Merge pull request #16 from yalh76/ldap

Ldap

README.md

@@ -19,7 +19,7 @@ Wekan is an open-source kanban board (task manager and organizer)
 
 - This app **only works on x86, 64bits architecture** ! In particular, it won't work on 32 bit machines or ARM. See the discussion [here](https://github.com/YunoHost-Apps/wekan_ynh/issues/1#issuecomment-401612500). On the long term, [support for ARM64 might happen](https://blog.wekan.team/2018/01/wekan-progress-on-x64-and-arm/index.html)...
 
-- There is currently **no SSO/LDAP integration** though it might be integrated at some point in the app, now that it's supported in Meteor/Wekan. c.f. discussion in [here](https://github.com/YunoHost-Apps/wekan_ynh/issues/4). In the meantime, users can create accounts (in fact, they can create infinite number of accounts) manually, and need to login manually specifically in Wekan.
+- There is currently **no SSO integration** though it might be integrated at some point in the app, now that it's supported in Meteor/Wekan. In the meantime, users can create accounts (in fact, they can create infinite number of accounts) manually, and need to login manually specifically in Wekan.
 
 ## Infos
 
@@ -33,8 +33,6 @@ Wekan is an open-source kanban board (task manager and organizer)
 
 **Private/Public mode:** In private mode, only authorized YunoHost members can access to the wekan. 
 
-**SSO/LDAP:** SSO and LDAP are not configured.
-
 ## Configuration
 
 First registered user will be admin, and next ones normal users. If you want other admins too, you can change their permission to admin at Wekan Admin Panel.
@@ -45,6 +43,9 @@ First registered user will be admin, and next ones normal users. If you want oth
 
 ## YunoHost specific features
 
+#### Multi-users support
+
+LDAP is supported but and HTTP auth is stil not supported
 #### Supported architectures
 
 * x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/wekan%20%28Community%29.svg)](https://ci-apps.yunohost.org/ci/apps/wekan/)

check_process

@@ -22,7 +22,7 @@
 	Level 3=auto
 # Level 4: If the app supports LDAP and SSOwat, turn level 4 to '1' and add a link to an issue or a part of your code to show it.
 # If the app does not use LDAP nor SSOwat, and can't use them, turn level 4 to 'na' and explain as well.
-	#LDAP to be implemented in wekan_ynh: https://github.com/wekan/wekan/wiki/LDAP
+	#LDAP Implemented but not SSOwat
 	Level 4=0
 	Level 5=auto
 	Level 6=auto

conf/.env

@@ -14,7 +14,7 @@ MONGO_URL=mongodb://127.0.0.1:27017/__DB_NAME__
 ROOT_URL=https://__DOMAIN_URI__
 
 # Mail URL
-MAIL_URL='smtp://user:pass@mailserver.example.com:25/'
+MAIL_URL='smtp://localhost:25/'
 
 # This is local port where Wekan Node.js runs
 PORT=__PORT__
@@ -145,42 +145,52 @@ WEBHOOKS_ATTRIBUTES=''
 # LDAP_ENABLE : Enable or not the connection by the LDAP
 # example :  LDAP_ENABLE=true
 #LDAP_ENABLE=false
+LDAP_ENABLE=true
 
 # LDAP_PORT : The port of the LDAP server
 # example :  LDAP_PORT=389
 #LDAP_PORT=389
+LDAP_PORT=389
 
 # LDAP_HOST : The host server for the LDAP server
 # example :  LDAP_HOST=localhost
 #LDAP_HOST=
+LDAP_HOST=localhost
 
 # LDAP_BASEDN : The base DN for the LDAP Tree
 # example :  LDAP_BASEDN=ou=user,dc=example,dc=org
 #LDAP_BASEDN=
+LDAP_BASEDN=dc=yunohost,dc=org
 
 # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method
 # example :  LDAP_LOGIN_FALLBACK=true
 #LDAP_LOGIN_FALLBACK=false
+LDAP_LOGIN_FALLBACK=true
 
