mirror of
https://github.com/kakwa/ldapcherry
synced 2024-11-22 01:14:21 +01:00
adding configuration for AD + LDAP setup
This commit is contained in:
parent
5ddd9a6bbf
commit
cf97f01245
136
tests/cfg/attributes_adldap.yml
Normal file
136
tests/cfg/attributes_adldap.yml
Normal file
@ -0,0 +1,136 @@
|
||||
cn:
|
||||
description: "First Name and Display Name"
|
||||
display_name: "Display Name"
|
||||
type: string
|
||||
weight: 30
|
||||
autofill:
|
||||
function: lcDisplayName
|
||||
args:
|
||||
- $first-name
|
||||
- $name
|
||||
backends:
|
||||
ldap: cn
|
||||
ad: cn
|
||||
first-name:
|
||||
description: "First name of the user"
|
||||
display_name: "First Name"
|
||||
search_displayed: True
|
||||
type: string
|
||||
weight: 20
|
||||
backends:
|
||||
ldap: givenName
|
||||
ad: givenName
|
||||
name:
|
||||
description: "Family name of the user"
|
||||
display_name: "Name"
|
||||
search_displayed: True
|
||||
weight: 10
|
||||
type: string
|
||||
backends:
|
||||
ldap: sn
|
||||
ad: sn
|
||||
email:
|
||||
description: "Email of the user"
|
||||
display_name: "Email"
|
||||
search_displayed: True
|
||||
type: email
|
||||
weight: 40
|
||||
autofill:
|
||||
function: lcMail
|
||||
args:
|
||||
- $first-name
|
||||
- $name
|
||||
- '@example.com'
|
||||
backends:
|
||||
ldap: mail
|
||||
ad: mail
|
||||
uid:
|
||||
description: "UID of the user"
|
||||
display_name: "UID"
|
||||
search_displayed: True
|
||||
key: True
|
||||
type: string
|
||||
weight: 50
|
||||
autofill:
|
||||
function: lcUid
|
||||
args:
|
||||
- $first-name
|
||||
- $name
|
||||
backends:
|
||||
ldap: uid
|
||||
ad: sAMAccountName
|
||||
uidNumber:
|
||||
description: "User ID Number of the user"
|
||||
display_name: "UID Number"
|
||||
weight: 60
|
||||
type: int
|
||||
autofill:
|
||||
function: lcUidNumber
|
||||
args:
|
||||
- $first-name
|
||||
- $name
|
||||
- '10000'
|
||||
- '30000'
|
||||
backends:
|
||||
ldap: uidNumber
|
||||
ad: uidNumber
|
||||
gidNumber:
|
||||
description: "Group ID Number of the user"
|
||||
display_name: "GID Number"
|
||||
weight: 70
|
||||
type: int
|
||||
autofill:
|
||||
function: lcUidNumber
|
||||
args:
|
||||
- $first-name
|
||||
- $name
|
||||
- '10000'
|
||||
- '30000'
|
||||
backends:
|
||||
ldap: gidNumber
|
||||
ad: GIDNumber
|
||||
shell:
|
||||
description: "Shell of the user"
|
||||
display_name: "Shell"
|
||||
weight: 80
|
||||
self: True
|
||||
type: stringlist
|
||||
values:
|
||||
- /bin/bash
|
||||
- /bin/zsh
|
||||
- /bin/sh
|
||||
backends:
|
||||
ldap: loginShell
|
||||
ad: loginShell
|
||||
home:
|
||||
description: "Home user path"
|
||||
display_name: "Home"
|
||||
weight: 90
|
||||
type: string
|
||||
autofill:
|
||||
function: lcHomeDir
|
||||
args:
|
||||
- $first-name
|
||||
- $name
|
||||
- /home/
|
||||
backends:
|
||||
ldap: homeDirectory
|
||||
ad: homeDirectory
|
||||
password:
|
||||
description: "Password of the user"
|
||||
display_name: "Password"
|
||||
weight: 31
|
||||
self: True
|
||||
type: password
|
||||
backends:
|
||||
ldap: userPassword
|
||||
ad: unicodePwd
|
||||
|
||||
logscript:
|
||||
description: "Windows login script"
|
||||
display_name: "Login script"
|
||||
weight: 100
|
||||
type: fix
|
||||
value: login1.bat
|
||||
backends:
|
||||
ad: scriptPath
|
187
tests/cfg/ldapcherry_adldap.cfg
Normal file
187
tests/cfg/ldapcherry_adldap.cfg
Normal file
@ -0,0 +1,187 @@
|
||||
# global parameters
|
||||
[global]
|
||||
|
||||
# listing interface
|
||||
server.socket_host = '127.0.0.1'
|
||||
# port
|
||||
server.socket_port = 8080
|
||||
# number of threads
|
||||
server.thread_pool = 8
|
||||
#don't show traceback on error
|
||||
request.show_tracebacks = False
