From fb3d1f607c06766f880483af0a04c2975e30d5de Mon Sep 17 00:00:00 2001 From: Emmanuel Garette Date: Mon, 23 May 2022 08:54:15 +0200 Subject: [PATCH] add aliases support --- .../2022.03.08/dovecot/DOC.md | 4 ++ .../dovecot/templates/ldapsource.cf | 2 +- .../letsencrypt/funcs/letsencrypt.py | 2 +- .../2022.03.08/nginx-reverse-proxy/doc.md | 2 +- .../2022.03.08/openldap/DEBUG.md | 6 +- .../dictionaries/21_openldap-server.xml | 2 + .../openldap/extras/accounts/00_account.xml | 4 +- .../2022.03.08/openldap/templates/users.ldif | 14 +++++ .../openldap/templates/users_mod.ldif | 55 ++++++++++++------- 9 files changed, 66 insertions(+), 25 deletions(-) create mode 100644 seed/applicationservice/2022.03.08/dovecot/DOC.md diff --git a/seed/applicationservice/2022.03.08/dovecot/DOC.md b/seed/applicationservice/2022.03.08/dovecot/DOC.md new file mode 100644 index 0000000..91d4a62 --- /dev/null +++ b/seed/applicationservice/2022.03.08/dovecot/DOC.md @@ -0,0 +1,4 @@ +Ajouter le domaine +================== + +Ajouter le domaine autoconfig.xxxx.xx diff --git a/seed/applicationservice/2022.03.08/dovecot/templates/ldapsource.cf b/seed/applicationservice/2022.03.08/dovecot/templates/ldapsource.cf index 848d28b..33a1988 100644 --- a/seed/applicationservice/2022.03.08/dovecot/templates/ldapsource.cf +++ b/seed/applicationservice/2022.03.08/dovecot/templates/ldapsource.cf @@ -9,5 +9,5 @@ bind = yes bind_dn = %%ldapclient_remote_user bind_pw = %%ldapclient_remote_user_password search_base = %%calc_ldapclient_base_dn(%%ldap_base_dn, None, accounts=True) -query_filter = (mail=%s) +query_filter = (mailLocalAddress=%s) result_attribute = cn diff --git a/seed/applicationservice/2022.03.08/letsencrypt/funcs/letsencrypt.py b/seed/applicationservice/2022.03.08/letsencrypt/funcs/letsencrypt.py index b5a3974..a104fd5 100644 --- a/seed/applicationservice/2022.03.08/letsencrypt/funcs/letsencrypt.py +++ b/seed/applicationservice/2022.03.08/letsencrypt/funcs/letsencrypt.py @@ -53,7 +53,7 @@ def letsencrypt_certif(domain: str, ] ret = _run(cli_args, capture_output=True) if ret.returncode != 0: - raise ValueError(ret.stderr) + raise ValueError(ret.stderr.decode()) print("Done") with open(date_file, 'w') as fh: fh.write(today) diff --git a/seed/applicationservice/2022.03.08/nginx-reverse-proxy/doc.md b/seed/applicationservice/2022.03.08/nginx-reverse-proxy/doc.md index 14e0791..6bc0380 100644 --- a/seed/applicationservice/2022.03.08/nginx-reverse-proxy/doc.md +++ b/seed/applicationservice/2022.03.08/nginx-reverse-proxy/doc.md @@ -3,6 +3,6 @@ Providers - revprox_clients : nom de domaine des serveurs HTTPS accessible derrière le serveur mandataire inverse, cette variable est une variable meneuse, les variables suivantes sont des suiveuses. - revprox_location : nom du répertoire diffusé sur le client -- revprox_url : quelque chose comme https://domain/location +- revprox_url : quelque chose comme https://domain/location (cette variable est multiple) - revprox_is_websocket : les URL sont de type websocket - revprox_max_body_size : taille maximal du coprs de la requête diff --git a/seed/applicationservice/2022.03.08/openldap/DEBUG.md b/seed/applicationservice/2022.03.08/openldap/DEBUG.md index ae68e4b..8b91062 100644 --- a/seed/applicationservice/2022.03.08/openldap/DEBUG.md +++ b/seed/applicationservice/2022.03.08/openldap/DEBUG.md @@ -1,9 +1,13 @@ # DEBUG +systemctl stop slapd +usr/sbin/slapd -u ldap -h ldaps:/// -d 256 + + Search with admin user: ``` -ldapsearch -D cn=admin,ou=in,o=gnunux,o=info -y /usr/local/lib/secrets/admin_ldap.pwd -b ou=users,ou=in,o=gnunux,o=info +ldapsearch -D cn=admin,ou=in,o=gnunux,o=info -y /usr/local/lib/secrets/admin_ldap.pwd -b ou=accounts,ou=in,o=gnunux,o=info ``` Search with nexcloud admin user: diff --git a/seed/applicationservice/2022.03.08/openldap/dictionaries/21_openldap-server.xml b/seed/applicationservice/2022.03.08/openldap/dictionaries/21_openldap-server.xml index d3d1fc3..a815148 100644 --- a/seed/applicationservice/2022.03.08/openldap/dictionaries/21_openldap-server.xml +++ b/seed/applicationservice/2022.03.08/openldap/dictionaries/21_openldap-server.xml @@ -32,6 +32,7 @@ uid cn sn + givenName mail entryCSN @@ -48,6 +49,7 @@ /etc/openldap/schema/cosine.ldif /etc/openldap/schema/inetorgperson.ldif /etc/openldap/schema/nis.ldif + /etc/openldap/schema/misc.ldif 0 diff --git a/seed/applicationservice/2022.03.08/openldap/extras/accounts/00_account.xml b/seed/applicationservice/2022.03.08/openldap/extras/accounts/00_account.xml index 56bee09..8a891ca 100644 --- a/seed/applicationservice/2022.03.08/openldap/extras/accounts/00_account.xml +++ b/seed/applicationservice/2022.03.08/openldap/extras/accounts/00_account.xml @@ -14,7 +14,7 @@ - + @@ -24,7 +24,7 @@ - + diff --git a/seed/applicationservice/2022.03.08/openldap/templates/users.ldif b/seed/applicationservice/2022.03.08/openldap/templates/users.ldif index 246f22e..08c37c0 100644 --- a/seed/applicationservice/2022.03.08/openldap/templates/users.ldif +++ b/seed/applicationservice/2022.03.08/openldap/templates/users.ldif @@ -44,11 +44,18 @@ givenName: %%user.ldap_user_gn uid: %%user.ldap_user_uid userPassword:: %%ssha_encode(%%user.ldap_user_password) homeDirectory: /srv/home/users/%%user +mailLocalAddress: %%user + %if %%user.ldap_user_aliases + %for %%alias in %%user.ldap_user_aliases +mailLocalAddress: %%alias + %end for + %end if uidNumber: 0 gidNumber: 0 objectClass: top objectClass: inetOrgPerson objectClass: posixAccount +objectClass: inetLocalMailRecipient %end for ## Families @@ -73,11 +80,18 @@ givenName: %%user['ldap_user_gn_' + %%family] uid: %%user['ldap_user_uid_' + %%family] userPassword:: %%ssha_encode(%%user['ldap_user_password_' + %%family]) homeDirectory: /srv/home/families/%%family/%%user +mailLocalAddress: %%user + %if %%user['ldap_user_aliases_' + %%family] + %for %%alias in %%user['ldap_user_aliases_' + %%family] +mailLocalAddress: %%alias + %end for + %end if uidNumber: 0 gidNumber: 0 objectClass: top objectClass: inetOrgPerson objectClass: posixAccount +objectClass: inetLocalMailRecipient %end for %end for diff --git a/seed/applicationservice/2022.03.08/openldap/templates/users_mod.ldif b/seed/applicationservice/2022.03.08/openldap/templates/users_mod.ldif index 41aeded..d22294d 100644 --- a/seed/applicationservice/2022.03.08/openldap/templates/users_mod.ldif +++ b/seed/applicationservice/2022.03.08/openldap/templates/users_mod.ldif @@ -7,22 +7,39 @@ replace: userPassword userPassword:: %%ssha_encode(%%accounts['remote_' + %%name]['password_' + %%name]) %end for -## Users -#%set %%users = %%calc_ldapclient_base_dn(%%ldap_base_dn, '') -#%for %%user in %%accounts.users.ldap_user_mail -#dn: cn=%%user,%%users -#changetype: modify -#replace: homeDirectory -#homeDirectory: /srv/home/users/%%user -# -#%end for -## Families -#%for %%family in %%accounts.families -# %set %%families = %%calc_ldapclient_base_dn(%%ldap_base_dn, %%family) -# %for %%user in %%accounts['family_' + %%family]['users_' + %%family]['ldap_user_mail_' + %%family] -#dn: cn=%%user,%%families -#replace: homeDirectory -#homeDirectory: /srv/home/families/%%family/%%user -# -# %end for -#%end for +# Users +%set %%users = %%calc_ldapclient_base_dn(%%ldap_base_dn, '') +%for %%user in %%accounts.users.ldap_user_mail +dn: cn=%%user,%%users +changetype: modify +#add: objectClass +#objectClass: inetLocalMailRecipient +#- +replace: mailLocalAddress +mailLocalAddress: %%user + %if %%user.ldap_user_aliases + %for %%alias in %%user.ldap_user_aliases +mailLocalAddress: %%alias + %end for + %end if + +%end for +# Families +%for %%family in %%accounts.families + %set %%families = %%calc_ldapclient_base_dn(%%ldap_base_dn, %%family) + %for %%user in %%accounts['family_' + %%family]['users_' + %%family]['ldap_user_mail_' + %%family] +dn: cn=%%user,%%families +changetype: modify +#add: objectClass +#objectClass: inetLocalMailRecipient +#- +replace: mailLocalAddress +mailLocalAddress: %%user + %if %%user['ldap_user_aliases_' + %%family] + %for %%alias in %%user['ldap_user_aliases_' + %%family] +mailLocalAddress: %%alias + %end for + %end if + + %end for +%end for