From 810f1a12f5baaa46703ee5071991a5e7a4c36439 Mon Sep 17 00:00:00 2001 From: aitzol76 Date: Sat, 23 Apr 2022 16:22:44 +0200 Subject: [PATCH] readmea --- .gitignore | 1 + Dockerfile | 2 +- README.md | 29 ++++++ backup/export.lainoa.eus.ldif | 186 ---------------------------------- backup/export.ldif | 57 +++-------- backup/export2.ldif | 78 -------------- backup/export_am.ldif | 81 --------------- ezabatu.md | 84 +++++++++++++++ 8 files changed, 128 insertions(+), 390 deletions(-) create mode 100644 .gitignore delete mode 100644 backup/export.lainoa.eus.ldif delete mode 100644 backup/export2.ldif delete mode 100644 backup/export_am.ldif create mode 100644 ezabatu.md diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1503cc8 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +certs \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 2ee317d..2ae777e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ FROM osixia/openldap #copy ldap backup and custom schemas to the server -COPY ${PWD}/backup/export.lainoa.eus.ldif /container/service/slapd/assets/config/bootstrap/ldif/custom/export.ldif +COPY ${PWD}/backup/export.ldif /container/service/slapd/assets/config/bootstrap/ldif/custom/export.ldif COPY ${PWD}/schema/custom.schema /container/service/slapd/assets/config/bootstrap/schema/custom/custom.schema diff --git a/README.md b/README.md index e69de29..d66e747 100644 --- a/README.md +++ b/README.md @@ -0,0 +1,29 @@ +# LDAP zerbitzaria eta kudeaketa bezeroa +[proiektu-izena]: ldap-docker +[git-izena]: aitzol/[proiektu-izena] +[LDAP]: https://eu.wikipedia.org/wiki/LDAP +[phpldapadmin]: http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page +[osixia]: https://github.com/osixia +[osixia/openldap]: https://github.com/osixia/docker-openldap +[osixia/phpldapadmin]: https://github.com/osixia/docker-phpLDAPadmin +[GPL3]: https://www.gnu.org/licenses/gpl-3.0.txt +[LICENSE]: https://www.gnu.org/licenses/licenses.html + +[LDAP][LDAP] zerbitzaria eta kudeaketarako bezeroaren instalakuntza eredua da hau. Zerbitzariak [@osixia][osixia]-ren [osixia/openldap][osixia/openldap] Docker irudia du oinarritzat, bezeroak [osixia/phpldapadmin][osixia/phpldapadmin] irudia. +Zerbitzariari erabiltzaileen kontuen kudeaketarako egitura eskema bat txertatu zaio, baita erabiltzaile zerrenda bat ere, adibide moduan. +Instalakuntza amaitzean zerbitzaria eta bezeroa Docker edukiontzi banatan izango dira martxan. LDAP zerbitzaria [PhpLdapAdmin][phpldapadmin] bidez kudeatu ahal izango da. + +## instalakuntza urratsak +* git clone [repo][git-izena] +* cd [ldap-docker][ldap-docker] +* sudo docker build -t osixia/openldap . +* docker-compose up -d + +## instalakuntza egiaztatu +* docker ps -a (edukiontziak ikusi) + +## LDAP zerbitzariaren kudeaketa +* localhost:8080 +* logeatu: + erabiltzailea: cn=admin,dc=example,dc=org + pasahitza: admin diff --git a/backup/export.lainoa.eus.ldif b/backup/export.lainoa.eus.ldif deleted file mode 100644 index 6aa6d24..0000000 --- a/backup/export.lainoa.eus.ldif +++ /dev/null @@ -1,186 +0,0 @@ -# LDIF Export for ou=groups,dc=ldap,dc=lainoa,dc=eus -# Server: slapd (slapd) -# Search Scope: sub -# Search Filter: (objectClass=*) -# Total Entries: 12 -# -# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on April 22, 2022 3:19 pm -# Version: 1.2.5 - -version: 1 - -# Entry 1: ou=groups,dc=ldap,dc=lainoa,dc=eus -dn: ou=groups,dc=ldap,dc=lainoa,dc=eus -objectclass: organizationalUnit -objectclass: top -ou: groups - -# Entry 2: cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus -dn: cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus -cn: admins -gidnumber: 500 -objectclass: posixGroup -objectclass: top - -# Entry 3: uid=root,cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus -dn: uid=root,cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus -gidnumber: 500 -objectclass: account -objectclass: simpleSecurityObject -objectclass: top -objectclass: extensibleObject -uid: root -userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw== - -# Entry 4: cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus -dn: cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus -cn: users -gidnumber: 501 -objectclass: posixGroup -objectclass: top - -# Entry 5: cn=ainhize berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=... -dn: cn=ainhize berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus -active: TRUE -cn: ainhize berasategi -fakecn: FALSE -gidnumber: 501 -givenname: ainhize -homedirectory: home/user/ainhize -mail: aiberasategi@beasaingoikastola.eus -objectclass: top -objectclass: inetOrgPerson -objectclass: posixAccount -objectclass: accountsManagement -sn: berasategi -uid: ainhize -uidnumber: 1003 -userpassword: {SSHA}+zIIyEO7SpWXS281E5PrBZwIBzAhg7Lu - -# Entry 6: cn=aitzol berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=e... -dn: cn=aitzol berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus -active: TRUE -cn: aitzol berasategi -fakecn: FALSE -gidnumber: 501 -givenname: aitzol -homedirectory: /home/users/aitzol -mail: aitzol@disroot.org -mail: aitzol@lainoa.eus -objectclass: inetOrgPerson -objectclass: posixAccount -objectclass: top -objectclass: accountsManagement -sn: berasategi -uid: aitzol -uidnumber: 1000 -userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw== - -# Entry 7: cn=aloña etxezabal,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eu... -dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9bGRhcCxkYz1sYWl - ub2EsZGM9ZXVz -active: TRUE -cn:: YWxvw7FhIGV0eGV6YWJhbA== -fakecn: FALSE -gidnumber: 501 -givenname:: YWxvw7Fh -homedirectory: home/user/aloXa -mail: etxezabal2@gmail.com -objectclass: top -objectclass: inetOrgPerson -objectclass: posixAccount -objectclass: accountsManagement -sn: etxezabal -uid:: YWxvw7Fh -uidnumber: 1002 -userpassword: {SSHA}gf5/DeXh2mrS+5hGYwRArLoPdMqWjXJE - -# Entry 8: cn=araitz berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=e... -dn: cn=araitz berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus -active: FALSE -cn: araitz berasategi -fakecn: FALSE -gidnumber: 501 -givenname: araitz -homedirectory: home/user/araitz -mail: aiberasategi@beasaingoikastola.eus -objectclass: top -objectclass: inetOrgPerson -objectclass: posixAccount -objectclass: accountsManagement -sn: berasategi -uid: araitz -uidnumber: 1001 -userpassword: {SSHA}TBqErOn6u84ZSvg9lL+EBfFO/i0s1bpP - -# Entry 9: cn=garazi telleria,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus... -dn: cn=garazi telleria,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus -active: TRUE -cn: garazi telleria -fakecn: FALSE -gidnumber: 501 -givenname: garazi -homedirectory: home/user/pepe -mail: garazi@fakemail.com -objectclass: top -objectclass: inetOrgPerson -objectclass: posixAccount -objectclass: accountsManagement -sn: telleria -uid: garazi -uidnumber: 1004 -userpassword: {SSHA}ZSg27RZpSxHvynuxdiBT4xUB6nAd7G4S - -# Entry 10: cn=jose berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eu... -dn: cn=jose berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus -active: TRUE -cn: jose berasategi -fakecn: FALSE -gidnumber: 501 -givenname: jose -homedirectory: