[enh] Use LDAP auth, fix folders permissions.

manifest.json

@@ -33,6 +33,14 @@
                 "example": "/dokuwiki",
                 "default": "/dokuwiki"
             },
+            {
+                "name": "admin",
+                "ask": {
+                    "en": "Choose an admin user",
+                    "fr": "Choisissez l'administrateur"
+                },
+                "example": "johndoe"
+            },
             {
                 "name": "is_public",
                 "ask": {

scripts/install

@@ -3,7 +3,12 @@
 # Retrieve arguments
 domain=$1
 path=$2
-is_public=$3
+admin=$3
+is_public=$4
+
+# Save app settings
+sudo yunohost app setting dokuwiki admin -v "$admin" 
+sudo yunohost app setting dokuwiki is_public -v "$is_public" 
 
 # Check domain/path availability
 sudo yunohost app checkurl $domain$path -a dokuwiki
@@ -11,26 +16,30 @@ if [[ ! $? -eq 0 ]]; then
     exit 1
 fi
 
+# Modify dokuwiki conf
+sed -i "s@YNH_ADMIN_USER@$admin@g" ../sources/conf/dokuwiki.php
+
 # Copy files to the right place
 final_path=/var/www/dokuwiki
 sudo mkdir -p $final_path
 sudo cp -a ../sources/* $final_path
 
 # Files owned by root, www-data can just read
-sudo find $final_path -type f | xargs sudo chmod 644
+sudo find $final_path -type f | xargs sudo chmod 0644
-sudo find $final_path -type d | xargs sudo chmod 755
+sudo find $final_path -type d | xargs sudo chmod 0755
 sudo chown -R root: $final_path
 
 # except for conf, data, some data subfolders, and lib/plugin, where www-data must have write permissions
-sudo chown www-data:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins/}
+sudo chown -R www-data:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins}
-sudo chmod 700 $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins/}
+sudo chmod -R 700 $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins}
 
 # Modify Nginx configuration file and copy it to Nginx conf directory
 sed -i "s@YNH_WWW_PATH@$path@g" ../conf/nginx.conf
 sed -i "s@YNH_WWW_ALIAS@$final_path/@g" ../conf/nginx.conf
 sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/dokuwiki.conf
 
-if [ $is_public = "Yes" ];
+
+if [ "$is_public" = "Yes" ];
 then
   sudo yunohost app setting dokuwiki skipped_uris -v "/" 
 fi

scripts/upgrade

@@ -2,31 +2,42 @@
 
 domain=$(sudo yunohost app setting dokuwiki domain)
 path=$(sudo yunohost app setting dokuwiki path)
+admin=$(sudo yunohost app setting dokuwiki admin)
 is_public=$(sudo yunohost app setting dokuwiki is_public)
 
+# admin default value, if not set
+if [ -z "$admin" ];
+then
+	admin=$(sudo yunohost user list | grep 'username' -m1 | awk '{print $2}')
+	sudo yunohost app setting dokuwiki is_public -v "$is_public" 
+fi
+
 # Remove trailing "/" for next commands
 path=${path%/}
 
+# Modify dokuwiki conf
+sed -i "s@YNH_ADMIN_USER@$admin@g" ../sources/conf/dokuwiki.php
+
 # Copy files to the right place
 final_path=/var/www/dokuwiki
 sudo mkdir -p $final_path
 sudo cp -a ../sources/* $final_path
 
 # Files owned by root, www-data can just read
-sudo find $final_path -type f | xargs sudo chmod 644
+sudo find $final_path -type f | xargs sudo chmod 0644
 sudo find $final_path -type d | xargs sudo chmod 755
 sudo chown -R root: $final_path
 
-# except for data and tmp subdir, where www-data must have write permissions
+# except for conf, data, some data subfolders, and lib/plugin, where www-data must have write permissions
-sudo chown www-data:root $final_path/{data,data/tmp,lib/plugins/}
+sudo chown -R www-data:root $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins}
-sudo chmod 700 $final_path/{data,data/tmp,lib/plugins/}
+sudo chmod -R 700 $final_path/{conf,data,data/attic,data/cache,data/index,data/locks,data/media*,data/meta,data/pages,data/tmp,lib/plugins}
 
 # Modify Nginx configuration file and copy it to Nginx conf directory
 sed -i "s@YNH_WWW_PATH@$path@g" ../conf/nginx.conf
 sed -i "s@YNH_WWW_ALIAS@$final_path/@g" ../conf/nginx.conf
 sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/dokuwiki.conf
 
-if [ $is_public = "Yes" ];
+if [ "$is_public" = "Yes" ];
 then
   sudo yunohost app setting dokuwiki skipped_uris -v "/" 
 fi

sources/conf/dokuwiki.php

@@ -52,13 +52,14 @@ $conf['sneaky_index']= 0;                 //check for namespace read permission
 $conf['hidepages']   = '';                //Regexp for pages to be skipped from RSS, Search and Recent Changes
 
 /* Authentication Settings */
-$conf['useacl']      = 0;                //Use Access Control Lists to restrict access?
+$conf['useacl']      = 1;                //Use Access Control Lists to restrict access?
+$conf['openregister']= 0;
 $conf['autopasswd']  = 1;                //autogenerate passwords and email them to user
-$conf['authtype']    = 'authplain';      //which authentication backend should be used
+$conf['authtype']    = 'authldap';      //which authentication backend should be used
-$conf['passcrypt']   = 'smd5';           //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411)
+$conf['passcrypt']   = 'sha1';           //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411)
 $conf['defaultgroup']= 'user';           //Default groups new Users are added to
-$conf['superuser']   = '!!not set!!';    //The admin can be user or @group or comma separated list user1,@group1,user2
+$conf['superuser']   = 'YNH_ADMIN_USER';    //The admin can be user or @group or comma separated list user1,@group1,user2
-$conf['manager']     = '!!not set!!';    //The manager can be user or @group or comma separated list user1,@group1,user2
+$conf['manager']     = 'YNH_ADMIN_USER';    //The manager can be user or @group or comma separated list user1,@group1,user2
 $conf['profileconfirm'] = 1;             //Require current password to confirm changes to user profile
 $conf['rememberme'] = 1;                 //Enable/disable remember me on login
 $conf['disableactions'] = '';            //comma separated list of actions to disable
@@ -67,6 +68,17 @@ $conf['securecookie'] = 1;               //never send HTTPS cookies via HTTP
 $conf['remote']      = 0;                //Enable/disable remote interfaces
 $conf['remoteuser']  = '!!not set !!';   //user/groups that have access to remote interface (comma separated)
 
+/* LDAP Yunohost config */
+$conf['auth']['ldap']['server']      = 'localhost';
+$conf['auth']['ldap']['port']        = 389;
+$conf['auth']['ldap']['version']    = 3;
+$conf['auth']['ldap']['usertree']    = 'ou=users,dc=yunohost,dc=org';
+$conf['auth']['ldap']['userfilter']  = '(&(uid=%{user})(objectClass=posixAccount))';
+# no groups
+#$conf['auth']['ldap']['grouptree']   = 'ou=Group, dc=server, dc=tld';
+#$conf['auth']['ldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))'; 
+
+
 /* Antispam Features */
 $conf['usewordblock']= 1;                //block spam based on words? 0|1
 $conf['relnofollow'] = 1;                //use rel="nofollow" for external links?