adding configuration for AD + LDAP setup

tests/cfg/attributes_adldap.yml

@@ -0,0 +1,136 @@
+cn:
+    description: "First Name and Display Name"
+    display_name: "Display Name"
+    type: string
+    weight: 30
+    autofill: 
+        function: lcDisplayName
+        args:
+            - $first-name
+            - $name
+    backends:
+        ldap: cn
+        ad: cn 
+first-name:
+    description: "First name of the user"
+    display_name: "First Name"
+    search_displayed: True
+    type: string
+    weight: 20
+    backends:
+        ldap: givenName
+        ad: givenName
+name:
+    description: "Family name of the user"
+    display_name: "Name"
+    search_displayed: True
+    weight: 10
+    type: string
+    backends:
+        ldap: sn
+        ad: sn
+email:
+    description: "Email of the user"
+    display_name: "Email"
+    search_displayed: True
+    type: email
+    weight: 40
+    autofill: 
+        function: lcMail
+        args:
+            - $first-name
+            - $name
+            - '@example.com'
+    backends:
+        ldap: mail
+        ad: mail
+uid:
+    description: "UID of the user"
+    display_name: "UID"
+    search_displayed: True
+    key: True
+    type: string
+    weight: 50
+    autofill: 
+        function: lcUid
+        args:
+            - $first-name
+            - $name
+    backends:
+        ldap: uid
+        ad: sAMAccountName
+uidNumber:
+    description: "User ID Number of the user"
+    display_name: "UID Number"
+    weight: 60
+    type: int
+    autofill: 
+        function: lcUidNumber
+        args:
+            - $first-name
+            - $name
+            - '10000'
+            - '30000'
+    backends:
+        ldap: uidNumber
+        ad: uidNumber
+gidNumber:
+    description: "Group ID Number of the user"
+    display_name: "GID Number"
+    weight: 70
+    type: int
+    autofill: 
+        function: lcUidNumber
+        args:
+            - $first-name
+            - $name
+            - '10000'
+            - '30000'
+    backends:
+        ldap: gidNumber
+        ad: GIDNumber
+shell:
+    description: "Shell of the user"
+    display_name: "Shell"
+    weight: 80
+    self: True
+    type: stringlist
+    values:
+        - /bin/bash
+        - /bin/zsh
+        - /bin/sh
+    backends:
+        ldap: loginShell
+        ad: loginShell 
+home:
+    description: "Home user path"
+    display_name: "Home"
+    weight: 90
+    type: string
+    autofill: 
+        function: lcHomeDir
+        args:
+            - $first-name
+            - $name
+            - /home/
+    backends:
+        ldap: homeDirectory
+        ad: homeDirectory
+password:
+    description: "Password of the user"
+    display_name: "Password"
+    weight: 31
+    self: True
+    type: password
+    backends:
+        ldap: userPassword
+        ad: unicodePwd
+
+logscript:
+    description: "Windows login script"
+    display_name: "Login script"
+    weight: 100
+    type: fix
+    value: login1.bat
+    backends:
+        ad: scriptPath

