| conf | ||
| docs | ||
| goodies | ||
| ldapcherry | ||
| misc | ||
| resources | ||
| tests | ||
| .dockerignore | ||
| .gitignore | ||
| .travis.yml | ||
| ChangeLog.rst | ||
| Dockerfile | ||
| init.py | ||
| LICENSE | ||
| MANIFEST.in | ||
| README.rst | ||
| requirements-el7.txt | ||
| requirements-stretch.txt | ||
| requirements.txt | ||
| run_test.sh | ||
| setup.py | ||
LdapCherry
Nice and simple application to manage users and groups in multiple directory services.
- Doc
- Dev
- PyPI
- License
-
MIT
- Author
-
Pierre-Francois Carpentier - copyright © 2016
Demo
A demo is accessible here: https://ldapcherry.kakwalab.ovh
The credentials are:
- as administrator: admin/admin
- as user: user/user
Please take note that it's not possible to modify/delete the 'admin' and 'user' users.
Also take note that the service will be reseted once per day.
Presentation
LdapCherry is a CherryPY application to manage users and groups in multiple directory services.
Its main features are:
- manage multiple directories/databases backends in an unified way
- roles management (as in "groups of groups")
- autofill forms
- password policy
- self modification of some selected fields by normal (non administrator) users
- nice bootstrap interface
- modular through pluggable authentication, password policy and backend modules
LdapCherry is not limited to ldap, it can handle virtually any user backend (ex: SQL database, htpasswd file, etc) through the proper plugin (provided that it is implemented ^^).
LdapCherry also aims to be as simple as possible to deploy: no crazy dependencies, few configuration files, extensive debug logs and full documentation.
The default backend plugins permit to manage Ldap and Active Directory.
Screenshots
Try out
# clone the repository
$ git clone https://github.com/kakwa/ldapcherry && cd ldapcherry
# change the directory where to put the configuration (default: /etc)
$ export SYSCONFDIR=/etc
# change the directory where to put the resource (default: /usr/share)
$ export DATAROOTDIR=/usr/share/
# install ldapcherry
$ python setup.py install
# edit configuration files
$ vi /etc/ldapcherry/ldapcherry.ini
$ vi /etc/ldapcherry/roles.yml
$ vi /etc/ldapcherry/attributes.yml
# launch ldapcherry
$ ldapcherryd -c /etc/ldapcherry/ldapcherry.ini -DDocker
Building and running
# Build the docker container with the tag ldapcherry
$ docker build -t ldapcherry .
# Run the docker container tagged as ldapcherry with the demo backend
# and allow incoming requests on port 8080 on the localhost
$ docker run -p 8080:8080 ldapcherryDefault environment variables
|
|
|
|
|---|---|---|---|
DEBUG |
Run the container in debug mode | False |
|
SUFFIX |
Set the suffix for the domain | dc=example,dc=org |
|
SERVER_SOCKET_HOST |
IP address for the daemon to run on | 0.0.0.0 |
IP Address |
SERVER_SOCKET_PORT |
Port for the daemon to run on | 8080 |
Unprivileged Port |
LOG_ACCESS_HANDLER |
The target for the access logs | stdout |
|
LOG_ERROR_HANDLER |
The target for the error logs | stdout |
|
Warning
Setting either of the LOG_<TYPE>_HANDLER variables
to file requires the appropriate
LOG_<TYPE>_FILE to be set
Other environment variables
All other confguration options are parsed programatically from
environment variables that are formatted differently for the two file
types -- one way for the ini file and another for the
.yml file.
INI configuration file
The environment variables that should be passed to the
ldapcherry.ini configuration file are only to be made into
upper-case underscore-separated versions of the options inside of each
section of the ldapcherry.ini file. For instance:
server.socket_host -> SERVER_SOCKET_HOST
request.show_tracebacks -> REQUEST_SHOW_TRACEBACKS
tools.sessions.timeout -> TOOLS_SESSIONS_TIMEOUT
min_length -> MIN_LENGTHThey will be put into their respective sections in the ldapcherry.ini file.
YAML configuration files
For the yaml configuration files (attributes.yml and
roles.yml), the environment variable name is
programatically parsed based on the following template:
<FILENAME (without the .yml extension)>__<ATTRIBUTE ID>__<PARAMETER>The following example demonstrates how to customize the
shell attribute ID in the attributes.yml
file:
shell:
description: "Shell of the user"
display_name: "Shell"
weight: 80
values:
- /bin/bash
- /bin/zsh
- /bin/shATTRIBUTES__SHELL__DESCRIPTION="Shell of the user"
ATTRIBUTES__SHELL__DISPLAY_NAME="Shell"
ATTRIBUTES__SHELL__WEIGHT="80"
ATTRIBUTES__SHELL__VALUES="['/bin/bash', '/bin/zsh', '/bin/sh']"License
LdapCherry is published under the MIT Public License.
Discussion / Help / Updates
