diff --git a/conf/extra_diacamma.json b/conf/extra_diacamma.json new file mode 100644 index 0000000..43abdd5 --- /dev/null +++ b/conf/extra_diacamma.json @@ -0,0 +1,24 @@ +{ + "LANGUAGE_CODE":"__LANGUAGE__", + "USE_X_FORWARDED_HOST":true, + "FORCE_SCRIPT_NAME":"/__APP__", + "LDAP_SERVERS": [{"host": "127.0.0.1", "port": 389, "use_ssl": false, "get_info": "NONE"}], + "LDAP_ENGINE" : "OpenLDAP", + "LDAP_BIND_USER" : "cn=reader,dc=yunohost,dc=org", + "LDAP_BIND_PASSWORD" : "", + "LDAP_ATTRIBUTES_MAP" : {"username": "uid", "first_name": "cn", "last_name": "sn", "email": "mail"}, + "LDAP_SEARCH_BASE" : "ou=users,dc=yunohost,dc=org", + "LDAP_USER_SEARCH_FILTER" : "(&(|(objectclass=posixAccount))(uid=%uid)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))", + "LDAP_USER_MODEL_USERNAME_FIELD" : "uid", + "LDAP_UNCHECK_USER_ACTIVE" : false, + "LDAP_USE_LDAP_GROUPS" : true, + "LDAP_USE_LDAP_GROUPS_FOR_ADMIN_STAFF_ONLY" : true, + "LDAP_SUPERUSER_GROUPS" : ["permission=cn=__APP__.admins,ou=permission,dc=yunohost,dc=org"], + "LDAP_STAFF_GROUPS" : [], + "LDAP_GROUPS_SEARCH_BASE" : "ou=groups,dc=yunohost,dc=org", + "LDAP_GROUPS_SEARCH_FILTER" : "(&(objectclass=top)(memberUid=*))", + "LDAP_GROUP_MEMBER_ATTRIBUTE" : "memberUid", + "LDAP_GROUPS_MAP" : {}, + "LDAP_IGNORED_LOCAL_GROUPS" : [], + "AUTHENTICATION_BACKENDS" : ["django_auth_ldap3_ad.auth.LDAP3ADBackend"] +} \ No newline at end of file diff --git a/manifest.toml b/manifest.toml index 641677f..0740c16 100644 --- a/manifest.toml +++ b/manifest.toml @@ -21,7 +21,7 @@ yunohost = '>= 11.2' # List of supported archs using the dpkg --print-architecture nomenclature (amd64/i386/armhf/arm64), for example: ["amd64", "i386'] architectures = "all" # TODO : handle the "all" option (no ["all"]) multi_instance = true -ldap = false +ldap = true sso = false disk = "50M" ram.build = "50M" @@ -88,7 +88,7 @@ ram.runtime = "50M" main.url = "/" [resources.apt] - packages = "libxml2-dev,libxslt-dev,libjpeg-dev,libfreetype6,libfreetype6-dev,zlib1g-dev,libpq-dev,python3-pip,python3-dev,python3-tk,python3-pil,python3-venv,build-essential,pkg-config,postgresql" + packages = "libxml2-dev,libxslt-dev,libjpeg-dev,libfreetype6,libfreetype6-dev,zlib1g-dev,libpq-dev,python3-pip,python3-dev,python3-tk,python3-pil,python3-venv,build-essential,pkg-config,postgresql,jq" [resources.ports] # This will pick a random port for reverse-proxying and store it as the $port setting @@ -96,4 +96,9 @@ ram.runtime = "50M" # This will automatically provision/deprovison a database and store the corresponding credentials in settings $db_user, $db_name, $db_pwd type = "postgresql" - \ No newline at end of file + [resources.permissions] + main.url = "/" + + admin.url = "/" + admin.show_tile = false # This means that this permission won't correspond to a tile in YunoHost's user portal + admin.allowed = "admins" # Initialize the access for the "admins" group ... You can also use an install question called `init_admin_permission` to let the server admin choose this. diff --git a/scripts/install b/scripts/install index 3a838bf..7aa9ab9 100644 --- a/scripts/install +++ b/scripts/install @@ -14,7 +14,9 @@ venv/bin/pip3 install -U lucterios lucterios-standard lucterios-contacts lucteri venv/bin/pip3 install -U diacamma-asso diacamma-syndic diacamma-financial venv/bin/pip3 install -U gunicorn psycopg2-binary psycopg2 venv/bin/lucterios_admin.py installed -venv/bin/lucterios_admin.py add -n inst-${app} -p "${APPLITYPE}" -m "${MODULES}" -d "${DATABASE}" -e '{"LANGUAGE_CODE":"'${language}'","USE_X_FORWARDED_HOST":true, "FORCE_SCRIPT_NAME":"/'${app}'"}' +ynh_add_config --template="../conf/extra_diacamma.json" --destination="/tmp/extra.json" +extra_json=$(jq -c . /tmp/extra.json) +venv/bin/lucterios_admin.py add -n inst-${app} -p "${APPLITYPE}" -m "${MODULES}" -d "${DATABASE}" -e ''$extra_json'' popd refresh_collect