Remove LDAP user

conf/LocalSettings.php

@@ -168,11 +168,9 @@ $LDAPProviderDomainConfigProvider = function() {
       "connection" => [
         "server" => "localhost",
         "port" => "389",
-        "user" => "uid=__LDAP_USER__,ou=users,dc=yunohost,dc=org",
-        "pass" => "__LDAP_PASSWORD__",
         "basedn" => "dc=yunohost,dc=org",
-        "groupbasedn" => "dc=yunohost,dc=org",
+        "groupbasedn" => "ou=users,dc=yunohost,dc=org",
-        "userbasedn" => "dc=yunohost,dc=org",
+        "userbasedn" => "ou=groups,dc=yunohost,dc=org",
         "searchattribute" => "uid",
         "usernameattribute" => "uid",
         "realnameattribute" => "cn",

scripts/install

@@ -13,6 +13,10 @@ source /usr/share/yunohost/helpers
 # MANAGE SCRIPT FAILURE
 #=================================================
 
+ynh_clean_setup () {
+	### Remove this function if there's nothing to clean before calling the remove script.
+	true
+}
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 
@@ -41,14 +45,6 @@ test ! -e "$final_path" || ynh_die --message="This path already contains a folde
 # Register (book) web path
 ynh_webpath_register --app="$app" --domain="$domain" --path_url="$path_url"
 
-#=================================================
-# GENERATE LDAP USER SETTINGS
-#=================================================
-ynh_script_progression --message="Generating dedicated LDAP user credentials..." --weight=1
-
-ldap_user="${app}_ldap"
-ldap_password=$(ynh_string_random --length=8)
-
 #=================================================
 # STORE SETTINGS FROM MANIFEST
 #=================================================
@@ -61,8 +57,6 @@ ynh_app_setting_set --app="$app" --key=admin_password --value="$admin_password"
 ynh_app_setting_set --app="$app" --key=is_public --value="$is_public"
 ynh_app_setting_set --app="$app" --key=language --value="$language"
 ynh_app_setting_set --app="$app" --key=wiki_name --value="$wiki_name"
-ynh_app_setting_set --app="$app" --key=ldap_user --value="$ldap_user"
-ynh_app_setting_set --app="$app" --key=ldap_password --value="$ldap_password"
 
 #=================================================
 # STANDARD MODIFICATIONS
@@ -107,7 +101,7 @@ ynh_setup_source --dest_dir="$final_path/extensions/" --source_id="pluggable_aut
 #=================================================
 ynh_script_progression --message="Configuring nginx web server..." --weight=1
 
-# Create a dedicated nginx config
+# Create a dedicated NGINX config
 ynh_add_nginx_config
 
 #=================================================
@@ -121,22 +115,17 @@ ynh_system_user_create --username="$app"
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
-ynh_script_progression --message="Configuring php-fpm..." --weight=1
+ynh_script_progression --message="Configuring PHP-FPM..." --weight=1
 
-# Create a dedicated php-fpm config
+# Create a dedicated PHP-FPM config
 ynh_add_fpm_config
 phpversion=$(ynh_app_setting_get --app="$app" --key=phpversion)
 
 #=================================================
 # SPECIFIC SETUP
 #=================================================
-# CREATE DEDICATED LDAP USER
+# ...
 #=================================================
-ynh_script_progression --message="Creating dedicated LDAP user..." --weight=1
-
-yunohost user create "$ldap_user" \
-  --firstname "MediaWikiLdap" --lastname "MediaWikiLdap" \
-  --mail "${ldap_user}@$domain" --password "$ldap_password" -q 0
 
 #=================================================
 # RUN INSTALLATION OF MEDIAWIKI
@@ -187,9 +176,6 @@ secret=$(ynh_string_random 64)
 ynh_app_setting_set "$app" secret "$secret"
 ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__SECRET__"    --replace_string="$secret"
 
-ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__LDAP_USER__" --replace_string="$ldap_user"
-ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__LDAP_PASSWORD__" --replace_string="$ldap_password"
-
 "php$phpversion" "$final_path/maintenance/update.php"
 
 chown -R "$app:$app" "$final_path"
@@ -201,13 +187,13 @@ ynh_script_progression --message="Configuring SSOwat..." --weight=1
 
 # Make app public if necessary
 if [ "$is_public" -eq 1 ]; then
-  ynh_permission_update --permission "main" --add "visitors"
+    ynh_permission_update --permission "main" --add "visitors"
 fi
 
 #=================================================
 # RELOAD NGINX
 #=================================================
-ynh_script_progression --message="Reloading nginx web server..." --weight=1
+ynh_script_progression --message="Reloading NGINX web server..." --weight=1
 
 ynh_systemd_action --service_name=nginx --action=reload
 

scripts/remove

@@ -21,7 +21,6 @@ port=$(ynh_app_setting_get --app="$app" --key=port)
 db_name=$(ynh_app_setting_get --app="$app" --key=db_name)
 db_user=$db_name
 final_path=$(ynh_app_setting_get --app="$app" --key=final_path)
-ldap_user=$(ynh_app_setting_get --app="$app" --key=ldap_user)
 
