security-and-privacy/ldapcherry
security-and-privacy/ldapcherry
1
0
Fork 0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-24 02:14:20 +01:00
Code Releases Activity

improve documentation

Browse Source 
* improve documentation for key: True flag in attributes.yml
* improve documentation for the ldap filters and their templating
* improve comment in the .ini file
This commit is contained in:
kakwa 2019-02-12 23:06:42 +01:00
parent 7ac7118c9a
commit d831b09293
3 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
conf/ldapcherry.ini
View File

@ -106,16 +106,24 @@ ldap.timeout = 1
ldap.groupdn = 'ou=group,dc=example,dc=org' ldap.groupdn = 'ou=group,dc=example,dc=org'
# users dn # users dn
ldap.userdn = 'ou=people,dc=example,dc=org' ldap.userdn = 'ou=people,dc=example,dc=org'
# ldapsearch filter to get a user
# ldapsearch filter to get a specific user
# %(username)s is content of the attribute marked 'key: True' in the attributes.file conf
ldap.user_filter_tmpl = '(uid=%(username)s)' ldap.user_filter_tmpl = '(uid=%(username)s)'
# ldapsearch filter to get groups of a user # ldapsearch filter to get groups of a user
# %(username)s is content of the attribute marked 'key: True' in the attributes.file conf
ldap.group_filter_tmpl = '(member=uid=%(username)s,ou=People,dc=example,dc=org)' ldap.group_filter_tmpl = '(member=uid=%(username)s,ou=People,dc=example,dc=org)'
# filter to search users # filter to search users
# %(searchstring)s is content passed through the search box
ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))' ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))'
# ldap group attributes and how to fill them # ldap group attributes and how to fill them
# 'member' is the name of the attribute
# for the template, any of the user's ldap attributes can be user
ldap.group_attr.member = "%(dn)s" ldap.group_attr.member = "%(dn)s"
# same with memverUid and the uid user's attribute
#ldap.group_attr.memberUid = "%(uid)s" #ldap.group_attr.memberUid = "%(uid)s"
# object classes of a user entry # object classes of a user entry
ldap.objectclasses = 'top, person, posixAccount, inetOrgPerson' ldap.objectclasses = 'top, person, posixAccount, inetOrgPerson'
# dn entry attribute for an ldap user # dn entry attribute for an ldap user

8
docs/backends.rst
View File

@ -73,7 +73,10 @@ The ldap backend exposes the following parameters:
| userdn | backends | The ldap dn where users are | ldap dn | | | userdn | backends | The ldap dn where users are | ldap dn | |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+
| user_filter_tmpl | backends | The search filter template | ldap search filter | The user identifier is passed through | | user_filter_tmpl | backends | The search filter template | ldap search filter | The user identifier is passed through |
| | | to recover a given user | template | the **username** variable (*%(username)s*).| | | | to recover a given user | template | the **username** variable (*%(username)s*) |
| | | | | |
| | | | | **username** is the attribute marked by |
| | | | | **key: True** in the **attribute.yml** file|
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+
| group_filter_tmpl | backends | The search filter template to | ldap search filter | The following variables are usable: | | group_filter_tmpl | backends | The search filter template to | ldap search filter | The following variables are usable: |
| | | recover the groups of a given user | template | * **username**: the user key attribute | | | | recover the groups of a given user | template | * **username**: the user key attribute |
@ -83,7 +86,8 @@ The ldap backend exposes the following parameters:
| | | | | in groups dn entries | | | | | | in groups dn entries |
| | | | | * every user attributes are exposed | | | | | | * every user attributes are exposed |
| | | | | in the template | | | | | | in the template |
| | | | | * multiple attributes can be set | | | | | | * multiple <memver attr> attributes |
| | | | | can be set |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+
| objectclasses | backends | list of object classes for users | comma separated list | | | objectclasses | backends | list of object classes for users | comma separated list | |
+--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+ +--------------------------+----------+------------------------------------+--------------------------+--------------------------------------------+

7
docs/deploy.rst
View File

@ -112,7 +112,12 @@ If **type** is set to **stringlist** the parameter **values** must be filled wit
Key attribute: Key attribute:
^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^
One attribute must be used as a unique key across all backends: One attribute must be used as a unique key across all backends.
It acts as a reconciliation key.
It also marks which attribute must be used within ldapcherry (ex: querysting parameter in links)
to point to one given user.
To set the key attribute, you must set **key** to **True** on this attribute. To set the key attribute, you must set **key** to **True** on this attribute.