 # LDAP_RECONNECT : Reconnect to the server if the connection is lost
 # example :  LDAP_RECONNECT=false
 #LDAP_RECONNECT=true
+LDAP_RECONNECT=true
 
 # LDAP_TIMEOUT : Overall timeout, in milliseconds
 # example :  LDAP_TIMEOUT=12345
 #LDAP_TIMEOUT=10000
+LDAP_TIMEOUT=10000
 
 # LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds
 # example :  LDAP_IDLE_TIMEOUT=12345
 #LDAP_IDLE_TIMEOUT=10000
+LDAP_IDLE_TIMEOUT=10000
 
 # LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds
 # example :  LDAP_CONNECT_TIMEOUT=12345
 #LDAP_CONNECT_TIMEOUT=10000
+LDAP_CONNECT_TIMEOUT=10000
 
 # LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search
 # example :  LDAP_AUTHENTIFICATION=true
 #LDAP_AUTHENTIFICATION=false
+LDAP_AUTHENTIFICATION=false
 
 # LDAP_AUTHENTIFICATION_USERDN : The search user DN
 # example :  LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org
@@ -193,22 +203,27 @@ WEBHOOKS_ATTRIBUTES=''
 # LDAP_LOG_ENABLED : Enable logs for the module
 # example :  LDAP_LOG_ENABLED=true
 #LDAP_LOG_ENABLED=false
+LDAP_LOG_ENABLED=true
 
 # LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background
 # example :  LDAP_BACKGROUND_SYNC=true
 #LDAP_BACKGROUND_SYNC=false
+LDAP_BACKGROUND_SYNC=true
 
 # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds
 # example :  LDAP_BACKGROUND_SYNC_INTERVAL=12345
 #LDAP_BACKGROUND_SYNC_INTERVAL=100
+LDAP_BACKGROUND_SYNC_INTERVAL=100
 
 # LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED :
 # example :  LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true
 #LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false
+LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true
 
 # LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS :
 # example :  LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true
 #LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false
+LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true
 
 # LDAP_ENCRYPTION : If using LDAPS
 # example :  LDAP_ENCRYPTION=ssl
@@ -225,104 +240,130 @@ WEBHOOKS_ATTRIBUTES=''
 # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
 # example :  LDAP_USER_SEARCH_FILTER=
 #LDAP_USER_SEARCH_FILTER=
+LDAP_USER_SEARCH_FILTER="(objectclass=posixAccount)"
 
 # LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree)
 # example :  LDAP_USER_SEARCH_SCOPE=one
 #LDAP_USER_SEARCH_SCOPE=
+LDAP_USER_SEARCH_SCOPE=sub
 
 # LDAP_USER_SEARCH_FIELD : Which field is used to find the user
 # example :  LDAP_USER_SEARCH_FIELD=uid
 #LDAP_USER_SEARCH_FIELD=
+LDAP_USER_SEARCH_FIELD=uid
 
 # LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited)
 # example :  LDAP_SEARCH_PAGE_SIZE=12345
 #LDAP_SEARCH_PAGE_SIZE=0
+LDAP_SEARCH_PAGE_SIZE=0
 
 # LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited)
 # example :  LDAP_SEARCH_SIZE_LIMIT=12345
 #LDAP_SEARCH_SIZE_LIMIT=0
+LDAP_SEARCH_SIZE_LIMIT=0
 
 # LDAP_GROUP_FILTER_ENABLE : Enable group filtering
 # example :  LDAP_GROUP_FILTER_ENABLE=true
 #LDAP_GROUP_FILTER_ENABLE=false
+LDAP_GROUP_FILTER_ENABLE=true
 
 # LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering
 # example :  LDAP_GROUP_FILTER_OBJECTCLASS=group
 #LDAP_GROUP_FILTER_OBJECTCLASS=
+LDAP_GROUP_FILTER_OBJECTCLASS=posixGroup
 
 # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE :
 # example :
 #LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=
+LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=cn
 
 # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE :
 # example :
 #LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=
+LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=memberUid
 
 # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT :
 # example :
 #LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=
+LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=uid
 
 # LDAP_GROUP_FILTER_GROUP_NAME :
-# example :
+# example : LDAP_GROUP_FILTER_GROUP_NAME=wekan_user
 #LDAP_GROUP_FILTER_GROUP_NAME=
+LDAP_GROUP_FILTER_GROUP_NAME=sftpusers
 
 # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier)
 # example :  LDAP_UNIQUE_IDENTIFIER_FIELD=guid
 #LDAP_UNIQUE_IDENTIFIER_FIELD=
+LDAP_UNIQUE_IDENTIFIER_FIELD=entryUUID
 
 # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8
 # example :  LDAP_UTF8_NAMES_SLUGIFY=false
 #LDAP_UTF8_NAMES_SLUGIFY=true
+LDAP_UTF8_NAMES_SLUGIFY=true
 
 # LDAP_USERNAME_FIELD : Which field contains the ldap username
 # example :  LDAP_USERNAME_FIELD=username
 #LDAP_USERNAME_FIELD=
+LDAP_USERNAME_FIELD=uid
 
 # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname
 # example :  LDAP_FULLNAME_FIELD=fullname
 #LDAP_FULLNAME_FIELD=
+LDAP_FULLNAME_FIELD=cn
 
 # LDAP_MERGE_EXISTING_USERS :
 # example :  LDAP_MERGE_EXISTING_USERS=true
 #LDAP_MERGE_EXISTING_USERS=false
+LDAP_MERGE_EXISTING_USERS=true
 
 # LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match
 # example: LDAP_EMAIL_MATCH_ENABLE=true
 #LDAP_EMAIL_MATCH_ENABLE=false
+LDAP_EMAIL_MATCH_ENABLE=true
 
 # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match
 # example: LDAP_EMAIL_MATCH_REQUIRE=true
 #LDAP_EMAIL_MATCH_REQUIRE=false
+LDAP_EMAIL_MATCH_REQUIRE=false
 
 # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching
 # example: LDAP_EMAIL_MATCH_VERIFIED=true
 #LDAP_EMAIL_MATCH_VERIFIED=false
+LDAP_EMAIL_MATCH_VERIFIED=false
 
 # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address
 # example: LDAP_EMAIL_FIELD=mail
 #LDAP_EMAIL_FIELD=
+LDAP_EMAIL_FIELD=mail
 
 # LDAP_SYNC_USER_DATA :
 # example :  LDAP_SYNC_USER_DATA=true
 #LDAP_SYNC_USER_DATA=false
+LDAP_SYNC_USER_DATA=true
 
 # LDAP_SYNC_USER_DATA_FIELDMAP :
 # example :  LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"}
 #LDAP_SYNC_USER_DATA_FIELDMAP=
+LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name"}
 
 # LDAP_SYNC_GROUP_ROLES :
 # example :
 #LDAP_SYNC_GROUP_ROLES=
+LDAP_SYNC_GROUP_ROLES=admins
 
 # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
 # example :
 #LDAP_DEFAULT_DOMAIN=
+LDAP_DEFAULT_DOMAIN=yh03.yh.yalh.net
 
 # Enable/Disable syncing of admin status based on ldap groups:
 #LDAP_SYNC_ADMIN_STATUS=true
+LDAP_SYNC_ADMIN_STATUS=true
 
 # Comma separated list of admin group names to sync.
 #LDAP_SYNC_ADMIN_GROUPS=group1,group2
+LDAP_SYNC_ADMIN_GROUPS=admins
 
 # LOGOUT_WITH_TIMER : Enables or not the option logout with timer
 # example : LOGOUT_WITH_TIMER=true