 #=================================================
 # STANDARD REMOVE
@@ -52,27 +51,22 @@ ynh_secure_remove --file="$final_path"
 #=================================================
 # REMOVE NGINX CONFIGURATION
 #=================================================
-ynh_script_progression --message="Removing nginx web server configuration..." --weight=1
+ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
 
-# Remove the dedicated nginx config
+# Remove the dedicated NGINX config
 ynh_remove_nginx_config
 
 #=================================================
 # REMOVE PHP-FPM CONFIGURATION
 #=================================================
-ynh_script_progression --message="Removing php-fpm configuration..." --weight=1
+ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=1
 
-# Remove the dedicated php-fpm config
+# Remove the dedicated PHP-FPM config
 ynh_remove_fpm_config
 
 #=================================================
 # SPECIFIC REMOVE
 #=================================================
-# REMOVE LDAP USER
-#=================================================
-ynh_script_progression --message="Removing LDAP user..." --weight=1
-
-yunohost user delete "$ldap_user" --purge
 
 #=================================================
 # GENERIC FINALIZATION

scripts/restore

@@ -29,8 +29,6 @@ path_url=$(ynh_app_setting_get --app="$app" --key=path)
 final_path=$(ynh_app_setting_get --app="$app" --key=final_path)
 db_name=$(ynh_app_setting_get --app="$app" --key=db_name)
 db_user=$db_name
-ldap_user=$(ynh_app_setting_get --app="$app" --key=ldap_user)
-ldap_password=$(ynh_app_setting_get --app="$app" --key=ldap_password)
 phpversion=$(ynh_app_setting_get --app="$app" --key=phpversion)
 
 #=================================================
@@ -98,15 +96,6 @@ db_pwd=$(ynh_app_setting_get --app="$app" --key=mysqlpwd)
 ynh_mysql_setup_db --db_user="$db_user" --db_name="$db_name" --db_pwd="$db_pwd"
 ynh_mysql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" < ./db.sql
 
-#=================================================
-# RESTORE THE LDAP USER
-#=================================================
-ynh_script_progression --message="Restoring LDAP dedicated user..." --weight=1
-
-yunohost user create "$ldap_user" \
-    --firstname "MediaWikiLdap" --lastname "MediaWikiLdap" \
-    --mail "${ldap_user}@$domain" --password "$ldap_password" -q 0
-
 #=================================================
 # GENERIC FINALIZATION
 #=================================================

scripts/upgrade

@@ -25,8 +25,6 @@ language=$(ynh_app_setting_get --app="$app" --key=language)
 wiki_name=$(ynh_app_setting_get --app="$app" --key=wiki_name)
 db_name=$(ynh_app_setting_get --app="$app" --key=db_name)
 db_pwd=$(ynh_app_setting_get --app="$app" --key=mysqlpwd)
-ldap_user=$(ynh_app_setting_get --app="$app" --key=ldap_user)
-ldap_password=$(ynh_app_setting_get --app="$app" --key=ldap_password)
 
 # Note(decentral1se): avoid using this on upgrade for the versions
 # of the application that upgrade and have not stored this in their
@@ -126,18 +124,14 @@ phpversion=$(ynh_app_setting_get --app="$app" --key=phpversion)
 #=================================================
 # SPECIFIC UPGRADE
 #=================================================
-# CREATE DEDICATED LDAP USER
+# REMOVE LEGACY LDAP USER
 #=================================================
-ynh_script_progression --message="Creating dedicated LDAP user if necessary..." --weight=1
+# Removed in dec. 2020
-
+ldap_user=$(ynh_app_setting_get --app="$app" --key=ldap_user)
-if [[ -z "$ldap_user" ]]; then
+if [[ -n "$ldap_user" ]]; then
-    ldap_user="${app}_ldap"
+    yunohost user delete "$ldap_user"
-    ldap_password=$(ynh_string_random --length=8)
+    ynh_app_setting_delete --app="$app" --key=ldap_user
-    ynh_app_setting_set --app="$app" --key=ldap_user --value="$ldap_user"
+    ynh_app_setting_delete --app="$app" --key=ldap_password
-    ynh_app_setting_set --app="$app" --key=ldap_password --value="$ldap_password"
-    yunohost user create "$ldap_user" \
-        --firstname "MediaWikiLdap" --lastname "MediaWikiLdap" \
-        --mail "${ldap_user}@$domain" --password "$ldap_password" -q 0
 fi
 
 #=================================================
@@ -176,9 +170,6 @@ secret=$(ynh_string_random 64)
 ynh_app_setting_set "$app" secret "$secret"
 ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__SECRET__"    --replace_string="$secret"
 
-ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__LDAP_USER__" --replace_string="$ldap_user"
-ynh_replace_string --target_file="$final_path/LocalSettings.php" --match_string="__LDAP_PASSWORD__" --replace_string="$ldap_password"
-
 # Check for admin password being too short for the new mediawiki requirements
 password_length=$(ynh_app_setting_get --app="$app" --key=admin_password | awk '{print length}')
 if (( password_length < 10 )); then