aitzol/ldap-docker
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

readmea

Browse Source
This commit is contained in:
aitzol76 2022-04-23 16:22:44 +02:00
parent 4836c50d32
commit 810f1a12f5
8 changed files with 128 additions and 390 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
certs

2
Dockerfile
View File

@ -1,4 +1,4 @@
FROM osixia/openldap FROM osixia/openldap
#copy ldap backup and custom schemas to the server #copy ldap backup and custom schemas to the server
COPY ${PWD}/backup/export.lainoa.eus.ldif /container/service/slapd/assets/config/bootstrap/ldif/custom/export.ldif COPY ${PWD}/backup/export.ldif /container/service/slapd/assets/config/bootstrap/ldif/custom/export.ldif
COPY ${PWD}/schema/custom.schema /container/service/slapd/assets/config/bootstrap/schema/custom/custom.schema COPY ${PWD}/schema/custom.schema /container/service/slapd/assets/config/bootstrap/schema/custom/custom.schema

29
README.md
View File

@ -0,0 +1,29 @@
# LDAP zerbitzaria eta kudeaketa bezeroa
[proiektu-izena]: ldap-docker
[git-izena]: aitzol/[proiektu-izena]
[LDAP]: https://eu.wikipedia.org/wiki/LDAP
[phpldapadmin]: http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page
[osixia]: https://github.com/osixia
[osixia/openldap]: https://github.com/osixia/docker-openldap
[osixia/phpldapadmin]: https://github.com/osixia/docker-phpLDAPadmin
[GPL3]: https://www.gnu.org/licenses/gpl-3.0.txt
[LICENSE]: https://www.gnu.org/licenses/licenses.html
[LDAP][LDAP] zerbitzaria eta kudeaketarako bezeroaren instalakuntza eredua da hau. Zerbitzariak [@osixia][osixia]-ren [osixia/openldap][osixia/openldap] Docker irudia du oinarritzat, bezeroak [osixia/phpldapadmin][osixia/phpldapadmin] irudia.
Zerbitzariari erabiltzaileen kontuen kudeaketarako egitura eskema bat txertatu zaio, baita erabiltzaile zerrenda bat ere, adibide moduan.
Instalakuntza amaitzean zerbitzaria eta bezeroa Docker edukiontzi banatan izango dira martxan. LDAP zerbitzaria [PhpLdapAdmin][phpldapadmin] bidez kudeatu ahal izango da.
## instalakuntza urratsak
* git clone [repo][git-izena]
* cd [ldap-docker][ldap-docker]
* sudo docker build -t osixia/openldap .
* docker-compose up -d
## instalakuntza egiaztatu
* docker ps -a (edukiontziak ikusi)
## LDAP zerbitzariaren kudeaketa
* localhost:8080
* logeatu:
erabiltzailea: cn=admin,dc=example,dc=org
pasahitza: admin

