1
0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-21 17:04:21 +01:00

update documentation

This commit is contained in:
kakwa 2019-02-13 09:41:17 +01:00
parent 96acda7aa6
commit 5ee8a74040

View File

@ -47,53 +47,55 @@ Configuration
The ldap backend exposes the following parameters: The ldap backend exposes the following parameters:
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| Parameter | Section | Description | Values | Comment | | Parameter | Section | Description | Values | Comment |
+==========================+==========+====================================+==========================+============================================+ +==========================+==========+====================================+==========================+================================================+
| uri | backends | The ldap uri to access | ldap uri | * use ldap:// for clear/starttls | | uri | backends | The ldap uri to access | ldap uri | * use ldap:// for clear/starttls |
| | | | | * use ldaps:// for ssl | | | | | | * use ldaps:// for ssl |
| | | | | * custom port: ldap://<host>:<port> | | | | | | * custom port: ldap://<host>:<port> |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| ca | backends | Path to the CA file | file path | optional | | ca | backends | Path to the CA file | file path | optional |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| starttls | backends | Use starttls | 'on' or 'off' | optional | | starttls | backends | Use starttls | 'on' or 'off' | optional |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| checkcert | backends | Check the server certificat | 'on' or 'off' | optional | | checkcert | backends | Check the server certificat | 'on' or 'off' | optional |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| binddn | backends | The bind dn to use | ldap dn | This dn must have read/write permissions | | binddn | backends | The bind dn to use | ldap dn | This dn must have read/write permissions |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| password | backends | The password of the bind dn | password | | | password | backends | The password of the bind dn | password | |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| timeout | backends | Ldap connexion timeout | integer (second) | | | timeout | backends | Ldap connexion timeout | integer (second) | |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| password | backends | The password of the bind dn | password | | | password | backends | The password of the bind dn | password | |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| groupdn | backends | The ldap dn where groups are | ldap dn | | | groupdn | backends | The ldap dn where groups are | ldap dn | |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| userdn | backends | The ldap dn where users are | ldap dn | | | userdn | backends | The ldap dn where users are | ldap dn | |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| user_filter_tmpl | backends | The search filter template | ldap search filter | The user identifier is passed through | | user_filter_tmpl | backends | The search filter template | ldap search filter | The user identifier is passed through |
| | | to recover a given user | template | the **username** variable (*%(username)s*) | | | | to recover a given user | template | the **username** variable (*%(username)s*) |
| | | | | | | | | | | |
| | | | | **username** is the attribute marked by | | | | | | **username** is the content of the |
| | | | | **key: True** in the **attribute.yml** file| | | | | | the attribute marked by '**key: Truee**' |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ | | | | | in the **attributes.yml** file |
| group_filter_tmpl | backends | The search filter template to | ldap search filter | The following variables are usable: | +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| | | recover the groups of a given user | template | | | group_filter_tmpl | backends | The search filter template to | ldap search filter | The following variables are usable: |
| | | recover the groups of a given user | template | * **username**: the user's key attribute | | | | recover the groups of a given user | template | |
| | | | | * **userdn**: the user's ldap dn | | | | recover the groups of a given user | template | * **username**: the user's key attribute |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ | | | | | * **userdn**: the user's ldap dn |
| group_attr.<member attr> | backends | Member attribute template value | template | * <member attr> is the member attribute | +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| | | | | in groups dn entries | | group_attr.<member attr> | backends | Member attribute template value | template | * <member attr> is the member attribute |
| | | | | * every user attributes are exposed | | | | | | in groups dn entries |
| | | | | in the template | | | | | | * every user attributes are exposed |
| | | | | * multiple <memver attr> attributes | | | | | | in the template |
| | | | | can be set | | | | | | * multiple <memver attr> attributes |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ | | | | | can be set (ex: group_attr.member |
| objectclasses | backends | list of object classes for users | comma separated list | | | | | | | (ex: group_attr.member, group_attr.usermemb) |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| dn_user_attr | backends | attribute used in users dn | dn attribute | | | objectclasses | backends | list of object classes for users | comma separated list | |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
| dn_user_attr | backends | attribute used in users dn | dn attribute | |
+--------------------------+----------+------------------------------------+--------------------------+------------------------------------------------+
Example Example
@ -101,46 +103,58 @@ Example
.. sourcecode:: ini .. sourcecode:: ini
[backends] [backends]
# name of the module #####################################
ldap.module = 'ldapcherry.backend.backendLdap' # configuration of ldap backend #
# display name of the ldap #####################################
ldap.display_name = 'My Ldap Directory'
# name of the module
# uri of the ldap directory ldap.module = 'ldapcherry.backend.backendLdap'
ldap.uri = 'ldap://ldap.ldapcherry.org' # display name of the ldap
# ca to use for ssl/tls connexion ldap.display_name = 'My Ldap Directory'
#ldap.ca = '/etc/dnscherry/TEST-cacert.pem'
# use start tls # uri of the ldap directory
#ldap.starttls = 'off' ldap.uri = 'ldap://ldap.ldapcherry.org'
# check server certificate (for tls) # ca to use for ssl/tls connexion
#ldap.checkcert = 'off' #ldap.ca = '/etc/dnscherry/TEST-cacert.pem'
# bind dn to the ldap # use start tls
ldap.binddn = 'cn=dnscherry,dc=example,dc=org' #ldap.starttls = 'off'
# password of the bind dn # check server certificate (for tls)
ldap.password = 'password' #ldap.checkcert = 'off'
# timeout of ldap connexion (in second) # bind dn to the ldap
ldap.timeout = 1 ldap.binddn = 'cn=dnscherry,dc=example,dc=org'
# password of the bind dn
# groups dn ldap.password = 'password'
ldap.groupdn = 'ou=group,dc=example,dc=org' # timeout of ldap connexion (in second)
# users dn ldap.timeout = 1
ldap.userdn = 'ou=people,dc=example,dc=org'
# ldapsearch filter to get a user # groups dn
ldap.user_filter_tmpl = '(uid=%(username)s)' ldap.groupdn = 'ou=group,dc=example,dc=org'
# ldapsearch filter to get groups of a user # users dn
ldap.group_filter_tmpl = '(member=uid=%(username)s,ou=People,dc=example,dc=org)' ldap.userdn = 'ou=people,dc=example,dc=org'
# filter to search users
ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))' # ldapsearch filter to get one specific user
# %(username)s is content of the attribute marked 'key: True' in the attributes.file config file
# ldap group attributes and how to fill them ldap.user_filter_tmpl = '(uid=%(username)s)'
ldap.group_attr.member = "%(dn)s" # ldapsearch filter to get groups of a user
#ldap.group_attr.memberUid = "%(uid)s" # %(username)s is content of the attribute marked 'key: True' in the attributes.file config file
# object classes of a user entry ldap.group_filter_tmpl = '(member=uid=%(username)s,ou=People,dc=example,dc=org)'
ldap.objectclasses = 'top, person, posixAccount, inetOrgPerson' # filter to search users
# dn entry attribute for an ldap user # %(searchstring)s is the content passed through the search box
ldap.dn_user_attr = 'uid' ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))'
# ldap group attributes and how to fill them
# 'member' is the name of the attribute
# for the template, any of the user's ldap attributes can be user
ldap.group_attr.member = "%(dn)s"
# same with memverUid and the uid user's attribute
#ldap.group_attr.memberUid = "%(uid)s"
# object classes of a user entry
ldap.objectclasses = 'top, person, posixAccount, inetOrgPerson'
# dn entry attribute for an ldap user
ldap.dn_user_attr = 'uid'
Active Directory Backend Active Directory Backend