readmea

2022-04-23 16:22:44 +02:00 · 2022-04-23 16:22:44 +02:00 · 810f1a12f5
commit 810f1a12f5
parent 4836c50d32
8 changed files with 128 additions and 390 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+certs
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 FROM osixia/openldap
 #copy ldap backup and custom schemas to the server
-COPY ${PWD}/backup/export.lainoa.eus.ldif /container/service/slapd/assets/config/bootstrap/ldif/custom/export.ldif
+COPY ${PWD}/backup/export.ldif /container/service/slapd/assets/config/bootstrap/ldif/custom/export.ldif
 COPY ${PWD}/schema/custom.schema /container/service/slapd/assets/config/bootstrap/schema/custom/custom.schema
--- a/README.md
+++ b/README.md
@ -0,0 +1,29 @@
+# LDAP zerbitzaria eta kudeaketa bezeroa
+[proiektu-izena]: ldap-docker
+[git-izena]: aitzol/[proiektu-izena]
+[LDAP]: https://eu.wikipedia.org/wiki/LDAP
+[phpldapadmin]: http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page
+[osixia]: https://github.com/osixia
+[osixia/openldap]: https://github.com/osixia/docker-openldap
+[osixia/phpldapadmin]: https://github.com/osixia/docker-phpLDAPadmin
+[GPL3]: https://www.gnu.org/licenses/gpl-3.0.txt
+[LICENSE]: https://www.gnu.org/licenses/licenses.html
+
+[LDAP][LDAP] zerbitzaria eta kudeaketarako bezeroaren instalakuntza eredua da hau. Zerbitzariak [@osixia][osixia]-ren [osixia/openldap][osixia/openldap] Docker irudia du oinarritzat, bezeroak [osixia/phpldapadmin][osixia/phpldapadmin] irudia.
+Zerbitzariari erabiltzaileen kontuen kudeaketarako egitura eskema bat txertatu zaio, baita erabiltzaile zerrenda bat ere, adibide moduan.
+Instalakuntza amaitzean zerbitzaria eta bezeroa Docker edukiontzi banatan izango dira martxan. LDAP zerbitzaria [PhpLdapAdmin][phpldapadmin] bidez kudeatu ahal izango da.
+
+## instalakuntza urratsak
+* git clone [repo][git-izena]
+* cd [ldap-docker][ldap-docker]
+* sudo docker build -t osixia/openldap .
+* docker-compose up -d
+
+## instalakuntza egiaztatu
+* docker ps -a (edukiontziak ikusi) 
+
+## LDAP zerbitzariaren kudeaketa
+* localhost:8080
+* logeatu:
+	erabiltzailea: cn=admin,dc=example,dc=org
+	pasahitza: admin
--- a/backup/export.lainoa.eus.ldif
+++ b/backup/export.lainoa.eus.ldif
@ -1,186 +0,0 @@
-# LDIF Export for ou=groups,dc=ldap,dc=lainoa,dc=eus
-# Server: slapd (slapd)
-# Search Scope: sub
-# Search Filter: (objectClass=*)
-# Total Entries: 12
-#
-# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on April 22, 2022 3:19 pm
-# Version: 1.2.5
-
-version: 1
-
-# Entry 1: ou=groups,dc=ldap,dc=lainoa,dc=eus
-dn: ou=groups,dc=ldap,dc=lainoa,dc=eus
-objectclass: organizationalUnit
-objectclass: top
-ou: groups
-
-# Entry 2: cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus
-dn: cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus
-cn: admins
-gidnumber: 500
-objectclass: posixGroup
-objectclass: top
-
-# Entry 3: uid=root,cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus
-dn: uid=root,cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus
-gidnumber: 500
-objectclass: account
-objectclass: simpleSecurityObject
-objectclass: top
-objectclass: extensibleObject
-uid: root
-userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
-
-# Entry 4: cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
-dn: cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
-cn: users
-gidnumber: 501
-objectclass: posixGroup
-objectclass: top
-
-# Entry 5: cn=ainhize berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=...