tests/cfg/ldapcherry_adldap.cfg

@@ -0,0 +1,187 @@
+# global parameters
+[global]
+
+# listing interface
+server.socket_host = '127.0.0.1'
+# port
+server.socket_port = 8080
+# number of threads
+server.thread_pool = 8
+#don't show traceback on error
+request.show_tracebacks = False
+
+# log configuration
+# /!\ you can't have multiple log handlers
+#####################################
+#   configuration to log in files   #
+#####################################
+## logger 'file' for access log 
+#log.access_handler = 'file'
+## logger syslog for error and ldapcherry log 
+#log.error_handler = 'file'
+## access log file
+#log.access_file = '/tmp/ldapcherry_access.log'
+## error and ldapcherry log file
+#log.error_file = '/tmp/ldapcherry_error.log'
+
+#####################################
+#  configuration to log in syslog   #
+#####################################
+# logger syslog for access log 
+#log.access_handler = 'syslog'
+## logger syslog for error and ldapcherry log 
+log.error_handler = 'syslog'
+
+#####################################
+#  configuration to not log at all  #
+#####################################
+# logger none for access log 
+log.access_handler = 'none'
+# logger none for error and ldapcherry log 
+#log.error_handler = 'none'
+
+# log level
+log.level = 'info'
+
+# session configuration
+# activate session
+tools.sessions.on = True
+# session timeout
+tools.sessions.timeout = 7200
+# file session storage(to use if multiple processes, 
+# default is in RAM and per process)
+#tools.sessions.storage_type = "file"
+# session 
+#tools.sessions.storage_path = "/var/lib/ldapcherry/sessions"
+
+[attributes]
+
+# file discribing form content
+attributes.file = './tests/cfg/attributes_adldap.yml'
+
+[roles]
+
+# file listing roles
+roles.file = './tests/cfg/roles_adldap.yml'
+
+[search]
+
+# minimum lenght for search forms
+min.lenght = 0
+
+[backends]
+
+#####################################
+#   configuration of ldap backend   #
+#####################################
+
+# name of the module
+ldap.module = 'ldapcherry.backend.backendLdap'
+# display name of the ldap
+ldap.display_name = 'My Ldap Directory'
+
+# uri of the ldap directory
+ldap.uri = 'ldap://ldap.ldapcherry.org:390'
+# ca to use for ssl/tls connexion
+#ldap.ca = '/etc/dnscherry/TEST-cacert.pem'
+# use start tls
+#ldap.starttls = 'off'
+# check server certificate (for tls)
+#ldap.checkcert = 'off'
+# bind dn to the ldap
+ldap.binddn = 'cn=dnscherry,dc=example,dc=org'
+# password of the bind dn
+ldap.password = 'password'
+# timeout of ldap connexion (in second)
+ldap.timeout = 1
+
+# groups dn
+ldap.groupdn = 'ou=group,dc=example,dc=org'
+# users dn
+ldap.userdn = 'ou=people,dc=example,dc=org'
+# ldapsearch filter to get a user
+ldap.user_filter_tmpl = '(uid=%(username)s)'
+# ldapsearch filter to get groups of a user
+ldap.group_filter_tmpl = '(member=uid=%(username)s,ou=People,dc=example,dc=org)'
+# filter to search users
+ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))'
+
+# ldap group attributes and how to fill them
+ldap.group_attr.member = "%(dn)s"
+#ldap.group_attr.memberUid = "%(uid)s"
+# object classes of a user entry
+ldap.objectclasses = 'top, person, posixAccount, inetOrgPerson'
+# dn entry attribute for an ldap user
+ldap.dn_user_attr = 'uid'
+
+#####################################
+#   configuration of ad backend     #
+#####################################
+ 
+## Name of the backend
+ad.module = 'ldapcherry.backend.backendAD'
+# display name of the ldap
+ad.display_name = 'My Active Directory'
+# ad domain
+ad.domain = 'DC.LDAPCHERRY.ORG'
+# ad login
+ad.login  = 'administrator'
+# ad password 
+ad.password = 'qwertyP455'
+# ad uri
+ad.uri = 'ldaps://localhost'
+
+# ca to use for ssl/tls connexion
+#ad.ca = '/etc/dnscherry/TEST-cacert.pem'
+# use start tls
+ad.starttls = 'off'
+# check server certificate (for tls)
+ad.checkcert = 'off'
+
+[ppolicy]
+
+# password policy module
+ppolicy.module = 'ldapcherry.ppolicy.simple'
+
+# parameters of the module
+min_length = 8
+min_upper = 1
+min_digit = 1
+
+# authentification parameters
+[auth]
+
+# Auth mode
+# * and: user must authenticate on all backends
+# * or:  user must authenticate on one of the backend
+# * none: disable authentification
+# * custom: custom authentification module (need auth.module param)
+auth.mode = 'or'
+
+# custom auth module to load
+#auth.module = 'ldapcherry.auth.modNone'
+
+# resources parameters
+[resources]
+# templates directory
+templates.dir = '/usr/share/ldapcherry/templates/'
+
+[/static]
+# enable serving static file through ldapcherry
+# set to False if files served directly by an
+# http server for better performance
+tools.staticdir.on = True
+# static resources directory (js, css, images...)
+tools.staticdir.dir = '/home/kakwa/Geek/GitHub/ldapcherry/resources/static/'
+
+## custom javascript files
+#[/custom]
+#
+## enable serving static file through ldapcherry
+## set to False if files served directly by an
+## http server for better performance
+#tools.staticdir.on = True
+
+## path to directory containing js files
+## use it to add custom auto-fill functions
+#tools.staticdir.dir = '/home/kakwa/Geek/GitHub/ldapcherry/resources/static/'

tests/cfg/roles_adldap.yml

@@ -0,0 +1,41 @@
+admin-lv3:
+    display_name: Administrators Level 3
+    description: Super administrators of the system
+    backends_groups:
+#        ldap:
+#            - cn=dns admins,ou=Group,dc=example,dc=org
+#            - cn=nagios admins,ou=Group,dc=example,dc=org
+#            - cn=puppet admins,ou=Group,dc=example,dc=org
+#            - cn=users,ou=Group,dc=example,dc=org
+        ad:
+            - Administrators
+            - Domain Controllers
+            - Group Policy Creator Owners
+
+admin-lv2:
+    display_name: Administrators Level 2
+    description: Basic administrators of the system
+    LC_admins: True
+    backends_groups:
+            #        ldap:
+            #            - cn=nagios admins,ou=Group,dc=example,dc=org
+            #            - cn=users,ou=Group,dc=example,dc=org
+        ad:
+            - Administrators
+
+#developpers:
+#    display_name: Developpers
+#    description: Developpers of the system
+#    backends_groups:
+#        ldap:
+#            - cn=developpers,ou=Group,dc=example,dc=org
+#            - cn=users,ou=Group,dc=example,dc=org
+
+#users:
+#    display_name: Simple Users
+#    description: Basic users of the system
+#    backends_groups:
+##        ldap:
+##            - cn=users,ou=Group,dc=example,dc=org
+#        ad:
+#            - Domain Users