organizationalUnit
objectclass: top
ou: groups

# Entry 3: cn=Admin,ou=groups,dc=example,dc=org
dn: cn=Admin,ou=groups,dc=example,dc=org
cn: Admin
gidnumber: 500
objectclass: posixGroup
objectclass: top

# Entry 4: cn=auditors,ou=groups,dc=example,dc=org
dn: cn=auditors,ou=groups,dc=example,dc=org
cn: auditors
gidnumber: 502
objectclass: posixGroup
objectclass: top

# Entry 5: cn=superusers,ou=groups,dc=example,dc=org
dn: cn=superusers,ou=groups,dc=example,dc=org
cn: superusers
gidnumber: 501
memberuid: nrathi
objectclass: posixGroup
objectclass: top

# Entry 6: ou=users,dc=example,dc=org
dn: ou=users,dc=example,dc=org
objectclass: organizationalUnit
objectclass: top
ou: users

# Entry 7: cn=Kishor jha,ou=users,dc=example,dc=org
dn: cn=Kishor jha,ou=users,dc=example,dc=org
cn: Kishor jha
gidnumber: 500
givenname: Kishor
homedirectory: /home/users/kjha
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: jha
uid: kjha
uidnumber: 1001
userpassword: {MD5}ISMvKXpXpadDiUoOSoAfww==

# Entry 8: cn=Leena Rathi,ou=users,dc=example,dc=org
dn: cn=Leena Rathi,ou=users,dc=example,dc=org
cn: Leena Rathi
gidnumber: 502
givenname: Leena
homedirectory: /home/users/lrathi
loginshell: /bin/bash
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: Rathi
uid: lrathi
uidnumber: 1002
userpassword: {MD5}ISMvKXpXpadDiUoOSoAfww==

# Entry 9: cn=Navneet Rathi,ou=users,dc=example,dc=org
dn: cn=Navneet Rathi,ou=users,dc=example,dc=org
cn: Navneet Rathi
gidnumber: 500
givenname: Navneet
homedirectory: /home/users/nrathi
loginshell: /bin/bash
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: Rathi
uid: nrathi
uidnumber: 1000
userpassword: {MD5}ISMvKXpXpadDiUoOSoAfww==

I have created 5 groups

  1. groups
  2. users
  3. superusers
  4. Admin
  5.  auditors
I have created 3 users 
  1.  Navneet Rathi --> nrathi (system Administrator)  Memberof  superusers group 
  2.  Kishor jha --> kjha          (Normal user)                Memberof  Admin group
  3. Leena Rathi --> lrathi       (Syste, Auditors)           Memberof auditors group
Once done with this we need to look at the redhat Ansible aap /Ansible tower where we need to configure the RedHat aap /Ansible tower

ref : https://github.com/osixia/docker-phpLDAPadmin

ref : https://docs.ansible.com/automation-controller/latest/html/administration/ldap_auth.html

Posted by at No comments:
Labels: ,

Wednesday, March 6, 2024

MS Teams and Ansible Integration

 in order to Achive this we need to create a webhook in MS teams the steps to create the webhook can be found at the URL

https://learn.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/add-incoming-webhook?tabs=classicteams%2Cdotnet

once done we will get a web hook URL 

---
- name: Sending msg to ms teams
hosts: localhost
gather_facts: no
vars:
# Use your own webhook URL here
ms_webhook_url: "https://m365x221219.webhook.office.com/webhookb2/12345678-40cc-4c20-9228-f94320b65a82@945c199a..."
tasks:
### your logic goes of automation goes here
##
####
- name: Send a notification to Teams Channel
uri:
url: "{{ ms_webhook_url }}"
method: POST
body_format: json
body:
title: "Active Completed in job: {{ job_id }}"
text: "your Activity is completed below are the detsils"
sections:
- facts:
- name: "{{ item1 }}"
value: "{{ value1 }}"


and we can run it in the redhat ansible AAP and if you want to tun it from command line then define some variable like job_id 

# ansible-playbook msteams.yml -e job_id=123

and check you will received the msg in the ms teams 

Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)