stove/dataset
3
0
Fork 1
Code Issues 2 Pull requests Projects Releases Wiki Activity

add aliases support

Browse source
This commit is contained in:
Emmanuel Garette 2022-05-23 08:54:15 +02:00
parent 90bcf35f9b
commit fb3d1f607c
9 changed files with 66 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
seed/applicationservice/2022.03.08/dovecot/DOC.md Normal file
View file

@ -0,0 +1,4 @@
Ajouter le domaine
==================
Ajouter le domaine autoconfig.xxxx.xx

2
seed/applicationservice/2022.03.08/dovecot/templates/ldapsource.cf
View file

@ -9,5 +9,5 @@ bind = yes
bind_dn = %%ldapclient_remote_user bind_dn = %%ldapclient_remote_user
bind_pw = %%ldapclient_remote_user_password bind_pw = %%ldapclient_remote_user_password
search_base = %%calc_ldapclient_base_dn(%%ldap_base_dn, None, accounts=True) search_base = %%calc_ldapclient_base_dn(%%ldap_base_dn, None, accounts=True)
query_filter = (mail=%s) query_filter = (mailLocalAddress=%s)
result_attribute = cn result_attribute = cn

2
seed/applicationservice/2022.03.08/letsencrypt/funcs/letsencrypt.py
View file

@ -53,7 +53,7 @@ def letsencrypt_certif(domain: str,
] ]
ret = _run(cli_args, capture_output=True) ret = _run(cli_args, capture_output=True)
if ret.returncode != 0: if ret.returncode != 0:
raise ValueError(ret.stderr) raise ValueError(ret.stderr.decode())
print("Done") print("Done")
with open(date_file, 'w') as fh: with open(date_file, 'w') as fh:
fh.write(today) fh.write(today)

2
seed/applicationservice/2022.03.08/nginx-reverse-proxy/doc.md
View file

@ -3,6 +3,6 @@ Providers
- revprox_clients : nom de domaine des serveurs HTTPS accessible derrière le serveur mandataire inverse, cette variable est une variable meneuse, les variables suivantes sont des suiveuses. - revprox_clients : nom de domaine des serveurs HTTPS accessible derrière le serveur mandataire inverse, cette variable est une variable meneuse, les variables suivantes sont des suiveuses.
- revprox_location : nom du répertoire diffusé sur le client - revprox_location : nom du répertoire diffusé sur le client
- revprox_url : quelque chose comme https://domain/location - revprox_url : quelque chose comme https://domain/location (cette variable est multiple)
- revprox_is_websocket : les URL sont de type websocket - revprox_is_websocket : les URL sont de type websocket
- revprox_max_body_size : taille maximal du coprs de la requête - revprox_max_body_size : taille maximal du coprs de la requête

6
seed/applicationservice/2022.03.08/openldap/DEBUG.md
View file

@ -1,9 +1,13 @@
# DEBUG # DEBUG
systemctl stop slapd
usr/sbin/slapd -u ldap -h ldaps:/// -d 256
Search with admin user: Search with admin user:
``` ```
ldapsearch -D cn=admin,ou=in,o=gnunux,o=info -y /usr/local/lib/secrets/admin_ldap.pwd -b ou=users,ou=in,o=gnunux,o=info ldapsearch -D cn=admin,ou=in,o=gnunux,o=info -y /usr/local/lib/secrets/admin_ldap.pwd -b ou=accounts,ou=in,o=gnunux,o=info
``` ```
Search with nexcloud admin user: Search with nexcloud admin user:

2
seed/applicationservice/2022.03.08/openldap/dictionaries/21_openldap-server.xml
View file

@ -32,6 +32,7 @@
<value>uid</value> <value>uid</value>
<value>cn</value> <value>cn</value>
<value>sn</value> <value>sn</value>
<!--value>mailLocalAddress</value-->
<value>givenName</value> <value>givenName</value>
<value>mail</value> <value>mail</value>
<value>entryCSN</value> <value>entryCSN</value>
@ -48,6 +49,7 @@
<value>/etc/openldap/schema/cosine.ldif</value> <value>/etc/openldap/schema/cosine.ldif</value>
<value>/etc/openldap/schema/inetorgperson.ldif</value> <value>/etc/openldap/schema/inetorgperson.ldif</value>
<value>/etc/openldap/schema/nis.ldif</value> <value>/etc/openldap/schema/nis.ldif</value>
<value>/etc/openldap/schema/misc.ldif</value>
</variable> </variable>
<variable name='ldap_loglevel' type='number' description='Niveau de log' mode="expert"> <variable name='ldap_loglevel' type='number' description='Niveau de log' mode="expert">
<value>0</value> <value>0</value>

4
seed/applicationservice/2022.03.08/openldap/extras/accounts/00_account.xml
View file

