Compare commits
2 Commits
604d1b6a71
...
03f691d38d
Author | SHA1 | Date |
---|---|---|
Tobias Herre | 03f691d38d | |
Tobias Herre | 2c98e83332 |
11
README.md
11
README.md
|
@ -27,9 +27,16 @@ Examples:
|
||||||
configs => {
|
configs => {
|
||||||
wmde => {
|
wmde => {
|
||||||
password => "1234",
|
password => "1234",
|
||||||
password_salt => "5678"
|
password_salt => "5678",
|
||||||
|
tree_suffix => "dc=wikimedia,dc=de",
|
||||||
|
admins => [
|
||||||
|
"cn=admin,dc=wikimedia,dc=de",
|
||||||
|
],
|
||||||
|
login_search_dn=>"cn=admin,dc=wikimedia,dc=de",
|
||||||
|
login_search_suffix=>"dc=wikimedia,dc=de",
|
||||||
|
login_search_password=>"123",
|
||||||
|
login_method=>"search" # or "listi or search allowed"
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -100,27 +100,80 @@ class wmdeit_ldap::lam(
|
||||||
generate("/bin/sh","-c", "echo -n $password_salt | openssl base64")
|
generate("/bin/sh","-c", "echo -n $password_salt | openssl base64")
|
||||||
, '\n', "\n "))
|
, '\n', "\n "))
|
||||||
|
|
||||||
|
$base64pw = base64( 'encode',"LAM_OBFUSCATE:${conf['login_search_password']}")
|
||||||
|
$spw = strip (regsubst(
|
||||||
|
generate("/bin/sh","-c", "echo -n '$base64pw' | /usr/bin/rot13")
|
||||||
|
, '\n', "\n "))
|
||||||
|
|
||||||
|
wmdeit_ldap::lam::config {$name:
|
||||||
|
encoded_password => $encoded_password,
|
||||||
|
encoded_password_salt => $encoded_password_salt,
|
||||||
|
suffix_user => $conf['suffix_user'],
|
||||||
|
suffix_group => $conf['suffix_group'],
|
||||||
|
tree_suffix => $conf['tree_suffix'],
|
||||||
|
admins => $conf['admins'],
|
||||||
|
login_method => $conf['login_method'] ? {undef => "list", default => $conf['login_method']},
|
||||||
|
login_search_suffix => $conf['login_search_suffix'],
|
||||||
|
login_search_dn => $conf['login_search_dn'],
|
||||||
|
login_search_filter => $conf['login_search_filter'] ? {
|
||||||
|
undef => "uid=%USER%",
|
||||||
|
default => $conf['login_search_filter']
|
||||||
|
},
|
||||||
|
|
||||||
|
login_search_password => $conf['login_search_password'] ? {
|
||||||
|
undef => "",
|
||||||
|
default => $spw
|
||||||
|
},
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
file {"$docroot/config/$name.conf":
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
define wmdeit_ldap::lam::config
|
||||||
|
(
|
||||||
|
$encoded_password,
|
||||||
|
$encoded_password_salt,
|
||||||
|
$tree_suffix,
|
||||||
|
$suffix_user = "ou=People,$tree_suffix",
|
||||||
|
$suffix_group = "ou=Groups,$tree_suffix",
|
||||||
|
$docroot = $::wmdeit_ldap::lam::docroot,
|
||||||
|
$admins = [],
|
||||||
|
$login_method = "search",
|
||||||
|
$login_search_suffix = "",
|
||||||
|
$login_search_dn = "",
|
||||||
|
$login_search_filter = "",
|
||||||
|
$login_search_password = "",
|
||||||
|
|
||||||
|
){
|
||||||
|
if (!$suffix_user) or (!$suffix_group) {
|
||||||
|
fail("no suffix_user or suffix_group given")
|
||||||
|
}
|
||||||
|
|
||||||
|
file {"$docroot/config/$title.conf":
|
||||||
ensure => file,
|
ensure => file,
|
||||||
content => template("wmdeit_ldap/wmde.conf.erb"),
|
content => template("wmdeit_ldap/wmde.conf.erb"),
|
||||||
owner => "www-data",
|
owner => "www-data",
|
||||||
require => File["$docroot/config/pdf"],
|
require => File["$docroot/config/pdf"],
|
||||||
} ->
|
} ->
|
||||||
file {"$docroot/config/profiles/$name":
|
file {"$docroot/config/profiles/$title":
|
||||||
ensure=>directory
|
ensure=>directory
|
||||||
}->
|
}->
|
||||||
file{"$docroot/config/profiles/$name/default.user":
|
file{"$docroot/config/profiles/$title/default.user":
|
||||||
ensure=>file,
|
ensure=>file,
|
||||||
content => template("wmdeit_ldap/default.user.erb")