-dn: cn=ainhize berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
-active: TRUE
-cn: ainhize berasategi
-fakecn: FALSE
-gidnumber: 501
-givenname: ainhize
-homedirectory: home/user/ainhize
-mail: aiberasategi@beasaingoikastola.eus
-objectclass: top
-objectclass: inetOrgPerson
-objectclass: posixAccount
-objectclass: accountsManagement
-sn: berasategi
-uid: ainhize
-uidnumber: 1003
-userpassword: {SSHA}+zIIyEO7SpWXS281E5PrBZwIBzAhg7Lu
-
-# Entry 6: cn=aitzol berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=e...
-dn: cn=aitzol berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
-active: TRUE
-cn: aitzol berasategi
-fakecn: FALSE
-gidnumber: 501
-givenname: aitzol
-homedirectory: /home/users/aitzol
-mail: aitzol@disroot.org
-mail: aitzol@lainoa.eus
-objectclass: inetOrgPerson
-objectclass: posixAccount
-objectclass: top
-objectclass: accountsManagement
-sn: berasategi
-uid: aitzol
-uidnumber: 1000
-userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
-
-# Entry 7: cn=aloña etxezabal,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eu...
-dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9bGRhcCxkYz1sYWl
- ub2EsZGM9ZXVz
-active: TRUE
-cn:: YWxvw7FhIGV0eGV6YWJhbA==
-fakecn: FALSE
-gidnumber: 501
-givenname:: YWxvw7Fh
-homedirectory: home/user/aloXa
-mail: etxezabal2@gmail.com
-objectclass: top
-objectclass: inetOrgPerson
-objectclass: posixAccount
-objectclass: accountsManagement
-sn: etxezabal
-uid:: YWxvw7Fh
-uidnumber: 1002
-userpassword: {SSHA}gf5/DeXh2mrS+5hGYwRArLoPdMqWjXJE
-
-# Entry 8: cn=araitz berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=e...
-dn: cn=araitz berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
-active: FALSE
-cn: araitz berasategi
-fakecn: FALSE
-gidnumber: 501
-givenname: araitz
-homedirectory: home/user/araitz
-mail: aiberasategi@beasaingoikastola.eus
-objectclass: top
-objectclass: inetOrgPerson
-objectclass: posixAccount
-objectclass: accountsManagement
-sn: berasategi
-uid: araitz
-uidnumber: 1001
-userpassword: {SSHA}TBqErOn6u84ZSvg9lL+EBfFO/i0s1bpP
-
-# Entry 9: cn=garazi telleria,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus...
-dn: cn=garazi telleria,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
-active: TRUE
-cn: garazi telleria
-fakecn: FALSE
-gidnumber: 501
-givenname: garazi
-homedirectory: home/user/pepe
-mail: garazi@fakemail.com
-objectclass: top
-objectclass: inetOrgPerson
-objectclass: posixAccount
-objectclass: accountsManagement
-sn: telleria
-uid: garazi
-uidnumber: 1004
-userpassword: {SSHA}ZSg27RZpSxHvynuxdiBT4xUB6nAd7G4S
-
-# Entry 10: cn=jose berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eu...
-dn: cn=jose berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
-active: TRUE
-cn: jose berasategi
-fakecn: FALSE
-gidnumber: 501
-givenname: jose
-homedirectory: home/user/aitona
-mail: joxeberasategi@gmail.com
-objectclass: top
-objectclass: inetOrgPerson
-objectclass: posixAccount
-objectclass: accountsManagement
-sn: berasategi
-uid: aitona
-uidnumber: 1007
-userpassword: {SSHA}SJVZDlmsMjckdMrJ9IGRDA0xQLaAInKj
-
-# Entry 11: cn=nekane berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=...
-dn: cn=nekane berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
-active: TRUE
-cn: nekane berasategi
-fakecn: FALSE
-gidnumber: 501
-givenname: nekane
-homedirectory: home/user/nekane
-mail: nekane@fakemail.com
-objectclass: top
-objectclass: inetOrgPerson
-objectclass: posixAccount
-objectclass: accountsManagement
-sn: berasategi
-uid: nekane
-uidnumber: 1005
-userpassword: {SSHA}obReH1el6MwQt1KOFV3Jpa59OlTY0Ian
-
-# Entry 12: cn=nekane eskisabel,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=e...
