YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Use root UID to authenticate to LDAP

Browse source
This commit is contained in:
Josué Tille 2018-11-28 08:20:55 +01:00 committed by Alexandre Aubin
parent a6ac514202
commit 9f28bfccad
3 changed files with 36 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
data/actionsmap/yunohost.yml
View file

@ -43,12 +43,19 @@ _global:
parameters: parameters:
uri: ldap://localhost:389 uri: ldap://localhost:389
base_dn: dc=yunohost,dc=org base_dn: dc=yunohost,dc=org
user_rdn: cn=admin user_rdn: cn=admin,dc=yunohost,dc=org
ldap-anonymous: ldap-anonymous:
vendor: ldap vendor: ldap
parameters: parameters:
uri: ldap://localhost:389 uri: ldap://localhost:389
base_dn: dc=yunohost,dc=org base_dn: dc=yunohost,dc=org
as-root:
vendor: ldap
parameters:
# We can get this uri by (urllib.quote_plus('/var/run/slapd/ldapi')
uri: ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi
base_dn: dc=yunohost,dc=org
user_rdn: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
argument_auth: true argument_auth: true
arguments: arguments:
-v: -v:
@ -84,6 +91,7 @@ user:
api: POST /users api: POST /users
configuration: configuration:
authenticate: all authenticate: all
authenticator: as-root
arguments: arguments:
username: username:
help: The unique username to create help: The unique username to create
@ -142,6 +150,7 @@ user:
api: DELETE /users/<username> api: DELETE /users/<username>
configuration: configuration:
authenticate: all authenticate: all
authenticator: as-root
arguments: arguments:
username: username:
help: Username to delete help: Username to delete
@ -157,6 +166,7 @@ user:
api: PUT /users/<username> api: PUT /users/<username>
configuration: configuration:
authenticate: all authenticate: all
authenticator: as-root
arguments: arguments:
username: username:
help: Username to update help: Username to update
@ -227,6 +237,7 @@ user:
api: POST /users/ssh/enable api: POST /users/ssh/enable
configuration: configuration:
authenticate: all authenticate: all
authenticator: as-root
arguments: arguments:
username: username:
help: Username of the user help: Username of the user
@ -239,6 +250,7 @@ user:
api: POST /users/ssh/disable api: POST /users/ssh/disable
configuration: configuration:
authenticate: all authenticate: all
authenticator: as-root
arguments: arguments:
username: username:
help: Username of the user help: Username of the user
@ -251,6 +263,7 @@ user:
api: GET /users/ssh/keys api: GET /users/ssh/keys
configuration: configuration:
authenticate: all authenticate: all
authenticator: as-root
arguments: arguments:
username: username:
help: Username of the user help: Username of the user
@ -263,6 +276,7 @@ user:
api: POST /users/ssh/key api: POST /users/ssh/key
configuration: configuration:
authenticate: all authenticate: all
authenticator: as-root
arguments: arguments:
username: username:
help: Username of the user help: Username of the user
@ -280,6 +294,7 @@ user:
api: DELETE /users/ssh/key api: DELETE /users/ssh/key
configuration: configuration:
authenticate: all authenticate: all
authenticator: as-root
arguments: arguments:
username: username:
help: Username of the user help: Username of the user
@ -310,6 +325,7 @@ domain:
api: POST /domains api: POST /domains
configuration: configuration:
authenticate: all authenticate: all
authenticator: as-root
arguments: arguments:
domain: domain:
help: Domain name to add help: Domain name to add
@ -328,6 +344,7 @@ domain:
api: DELETE /domains/<domain> api: DELETE /domains/<domain>
configuration: configuration:
authenticate: all authenticate: all
authenticator: as-root
arguments: arguments:
domain: domain:
help: Domain to delete help: Domain to delete
@ -544,7 +561,7 @@ app:
api: POST /apps api: POST /apps
configuration: configuration:
authenticate: all authenticate: all
authenticator: ldap-anonymous authenticator: as-root
arguments: arguments:
app: app:
help: Name, local path or git URL of the app to install help: Name, local path or git URL of the app to install
@ -569,7 +586,7 @@ app:
api: DELETE /apps/<app> api: DELETE /apps/<app>
configuration: configuration:
authenticate: all authenticate: all
authenticator: ldap-anonymous authenticator: as-root
arguments: arguments:
app: app:
help: App(s) to delete help: App(s) to delete
@ -580,7 +597,7 @@ app:
api: PUT /upgrade/apps api: PUT /upgrade/apps
configuration: configuration:
authenticate: all authenticate: all
authenticator: ldap-anonymous authenticator: as-root
arguments: arguments:
app: app:
help: App(s) to upgrade (default all) help: App(s) to upgrade (default all)
@ -598,7 +615,7 @@ app:
api: PUT /apps/<app>/changeurl api: PUT /apps/<app>/changeurl
configuration: configuration:
authenticate: all authenticate: all
authenticator: ldap-anonymous authenticator: as-root
arguments: arguments:
app: app:
help: Target app instance name help: Target app instance name
@ -744,7 +761,7 @@ app:
api: PUT /access api: PUT /access
configuration: configuration:
authenticate: all authenticate: all
authenticator: ldap-anonymous authenticator: as-root
arguments: arguments:
apps: apps:
nargs: "+" nargs: "+"
@ -758,7 +775,7 @@ app:
api: DELETE /access api: DELETE /access
configuration: configuration:
authenticate: all authenticate: all
authenticator: ldap-anonymous authenticator: as-root
arguments: arguments:
apps: apps:
nargs: "+" nargs: "+"
@ -772,7 +789,7 @@ app:
api: POST /access api: POST /access
configuration: configuration:
authenticate: all authenticate: all
authenticator: ldap-anonymous authenticator: as-root
arguments: arguments:
apps: apps:
nargs: "+" nargs: "+"
@ -1483,6 +1500,7 @@ tools:
api: PUT /adminpw api: PUT /adminpw
configuration: configuration:
authenticate: all authenticate: all
authenticator: as-root
arguments: arguments:
-n: -n:
full: --new-password full: --new-password
@ -1500,6 +1518,7 @@ tools:
- PUT /domains/main - PUT /domains/main
configuration: configuration:
authenticate: all authenticate: all
authenticator: as-root
arguments: arguments:
-n: -n:
full: --new-domain full: --new-domain
@ -1590,6 +1609,7 @@ tools:
shell: shell:
configuration: configuration:
authenticate: all authenticate: all
authenticator: as-root
action_help: Launch a development shell action_help: Launch a development shell
arguments: arguments:
-c: -c:

