Rundeck : Configuration de l'authentification Rundeck via LDAP / AD

multiauth {
com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule sufficient
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
providerUrl="ldap://srvldap:389"
bindDn="rundeck"
bindPassword="123456789"
authenticationMethod="simple"
forceBindingLogin="true"
userBaseDn="DC=monLAN,DC=lan"
userRdnAttribute="sAMAccountName"
userIdAttribute="sAMAccountName"
userPasswordAttribute="unicodePwd"
userObjectClass="user"
roleBaseDn="DC=monLAN,DC=LAN"
roleNameAttribute="cn"
roleMemberAttribute="member"
roleObjectClass="group"
cacheDurationMillis="300000"
reportStatistics="true"
ignoreRoles="true"
storePass="true"
clearPass="true"
useFirstPass="false"
tryFirstPass="false";

org.rundeck.jaas.jetty.JettyRolePropertyFileLoginModule sufficient
debug="true"
useFirstPass="true"
file="/etc/rundeck/realm.properties";

org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required
debug="true"
file="/etc/rundeck/realm.properties";
};

description: Admin, all access.
context:
  project: '.*' # all projects
for:
  resource:
    - allow: '*' # allow read/create all kinds
  adhoc:
    - allow: '*' # allow read/running/killing adhoc jobs
  job:
    - allow: '*' # allow read/write/delete/run/kill of all jobs
  node:
    - allow: '*' # allow read/run for all nodes
by:
  group: adminrundeck

---

description: Admin, all access.
context:
  application: 'rundeck'
for:
  resource:
    - allow: '*' # allow create of projects
  project:
    - allow: '*' # allow view/admin of all projects
  storage:
    - allow: '*' # allow read/create/update/delete for all /keys/* storage content

by:
   group: adminrundeck

RDECK_JVM_OPTS="-Drundeck.jaaslogin=true \
       -Djava.security.auth.login.config=/etc/rundeck/jaas-multiauth.conf \
       -Dloginmodule.name=multiauth"

systemctl restart rundeckd