|
||||
|
||||
# log configuration
|
||||
# /!\ you can't have multiple log handlers
|
||||
#####################################
|
||||
# configuration to log in files #
|
||||
#####################################
|
||||
## logger 'file' for access log
|
||||
#log.access_handler = 'file'
|
||||
## logger syslog for error and ldapcherry log
|
||||
#log.error_handler = 'file'
|
||||
## access log file
|
||||
#log.access_file = '/tmp/ldapcherry_access.log'
|
||||
## error and ldapcherry log file
|
||||
#log.error_file = '/tmp/ldapcherry_error.log'
|
||||
|
||||
#####################################
|
||||
# configuration to log in syslog #
|
||||
#####################################
|
||||
# logger syslog for access log
|
||||
#log.access_handler = 'syslog'
|
||||
## logger syslog for error and ldapcherry log
|
||||
log.error_handler = 'syslog'
|
||||
|
||||
#####################################
|
||||
# configuration to not log at all #
|
||||
#####################################
|
||||
# logger none for access log
|
||||
log.access_handler = 'none'
|
||||
# logger none for error and ldapcherry log
|
||||
#log.error_handler = 'none'
|
||||
|
||||
# log level
|
||||
log.level = 'info'
|
||||
|
||||
# session configuration
|
||||
# activate session
|
||||
tools.sessions.on = True
|
||||
# session timeout
|
||||
tools.sessions.timeout = 7200
|
||||
# file session storage(to use if multiple processes,
|
||||
# default is in RAM and per process)
|
||||
#tools.sessions.storage_type = "file"
|
||||
# session
|
||||
#tools.sessions.storage_path = "/var/lib/ldapcherry/sessions"
|
||||
|
||||
[attributes]
|
||||
|
||||
# file discribing form content
|
||||
attributes.file = './tests/cfg/attributes_adldap.yml'
|
||||
|
||||
[roles]
|
||||
|
||||
# file listing roles
|
||||
roles.file = './tests/cfg/roles_adldap.yml'
|
||||
|
||||
[search]
|
||||
|
||||
# minimum lenght for search forms
|
||||
min.lenght = 0
|
||||
|
||||
[backends]
|
||||
|
||||
#####################################
|
||||
# configuration of ldap backend #
|
||||
#####################################
|
||||
|
||||
# name of the module
|
||||
ldap.module = 'ldapcherry.backend.backendLdap'
|
||||
# display name of the ldap
|
||||
ldap.display_name = 'My Ldap Directory'
|
||||
|
||||
# uri of the ldap directory
|
||||
ldap.uri = 'ldap://ldap.ldapcherry.org:390'
|
||||
# ca to use for ssl/tls connexion
|
||||
#ldap.ca = '/etc/dnscherry/TEST-cacert.pem'
|
||||
# use start tls
|
||||
#ldap.starttls = 'off'
|
||||
# check server certificate (for tls)
|
||||
#ldap.checkcert = 'off'
|
||||
# bind dn to the ldap
|
||||
ldap.binddn = 'cn=dnscherry,dc=example,dc=org'
|
||||
# password of the bind dn
|
||||
ldap.password = 'password'
|
||||
# timeout of ldap connexion (in second)
|
||||
ldap.timeout = 1
|
||||
|
||||
# groups dn
|
||||
ldap.groupdn = 'ou=group,dc=example,dc=org'
|
||||
# users dn
|
||||
ldap.userdn = 'ou=people,dc=example,dc=org'
|
||||
# ldapsearch filter to get a user
|
||||
ldap.user_filter_tmpl = '(uid=%(username)s)'
|
||||
# ldapsearch filter to get groups of a user
|
||||
ldap.group_filter_tmpl = '(member=uid=%(username)s,ou=People,dc=example,dc=org)'
|
||||
# filter to search users
|
||||
ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))'
|
||||
|
||||
# ldap group attributes and how to fill them
|
||||
ldap.group_attr.member = "%(dn)s"
|
||||
#ldap.group_attr.memberUid = "%(uid)s"
|
||||
# object classes of a user entry
|
||||
ldap.objectclasses = 'top, person, posixAccount, inetOrgPerson'
|
||||
# dn entry attribute for an ldap user
|
||||
ldap.dn_user_attr = 'uid'
|
||||
|
||||
#####################################
|
||||