@ -14,7 +14,7 @@
</family> </family>
<family name="users" description="Gestion des utilisateurs" leadership="True"> <family name="users" description="Gestion des utilisateurs" leadership="True">
<variable name='ldap_user_mail' type="mail" description="Adresse courriel du compte" multi="True"/> <variable name='ldap_user_mail' type="mail" description="Adresse courriel du compte" multi="True"/>
<variable name='ldap_user_aliases' type="mail" description="Aliases du mail" multi="True"/> <!-- FIXME --> <variable name='ldap_user_aliases' type="mail" description="Aliases du mail" multi="True"/>
<variable name='ldap_user_uid' type="unix_user" description="Nom de compte" mandatory="True"/> <variable name='ldap_user_uid' type="unix_user" description="Nom de compte" mandatory="True"/>
<variable name='ldap_user_sn' type="string" description="Prénom" mandatory="True"/> <variable name='ldap_user_sn' type="string" description="Prénom" mandatory="True"/>
<variable name='ldap_user_gn' type="string" description="Nom de famille" mandatory="True"/> <variable name='ldap_user_gn' type="string" description="Nom de famille" mandatory="True"/>
@ -24,7 +24,7 @@
<family name="family_" description="Gestion de la famille " dynamic="accounts.families"> <family name="family_" description="Gestion de la famille " dynamic="accounts.families">
<family name="users_" description="Gestion des utilisateurs" leadership="True"> <family name="users_" description="Gestion des utilisateurs" leadership="True">
<variable name='ldap_user_mail_' type="mail" description="Adresse courriel du compte" multi="True"/> <variable name='ldap_user_mail_' type="mail" description="Adresse courriel du compte" multi="True"/>
<variable name='ldap_user_aliases_' type="mail" description="Aliases du mail" multi="True"/> <!-- FIXME --> <variable name='ldap_user_aliases_' type="mail" description="Aliases du mail" multi="True"/>
<variable name='ldap_user_uid_' type="unix_user" description="Nom de compte" mandatory="True"/> <variable name='ldap_user_uid_' type="unix_user" description="Nom de compte" mandatory="True"/>
<variable name='ldap_user_sn_' type="string" description="Prénom" mandatory="True"/> <variable name='ldap_user_sn_' type="string" description="Prénom" mandatory="True"/>
<variable name='ldap_user_gn_' type="string" description="Nom de famille" mandatory="True"/> <variable name='ldap_user_gn_' type="string" description="Nom de famille" mandatory="True"/>

14
seed/applicationservice/2022.03.08/openldap/templates/users.ldif
View file

@ -44,11 +44,18 @@ givenName: %%user.ldap_user_gn
uid: %%user.ldap_user_uid uid: %%user.ldap_user_uid
userPassword:: %%ssha_encode(%%user.ldap_user_password) userPassword:: %%ssha_encode(%%user.ldap_user_password)
homeDirectory: /srv/home/users/%%user homeDirectory: /srv/home/users/%%user
mailLocalAddress: %%user
%if %%user.ldap_user_aliases
%for %%alias in %%user.ldap_user_aliases
mailLocalAddress: %%alias
%end for
%end if
uidNumber: 0 uidNumber: 0
gidNumber: 0 gidNumber: 0
objectClass: top objectClass: top
objectClass: inetOrgPerson objectClass: inetOrgPerson
objectClass: posixAccount objectClass: posixAccount
objectClass: inetLocalMailRecipient
%end for %end for
## Families ## Families
@ -73,11 +80,18 @@ givenName: %%user['ldap_user_gn_' + %%family]
uid: %%user['ldap_user_uid_' + %%family] uid: %%user['ldap_user_uid_' + %%family]
userPassword:: %%ssha_encode(%%user['ldap_user_password_' + %%family]) userPassword:: %%ssha_encode(%%user['ldap_user_password_' + %%family])
homeDirectory: /srv/home/families/%%family/%%user homeDirectory: /srv/home/families/%%family/%%user
mailLocalAddress: %%user
%if %%user['ldap_user_aliases_' + %%family]
%for %%alias in %%user['ldap_user_aliases_' + %%family]
mailLocalAddress: %%alias
%end for
%end if
uidNumber: 0 uidNumber: 0
gidNumber: 0 gidNumber: 0
objectClass: top objectClass: top
objectClass: inetOrgPerson objectClass: inetOrgPerson
objectClass: posixAccount objectClass: posixAccount
objectClass: inetLocalMailRecipient
%end for %end for
%end for %end for

55
seed/applicationservice/2022.03.08/openldap/templates/users_mod.ldif
View file

@ -7,22 +7,39 @@ replace: userPassword
userPassword:: %%ssha_encode(%%accounts['remote_' + %%name]['password_' + %%name]) userPassword:: %%ssha_encode(%%accounts['remote_' + %%name]['password_' + %%name])
%end for %end for
## Users # Users
#%set %%users = %%calc_ldapclient_base_dn(%%ldap_base_dn, '') %set %%users = %%calc_ldapclient_base_dn(%%ldap_base_dn, '')
#%for %%user in %%accounts.users.ldap_user_mail %for %%user in %%accounts.users.ldap_user_mail
#dn: cn=%%user,%%users dn: cn=%%user,%%users
#changetype: modify changetype: modify
#replace: homeDirectory #add: objectClass
#homeDirectory: /srv/home/users/%%user #objectClass: inetLocalMailRecipient
# #-
#%end for replace: mailLocalAddress
## Families mailLocalAddress: %%user
#%for %%family in %%accounts.families %if %%user.ldap_user_aliases
# %set %%families = %%calc_ldapclient_base_dn(%%ldap_base_dn, %%family) %for %%alias in %%user.ldap_user_aliases
# %for %%user in %%accounts['family_' + %%family]['users_' + %%family]['ldap_user_mail_' + %%family] mailLocalAddress: %%alias
#dn: cn=%%user,%%families %end for
#replace: homeDirectory %end if
#homeDirectory: /srv/home/families/%%family/%%user
# %end for
# %end for # Families
#%end for %for %%family in %%accounts.families
%set %%families = %%calc_ldapclient_base_dn(%%ldap_base_dn, %%family)
%for %%user in %%accounts['family_' + %%family]['users_' + %%family]['ldap_user_mail_' + %%family]
dn: cn=%%user,%%families
changetype: modify
#add: objectClass
#objectClass: inetLocalMailRecipient
#-
replace: mailLocalAddress
mailLocalAddress: %%user
%if %%user['ldap_user_aliases_' + %%family]
%for %%alias in %%user['ldap_user_aliases_' + %%family]
mailLocalAddress: %%alias
%end for
%end if
%end for
%end for