Use config file for LDAP auth

conf/ldap.conf

@@ -0,0 +1,28 @@
+# This is an example of LDAP (BindDN) authentication
+#
+id           = 1
+type         = ldap_bind_dn
+name         = Yunohost LDAP
+is_activated = true
+
+[config]
+host               = localhost
+port               = 389
+# 0 - Unencrypted, 1 - LDAPS, 2 - StartTLS
+security_protocol  = 0
+skip_verify        = false
+bind_dn            = 
+bind_password      = 
+user_base          = ou=users,dc=yunohost,dc=org
+attribute_username = uid
+attribute_name     = givenName
+attribute_surname  = sn
+attribute_mail     = mail
+attributes_in_bind = false
+filter             = (&(objectClass=posixAccount)(uid=%s))
+admin_filter       = (uid=__ADMIN__)
+group_enabled      = false
+group_dn           = 
+group_filter       = 
+group_member_uid   = 
+user_uid           = uid

conf/login_source.sql

@@ -1,3 +0,0 @@
-INSERT INTO `__APP__`.`login_source` (`id`, `type`, `name`, `is_actived`, `cfg`, `created_unix`, `updated_unix`) VALUES
-('1', '2', 'Yunohost LDAP', '1', '{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(uid=%s)","AdminFilter":"(uid=__ADMIN__)","Enabled":true}', '1464014433', '1464015955')
-ON DUPLICATE KEY UPDATE cfg='{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(uid=%s)","AdminFilter":"(uid=__ADMIN__)","Enabled":true}'

scripts/_common.sh

@@ -30,8 +30,7 @@ fi
 
 create_dir() {
     mkdir -p "$final_path/data"
-    mkdir -p "$final_path/custom/conf"
-    mkdir -p "$REPO_PATH"
+    mkdir -p "$final_path/custom/conf/auth.d"
     mkdir -p "$DATA_PATH/avatars"
     mkdir -p "$DATA_PATH/attachments"
     mkdir -p "/var/log/$app"
@@ -47,8 +46,10 @@ config_nginx() {
 
 config_gogs() {
     ynh_backup_if_checksum_is_different "$final_path/custom/conf/app.ini"
+    ynh_backup_if_checksum_is_different "$final_path/custom/conf/auth.d/ldap.conf"
 
     cp ../conf/app.ini "$final_path/custom/conf"
+    cp ../conf/ldap.conf "$final_path/custom/conf/auth.d/ldap.conf"
 
     if [ "$path_url" = "/" ]
     then
@@ -73,7 +74,10 @@ config_gogs() {
         ynh_replace_string "__PRIVATE_MODE__" "true" "$final_path/custom/conf/app.ini"
     fi
 
+    ynh_replace_string "__ADMIN__" "$admin" "$final_path/custom/conf/auth.d/ldap.conf"
+
     ynh_store_file_checksum "$final_path/custom/conf/app.ini"
+    ynh_store_file_checksum "$final_path/custom/conf/auth.d/ldap.conf"
 }
 
 set_permission() {

scripts/install

@@ -73,27 +73,13 @@ ynh_add_systemd_config
 # Modify Nginx configuration file and copy it to Nginx conf directory
 config_nginx
 
-# Start gogs for building mysql tables
-systemctl start "$app".service
-
-# Set permissions
-set_permission
-
-# Wait till login_source mysql table is created
-while ! $(ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname"  <<< "SELECT * FROM login_source;" &>/dev/null)
-do
-    sleep 2
-done
-
-# Add ldap config
-ynh_replace_string "__ADMIN__" "$admin" ../conf/login_source.sql
-ynh_replace_string "__APP__" "$app" ../conf/login_source.sql
-ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql
-
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 
+# Set permissions
+set_permission
+
 # Unprotect root from SSO if public
 set_access_settings
 

scripts/upgrade

@@ -80,6 +80,13 @@ then
     usermod -p '*' "$app"
 fi
 
+# Remove old authentification mecanisme, actually the registry in the database has been replaced by a config file
+if [[ ! -e "$final_path/custom/conf/auth.d/ldap.conf" ]]
+then
+    ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname"  <<< "DELETE FROM login_source WHERE name = 'Yunohost LDAP';"
+    mkdir -p "$final_path/custom/conf/auth.d"
+fi
+
 #=================================================
 # STANDARD UPGRADE STEPS
 #=================================================