From feab0450d821b21cdc8a8fc0ee9ae9b1e9913d33 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 10 Jul 2019 01:07:32 +0200 Subject: Implement LDAP --- conf/.env.production.sample | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'conf/.env.production.sample') diff --git a/conf/.env.production.sample b/conf/.env.production.sample index 203b74b..a444ae2 100644 --- a/conf/.env.production.sample +++ b/conf/.env.production.sample @@ -155,15 +155,15 @@ STREAMING_CLUSTER_NUM=1 # GID=1000 # LDAP authentication (optional) -# LDAP_ENABLED=true -# LDAP_HOST=localhost -# LDAP_PORT=389 -# LDAP_METHOD=simple_tls -# LDAP_BASE=ou=users,dc=yunohost,dc=org -# LDAP_BIND_DN=uid=__LDAP_USER__,ou=users,dc=yunohost,dc=org -# LDAP_PASSWORD=__LDAP_PASSWORD__ -# LDAP_UID=uid -# LDAP_SEARCH_FILTER="%{uid}=%{email}" +LDAP_ENABLED=true +LDAP_HOST=localhost +LDAP_PORT=389 +LDAP_METHOD=simple_tls +LDAP_BASE=ou=users,dc=yunohost,dc=org +LDAP_BIND_DN=uid=__LDAP_USER__,ou=users,dc=yunohost,dc=org +LDAP_PASSWORD=__LDAP_PASSWORD__ +LDAP_UID=uid +LDAP_SEARCH_FILTER="%{uid}=%{email}" # PAM authentication (optional) # PAM authentication uses for the email generation the "email" pam variable -- cgit v1.2.3-70-g09d2 From 0cfabd36526029d3e2ec2d9ed4c33e603b341884 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sat, 13 Jul 2019 10:51:01 +0200 Subject: Update .env.production.sample --- conf/.env.production.sample | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'conf/.env.production.sample') diff --git a/conf/.env.production.sample b/conf/.env.production.sample index a444ae2..610425c 100644 --- a/conf/.env.production.sample +++ b/conf/.env.production.sample @@ -158,12 +158,13 @@ STREAMING_CLUSTER_NUM=1 LDAP_ENABLED=true LDAP_HOST=localhost LDAP_PORT=389 -LDAP_METHOD=simple_tls +LDAP_METHOD=start_tls LDAP_BASE=ou=users,dc=yunohost,dc=org LDAP_BIND_DN=uid=__LDAP_USER__,ou=users,dc=yunohost,dc=org LDAP_PASSWORD=__LDAP_PASSWORD__ LDAP_UID=uid LDAP_SEARCH_FILTER="%{uid}=%{email}" +LDAP_TLS_NO_VERIFY=true # PAM authentication (optional) # PAM authentication uses for the email generation the "email" pam variable -- cgit v1.2.3-70-g09d2 From 6f5fec437c9874e289cbd0f68b0e109e02cbccdf Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 4 Aug 2019 00:31:07 +0200 Subject: removing dedicated ldap user creation --- conf/.env.production.sample | 4 ++-- scripts/install | 15 --------------- scripts/remove | 8 -------- scripts/restore | 9 --------- scripts/upgrade | 16 ---------------- 5 files changed, 2 insertions(+), 50 deletions(-) (limited to 'conf/.env.production.sample') diff --git a/conf/.env.production.sample b/conf/.env.production.sample index 610425c..33f7d93 100644 --- a/conf/.env.production.sample +++ b/conf/.env.production.sample @@ -160,8 +160,8 @@ LDAP_HOST=localhost LDAP_PORT=389 LDAP_METHOD=start_tls LDAP_BASE=ou=users,dc=yunohost,dc=org -LDAP_BIND_DN=uid=__LDAP_USER__,ou=users,dc=yunohost,dc=org -LDAP_PASSWORD=__LDAP_PASSWORD__ +LDAP_BIND_DN=uid=uid=local,ou=users,dc=yunohost,dc=org +LDAP_PASSWORD= LDAP_UID=uid LDAP_SEARCH_FILTER="%{uid}=%{email}" LDAP_TLS_NO_VERIFY=true diff --git a/scripts/install b/scripts/install index 97bbc0b..0991cbc 100644 --- a/scripts/install +++ b/scripts/install @@ -36,9 +36,6 @@ admin_mail=$(ynh_user_get_info $admin 'mail') app=$YNH_APP_INSTANCE_NAME -ldap_user="svc_${app}_ldap" -ldap_password=$(ynh_string_random --length=8) - #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= @@ -71,8 +68,6 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=language --value=$language -ynh_app_setting_set --app=$app --key=ldap_user --value=$ldap_user -ynh_app_setting_set --app=$app --key=ldap_password --value=$ldap_password #================================================= # STANDARD MODIFICATIONS @@ -139,13 +134,6 @@ ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # SPECIFIC SETUP -#================================================= -# CREATING LDAP USER -#================================================= -ynh_script_progression --message="Creating LDAP user..." --weight=424 - -yunohost user create $ldap_user --firstname "SvcMastodonLdap" --lastname "SvcMastodonLdap" --mail ${ldap_user}@$domain --password $ldap_password -q 0 - #================================================= # INSTALLING RUBY AND BUNDLER #================================================= @@ -182,9 +170,6 @@ otp_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c ynh_replace_string --match_string="__OTP_SECRET__" --replace_string="$otp_secret" --target_file="$final_path/live/.env.production" ynh_app_setting_set --app="$app" --key=otp_secret --value="$otp_secret" -ynh_replace_string --match_string="__LDAP_USER__" --replace_string="$ldap_user" --target_file="$final_path/live/.env.production" -ynh_replace_string --match_string="__LDAP_PASSWORD__" --replace_string="$ldap_password" --target_file="$final_path/live/.env.production" - #================================================= # INSTALLING MASTODON #================================================= diff --git a/scripts/remove b/scripts/remove index cbbae0b..19cbf29 100644 --- a/scripts/remove +++ b/scripts/remove @@ -22,7 +22,6 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$app final_path=$(ynh_app_setting_get --app=$app --key=final_path) -ldap_user=$(ynh_app_setting_get --app=$app --key=ldap_user) #================================================= # STANDARD REMOVE @@ -96,13 +95,6 @@ ynh_remove_nginx_config #================================================= # SPECIFIC REMOVE -#================================================= -# REMOVE LDAP USER -#================================================= -ynh_script_progression --message="Removing ldap user..." --weight=2 - -yunohost user delete $ldap_user --purge - #================================================= # REMOVE THE CRON FILE #================================================= diff --git a/scripts/restore b/scripts/restore index 89e2430..59e71fc 100644 --- a/scripts/restore +++ b/scripts/restore @@ -35,8 +35,6 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$app db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) -ldap_user=$(ynh_app_setting_get --app=$app --key=ldap_user) -ldap_password=$(ynh_app_setting_get --app=$app --key=ldap_password) #================================================= # CHECK IF THE APP CAN BE RESTORED @@ -91,13 +89,6 @@ ynh_install_nodejs --nodejs_version="8" ynh_install_app_dependencies $pkg_dependencies ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" -#================================================= -# CREATING LDAP USER -#================================================= -ynh_script_progression --message="Creating LDAP user..." --weight=424 - -yunohost user create $ldap_user --firstname "SvcMastodonLdap" --lastname "SvcMastodonLdap" --mail ${ldap_user}@$domain --password $ldap_password -q 0 - #================================================= # INSTALLING RUBY AND BUNDLER #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index fe6f331..46e7229 