-dn: cn=nekane eskisabel,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
-active: TRUE
-cn: nekane eskisabel
-fakecn: FALSE
-gidnumber: 501
-givenname: nekane
-homedirectory: home/user/amona
-mail: ertzillegi54@gmail.com
-objectclass: top
-objectclass: inetOrgPerson
-objectclass: posixAccount
-objectclass: accountsManagement
-sn: eskisabel
-uid: amona
-uidnumber: 1006
-userpassword: {SSHA}a1vxqvMfloOa4zGtPNrfBBHUw7o0+yKC
--- a/backup/export.ldif
+++ b/backup/export.ldif
@ -29,52 +29,21 @@ gidnumber: 501
 objectclass: posixGroup
 objectclass: top

-# Entry 4: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
-dn: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
-cn: aitzol berasategi
-gidnumber: 501
-givenname: aitzol
-homedirectory: /home/users/aitzol
-mail: aitzol@disroot.org
-mail: aitzol@lainoa.eus
-objectclass: inetOrgPerson
-objectclass: posixAccount
-objectclass: top
-sn: berasategi
-uid: aitzol
-uidnumber: 1000
-userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
-
-# Entry 5: cn=aloña etxezabal,cn=users,ou=groups,dc=example,dc=org
-dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9ZXhhbXBsZSxkYz1
- vcmc=
+# Entry 4: cn=seiichi takimoto,cn=users,ou=groups,dc=example,dc=org
+# password: secret
+dn: cn=seiichi takimoto,cn=users,ou=groups,dc=example,dc=org
 active: TRUE
-cn:: YWxvw7FhIGV0eGV6YWJhbA==
+cn: seiichi takimoto
+fakecn: FALSE
 gidnumber: 501
-homedirectory: home/user/alona
-mail: etxezabal2@gmail.com
-mail: etxezabal2@lainoa.eus
-objectclass: top
+givenname: seiichi
+homedirectory: /home/users/seiichi
+mail: seiichi@fakemail.com
 objectclass: inetOrgPerson
 objectclass: posixAccount
+objectclass: top
 objectclass: accountsManagement
-sn: etxezabal
-uid:: YWxvw7Fh
-uidnumber: 1002
-
-# Entry 6: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
-dn: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
-cn: araitz berasategi
-gidnumber: 501
-givenname: araitz
-homedirectory: /home/users/araitz
-mail: aberasategi@beasaingoikastola.eus
-mail: araitz@lainoa.eus
-objectclass: inetOrgPerson
-objectclass: posixAccount
-objectclass: top
-sn: berasategi
-uid: araitz
-uidnumber: 1001
-userpassword: {SSHA}V0ExiUW1p5ICNVJigX9WkE+Hj7XKvMjL
-
+sn: takimoto
+uid: seiichi
+uidnumber: 1000
+userpassword: {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
--- a/backup/export2.ldif
+++ b/backup/export2.ldif
@ -1,78 +0,0 @@
-# LDIF Export for ou=groups,dc=example,dc=org
-# Server: slapd (slapd)
-# Search Scope: sub
-# Search Filter: (objectClass=*)
-# Total Entries: 6
-#
-# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on March 3, 2022 7:59 am
-# Version: 1.2.5
-
-version: 1
-
-# Entry 1: ou=groups,dc=example,dc=org
-dn: ou=groups,dc=example,dc=org
-objectclass: organizationalUnit
-objectclass: top
-ou: groups
-
-# Entry 2: cn=admin,ou=groups,dc=example,dc=org
-dn: cn=admin,ou=groups,dc=example,dc=org
-cn: admin
-gidnumber: 500
-objectclass: posixGroup
-objectclass: top
-
-# Entry 3: cn=users,ou=groups,dc=example,dc=org
-dn: cn=users,ou=groups,dc=example,dc=org
-cn: users
-gidnumber: 501
-objectclass: posixGroup
-objectclass: top
-
-# Entry 4: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
