mirror of
https://github.com/YunoHost-Apps/wekan_ynh.git
synced 2024-09-03 20:36:09 +02:00
commit
33705af51d
3 changed files with 49 additions and 7 deletions
|
@ -19,7 +19,7 @@ Wekan is an open-source kanban board (task manager and organizer)
|
|||
|
||||
- This app **only works on x86, 64bits architecture** ! In particular, it won't work on 32 bit machines or ARM. See the discussion [here](https://github.com/YunoHost-Apps/wekan_ynh/issues/1#issuecomment-401612500). On the long term, [support for ARM64 might happen](https://blog.wekan.team/2018/01/wekan-progress-on-x64-and-arm/index.html)...
|
||||
|
||||
- There is currently **no SSO/LDAP integration** though it might be integrated at some point in the app, now that it's supported in Meteor/Wekan. c.f. discussion in [here](https://github.com/YunoHost-Apps/wekan_ynh/issues/4). In the meantime, users can create accounts (in fact, they can create infinite number of accounts) manually, and need to login manually specifically in Wekan.
|
||||
- There is currently **no SSO integration** though it might be integrated at some point in the app, now that it's supported in Meteor/Wekan. In the meantime, users can create accounts (in fact, they can create infinite number of accounts) manually, and need to login manually specifically in Wekan.
|
||||
|
||||
## Infos
|
||||
|
||||
|
@ -33,8 +33,6 @@ Wekan is an open-source kanban board (task manager and organizer)
|
|||
|
||||
**Private/Public mode:** In private mode, only authorized YunoHost members can access to the wekan.
|
||||
|
||||
**SSO/LDAP:** SSO and LDAP are not configured.
|
||||
|
||||
## Configuration
|
||||
|
||||
First registered user will be admin, and next ones normal users. If you want other admins too, you can change their permission to admin at Wekan Admin Panel.
|
||||
|
@ -45,6 +43,9 @@ First registered user will be admin, and next ones normal users. If you want oth
|
|||
|
||||
## YunoHost specific features
|
||||
|
||||
#### Multi-users support
|
||||
|
||||
LDAP is supported but and HTTP auth is stil not supported
|
||||
#### Supported architectures
|
||||
|
||||
* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/wekan%20%28Community%29.svg)](https://ci-apps.yunohost.org/ci/apps/wekan/)
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
Level 3=auto
|
||||
# Level 4: If the app supports LDAP and SSOwat, turn level 4 to '1' and add a link to an issue or a part of your code to show it.
|
||||
# If the app does not use LDAP nor SSOwat, and can't use them, turn level 4 to 'na' and explain as well.
|
||||
#LDAP to be implemented in wekan_ynh: https://github.com/wekan/wekan/wiki/LDAP
|
||||
#LDAP Implemented but not SSOwat
|
||||
Level 4=0
|
||||
Level 5=auto
|
||||
Level 6=auto
|
||||
|
|
45
conf/.env
45
conf/.env
|
@ -14,7 +14,7 @@ MONGO_URL=mongodb://127.0.0.1:27017/__DB_NAME__
|
|||
ROOT_URL=https://__DOMAIN_URI__
|
||||
|
||||
# Mail URL
|
||||
MAIL_URL='smtp://user:pass@mailserver.example.com:25/'
|
||||
MAIL_URL='smtp://localhost:25/'
|
||||
|
||||
# This is local port where Wekan Node.js runs
|
||||
PORT=__PORT__
|
||||
|
@ -145,42 +145,52 @@ WEBHOOKS_ATTRIBUTES=''
|
|||
# LDAP_ENABLE : Enable or not the connection by the LDAP
|
||||
# example : LDAP_ENABLE=true
|
||||
#LDAP_ENABLE=false
|
||||
LDAP_ENABLE=true
|
||||
|
||||
# LDAP_PORT : The port of the LDAP server
|
||||
# example : LDAP_PORT=389
|
||||
#LDAP_PORT=389
|
||||
LDAP_PORT=389
|
||||
|
||||
# LDAP_HOST : The host server for the LDAP server
|
||||
# example : LDAP_HOST=localhost
|
||||
#LDAP_HOST=
|
||||
LDAP_HOST=localhost
|
||||
|
||||
# LDAP_BASEDN : The base DN for the LDAP Tree
|
||||
# example : LDAP_BASEDN=ou=user,dc=example,dc=org
|
||||
#LDAP_BASEDN=
|
||||
LDAP_BASEDN=dc=yunohost,dc=org
|
||||
|
||||
# LDAP_LOGIN_FALLBACK : Fallback on the default authentication method
|
