I am setting up LDAP settings in Ansible AWX. I want to achieve 3 things in ldap settings for organization, teams and projects :
- All XYZ team members should be super admin (DONE)
- Organization permission should be group level (not user level)
- All teams (expect one - XYZ) should be admin to their team organization and projects.
I achieved point(1) by using following mapping in LDAP User Flags by Group:
{
"is_superuser": [
"CN=XYZ,OU=myorg,OU=security,OU=xyz,DC=ad,DC=com"
]
}
My LDAP organisation map is as follows:
{
"Services": {
"admins": [
"CN=prod_root_sudo,OU=Servers,OU=Unix,OU=Groups,OU=Users & Groups,OU=DS,OU=DSSI,DC=ad,DC=com",
"CN=preprod_root_sudo,OU=Servers,OU=Unix,OU=Groups,OU=Users & Groups,OU=DS,OU=DSSI,DC=ad,DC=com"
],
"remove_admins": true,
"remove_users": true,
"users": [
"CN=ABC,OU=myorg,OU=security,OU=aes,OU=xyz,DC=ad,DC=com"
]
}
and LDAP team map is :
{
"Team1": {
"organization": "Services",
"remove": true,
"users": [
"CN=grp,OU=myorg,OU=security,DC=ad,DC=com",
]
}
}
What changes should I do to achieve point 2 and 3?
Any help is appreciated, thanks!