-dn: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
-cn: aitzol berasategi
-gidnumber: 501
-givenname: aitzol
-homedirectory: /home/users/aitzol
-mail: aitzol@disroot.org
-mail: aitzol@lainoa.eus
-objectclass: inetOrgPerson
-objectclass: posixAccount
-objectclass: top
-sn: berasategi
-uid: aitzol
-uidnumber: 1000
-userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
-
-# Entry 5: cn=aloña etxezabal,cn=users,ou=groups,dc=example,dc=org
-dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9ZXhhbXBsZSxkYz1
- vcmc=
-cn:: YWxvw7FhIGV0eGV6YWJhbA==
-gidnumber: 501
-homedirectory: home/user/alona
-mail: etxezabal2@gmail.com
-mail: etxezabal2@lainoa.eus
-objectclass: top
-objectclass: inetOrgPerson
-objectclass: posixAccount
-sn: etxezabal
-uid:: YWxvw7Fh
-uidnumber: 1002
-
-# Entry 6: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
-dn: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
-cn: araitz berasategi
-gidnumber: 501
-givenname: araitz
-homedirectory: /home/users/araitz
-mail: aberasategi@beasaingoikastola.eus
-mail: araitz@lainoa.eus
-objectclass: inetOrgPerson
-objectclass: posixAccount
-objectclass: top
-sn: berasategi
-uid: araitz
-uidnumber: 1001
-userpassword: {SSHA}V0ExiUW1p5ICNVJigX9WkE+Hj7XKvMjL
-
--- a/backup/export_am.ldif
+++ b/backup/export_am.ldif
@ -1,81 +0,0 @@
-# LDIF Export for ou=groups,dc=example,dc=org
-# Server: slapd (slapd)
-# Search Scope: sub
-# Search Filter: (objectClass=*)
-# Total Entries: 6
-#
-# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on March 4, 2022 10:03 am
-# Version: 1.2.5
-
-version: 1
-
-# Entry 1: ou=groups,dc=example,dc=org
-dn: ou=groups,dc=example,dc=org
-objectclass: organizationalUnit
-objectclass: top
-ou: groups
-
-# Entry 2: cn=admin,ou=groups,dc=example,dc=org
-dn: cn=admin,ou=groups,dc=example,dc=org
-cn: admin
-gidnumber: 500
-objectclass: posixGroup
-objectclass: top
-
-# Entry 3: cn=users,ou=groups,dc=example,dc=org
-dn: cn=users,ou=groups,dc=example,dc=org
-cn: users
-gidnumber: 501
-objectclass: posixGroup
-objectclass: top
-
-# Entry 4: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
-dn: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
-active: TRUE
-cn: aitzol berasategi
-ficticiouscn: FALSE
-gidnumber: 501
-givenname: aitzol
-homedirectory: /home/users/aitzol
-mail: aitzol@disroot.org
-mail: aitzol@lainoa.eus
-objectclass: inetOrgPerson
-objectclass: posixAccount
-objectclass: top
-objectclass: accountsManagement
-sn: berasategi
-uid: aitzol
-uidnumber: 1000
-userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
-
-# Entry 5: cn=aloña etxezabal,cn=users,ou=groups,dc=example,dc=org
-dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9ZXhhbXBsZSxkYz1
- vcmc=
-cn:: YWxvw7FhIGV0eGV6YWJhbA==
-gidnumber: 501
-homedirectory: home/user/alona
-mail: etxezabal2@gmail.com
-mail: etxezabal2@lainoa.eus
-objectclass: top
-objectclass: inetOrgPerson
-objectclass: posixAccount
-sn: etxezabal
-uid:: YWxvw7Fh
-uidnumber: 1002
-
-# Entry 6: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
-dn: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
-cn: araitz berasategi