||||
# example : LDAP_LOGIN_FALLBACK=true
|
||||
#LDAP_LOGIN_FALLBACK=false
|
||||
LDAP_LOGIN_FALLBACK=true
|
||||
|
||||
# LDAP_RECONNECT : Reconnect to the server if the connection is lost
|
||||
# example : LDAP_RECONNECT=false
|
||||
#LDAP_RECONNECT=true
|
||||
LDAP_RECONNECT=true
|
||||
|
||||
# LDAP_TIMEOUT : Overall timeout, in milliseconds
|
||||
# example : LDAP_TIMEOUT=12345
|
||||
#LDAP_TIMEOUT=10000
|
||||
LDAP_TIMEOUT=10000
|
||||
|
||||
# LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds
|
||||
# example : LDAP_IDLE_TIMEOUT=12345
|
||||
#LDAP_IDLE_TIMEOUT=10000
|
||||
LDAP_IDLE_TIMEOUT=10000
|
||||
|
||||
# LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds
|
||||
# example : LDAP_CONNECT_TIMEOUT=12345
|
||||
#LDAP_CONNECT_TIMEOUT=10000
|
||||
LDAP_CONNECT_TIMEOUT=10000
|
||||
|
||||
# LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search
|
||||
# example : LDAP_AUTHENTIFICATION=true
|
||||
#LDAP_AUTHENTIFICATION=false
|
||||
LDAP_AUTHENTIFICATION=false
|
||||
|
||||
# LDAP_AUTHENTIFICATION_USERDN : The search user DN
|
||||
# example : LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org
|
||||
|
@ -193,22 +203,27 @@ WEBHOOKS_ATTRIBUTES=''
|
|||
# LDAP_LOG_ENABLED : Enable logs for the module
|
||||
# example : LDAP_LOG_ENABLED=true
|
||||
#LDAP_LOG_ENABLED=false
|
||||
LDAP_LOG_ENABLED=true
|
||||
|
||||
# LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background
|
||||
# example : LDAP_BACKGROUND_SYNC=true
|
||||
#LDAP_BACKGROUND_SYNC=false
|
||||
LDAP_BACKGROUND_SYNC=true
|
||||
|
||||
# LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds
|
||||
# example : LDAP_BACKGROUND_SYNC_INTERVAL=12345
|
||||
#LDAP_BACKGROUND_SYNC_INTERVAL=100
|
||||
LDAP_BACKGROUND_SYNC_INTERVAL=100
|
||||
|
||||
# LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED :
|
||||
# example : LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true
|
||||
#LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false
|
||||
LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true
|
||||
|
||||
# LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS :
|
||||
# example : LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true
|
||||
#LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false
|
||||
LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true
|
||||
|
||||
# LDAP_ENCRYPTION : If using LDAPS
|
||||
# example : LDAP_ENCRYPTION=ssl
|
||||
|
@ -225,104 +240,130 @@ WEBHOOKS_ATTRIBUTES=''
|
|||
# LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
|
||||
# example : LDAP_USER_SEARCH_FILTER=
|
||||
#LDAP_USER_SEARCH_FILTER=
|
||||
LDAP_USER_SEARCH_FILTER="(objectclass=posixAccount)"
|
||||
|
||||
# LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree)
|
||||
# example : LDAP_USER_SEARCH_SCOPE=one
|
||||
#LDAP_USER_SEARCH_SCOPE=
|
||||
LDAP_USER_SEARCH_SCOPE=sub
|
||||
|
||||
# LDAP_USER_SEARCH_FIELD : Which field is used to find the user
|
||||
# example : LDAP_USER_SEARCH_FIELD=uid
|
||||
#LDAP_USER_SEARCH_FIELD=
|
||||
LDAP_USER_SEARCH_FIELD=uid
|
||||
|
||||
# LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited)
|
||||
# example : LDAP_SEARCH_PAGE_SIZE=12345
|
||||
#LDAP_SEARCH_PAGE_SIZE=0
|
||||
LDAP_SEARCH_PAGE_SIZE=0
|
||||
|
||||
# LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited)
|
||||
# example : LDAP_SEARCH_SIZE_LIMIT=12345
|
||||
#LDAP_SEARCH_SIZE_LIMIT=0
|
||||
LDAP_SEARCH_SIZE_LIMIT=0
|
||||
|
||||
# LDAP_GROUP_FILTER_ENABLE : Enable group filtering
|
||||
# example : LDAP_GROUP_FILTER_ENABLE=true
|
||||
#LDAP_GROUP_FILTER_ENABLE=false
|
||||
LDAP_GROUP_FILTER_ENABLE=true
|
||||
|
||||
# LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering
|
||||
# example : LDAP_GROUP_FILTER_OBJECTCLASS=group
|
||||