# configuration of ad backend #
|
||||
#####################################
|
||||
|
||||
## Name of the backend
|
||||
ad.module = 'ldapcherry.backend.backendAD'
|
||||
# display name of the ldap
|
||||
ad.display_name = 'My Active Directory'
|
||||
# ad domain
|
||||
ad.domain = 'DC.LDAPCHERRY.ORG'
|
||||
# ad login
|
||||
ad.login = 'administrator'
|
||||
# ad password
|
||||
ad.password = 'qwertyP455'
|
||||
# ad uri
|
||||
ad.uri = 'ldaps://localhost'
|
||||
|
||||
# ca to use for ssl/tls connexion
|
||||
#ad.ca = '/etc/dnscherry/TEST-cacert.pem'
|
||||
# use start tls
|
||||
ad.starttls = 'off'
|
||||
# check server certificate (for tls)
|
||||
ad.checkcert = 'off'
|
||||
|
||||
[ppolicy]
|
||||
|
||||
# password policy module
|
||||
ppolicy.module = 'ldapcherry.ppolicy.simple'
|
||||
|
||||
# parameters of the module
|
||||
min_length = 8
|
||||
min_upper = 1
|
||||
min_digit = 1
|
||||
|
||||
# authentification parameters
|
||||
[auth]
|
||||
|
||||
# Auth mode
|
||||
# * and: user must authenticate on all backends
|
||||
# * or: user must authenticate on one of the backend
|
||||
# * none: disable authentification
|
||||
# * custom: custom authentification module (need auth.module param)
|
||||
auth.mode = 'or'
|
||||
|
||||
# custom auth module to load
|
||||
#auth.module = 'ldapcherry.auth.modNone'
|
||||
|
||||
# resources parameters
|
||||
[resources]
|
||||
# templates directory
|
||||
templates.dir = '/usr/share/ldapcherry/templates/'
|
||||
|
||||
[/static]
|
||||
# enable serving static file through ldapcherry
|
||||
# set to False if files served directly by an
|
||||
# http server for better performance
|
||||
tools.staticdir.on = True
|
||||
# static resources directory (js, css, images...)
|
||||
tools.staticdir.dir = '/home/kakwa/Geek/GitHub/ldapcherry/resources/static/'
|
||||
|
||||
## custom javascript files
|
||||
#[/custom]
|
||||
#
|
||||
## enable serving static file through ldapcherry
|
||||
## set to False if files served directly by an
|
||||
## http server for better performance
|
||||
#tools.staticdir.on = True
|
||||
|
||||
## path to directory containing js files
|
||||
## use it to add custom auto-fill functions
|
||||
#tools.staticdir.dir = '/home/kakwa/Geek/GitHub/ldapcherry/resources/static/'
|
41
tests/cfg/roles_adldap.yml
Normal file
41
tests/cfg/roles_adldap.yml
Normal file
@ -0,0 +1,41 @@
|
||||
admin-lv3:
|
||||
display_name: Administrators Level 3
|
||||
description: Super administrators of the system
|
||||
backends_groups:
|
||||
# ldap:
|
||||
# - cn=dns admins,ou=Group,dc=example,dc=org
|
||||
# - cn=nagios admins,ou=Group,dc=example,dc=org
|
||||
# - cn=puppet admins,ou=Group,dc=example,dc=org
|
||||
# - cn=users,ou=Group,dc=example,dc=org
|
||||
ad:
|
||||
- Administrators
|
||||
- Domain Controllers
|
||||
- Group Policy Creator Owners
|
||||
|
||||
admin-lv2:
|
||||
display_name: Administrators Level 2
|
||||
description: Basic administrators of the system
|
||||
LC_admins: True
|
||||
backends_groups:
|
||||
# ldap:
|
||||
# - cn=nagios admins,ou=Group,dc=example,dc=org
|
||||
# - cn=users,ou=Group,dc=example,dc=org
|
||||
ad:
|
||||
- Administrators
|
||||
|
||||
#developpers:
|
||||
# display_name: Developpers
|
||||
# description: Developpers of the system
|
||||
# backends_groups:
|
||||
# ldap:
|
||||
# - cn=developpers,ou=Group,dc=example,dc=org
|
||||
# - cn=users,ou=Group,dc=example,dc=org
|
||||
|
||||
#users:
|
||||
# display_name: Simple Users
|
||||
# description: Basic users of the system
|
||||
# backends_groups:
|
||||
## ldap:
|
||||
## - cn=users,ou=Group,dc=example,dc=org
|
||||
# ad:
|
||||
# - Domain Users
|
Loading…
Reference in New Issue
Block a user