LDAP conf

conf/extra_diacamma.json

@@ -0,0 +1,24 @@
+{
+    "LANGUAGE_CODE":"__LANGUAGE__",
+    "USE_X_FORWARDED_HOST":true, 
+    "FORCE_SCRIPT_NAME":"/__APP__", 
+    "LDAP_SERVERS": [{"host": "127.0.0.1", "port": 389, "use_ssl": false, "get_info": "NONE"}],
+    "LDAP_ENGINE" : "OpenLDAP",
+    "LDAP_BIND_USER" : "cn=reader,dc=yunohost,dc=org",
+    "LDAP_BIND_PASSWORD" : "",
+    "LDAP_ATTRIBUTES_MAP" : {"username": "uid", "first_name": "cn", "last_name": "sn", "email": "mail"},
+    "LDAP_SEARCH_BASE" : "ou=users,dc=yunohost,dc=org",
+    "LDAP_USER_SEARCH_FILTER" : "(&(|(objectclass=posixAccount))(uid=%uid)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))",
+    "LDAP_USER_MODEL_USERNAME_FIELD" : "uid",
+    "LDAP_UNCHECK_USER_ACTIVE" : false,
+    "LDAP_USE_LDAP_GROUPS" : true,
+    "LDAP_USE_LDAP_GROUPS_FOR_ADMIN_STAFF_ONLY" : true,
+    "LDAP_SUPERUSER_GROUPS" : ["permission=cn=__APP__.admins,ou=permission,dc=yunohost,dc=org"],
+    "LDAP_STAFF_GROUPS" : [],
+    "LDAP_GROUPS_SEARCH_BASE" : "ou=groups,dc=yunohost,dc=org",
+    "LDAP_GROUPS_SEARCH_FILTER" : "(&(objectclass=top)(memberUid=*))",
+    "LDAP_GROUP_MEMBER_ATTRIBUTE" : "memberUid",
+    "LDAP_GROUPS_MAP" : {},
+    "LDAP_IGNORED_LOCAL_GROUPS" : [],
+    "AUTHENTICATION_BACKENDS" : ["django_auth_ldap3_ad.auth.LDAP3ADBackend"]   
+}

manifest.toml

@@ -21,7 +21,7 @@ yunohost = '>= 11.2'
 # List of supported archs using the dpkg --print-architecture nomenclature (amd64/i386/armhf/arm64), for example: ["amd64", "i386']
 architectures = "all" # TODO : handle the "all" option (no ["all"])
 multi_instance = true
-ldap = false
+ldap = true
 sso = false
 disk = "50M"
 ram.build = "50M"
@@ -88,7 +88,7 @@ ram.runtime = "50M"
     main.url = "/"
 
     [resources.apt]
-    packages = "libxml2-dev,libxslt-dev,libjpeg-dev,libfreetype6,libfreetype6-dev,zlib1g-dev,libpq-dev,python3-pip,python3-dev,python3-tk,python3-pil,python3-venv,build-essential,pkg-config,postgresql"
+    packages = "libxml2-dev,libxslt-dev,libjpeg-dev,libfreetype6,libfreetype6-dev,zlib1g-dev,libpq-dev,python3-pip,python3-dev,python3-tk,python3-pil,python3-venv,build-essential,pkg-config,postgresql,jq"
 
     [resources.ports]
     # This will pick a random port for reverse-proxying and store it as the $port setting
@@ -96,4 +96,9 @@ ram.runtime = "50M"
     # This will automatically provision/deprovison a database and store the corresponding credentials in settings $db_user, $db_name, $db_pwd
     type = "postgresql"
 
+    [resources.permissions]
+    main.url = "/"
     
+    admin.url = "/"
+    admin.show_tile = false    # This means that this permission won't correspond to a tile in YunoHost's user portal
+    admin.allowed = "admins"   # Initialize the access for the "admins" group ... You can also use an install question called `init_admin_permission` to let the server admin choose this.

scripts/install

@@ -14,7 +14,9 @@ venv/bin/pip3 install -U lucterios lucterios-standard lucterios-contacts lucteri
 venv/bin/pip3 install -U diacamma-asso diacamma-syndic diacamma-financial
 venv/bin/pip3 install -U gunicorn psycopg2-binary psycopg2
 venv/bin/lucterios_admin.py installed
-venv/bin/lucterios_admin.py add -n inst-${app} -p "${APPLITYPE}" -m "${MODULES}" -d "${DATABASE}" -e '{"LANGUAGE_CODE":"'${language}'","USE_X_FORWARDED_HOST":true, "FORCE_SCRIPT_NAME":"/'${app}'"}'
+ynh_add_config --template="../conf/extra_diacamma.json" --destination="/tmp/extra.json"
+extra_json=$(jq -c . /tmp/extra.json)
+venv/bin/lucterios_admin.py add -n inst-${app} -p "${APPLITYPE}" -m "${MODULES}" -d "${DATABASE}" -e ''$extra_json''
 popd
 
 refresh_collect