home/user/aitona -mail: joxeberasategi@gmail.com -objectclass: top -objectclass: inetOrgPerson -objectclass: posixAccount -objectclass: accountsManagement -sn: berasategi -uid: aitona -uidnumber: 1007 -userpassword: {SSHA}SJVZDlmsMjckdMrJ9IGRDA0xQLaAInKj - -# Entry 11: cn=nekane berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=... -dn: cn=nekane berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus -active: TRUE -cn: nekane berasategi -fakecn: FALSE -gidnumber: 501 -givenname: nekane -homedirectory: home/user/nekane -mail: nekane@fakemail.com -objectclass: top -objectclass: inetOrgPerson -objectclass: posixAccount -objectclass: accountsManagement -sn: berasategi -uid: nekane -uidnumber: 1005 -userpassword: {SSHA}obReH1el6MwQt1KOFV3Jpa59OlTY0Ian - -# Entry 12: cn=nekane eskisabel,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=e... -dn: cn=nekane eskisabel,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus -active: TRUE -cn: nekane eskisabel -fakecn: FALSE -gidnumber: 501 -givenname: nekane -homedirectory: home/user/amona -mail: ertzillegi54@gmail.com -objectclass: top -objectclass: inetOrgPerson -objectclass: posixAccount -objectclass: accountsManagement -sn: eskisabel -uid: amona -uidnumber: 1006 -userpassword: {SSHA}a1vxqvMfloOa4zGtPNrfBBHUw7o0+yKC diff --git a/backup/export.ldif b/backup/export.ldif index c371f01..9b1ad56 100644 --- a/backup/export.ldif +++ b/backup/export.ldif @@ -29,52 +29,21 @@ gidnumber: 501 objectclass: posixGroup objectclass: top -# Entry 4: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org -dn: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org -cn: aitzol berasategi -gidnumber: 501 -givenname: aitzol -homedirectory: /home/users/aitzol -mail: aitzol@disroot.org -mail: aitzol@lainoa.eus -objectclass: inetOrgPerson -objectclass: posixAccount -objectclass: top -sn: berasategi -uid: aitzol -uidnumber: 1000 -userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw== - -# Entry 5: cn=aloña etxezabal,cn=users,ou=groups,dc=example,dc=org -dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9ZXhhbXBsZSxkYz1 - vcmc= +# Entry 4: cn=seiichi takimoto,cn=users,ou=groups,dc=example,dc=org +# password: secret +dn: cn=seiichi takimoto,cn=users,ou=groups,dc=example,dc=org active: TRUE -cn:: YWxvw7FhIGV0eGV6YWJhbA== +cn: seiichi takimoto +fakecn: FALSE gidnumber: 501 -homedirectory: home/user/alona -mail: etxezabal2@gmail.com -mail: etxezabal2@lainoa.eus -objectclass: top +givenname: seiichi +homedirectory: /home/users/seiichi +mail: seiichi@fakemail.com objectclass: inetOrgPerson objectclass: posixAccount +objectclass: top objectclass: accountsManagement -sn: etxezabal -uid:: YWxvw7Fh -uidnumber: 1002 - -# Entry 6: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org -dn: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org -cn: araitz berasategi -gidnumber: 501 -givenname: araitz -homedirectory: /home/users/araitz -mail: aberasategi@beasaingoikastola.eus -mail: araitz@lainoa.eus -objectclass: inetOrgPerson -objectclass: posixAccount -objectclass: top -sn: berasategi -uid: araitz -uidnumber: 1001 -userpassword: {SSHA}V0ExiUW1p5ICNVJigX9WkE+Hj7XKvMjL - +sn: takimoto +uid: seiichi +uidnumber: 1000 +userpassword: {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ== \ No newline at end of file diff --git a/backup/export2.ldif b/backup/export2.ldif deleted file mode 100644 index 9f06703..0000000 --- a/backup/export2.ldif +++ /dev/null @@ -1,78 +0,0 @@ -# LDIF Export for ou=groups,dc=example,dc=org -# Server: slapd (slapd) -# Search Scope: sub -# Search Filter: (objectClass=*) -# Total Entries: 6 -# -# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on March 3, 2022 7:59 am -# Version: 1.2.5 - -version: 1 - -# Entry 1: ou=groups,dc=example,dc=org -dn: ou=groups,dc=example,dc=org -objectclass: organizationalUnit -objectclass: top -ou: groups - -# Entry 2: cn=admin,ou=groups,dc=example,dc=org -dn: cn=admin,ou=groups,dc=example,dc=org -cn: admin -gidnumber: 500 -objectclass: posixGroup -objectclass: top - -# Entry 3: cn=users,ou=groups,dc=example,dc=org -dn: cn=users,ou=groups,dc=example,dc=org -cn: users -gidnumber: 501 -objectclass: posixGroup -objectclass: top - -# Entry 4: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org -dn: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org -cn: aitzol berasategi -gidnumber: 501 -givenname: aitzol -homedirectory: /home/users/aitzol -mail: aitzol@disroot.org -mail: aitzol@lainoa.eus -objectclass: inetOrgPerson -objectclass: posixAccount -objectclass: top -sn: berasategi -uid: aitzol -uidnumber: 1000 -userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw== - -# Entry 5: cn=aloña etxezabal,cn=users,ou=groups,dc=example,dc=org -dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9ZXhhbXBsZSxkYz1 - vcmc= -cn:: YWxvw7FhIGV0eGV6YWJhbA== -gidnumber: 501 -homedirectory: home/user/alona -mail: etxezabal2@gmail.com -mail: etxezabal2@lainoa.eus -objectclass: top -objectclass: inetOrgPerson -objectclass: posixAccount -sn: etxezabal -uid:: YWxvw7Fh -uidnumber: 1002 - -# Entry 6: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org -dn: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org -cn: araitz berasategi -gidnumber: 501 -givenname: araitz -homedirectory: /home/users/araitz -mail: aberasategi@beasaingoikastola.eus -mail: araitz@lainoa.eus -objectclass: inetOrgPerson -objectclass: posixAccount -objectclass: top -sn: berasategi -uid: araitz -uidnumber: 1001 -userpassword: {SSHA}V0ExiUW1p5ICNVJigX9WkE+Hj7XKvMjL - diff --git a/backup/export_am.ldif b/backup/export_am.ldif deleted file mode 100644 index fe0eee5..0000000 --- a/backup/export_am.ldif +++ /dev/null @@ -1,81 +0,0 @@ -# LDIF Export for ou=groups,dc=example,dc=org -# Server: slapd (slapd) -# Search Scope: sub -# Search Filter: (objectClass=*) -# Total Entries: 6 -# -# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on March 4, 2022 10:03 am -# Version: 1.2.5 - -version: 1 - -# Entry 1: ou=groups,dc=example,dc=org -dn: ou=groups,dc=example,dc=org -objectclass: organizationalUnit -objectclass: top -ou: groups - -# Entry 2: cn=admin,ou=groups,dc=example,dc=org -dn: cn=admin,ou=groups,dc=example,dc=org -cn: admin -gidnumber: 500 -objectclass: posixGroup -objectclass: top - -# Entry 3: cn=users,ou=groups,dc=example,dc=org -dn: cn=users,ou=groups,dc=example,dc=org -cn: users -gidnumber: 501 -objectclass: posixGroup -objectclass: top - -# Entry 4: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org -dn: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org -active: TRUE -cn: aitzol berasategi -ficticiouscn: FALSE -gidnumber: 501 -givenname: aitzol -homedirectory: /home/users/aitzol -mail: aitzol@disroot.org -mail: aitzol@lainoa.eus -objectclass: inetOrgPerson -objectclass: posixAccount -objectclass: top -objectclass: accountsManagement -sn: berasategi -uid: aitzol -uidnumber: 1000 -userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw== - -# Entry 5: cn=aloña etxezabal,cn=users,ou=groups,dc=example,dc=org -dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9ZXhhbXBsZSxkYz1 - vcmc= -cn:: YWxvw7FhIGV0eGV6YWJhbA== -gidnumber: 501 -homedirectory: home/user/alona -mail: etxezabal2@gmail.com -mail: etxezabal2@lainoa.eus -objectclass: top -objectclass: inetOrgPerson -objectclass: posixAccount -sn: etxezabal -uid:: YWxvw7Fh -uidnumber: 1002 - -# Entry 6: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org -dn: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org -cn: araitz berasategi -gidnumber: 501 -givenname: araitz -homedirectory: /home/users/araitz -mail: aberasategi@beasaingoikastola.eus -mail: araitz@lainoa.eus -objectclass: inetOrgPerson -objectclass: posixAccount -objectclass: top -sn: berasategi -uid: araitz -uidnumber: 1001 -userpassword: {SSHA}V0ExiUW1p5ICNVJigX9WkE+Hj7XKvMjL - diff --git a/ezabatu.md b/ezabatu.md new file mode 100644 index 0000000..447bd36 --- /dev/null +++ b/ezabatu.md @@ -0,0 +1,84 @@ +# LDAP kudeaketarako Web Interfazea +[base]: https://github.com/jirutka/ldap-passwd-webui +[proiektu-izena]: ldap-python-webui +[git-izena]: aitzol/[proiektu-izena] +[pypi-bottle]: https://pypi.python.org/pypi/bottle/ +[pypi-ldap3]: https://pypi.python.org/pypi/ldap3 +[settings]: https://git.lainoa.eus/aitzol/ldap-python-webui/src/branch/master/settings.ini.example +[GPL3]: https://www.gnu.org/licenses/gpl-3.0.txt +[LICENSE]: https://www.gnu.org/licenses/licenses.html +[wsgiref]: https://docs.python.org/3/library/wsgiref.html#module-wsgiref.simple_server +[WSGI]: https://en.wikipedia.org/wiki/Web_Server_Gateway_Interface +[LDAP]: https://eu.wikipedia.org/wiki/LDAP +[fork]: https://github.com/jirutka/ldap-passwd-webui + +Proiektu honen helburua erabiltzaileei [LDAP][LDAP] protokoloa erabiltzen duten zerbitzuetan norberaren kontuaren kudeaketarako tresna bat eskaintzea da, kontua sortu, pasahitza aldatu eta oinarrizko beste eragiketa batzuk burutzeko aukera emanez. [Bottle](http://bottlepy.org), Python-en WSGI web-framework-a erabiliz dago eraikia, [@jirutka][fork]-ren _ldap-passwd-webui_ proiektuan oinarritua. + +## Instalakuntza + +#### Baldintzak + +* Python 3.x +* [bottle][pypi-bottle] +* [ldap3][pypi-ldap3] 2.x + +#### Urratsak + +Biltegi honetako edukiak klonatu eta menpekotasunak instalatu: + + git clone https://git.lainoa.eus/aitzol/ldap-python-webui + cd ldap-python-webui + pip install -r requirements.txt + +## Abian jarri + +#### Konfiguraketa + +Konfiguraketa [settings.ini][settings] fitxategian ezartzen da. Fitxategi honen kokapena `CONF_FILE` ingurumen-aldagaia erabiliz zehaztu daiteke. + +#### Ingurunea + +`LDAP_ADMIN_PASSWORD` eta `LDAP_READONLY_PASSWORD` _environment_ edo ingurumen-aldagaiak sisteman ezarri. + +#### Abiarazteko aukerak + +* [WSGI][WSGI] zerbitzariaren bidez, [wsgiref][wsgiref]-en oinarritua: + +``` + uwsgi --http :8080 --enable-threads --wsgi-file app.py +``` + +* Berezko Bottle zerbitzariaren bidez zuzenean `app.py` exekutatuz: + +``` + cd ldap-python-webui + python3 app.py +``` + +* Ondoren nabigatzailean http://localhost:8080 helbidea ireki + +## Ezaugarriak +* Saioa hasi + > Erabiltzaile izena eta pasahitzaz LDAP zerbitzarian saioa hasi. +* Izen-abizenak(aukerakoa) editatu +* Email helbidea editatu +* Pasahitza aldatu +* kontua ezabatu +* Kontua sortu + > Gonbidapen kodea erabiliz +* Lokalizazioa/Hizkuntza egokitzeko aukera + +## Egiteke + +* Erabiltzaileari ePosta bidez kontua aktibatzeko eskatzea. +* Pasahitza berrezartzen denean erabiltzaileari ePosta bidez jakinaraztea. + +## Screenshot + +![alt text](data/screenshot.png "Screenshot") + + +## Lizentzia + +Lan hau [GPLv3 License][LICENSE] lizentziapean aurkitzen da. +Lizentziaren textu osoa eskuratzeko ikusi ondorengo [esteka][GPL3]. \ No newline at end of file