YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Use root UID to authenticate to LDAP

Browse source
This commit is contained in:
Josué Tille 2018-11-28 08:20:55 +01:00 committed by Alexandre Aubin
parent a6ac514202
commit 9f28bfccad
3 changed files with 36 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
data/actionsmap/yunohost.yml
View file

@ -43,12 +43,19 @@ _global:
parameters:
uri: ldap://localhost:389
base_dn: dc=yunohost,dc=org
user_rdn: cn=admin
user_rdn: cn=admin,dc=yunohost,dc=org
ldap-anonymous:
vendor: ldap
parameters:
uri: ldap://localhost:389
base_dn: dc=yunohost,dc=org
as-root:
vendor: ldap
parameters:
# We can get this uri by (urllib.quote_plus('/var/run/slapd/ldapi')
uri: ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi
base_dn: dc=yunohost,dc=org
user_rdn: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
argument_auth: true
arguments:
-v:
@ -84,6 +91,7 @@ user:
api: POST /users
configuration:
authenticate: all
authenticator: as-root
arguments:
username:
help: The unique username to create
@ -142,6 +150,7 @@ user:
api: DELETE /users/<username>
configuration:
authenticate: all
authenticator: as-root
arguments:
username:
help: Username to delete
@ -157,6 +166,7 @@ user:
api: PUT /users/<username>
configuration:
authenticate: all
authenticator: as-root
arguments:
username:
help: Username to update
@ -227,6 +237,7 @@ user:
api: POST /users/ssh/enable
configuration:
authenticate: all
authenticator: as-root
arguments:
username:
help: Username of the user
@ -239,6 +250,7 @@ user:
api: POST /users/ssh/disable
configuration:
authenticate: all
authenticator: as-root
arguments:
username:
help: Username of the user
@ -251,6 +263,7 @@ user:
api: GET /users/ssh/keys
configuration:
authenticate: all
authenticator: as-root
arguments:
username:
help: Username of the user
@ -263,6 +276,7 @@ user:
api: POST /users/ssh/key
configuration:
authenticate: all
authenticator: as-root
arguments:
username:
help: Username of the user
@ -280,6 +294,7 @@ user:
api: DELETE /users/ssh/key
configuration:
authenticate: all
authenticator: as-root
arguments:
username:
help: Username of the user
@ -310,6 +325,7 @@ domain:
api: POST /domains
configuration:
authenticate: all
authenticator: as-root
arguments:
domain:
help: Domain name to add
@ -328,6 +344,7 @@ domain:
api: DELETE /domains/<domain>
configuration:
authenticate: all
authenticator: as-root
arguments:
domain:
help: Domain to delete
@ -544,7 +561,7 @@ app:
api: POST /apps
configuration:
authenticate: all
authenticator: ldap-anonymous
authenticator: as-root
arguments:
app:
help: Name, local path or git URL of the app to install
@ -569,7 +586,7 @@ app:
api: DELETE /apps/<app>
configuration:
authenticate: all
authenticator: ldap-anonymous
authenticator: as-root
arguments:
app:
help: App(s) to delete
@ -580,7 +597,7 @@ app:
api: PUT /upgrade/apps
configuration:
authenticate: all
authenticator: ldap-anonymous
authenticator: as-root
arguments:
app:
help: App(s) to upgrade (default all)
@ -598,7 +615,7 @@ app:
api: PUT /apps/<app>/changeurl
configuration:
authenticate: all
authenticator: ldap-anonymous
authenticator: as-root
arguments:
app:
help: Target app instance name
@ -744,7 +761,7 @@ app:
api: PUT /access
configuration:
authenticate: all
authenticator: ldap-anonymous
authenticator: as-root
arguments:
apps:
nargs: "+"
@ -758,7 +775,7 @@ app:
api: DELETE /access
configuration:
authenticate: all
authenticator: ldap-anonymous
authenticator: as-root
arguments:
apps:
nargs: "+"
@ -772,7 +789,7 @@ app:
api: POST /access
configuration:
authenticate: all
authenticator: ldap-anonymous
authenticator: as-root
arguments:
apps:
nargs: "+"
@ -1483,6 +1500,7 @@ tools:
api: PUT /adminpw
configuration:
authenticate: all
authenticator: as-root
arguments:
-n:
full: --new-password
@ -1500,6 +1518,7 @@ tools:
- PUT /domains/main
configuration:
authenticate: all
authenticator: as-root
arguments:
-n:
full: --new-domain
@ -1590,6 +1609,7 @@ tools:
shell:
configuration:
authenticate: all
authenticator: as-root
action_help: Launch a development shell
arguments:
-c:

3
data/templates/slapd/slapd.conf
View file

@ -81,6 +81,7 @@ checkpoint 512 30
# These access lines apply to database #1 only
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=yunohost,dc=org" write
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write
by anonymous auth
by self write
by * none
@ -90,6 +91,7 @@ access to attrs=userPassword,shadowLastChange
# Others should be able to see it.
access to attrs=cn,gecos,givenName,mail,maildrop,displayName,sn
by dn="cn=admin,dc=yunohost,dc=org" write
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write
by self write
by * read
@ -108,5 +110,6 @@ access to dn.base="" by * read
# can read everything.
access to *
by dn="cn=admin,dc=yunohost,dc=org" write
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write
by group/groupOfNames/Member="cn=admin,ou=groups,dc=yunohost,dc=org" write
by * read

10
src/yunohost/tools.py
View file

@ -70,11 +70,11 @@ def tools_ldapinit():
"""
# Instantiate LDAP Authenticator
auth = init_authenticator(('ldap', 'default'),
{'uri': "ldap://localhost:389",
'base_dn': "dc=yunohost,dc=org",
'user_rdn': "cn=admin"})
auth.authenticate('yunohost')
AUTH_IDENTIFIER = ('ldap', 'as-root')
AUTH_PARAMETERS = {'uri': 'ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi',
'base_dn': 'dc=yunohost,dc=org',
'user_rdn': 'gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth'}
auth = init_authenticator(AUTH_IDENTIFIER, AUTH_PARAMETERS)
with open('/usr/share/yunohost/yunohost-config/moulinette/ldap_scheme.yml') as f:
ldap_map = yaml.load(f)