moulinette/doc/ldap.rst

=================================================
Common LDAP operation (for YunoHost but not only)
=================================================

Moulinette is deeply integrated with LDAP which is used for a series of things
like:

* storing users
* storing domains (for users emails)
* SSO

This page document how to uses it on a programming side in YunoHost.

Getting access to LDAP in a command
===================================

To get access to LDAP you need to authenticate against it, for that you need to
declare you command with requiring authentication in the :ref:`actionsmap` this way:

::

    configuration:
        authenticate: all


Here is a complete example:

::

    somecommand:
        category_help: ..
        actions:

            ### somecommand_stuff()
            stuff:
                action_help: ...
                api: GET /...
                configuration:
                    authenticate: all

This will prompt the user for a password in CLI.

If you only need to **read** LDAP (and not modify it, for example by listing
domains), then you prevent the need for a password by using the
:file:`ldap-anonymous` authenticator this way:

::

    configuration:
        authenticate: all
        authenticator: ldap-anonymous


Once you have declared your command like that, your python function will
received the :file:`auth` object as first argument, it will be used to talk to
LDAP, so you need to declare your function this way:

::

    def somecommand_stuff(auth, ...):
        ...
[doc] change title hierarchy 2017-08-12 12:11:01 +02:00			`=================================================`
[doc] start documentation on ldap 2017-08-12 12:04:05 +02:00			`Common LDAP operation (for YunoHost but not only)`
			`=================================================`

			`Moulinette is deeply integrated with LDAP which is used for a series of things`
			`like:`

			`* storing users`
			`* storing domains (for users emails)`
			`* SSO`

			`This page document how to uses it on a programming side in YunoHost.`

			`Getting access to LDAP in a command`
[doc] change title hierarchy 2017-08-12 12:11:01 +02:00			`===================================`
[doc] start documentation on ldap 2017-08-12 12:04:05 +02:00
			`To get access to LDAP you need to authenticate against it, for that you need to`
			declare you command with requiring authentication in the :ref:`actionsmap` this way:

			`::`

			`configuration:`
			`authenticate: all`


			`Here is a complete example:`

			`::`

			`somecommand:`
			`category_help: ..`
			`actions:`

			`### somecommand_stuff()`
[doc] typo 2017-08-12 12:11:05 +02:00			`stuff:`
[doc] start documentation on ldap 2017-08-12 12:04:05 +02:00			`action_help: ...`
			`api: GET /...`
			`configuration:`
			`authenticate: all`

			`This will prompt the user for a password in CLI.`

			`If you only need to read LDAP (and not modify it, for example by listing`
			`domains), then you prevent the need for a password by using the`
[doc] add details on how to declare python function for ldap 2017-08-12 12:12:41 +02:00			:file:`ldap-anonymous` authenticator this way:
[doc] start documentation on ldap 2017-08-12 12:04:05 +02:00
			`::`

			`configuration:`
			`authenticate: all`
			`authenticator: ldap-anonymous`
[doc] add details on how to declare python function for ldap 2017-08-12 12:12:41 +02:00

			`Once you have declared your command like that, your python function will`
			received the :file:`auth` object as first argument, it will be used to talk to
			`LDAP, so you need to declare your function this way:`

			`::`

			`def somecommand_stuff(auth, ...):`
			`...`