From cf97f01245d15c1fc63786a6dc95b38738951f22 Mon Sep 17 00:00:00 2001 From: kakwa Date: Sun, 31 Jul 2016 10:05:29 +0200 Subject: [PATCH] adding configuration for AD + LDAP setup --- tests/cfg/attributes_adldap.yml | 136 +++++++++++++++++++++++ tests/cfg/ldapcherry_adldap.cfg | 187 ++++++++++++++++++++++++++++++++ tests/cfg/roles_adldap.yml | 41 +++++++ 3 files changed, 364 insertions(+) create mode 100644 tests/cfg/attributes_adldap.yml create mode 100644 tests/cfg/ldapcherry_adldap.cfg create mode 100644 tests/cfg/roles_adldap.yml diff --git a/tests/cfg/attributes_adldap.yml b/tests/cfg/attributes_adldap.yml new file mode 100644 index 0000000..db368e5 --- /dev/null +++ b/tests/cfg/attributes_adldap.yml @@ -0,0 +1,136 @@ +cn: + description: "First Name and Display Name" + display_name: "Display Name" + type: string + weight: 30 + autofill: + function: lcDisplayName + args: + - $first-name + - $name + backends: + ldap: cn + ad: cn +first-name: + description: "First name of the user" + display_name: "First Name" + search_displayed: True + type: string + weight: 20 + backends: + ldap: givenName + ad: givenName +name: + description: "Family name of the user" + display_name: "Name" + search_displayed: True + weight: 10 + type: string + backends: + ldap: sn + ad: sn +email: + description: "Email of the user" + display_name: "Email" + search_displayed: True + type: email + weight: 40 + autofill: + function: lcMail + args: + - $first-name + - $name + - '@example.com' + backends: + ldap: mail + ad: mail +uid: + description: "UID of the user" + display_name: "UID" + search_displayed: True + key: True + type: string + weight: 50 + autofill: + function: lcUid + args: + - $first-name + - $name + backends: + ldap: uid + ad: sAMAccountName +uidNumber: + description: "User ID Number of the user" + display_name: "UID Number" + weight: 60 + type: int + autofill: + function: lcUidNumber + args: + - $first-name + - $name + - '10000' + - '30000' + backends: + ldap: uidNumber + ad: uidNumber +gidNumber: + description: "Group ID Number of the user" + display_name: "GID Number" + weight: 70 + type: int + autofill: + function: lcUidNumber + args: + - $first-name + - $name + - '10000' + - '30000' + backends: + ldap: gidNumber + ad: GIDNumber +shell: + description: "Shell of the user" + display_name: "Shell" + weight: 80 + self: True + type: stringlist + values: + - /bin/bash + - /bin/zsh + - /bin/sh + backends: + ldap: loginShell + ad: loginShell +home: + description: "Home user path" + display_name: "Home" + weight: 90 + type: string + autofill: + function: lcHomeDir + args: + - $first-name + - $name + - /home/ + backends: + ldap: homeDirectory + ad: homeDirectory +password: + description: "Password of the user" + display_name: "Password" + weight: 31 + self: True + type: password + backends: + ldap: userPassword + ad: unicodePwd + +logscript: + description: "Windows login script" + display_name: "Login script" + weight: 100 + type: fix + value: login1.bat + backends: + ad: scriptPath diff --git a/tests/cfg/ldapcherry_adldap.cfg b/tests/cfg/ldapcherry_adldap.cfg new file mode 100644 index 0000000..cc59a88 --- /dev/null +++ b/tests/cfg/ldapcherry_adldap.cfg @@ -0,0 +1,187 @@ +# global parameters +[global] + +# listing interface +server.socket_host = '127.0.0.1' +# port +server.socket_port = 8080 +# number of threads +server.thread_pool = 8 +#don't show traceback on error +request.show_tracebacks = False + +# log configuration +# /!\ you can't have multiple log handlers +##################################### +# configuration to log in files # +##################################### +## logger 'file' for access log +#log.access_handler = 'file' +## logger syslog for error and ldapcherry log +#log.error_handler = 'file' +## access log file +#log.access_file = '/tmp/ldapcherry_access.log' +## error and ldapcherry log file +#log.error_file = '/tmp/ldapcherry_error.log' + +##################################### +# configuration to log in syslog # +##################################### +# logger syslog for access log +#log.access_handler = 'syslog' +## logger syslog for error and ldapcherry log +log.error_handler = 'syslog' + +##################################### +# configuration to not log at all # +##################################### +# logger none for access log +log.access_handler = 'none' +# logger none for error and ldapcherry log +#log.error_handler = 'none' + +# log level +log.level = 'info' + +# session configuration +# activate session +tools.sessions.on = True +# session timeout +tools.sessions.timeout = 7200 +# file session storage(to use if multiple processes, +# default is in RAM and per process) +#tools.sessions.storage_type = "file" +# session +#tools.sessions.storage_path = "/var/lib/ldapcherry/sessions" + +[attributes] + +# file