9.2 KiB
Deploy
Launch
LdapCherry is launched using the internal cherrypy server:
# ldapcherryd help
$ ldapcherryd -h
# launching ldapcherryd in the forground
$ ldapcherryd -c /etc/ldapcherry/ldapcherry.ini
# launching ldapcherryd as a daemon
$ ldapcherryd -c /etc/ldapcherry/ldapcherry.ini -p /var/run/ldapcherry/ldapcherry.pid -d
Roles and Attributes Configuration
General Configuration
Webserver
LdapCherry uses the embedded http server of CherryPy, however it has some limitations:
- no listening on port 80/443 (unless run as root, which is strongly discourage)
- no https
The simpler way to properly deploy LdapCherry is to run it listening only on localhost with a port above 1024 and put it behind an http server like nginx, apache or lighttpd acting as a reverse http(s) proxy.
|
Section |
|
|
|
---|---|---|---|---|
server.socket_host |
|
Listening IP | IP on which to listen | Use '0.0.0.0' to listen on any interfaces. |
server.socket_port |
|
Listening Port | TCP Port | |
server.thread_pool |
|
Number of threads created by the CherryPy server | Number of threads threads | |
tools.staticdir.on | /static | Serve static files through LdapCherry | True, False | These files could be server directly by an HTTP server for better performance. |
tools.staticdir.dir | /static | Directory containing LdapCherry static resources (js, css, img...) | Path to static resources |
example:
[global]
# listing interface
server.socket_host = '127.0.0.1'
# port
server.socket_port = 8080
# number of threads
server.thread_pool = 8
# enable cherrypy static handling
# to comment if static content are handled otherwise
[/static]
tools.staticdir.on = True
tools.staticdir.dir = '/usr/share/ldapcherry/static/'
Authentication and sessions
LdapCherry supports several authentication modes:
|
Section |
|
|
|
---|---|---|---|---|
auth.mode | auth | Authentication mode |
|
|
auth.module | auth | Custom auth module | python class path to module | only used if auth.mode='custom' |
tools.sessions.timeout | global | Session timeout in minutes | Number of minutes |
Different session backends can also be configured (see CherryPy documentation for details)
[global]
# session configuration
# activate session
tools.sessions.on = True
# session timeout in minutes
tools.sessions.timeout = 10
# file session storage(to use if multiple processes,
# default is in RAM and per process)
#tools.sessions.storage_type = "file"
# session
#tools.sessions.storage_path = "/var/lib/ldapcherry/sessions"
[auth]
# Auth mode
# * and: user must authenticate on all backends
# * or: user must authenticate on one of the backend
# * none: disable authentification
# * custom: custom authentification module (need auth.module param)
auth.mode = 'or'
# custom auth module to load
#auth.module = 'ldapcherry.auth.modNone'
Logging
LdapCherry has two loggers, one for errors and applicative actions (login, del/add, logout...) and one for access logs.
Each logger can be configured to log to syslog, file or be desactivated.
Logging parameters:
|
Section |
|
|
|
---|---|---|---|---|
log.access_handler |
|
|
|
|
|
|
Logger type for applicative log |
|
|
|
|
|
|
only used if log.access_handler='file' |
|
|
|
|
|
|
|
|
'debug', 'info', 'warning', 'error', 'critical' |
Example:
[global]
# logger syslog for access log
log.access_handler = 'syslog'
# logger syslog for error and ldapcherry log
log.error_handler = 'syslog'
# log level
log.level = 'info'
Other LdapCherry parameters
# resources parameters
[resources]
# templates directory
template_dir = '/usr/share/ldapcherry/templates/'
LdapCherry full configuration file
../conf/ldapcherry.ini
Init Script
Sample init script for Debian:
../goodies/init-debian
This init script is available in goodies/init-debian.