#LDAP_GROUP_FILTER_OBJECTCLASS=
|
||||
LDAP_GROUP_FILTER_OBJECTCLASS=posixGroup
|
||||
|
||||
# LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE :
|
||||
# example :
|
||||
#LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=
|
||||
LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=cn
|
||||
|
||||
# LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE :
|
||||
# example :
|
||||
#LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=
|
||||
LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=memberUid
|
||||
|
||||
# LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT :
|
||||
# example :
|
||||
#LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=
|
||||
LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=uid
|
||||
|
||||
# LDAP_GROUP_FILTER_GROUP_NAME :
|
||||
# example :
|
||||
# example : LDAP_GROUP_FILTER_GROUP_NAME=wekan_user
|
||||
#LDAP_GROUP_FILTER_GROUP_NAME=
|
||||
LDAP_GROUP_FILTER_GROUP_NAME=sftpusers
|
||||
|
||||
# LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier)
|
||||
# example : LDAP_UNIQUE_IDENTIFIER_FIELD=guid
|
||||
#LDAP_UNIQUE_IDENTIFIER_FIELD=
|
||||
LDAP_UNIQUE_IDENTIFIER_FIELD=entryUUID
|
||||
|
||||
# LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8
|
||||
# example : LDAP_UTF8_NAMES_SLUGIFY=false
|
||||
#LDAP_UTF8_NAMES_SLUGIFY=true
|
||||
LDAP_UTF8_NAMES_SLUGIFY=true
|
||||
|
||||
# LDAP_USERNAME_FIELD : Which field contains the ldap username
|
||||
# example : LDAP_USERNAME_FIELD=username
|
||||
#LDAP_USERNAME_FIELD=
|
||||
LDAP_USERNAME_FIELD=uid
|
||||
|
||||
# LDAP_FULLNAME_FIELD : Which field contains the ldap fullname
|
||||
# example : LDAP_FULLNAME_FIELD=fullname
|
||||
#LDAP_FULLNAME_FIELD=
|
||||
LDAP_FULLNAME_FIELD=cn
|
||||
|
||||
# LDAP_MERGE_EXISTING_USERS :
|
||||
# example : LDAP_MERGE_EXISTING_USERS=true
|
||||
#LDAP_MERGE_EXISTING_USERS=false
|
||||
LDAP_MERGE_EXISTING_USERS=true
|
||||
|
||||
# LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match
|
||||
# example: LDAP_EMAIL_MATCH_ENABLE=true
|
||||
#LDAP_EMAIL_MATCH_ENABLE=false
|
||||
LDAP_EMAIL_MATCH_ENABLE=true
|
||||
|
||||
# LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match
|
||||
# example: LDAP_EMAIL_MATCH_REQUIRE=true
|
||||
#LDAP_EMAIL_MATCH_REQUIRE=false
|
||||
LDAP_EMAIL_MATCH_REQUIRE=false
|
||||
|
||||
# LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching
|
||||
# example: LDAP_EMAIL_MATCH_VERIFIED=true
|
||||
#LDAP_EMAIL_MATCH_VERIFIED=false
|
||||
LDAP_EMAIL_MATCH_VERIFIED=false
|
||||
|
||||
# LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address
|
||||
# example: LDAP_EMAIL_FIELD=mail
|
||||
#LDAP_EMAIL_FIELD=
|
||||
LDAP_EMAIL_FIELD=mail
|
||||
|
||||
# LDAP_SYNC_USER_DATA :
|
||||
# example : LDAP_SYNC_USER_DATA=true
|
||||
#LDAP_SYNC_USER_DATA=false
|
||||
LDAP_SYNC_USER_DATA=true
|
||||
|
||||
# LDAP_SYNC_USER_DATA_FIELDMAP :
|
||||
# example : LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"}
|
||||
#LDAP_SYNC_USER_DATA_FIELDMAP=
|
||||
LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name"}
|
||||
|
||||
# LDAP_SYNC_GROUP_ROLES :
|
||||
# example :
|
||||
#LDAP_SYNC_GROUP_ROLES=
|
||||
LDAP_SYNC_GROUP_ROLES=admins
|
||||
|
||||
# LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
|
||||
# example :
|
||||
#LDAP_DEFAULT_DOMAIN=
|
||||
LDAP_DEFAULT_DOMAIN=yh03.yh.yalh.net
|
||||
|
||||
# Enable/Disable syncing of admin status based on ldap groups:
|
||||
#LDAP_SYNC_ADMIN_STATUS=true
|
||||
LDAP_SYNC_ADMIN_STATUS=true
|
||||
|
||||
# Comma separated list of admin group names to sync.
|
||||
#LDAP_SYNC_ADMIN_GROUPS=group1,group2
|
||||
LDAP_SYNC_ADMIN_GROUPS=admins
|
||||
|
||||
# LOGOUT_WITH_TIMER : Enables or not the option logout with timer
|
||||
# example : LOGOUT_WITH_TIMER=true
|
||||
|
|
Loading…
Reference in a new issue