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -37,9 +37,6 @@ otp_secret=$(ynh_app_setting_get --app=$app --key=otp_secret) vapid_private_key=$(ynh_app_setting_get --app=$app --key=vapid_private_key) vapid_public_key=$(ynh_app_setting_get --app=$app --key=vapid_public_key) -ldap_user=$(ynh_app_setting_get --app=$app --key=ldap_user) -ldap_password=$(ynh_app_setting_get --app=$app --key=ldap_password) - #================================================= # CHECK VERSION #================================================= @@ -125,16 +122,6 @@ if [[ -z "$vapid_private_key" ]]; then ynh_app_setting_set "$app" vapid_public_key "$vapid_public_key" fi -# If ldap_user doesn't exist, retrieve it or create it -if [[ -z "$ldap_user" ]]; then - ldap_user="svc_${app}_ldap" - ldap_password==$(ynh_string_random --length=8) - ynh_app_setting_set "$app" ldap_user "$ldap_user" - ynh_app_setting_set "$app" ldap_password "$ldap_password" - - yunohost user create $ldap_user --firstname "SvcMastodonLdap" --lastname "SvcMastodonLdap" --mail ${ldap_user}@$domain --password $ldap_password -q 0 -fi - #Remove previous added repository ynh_remove_extra_repo @@ -252,9 +239,6 @@ ynh_replace_string --match_string="__OTP_SECRET__" --replace_string="$otp_secret ynh_replace_string "__VAPID_PRIVATE_KEY__" "$vapid_private_key" "$final_path/live/.env.production" ynh_replace_string "__VAPID_PUBLIC_KEY__" "$vapid_public_key" "$final_path/live/.env.production" -ynh_replace_string --match_string="__LDAP_USER__" --replace_string="$ldap_user" --target_file="$final_path/live/.env.production" -ynh_replace_string --match_string="__LDAP_PASSWORD__" --replace_string="$ldap_password" --target_file="$final_path/live/.env.production" - #================================================= # UPGRADE MASTODON #================================================= -- cgit v1.2.3-70-g09d2 From 25a20b1d17f0b8752a39259c3b73a451e203255d Mon Sep 17 00:00:00 2001 From: yalh76 Date: Fri, 18 Oct 2019 23:29:38 +0200 Subject: Update .env.production.sample --- conf/.env.production.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'conf/.env.production.sample') diff --git a/conf/.env.production.sample b/conf/.env.production.sample index 33f7d93..c55d99b 100644 --- a/conf/.env.production.sample +++ b/conf/.env.production.sample @@ -160,7 +160,7 @@ LDAP_HOST=localhost LDAP_PORT=389 LDAP_METHOD=start_tls LDAP_BASE=ou=users,dc=yunohost,dc=org -LDAP_BIND_DN=uid=uid=local,ou=users,dc=yunohost,dc=org +LDAP_BIND_DN=uid=local,ou=users,dc=yunohost,dc=org LDAP_PASSWORD= LDAP_UID=uid LDAP_SEARCH_FILTER="%{uid}=%{email}" -- cgit v1.2.3-70-g09d2 From 243666e212923f1cc7fa7be86a7900b719505473 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Tue, 7 Apr 2020 03:16:50 +0200 Subject: Update .env.production.sample --- conf/.env.production.sample | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'conf/.env.production.sample') diff --git a/conf/.env.production.sample b/conf/.env.production.sample index d2f4b91..d27bf87 100644 --- a/conf/.env.production.sample +++ b/conf/.env.production.sample @@ -178,7 +178,11 @@ LDAP_BASE=ou=users,dc=yunohost,dc=org LDAP_BIND_DN=uid=local,ou=users,dc=yunohost,dc=org LDAP_PASSWORD= LDAP_UID=uid -LDAP_SEARCH_FILTER="%{uid}=%{email}" +LDAP_MAIL=mail +LDAP_SEARCH_FILTER=(|(%{uid}=%{email})(%{mail}=%{email})) +LDAP_UID_CONVERSION_ENABLED=true +LDAP_UID_CONVERSION_SEARCH=., - +LDAP_UID_CONVERSION_REPLACE=_ LDAP_TLS_NO_VERIFY=true # PAM authentication (optional) -- cgit v1.2.3-70-g09d2