From e87e4f91011af816a50438e3a99f18d3cb54b1f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Wed, 16 Dec 2020 22:30:16 +0100 Subject: [PATCH] Remove LDAP user --- conf/LocalSettings.php | 6 ++---- scripts/install | 34 ++++++++++------------------------ scripts/remove | 14 ++++---------- scripts/restore | 11 ----------- scripts/upgrade | 23 +++++++---------------- 5 files changed, 23 insertions(+), 65 deletions(-) diff --git a/conf/LocalSettings.php b/conf/LocalSettings.php index d9fb1df..d46d8f2 100644 --- a/conf/LocalSettings.php +++ b/conf/LocalSettings.php @@ -168,11 +168,9 @@ $LDAPProviderDomainConfigProvider = function() { "connection" => [ "server" => "localhost", "port" => "389", - "user" => "uid=__LDAP_USER__,ou=users,dc=yunohost,dc=org", - "pass" => "__LDAP_PASSWORD__", "basedn" => "dc=yunohost,dc=org", - "groupbasedn" => "dc=yunohost,dc=org", - "userbasedn" => "dc=yunohost,dc=org", + "groupbasedn" => "ou=users,dc=yunohost,dc=org", + "userbasedn" => "ou=groups,dc=yunohost,dc=org", "searchattribute" => "uid", "usernameattribute" => "uid", "realnameattribute" => "cn", diff --git a/scripts/install b/scripts/install index cb67daa..6100c79 100755 --- a/scripts/install +++ b/scripts/install @@ -13,6 +13,10 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -41,14 +45,6 @@ test ! -e "$final_path" || ynh_die --message="This path already contains a folde # Register (book) web path ynh_webpath_register --app="$app" --domain="$domain" --path_url="$path_url" -#================================================= -# GENERATE LDAP USER SETTINGS -#================================================= -ynh_script_progression --message="Generating dedicated LDAP user credentials..." --weight=1 - -ldap_user="${app}_ldap" -ldap_password=$(ynh_string_random --length=8) - #================================================= # STORE SETTINGS FROM MANIFEST #================================================= @@ -61,8 +57,6 @@ ynh_app_setting_set --app="$app" --key=admin_password --value="$admin_password" ynh_app_setting_set --app="$app" --key=is_public --value="$is_public" ynh_app_setting_set --app="$app" --key=language --value="$language" ynh_app_setting_set --app="$app" --key=wiki_name --value="$wiki_name" -ynh_app_setting_set --app="$app" --key=ldap_user --value="$ldap_user" -ynh_app_setting_set --app="$app" --key=ldap_password --value="$ldap_password" #================================================= # STANDARD MODIFICATIONS @@ -107,7 +101,7 @@ ynh_setup_source --dest_dir="$final_path/extensions/" --source_id="pluggable_aut #================================================= ynh_script_progression --message="Configuring nginx web server..." --weight=1 -# Create a dedicated nginx config +# Create a dedicated NGINX config ynh_add_nginx_config #================================================= @@ -121,22 +115,17 @@ ynh_system_user_create --username="$app" #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Configuring php-fpm..." --weight=1 +ynh_script_progression --message="Configuring PHP-FPM..." --weight=1 -# Create a dedicated php-fpm config +# Create a dedicated PHP-FPM config ynh_add_fpm_config phpversion=$(ynh_app_setting_get --app="$app" --key=phpversion) #================================================= # SPECIFIC SETUP #================================================= -# CREATE DEDICATED LDAP USER +# ... #================================================= -ynh_script_progression --message="Creating dedicated LDAP user..." --weight=1 - -yunohost user create "$ldap_user" \ - --firstname "MediaWikiLdap" --lastname "MediaWikiLdap" \ - --mail "${ldap_user}@$domain" --password "$ldap_password" -q 0 #================================================= # RUN INSTALLATION OF MEDIAWIKI @@ -187,9 +176,6 @@ secret=$(ynh_string_random 64) ynh_app_setting_set "$app" secret "$secret" ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__SECRET__" --replace_string="$secret" -ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__LDAP_USER__" --replace_string="$ldap_user" -ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__LDAP_PASSWORD__" --replace_string="$ldap_password" - "php$phpversion" "$final_path/maintenance/update.php" chown -R "$app:$app" "$final_path" @@ -201,13 +187,13 @@ ynh_script_progression --message="Configuring SSOwat..." --weight=1 # Make app public if necessary if [ "$is_public" -eq 1 ]; then - ynh_permission_update --permission "main" --add "visitors" + ynh_permission_update --permission "main" --add "visitors" fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/remove b/scripts/remove index 45d6067..ca307f2 100755 --- a/scripts/remove +++ b/scripts/remove @@ -21,7 +21,6 @@ port=$(ynh_app_setting_get --app="$app" --key=port) db_name=$(ynh_app_setting_get --app="$app" --key=db_name) db_user=$db_name final_path=$(ynh_app_setting_get --app="$app" --key=final_path) -ldap_user=$(ynh_app_setting_get --app="$app" --key=ldap_user) #================================================= # STANDARD REMOVE @@ -52,27 +51,22 @@ ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing nginx web server configuration..." --weight=1 +ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 -# Remove the dedicated nginx config +# Remove the dedicated NGINX config ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Removing php-fpm configuration..." --weight=1 +ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=1 -# Remove the dedicated php-fpm config +# Remove the dedicated PHP-FPM config ynh_remove_fpm_config #================================================= # SPECIFIC REMOVE #================================================= -# REMOVE LDAP USER -#================================================= -ynh_script_progression --message="Removing LDAP user..." --weight=1 - -yunohost user delete "$ldap_user" --purge #================================================= # GENERIC FINALIZATION diff --git a/scripts/restore b/scripts/restore index 527781c..c7e7a1f 100755 --- a/scripts/restore +++ b/scripts/restore @@ -29,8 +29,6 @@ path_url=$(ynh_app_setting_get --app="$app" --key=path) final_path=$(ynh_app_setting_get --app="$app" --key=final_path) db_name=$(ynh_app_setting_get --app="$app" --key=db_name) db_user=$db_name -ldap_user=$(ynh_app_setting_get --app="$app" --key=ldap_user) -ldap_password=$(ynh_app_setting_get --app="$app" --key=ldap_password) phpversion=$(ynh_app_setting_get --app="$app" --key=phpversion) #================================================= @@ -98,15 +96,6 @@ db_pwd=$(ynh_app_setting_get --app="$app" --key=mysqlpwd) ynh_mysql_setup_db --db_user="$db_user" --db_name="$db_name" --db_pwd="$db_pwd" ynh_mysql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" < ./db.sql -#================================================= -# RESTORE THE LDAP USER -#================================================= -ynh_script_progression --message="Restoring LDAP dedicated user..." --weight=1 - -yunohost user create "$ldap_user" \ - --firstname "MediaWikiLdap" --lastname "MediaWikiLdap" \ - --mail "${ldap_user}@$domain" --password "$ldap_password" -q 0 - #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 7382388..bf0652d 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -25,8 +25,6 @@ language=$(ynh_app_setting_get --app="$app" --key=language) wiki_name=$(ynh_app_setting_get --app="$app" --key=wiki_name) db_name=$(ynh_app_setting_get --app="$app" --key=db_name) db_pwd=$(ynh_app_setting_get --app="$app" --key=mysqlpwd) -ldap_user=$(ynh_app_setting_get --app="$app" --key=ldap_user) -ldap_password=$(ynh_app_setting_get --app="$app" --key=ldap_password) # Note(decentral1se): avoid using this on upgrade for the versions # of the application that upgrade and have not stored this in their @@ -126,18 +124,14 @@ phpversion=$(ynh_app_setting_get --app="$app" --key=phpversion) #================================================= # SPECIFIC UPGRADE #================================================= -# CREATE DEDICATED LDAP USER +# REMOVE LEGACY LDAP USER #================================================= -ynh_script_progression --message="Creating dedicated LDAP user if necessary..." --weight=1 - -if [[ -z "$ldap_user" ]]; then - ldap_user="${app}_ldap" - ldap_password=$(ynh_string_random --length=8) - ynh_app_setting_set --app="$app" --key=ldap_user --value="$ldap_user" - ynh_app_setting_set --app="$app" --key=ldap_password --value="$ldap_password" - yunohost user create "$ldap_user" \ - --firstname "MediaWikiLdap" --lastname "MediaWikiLdap" \ - --mail "${ldap_user}@$domain" --password "$ldap_password" -q 0 +# Removed in dec. 2020 +ldap_user=$(ynh_app_setting_get --app="$app" --key=ldap_user) +if [[ -n "$ldap_user" ]]; then + yunohost user delete "$ldap_user" + ynh_app_setting_delete --app="$app" --key=ldap_user + ynh_app_setting_delete --app="$app" --key=ldap_password fi #================================================= @@ -176,9 +170,6 @@ secret=$(ynh_string_random 64) ynh_app_setting_set "$app" secret "$secret" ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__SECRET__" --replace_string="$secret" -ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__LDAP_USER__" --replace_string="$ldap_user" -ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__LDAP_PASSWORD__" --replace_string="$ldap_password" - # Check for admin password being too short for the new mediawiki requirements password_length=$(ynh_app_setting_get --app="$app" --key=admin_password | awk '{print length}') if (( password_length < 10 )); then