|
content => template("wmdeit_ldap/default.user.erb")
|
||||||
} ->
|
} ->
|
||||||
file{"$docroot/config/profiles/$name/default.group":
|
file{"$docroot/config/profiles/$title/default.group":
|
||||||
ensure=>file,
|
ensure=>file,
|
||||||
content => template("wmdeit_ldap/default.group.erb")
|
content => template("wmdeit_ldap/default.group.erb")
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,13 @@ ServerURL: ldap://localhost:389
|
||||||
# list of users who are allowed to use LDAP Account Manager
|
# list of users who are allowed to use LDAP Account Manager
|
||||||
# names have to be seperated by semicolons
|
# names have to be seperated by semicolons
|
||||||
# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
|
# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
|
||||||
Admins: cn=admin,dc=wikimedia,dc=de
|
Admins: <%- s='' -%>
|
||||||
|
<%- @admins.each do | admin | -%>
|
||||||
|
<%= s %><%= admin -%>
|
||||||
|
<%- s=';' -%>
|
||||||
|
<%- end -%>
|
||||||
|
|
||||||
|
#=admin,dc=wikimedia,dc=de
|
||||||
|
|
||||||
# password to change these preferences via webfrontend (default: lam)
|
# password to change these preferences via webfrontend (default: lam)
|
||||||
#Passwd: {SSHA}T7uRmkbOgzr9k0BVJi1GvqqwJJQ= iaZAeQ==
|
#Passwd: {SSHA}T7uRmkbOgzr9k0BVJi1GvqqwJJQ= iaZAeQ==
|
||||||
|
@ -18,7 +24,7 @@ Passwd: {SSHA}<%= @encoded_password %> <%= @encoded_password_salt %>
|
||||||
|
|
||||||
# suffix of tree view
|
# suffix of tree view
|
||||||
# e.g. dc=yourdomain,dc=org
|
# e.g. dc=yourdomain,dc=org
|
||||||
treesuffix: dc=wikimedia,dc=de
|
treesuffix: <%= @tree_suffix %>
|
||||||
|
|
||||||
# default language (a line from config/language)
|
# default language (a line from config/language)
|
||||||
defaultLanguage: en_GB.utf8
|
defaultLanguage: en_GB.utf8
|
||||||
|
@ -50,11 +56,11 @@ modules: posixAccount_pwdHash: SSHA
|
||||||
activeTypes: user,group
|
activeTypes: user,group
|
||||||
|
|
||||||
|
|
||||||
types: suffix_user: ou=People,dc=wikimedia,dc=de
|
types: suffix_user: <%= @suffix_user %>
|
||||||
types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
|
types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
|
||||||
types: modules_user: inetOrgPerson,posixAccount,shadowAccount
|
types: modules_user: inetOrgPerson,posixAccount,shadowAccount
|
||||||
|
|
||||||
types: suffix_group: ou=group,dc=wikimedia,dc=de
|
types: suffix_group: <%= @suffix_group %>
|
||||||
types: attr_group: #cn;#gidNumber;#memberUID;#description
|
types: attr_group: #cn;#gidNumber;#memberUID;#description
|
||||||
types: modules_group: wmdeGroup
|
types: modules_group: wmdeGroup
|
||||||
|
|
||||||
|
@ -98,23 +104,23 @@ accessLevel: 100
|
||||||
|
|
||||||
|
|
||||||
# Login method.
|
# Login method.
|
||||||
loginMethod: list
|
loginMethod: <%= @login_method %>
|
||||||
|
|
||||||
|
|
||||||
# Search suffix for LAM login.
|
# Search suffix for LAM login.
|
||||||
loginSearchSuffix: dc=yourdomain,dc=org
|
loginSearchSuffix: <%= @login_search_suffix %>
|
||||||
|
|
||||||
|
|
||||||
# Search filter for LAM login.
|
# Search filter for LAM login.
|
||||||
loginSearchFilter: uid=%USER%
|
loginSearchFilter: <%= @login_search_filter %>
|
||||||
|
|
||||||
|
|
||||||
# Bind DN for login search.
|
# Bind DN for login search.
|
||||||
loginSearchDN:
|
loginSearchDN: <%= @login_search_dn %>
|
||||||
|
|
||||||
|
|
||||||
# Bind password for login search.
|
# Bind password for login search.
|
||||||
loginSearchPassword:
|
loginSearchPassword: <%= @login_search_password %>
|
||||||
|
|
||||||
|
|
||||||
# HTTP authentication for LAM login.
|
# HTTP authentication for LAM login.
|
||||||
|
|
Loading…
Reference in New Issue