1
0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-25 02:34:31 +01:00

update documentation

This commit is contained in:
kakwa 2019-02-13 09:41:17 +01:00
parent 96acda7aa6
commit 5ee8a74040

View File

@ -47,53 +47,55 @@ Configuration
The ldap backend exposes the following parameters: The ldap backend exposes the following parameters:
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| Parameter | Section | Description | Values | Comment | | Parameter | Section | Description | Values | Comment |
+==========================+==========+====================================+==========================+============================================+ +==========================+==========+====================================+==========================+================================================+
| uri | backends | The ldap uri to access | ldap uri | * use ldap:// for clear/starttls | | uri | backends | The ldap uri to access | ldap uri | * use ldap:// for clear/starttls |
| | | | | * use ldaps:// for ssl | | | | | | * use ldaps:// for ssl |
| | | | | * custom port: ldap://<host>:<port> | | | | | | * custom port: ldap://<host>:<port> |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| ca | backends | Path to the CA file | file path | optional | | ca | backends | Path to the CA file | file path | optional |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| starttls | backends | Use starttls | 'on' or 'off' | optional | | starttls | backends | Use starttls | 'on' or 'off' | optional |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| checkcert | backends | Check the server certificat | 'on' or 'off' | optional | | checkcert | backends | Check the server certificat | 'on' or 'off' | optional |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| binddn | backends | The bind dn to use | ldap dn | This dn must have read/write permissions | | binddn | backends | The bind dn to use | ldap dn | This dn must have read/write permissions |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| password | backends | The password of the bind dn | password | | | password | backends | The password of the bind dn | password | |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| timeout | backends | Ldap connexion timeout | integer (second) | | | timeout | backends | Ldap connexion timeout | integer (second) | |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| password | backends | The password of the bind dn | password | | | password | backends | The password of the bind dn | password | |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| groupdn | backends | The ldap dn where groups are | ldap dn | | | groupdn | backends | The ldap dn where groups are | ldap dn | |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| userdn | backends | The ldap dn where users are | ldap dn | | | userdn | backends | The ldap dn where users are | ldap dn | |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| user_filter_tmpl | backends | The search filter template | ldap search filter | The user identifier is passed through | | user_filter_tmpl | backends | The search filter template | ldap search filter | The user identifier is passed through |
| | | to recover a given user | template | the **username** variable (*%(username)s*) | | | | to recover a given user | template | the **username** variable (*%(username)s*) |
| | | | | | | | | | | |
| | | | | **username** is the attribute marked by | | | | | | **username** is the content of the |
| | | | | **key: True** in the **attribute.yml** file| | | | | | the attribute marked by '**key: Truee**' |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ | | | | | in the **attributes.yml** file |
+--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| group_filter_tmpl | backends | The search filter template to | ldap search filter | The following variables are usable: | | group_filter_tmpl | backends | The search filter template to | ldap search filter | The following variables are usable: |
| | | recover the groups of a given user | template | | | | | recover the groups of a given user | template | |
| | | recover the groups of a given user | template | * **username**: the user's key attribute | | | | recover the groups of a given user | template | * **username**: the user's key attribute |
| | | | | * **userdn**: the user's ldap dn | | | | | | * **userdn**: the user's ldap dn |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| group_attr.<member attr> | backends | Member attribute template value | template | * <member attr> is the member attribute | | group_attr.<member attr> | backends | Member attribute template value | template | * <member attr> is the member attribute |
| | | | | in groups dn entries | | | | | | in groups dn entries |
| | | | | * every user attributes are exposed | | | | | | * every user attributes are exposed |
| | | | | in the template | | | | | | in the template |
| | | | | * multiple <memver attr> attributes | | | | | | * multiple <memver attr> attributes |
| | | | | can be set | | | | | | can be set (ex: group_attr.member |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ | | | | | (ex: group_attr.member, group_attr.usermemb) |
+--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| objectclasses | backends | list of object classes for users | comma separated list | | | objectclasses | backends | list of object classes for users | comma separated list | |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| dn_user_attr | backends | attribute used in users dn | dn attribute | | | dn_user_attr | backends | attribute used in users dn | dn attribute | |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
Example Example
@ -103,6 +105,10 @@ Example
[backends] [backends]
#####################################
# configuration of ldap backend #
#####################################
# name of the module # name of the module
ldap.module = 'ldapcherry.backend.backendLdap' ldap.module = 'ldapcherry.backend.backendLdap'
# display name of the ldap # display name of the ldap
@ -127,16 +133,24 @@ Example
ldap.groupdn = 'ou=group,dc=example,dc=org' ldap.groupdn = 'ou=group,dc=example,dc=org'
# users dn # users dn
ldap.userdn = 'ou=people,dc=example,dc=org' ldap.userdn = 'ou=people,dc=example,dc=org'
# ldapsearch filter to get a user
# ldapsearch filter to get one specific user
# %(username)s is content of the attribute marked 'key: True' in the attributes.file config file
ldap.user_filter_tmpl = '(uid=%(username)s)' ldap.user_filter_tmpl = '(uid=%(username)s)'
# ldapsearch filter to get groups of a user # ldapsearch filter to get groups of a user
# %(username)s is content of the attribute marked 'key: True' in the attributes.file config file
ldap.group_filter_tmpl = '(member=uid=%(username)s,ou=People,dc=example,dc=org)' ldap.group_filter_tmpl = '(member=uid=%(username)s,ou=People,dc=example,dc=org)'
# filter to search users # filter to search users
# %(searchstring)s is the content passed through the search box
ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))' ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))'
# ldap group attributes and how to fill them # ldap group attributes and how to fill them
# 'member' is the name of the attribute
# for the template, any of the user's ldap attributes can be user
ldap.group_attr.member = "%(dn)s" ldap.group_attr.member = "%(dn)s"
# same with memverUid and the uid user's attribute
#ldap.group_attr.memberUid = "%(uid)s" #ldap.group_attr.memberUid = "%(uid)s"
# object classes of a user entry # object classes of a user entry
ldap.objectclasses = 'top, person, posixAccount, inetOrgPerson' ldap.objectclasses = 'top, person, posixAccount, inetOrgPerson'
# dn entry attribute for an ldap user # dn entry attribute for an ldap user