discribing form content +attributes.file = './tests/cfg/attributes_adldap.yml' + +[roles] + +# file listing roles +roles.file = './tests/cfg/roles_adldap.yml' + +[search] + +# minimum lenght for search forms +min.lenght = 0 + +[backends] + +##################################### +# configuration of ldap backend # +##################################### + +# name of the module +ldap.module = 'ldapcherry.backend.backendLdap' +# display name of the ldap +ldap.display_name = 'My Ldap Directory' + +# uri of the ldap directory +ldap.uri = 'ldap://ldap.ldapcherry.org:390' +# ca to use for ssl/tls connexion +#ldap.ca = '/etc/dnscherry/TEST-cacert.pem' +# use start tls +#ldap.starttls = 'off' +# check server certificate (for tls) +#ldap.checkcert = 'off' +# bind dn to the ldap +ldap.binddn = 'cn=dnscherry,dc=example,dc=org' +# password of the bind dn +ldap.password = 'password' +# timeout of ldap connexion (in second) +ldap.timeout = 1 + +# groups dn +ldap.groupdn = 'ou=group,dc=example,dc=org' +# users dn +ldap.userdn = 'ou=people,dc=example,dc=org' +# ldapsearch filter to get a user +ldap.user_filter_tmpl = '(uid=%(username)s)' +# ldapsearch filter to get groups of a user +ldap.group_filter_tmpl = '(member=uid=%(username)s,ou=People,dc=example,dc=org)' +# filter to search users +ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))' + +# ldap group attributes and how to fill them +ldap.group_attr.member = "%(dn)s" +#ldap.group_attr.memberUid = "%(uid)s" +# object classes of a user entry +ldap.objectclasses = 'top, person, posixAccount, inetOrgPerson' +# dn entry attribute for an ldap user +ldap.dn_user_attr = 'uid' + +##################################### +# configuration of ad backend # +##################################### + +## Name of the backend +ad.module = 'ldapcherry.backend.backendAD' +# display name of the ldap +ad.display_name = 'My Active Directory' +# ad domain +ad.domain = 'DC.LDAPCHERRY.ORG' +# ad login +ad.login = 'administrator' +# ad password +ad.password = 'qwertyP455' +# ad uri +ad.uri = 'ldaps://localhost' + +# ca to use for ssl/tls connexion +#ad.ca = '/etc/dnscherry/TEST-cacert.pem' +# use start tls +ad.starttls = 'off' +# check server certificate (for tls) +ad.checkcert = 'off' + +[ppolicy] + +# password policy module +ppolicy.module = 'ldapcherry.ppolicy.simple' + +# parameters of the module +min_length = 8 +min_upper = 1 +min_digit = 1 + +# authentification parameters +[auth] + +# Auth mode +# * and: user must authenticate on all backends +# * or: user must authenticate on one of the backend +# * none: disable authentification +# * custom: custom authentification module (need auth.module param) +auth.mode = 'or' + +# custom auth module to load +#auth.module = 'ldapcherry.auth.modNone' + +# resources parameters +[resources] +# templates directory +templates.dir = '/usr/share/ldapcherry/templates/' + +[/static] +# enable serving static file through ldapcherry +# set to False if files served directly by an +# http server for better performance +tools.staticdir.on = True +# static resources directory (js, css, images...) +tools.staticdir.dir = '/home/kakwa/Geek/GitHub/ldapcherry/resources/static/' + +## custom javascript files +#[/custom] +# +## enable serving static file through ldapcherry +## set to False if files served directly by an +## http server for better performance +#tools.staticdir.on = True + +## path to directory containing js files +## use it to add custom auto-fill functions +#tools.staticdir.dir = '/home/kakwa/Geek/GitHub/ldapcherry/resources/static/' diff --git a/tests/cfg/roles_adldap.yml b/tests/cfg/roles_adldap.yml new file mode 100644 index 0000000..d7fb453 --- /dev/null +++ b/tests/cfg/roles_adldap.yml @@ -0,0 +1,41 @@ +admin-lv3: + display_name: Administrators Level 3 + description: Super administrators of the system + backends_groups: +# ldap: +# - cn=dns admins,ou=Group,dc=example,dc=org +# - cn=nagios admins,ou=Group,dc=example,dc=org +# - cn=puppet admins,ou=Group,dc=example,dc=org +# - cn=users,ou=Group,dc=example,dc=org + ad: + - Administrators + - Domain Controllers + - Group Policy Creator Owners + +admin-lv2: + display_name: Administrators Level 2 + description: Basic administrators of the system + LC_admins: True + backends_groups: + # ldap: + # - cn=nagios admins,ou=Group,dc=example,dc=org + # - cn=users,ou=Group,dc=example,dc=org + ad: + - Administrators + +#developpers: +# display_name: Developpers +# description: Developpers of the system +# backends_groups: +# ldap: +# - cn=developpers,ou=Group,dc=example,dc=org +# - cn=users,ou=Group,dc=example,dc=org + +#users: +# display_name: Simple Users +# description: Basic users of the system +# backends_groups: +## ldap: +## - cn=users,ou=Group,dc=example,dc=org +# ad: +# - Domain Users