-gidnumber: 501
-givenname: araitz
-homedirectory: /home/users/araitz
-mail: aberasategi@beasaingoikastola.eus
-mail: araitz@lainoa.eus
-objectclass: inetOrgPerson
-objectclass: posixAccount
-objectclass: top
-sn: berasategi
-uid: araitz
-uidnumber: 1001
-userpassword: {SSHA}V0ExiUW1p5ICNVJigX9WkE+Hj7XKvMjL
-
--- a/ezabatu.md
+++ b/ezabatu.md
@ -0,0 +1,84 @@
+# LDAP kudeaketarako Web Interfazea
+[base]: https://github.com/jirutka/ldap-passwd-webui
+[proiektu-izena]: ldap-python-webui
+[git-izena]: aitzol/[proiektu-izena]
+[pypi-bottle]: https://pypi.python.org/pypi/bottle/
+[pypi-ldap3]: https://pypi.python.org/pypi/ldap3
+[settings]: https://git.lainoa.eus/aitzol/ldap-python-webui/src/branch/master/settings.ini.example
+[GPL3]: https://www.gnu.org/licenses/gpl-3.0.txt
+[LICENSE]: https://www.gnu.org/licenses/licenses.html
+[wsgiref]: https://docs.python.org/3/library/wsgiref.html#module-wsgiref.simple_server
+[WSGI]: https://en.wikipedia.org/wiki/Web_Server_Gateway_Interface
+[LDAP]: https://eu.wikipedia.org/wiki/LDAP
+[fork]: https://github.com/jirutka/ldap-passwd-webui
+
+Proiektu honen helburua erabiltzaileei [LDAP][LDAP] protokoloa erabiltzen duten zerbitzuetan norberaren kontuaren kudeaketarako tresna bat eskaintzea da, kontua sortu, pasahitza aldatu eta oinarrizko beste eragiketa batzuk burutzeko aukera emanez. [Bottle](http://bottlepy.org), Python-en WSGI web-framework-a erabiliz dago eraikia, [@jirutka][fork]-ren _ldap-passwd-webui_ proiektuan oinarritua.
+
+## Instalakuntza
+
+#### Baldintzak
+
+* Python 3.x
+* [bottle][pypi-bottle]
+* [ldap3][pypi-ldap3] 2.x
+
+#### Urratsak
+
+Biltegi honetako edukiak klonatu eta menpekotasunak instalatu:
+
+    git clone https://git.lainoa.eus/aitzol/ldap-python-webui
+    cd ldap-python-webui
+    pip install -r requirements.txt
+
+## Abian jarri
+
+#### Konfiguraketa
+
+Konfiguraketa [settings.ini][settings] fitxategian ezartzen da. Fitxategi honen kokapena `CONF_FILE` ingurumen-aldagaia erabiliz zehaztu daiteke.
+
+#### Ingurunea
+
+`LDAP_ADMIN_PASSWORD` eta `LDAP_READONLY_PASSWORD` _environment_ edo ingurumen-aldagaiak sisteman ezarri.
+
+#### Abiarazteko aukerak
+
+* [WSGI][WSGI] zerbitzariaren bidez, [wsgiref][wsgiref]-en oinarritua:
+
+```
+    uwsgi --http :8080 --enable-threads --wsgi-file app.py
+```
+
+* Berezko Bottle zerbitzariaren bidez zuzenean `app.py` exekutatuz:
+
+```
+    cd ldap-python-webui
+    python3 app.py
+```
+
+* Ondoren nabigatzailean http://localhost:8080 helbidea ireki
+
+## Ezaugarriak
+* Saioa hasi
+    > Erabiltzaile izena eta pasahitzaz LDAP zerbitzarian saioa hasi.
+* Izen-abizenak(aukerakoa) editatu
+* Email helbidea editatu
+* Pasahitza aldatu
+* kontua ezabatu
+* Kontua sortu
+    > Gonbidapen kodea erabiliz
+* Lokalizazioa/Hizkuntza egokitzeko aukera
+
+## Egiteke
+
+* Erabiltzaileari ePosta bidez kontua aktibatzeko eskatzea.
+* Pasahitza berrezartzen denean erabiltzaileari ePosta bidez jakinaraztea.
+
+## Screenshot
+
+![alt text](data/screenshot.png "Screenshot")
+
+
+## Lizentzia
+
+Lan hau [GPLv3 License][LICENSE] lizentziapean aurkitzen da.
+Lizentziaren textu osoa eskuratzeko ikusi ondorengo [esteka][GPL3].