3
data/templates/slapd/slapd.conf
View file

@ -81,6 +81,7 @@ checkpoint 512 30
# These access lines apply to database #1 only # These access lines apply to database #1 only
access to attrs=userPassword,shadowLastChange access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=yunohost,dc=org" write by dn="cn=admin,dc=yunohost,dc=org" write
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write
by anonymous auth by anonymous auth
by self write by self write
by * none by * none
@ -90,6 +91,7 @@ access to attrs=userPassword,shadowLastChange
# Others should be able to see it. # Others should be able to see it.
access to attrs=cn,gecos,givenName,mail,maildrop,displayName,sn access to attrs=cn,gecos,givenName,mail,maildrop,displayName,sn
by dn="cn=admin,dc=yunohost,dc=org" write by dn="cn=admin,dc=yunohost,dc=org" write
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write
by self write by self write
by * read by * read
@ -108,5 +110,6 @@ access to dn.base="" by * read
# can read everything. # can read everything.
access to * access to *
by dn="cn=admin,dc=yunohost,dc=org" write by dn="cn=admin,dc=yunohost,dc=org" write
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write
by group/groupOfNames/Member="cn=admin,ou=groups,dc=yunohost,dc=org" write by group/groupOfNames/Member="cn=admin,ou=groups,dc=yunohost,dc=org" write
by * read by * read

10
src/yunohost/tools.py
View file

@ -70,11 +70,11 @@ def tools_ldapinit():
""" """
# Instantiate LDAP Authenticator # Instantiate LDAP Authenticator
auth = init_authenticator(('ldap', 'default'), AUTH_IDENTIFIER = ('ldap', 'as-root')
{'uri': "ldap://localhost:389", AUTH_PARAMETERS = {'uri': 'ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi',
'base_dn': "dc=yunohost,dc=org", 'base_dn': 'dc=yunohost,dc=org',
'user_rdn': "cn=admin"}) 'user_rdn': 'gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth'}
auth.authenticate('yunohost') auth = init_authenticator(AUTH_IDENTIFIER, AUTH_PARAMETERS)
with open('/usr/share/yunohost/yunohost-config/moulinette/ldap_scheme.yml') as f: with open('/usr/share/yunohost/yunohost-config/moulinette/ldap_scheme.yml') as f:
ldap_map = yaml.load(f) ldap_map = yaml.load(f)