186
backup/export.lainoa.eus.ldif
View File

@ -1,186 +0,0 @@
# LDIF Export for ou=groups,dc=ldap,dc=lainoa,dc=eus
# Server: slapd (slapd)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 12
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on April 22, 2022 3:19 pm
# Version: 1.2.5
version: 1
# Entry 1: ou=groups,dc=ldap,dc=lainoa,dc=eus
dn: ou=groups,dc=ldap,dc=lainoa,dc=eus
objectclass: organizationalUnit
objectclass: top
ou: groups
# Entry 2: cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus
dn: cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus
cn: admins
gidnumber: 500
objectclass: posixGroup
objectclass: top
# Entry 3: uid=root,cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus
dn: uid=root,cn=admins,ou=groups,dc=ldap,dc=lainoa,dc=eus
gidnumber: 500
objectclass: account
objectclass: simpleSecurityObject
objectclass: top
objectclass: extensibleObject
uid: root
userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
# Entry 4: cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
dn: cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
cn: users
gidnumber: 501
objectclass: posixGroup
objectclass: top
# Entry 5: cn=ainhize berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=...
dn: cn=ainhize berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
active: TRUE
cn: ainhize berasategi
fakecn: FALSE
gidnumber: 501
givenname: ainhize
homedirectory: home/user/ainhize
mail: aiberasategi@beasaingoikastola.eus
objectclass: top
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: accountsManagement
sn: berasategi
uid: ainhize
uidnumber: 1003
userpassword: {SSHA}+zIIyEO7SpWXS281E5PrBZwIBzAhg7Lu
# Entry 6: cn=aitzol berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=e...
dn: cn=aitzol berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
active: TRUE
cn: aitzol berasategi
fakecn: FALSE
gidnumber: 501
givenname: aitzol
homedirectory: /home/users/aitzol
mail: aitzol@disroot.org
mail: aitzol@lainoa.eus
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
objectclass: accountsManagement
sn: berasategi
uid: aitzol
uidnumber: 1000
userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
# Entry 7: cn=aloña etxezabal,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eu...
dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9bGRhcCxkYz1sYWl
ub2EsZGM9ZXVz
active: TRUE
cn:: YWxvw7FhIGV0eGV6YWJhbA==
fakecn: FALSE
gidnumber: 501
givenname:: YWxvw7Fh
homedirectory: home/user/aloXa
mail: etxezabal2@gmail.com
objectclass: top
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: accountsManagement
sn: etxezabal
uid:: YWxvw7Fh
uidnumber: 1002
userpassword: {SSHA}gf5/DeXh2mrS+5hGYwRArLoPdMqWjXJE
# Entry 8: cn=araitz berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=e...
dn: cn=araitz berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
active: FALSE
cn: araitz berasategi
fakecn: FALSE
gidnumber: 501
givenname: araitz
homedirectory: home/user/araitz
mail: aiberasategi@beasaingoikastola.eus
objectclass: top
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: accountsManagement
sn: berasategi
uid: araitz
uidnumber: 1001
userpassword: {SSHA}TBqErOn6u84ZSvg9lL+EBfFO/i0s1bpP
# Entry 9: cn=garazi telleria,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus...
dn: cn=garazi telleria,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
active: TRUE
cn: garazi telleria
fakecn: FALSE
gidnumber: 501
givenname: garazi
homedirectory: home/user/pepe
mail: garazi@fakemail.com
objectclass: top
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: accountsManagement
sn: telleria
uid: garazi
uidnumber: 1004
userpassword: {SSHA}ZSg27RZpSxHvynuxdiBT4xUB6nAd7G4S
# Entry 10: cn=jose berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eu...
dn: cn=jose berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
active: TRUE
cn: jose berasategi
fakecn: FALSE
gidnumber: 501
givenname: jose
homedirectory: home/user/aitona
mail: joxeberasategi@gmail.com
objectclass: top
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: accountsManagement
sn: berasategi
uid: aitona
uidnumber: 1007
userpassword: {SSHA}SJVZDlmsMjckdMrJ9IGRDA0xQLaAInKj
# Entry 11: cn=nekane berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=...
dn: cn=nekane berasategi,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
active: TRUE
cn: nekane berasategi
fakecn: FALSE
gidnumber: 501
givenname: nekane
homedirectory: home/user/nekane
mail: nekane@fakemail.com
objectclass: top
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: accountsManagement
sn: berasategi
uid: nekane
uidnumber: 1005
userpassword: {SSHA}obReH1el6MwQt1KOFV3Jpa59OlTY0Ian
# Entry 12: cn=nekane eskisabel,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=e...
dn: cn=nekane eskisabel,cn=users,ou=groups,dc=ldap,dc=lainoa,dc=eus
active: TRUE
cn: nekane eskisabel
fakecn: FALSE
gidnumber: 501
givenname: nekane
homedirectory: home/user/amona
mail: ertzillegi54@gmail.com
objectclass: top
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: accountsManagement
sn: eskisabel
uid: amona
uidnumber: 1006
userpassword: {SSHA}a1vxqvMfloOa4zGtPNrfBBHUw7o0+yKC

57
backup/export.ldif
View File

@ -29,52 +29,21 @@ gidnumber: 501
objectclass: posixGroup objectclass: posixGroup
objectclass: top objectclass: top
# Entry 4: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org # Entry 4: cn=seiichi takimoto,cn=users,ou=groups,dc=example,dc=org
dn: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org # password: secret
cn: aitzol berasategi dn: cn=seiichi takimoto,cn=users,ou=groups,dc=example,dc=org
gidnumber: 501
givenname: aitzol
homedirectory: /home/users/aitzol
mail: aitzol@disroot.org
mail: aitzol@lainoa.eus
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: berasategi
uid: aitzol
uidnumber: 1000
userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
# Entry 5: cn=aloña etxezabal,cn=users,ou=groups,dc=example,dc=org
dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9ZXhhbXBsZSxkYz1
vcmc=
active: TRUE active: TRUE
cn:: YWxvw7FhIGV0eGV6YWJhbA== cn: seiichi takimoto
fakecn: FALSE
gidnumber: 501 gidnumber: 501
homedirectory: home/user/alona givenname: seiichi
mail: etxezabal2@gmail.com homedirectory: /home/users/seiichi
mail: etxezabal2@lainoa.eus mail: seiichi@fakemail.com
objectclass: top
objectclass: inetOrgPerson objectclass: inetOrgPerson
objectclass: posixAccount objectclass: posixAccount
objectclass: top
objectclass: accountsManagement objectclass: accountsManagement
sn: etxezabal sn: takimoto
uid:: YWxvw7Fh uid: seiichi
uidnumber: 1002 uidnumber: 1000
userpassword: {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
# Entry 6: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
dn: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
cn: araitz berasategi
gidnumber: 501
givenname: araitz
homedirectory: /home/users/araitz
mail: aberasategi@beasaingoikastola.eus
mail: araitz@lainoa.eus
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: berasategi
uid: araitz
uidnumber: 1001
userpassword: {SSHA}V0ExiUW1p5ICNVJigX9WkE+Hj7XKvMjL

78
backup/export2.ldif
View File

@ -1,78 +0,0 @@
# LDIF Export for ou=groups,dc=example,dc=org
# Server: slapd (slapd)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 6
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on March 3, 2022 7:59 am
# Version: 1.2.5
version: 1
# Entry 1: ou=groups,dc=example,dc=org
dn: ou=groups,dc=example,dc=org
objectclass: organizationalUnit
objectclass: top
ou: groups
# Entry 2: cn=admin,ou=groups,dc=example,dc=org
dn: cn=admin,ou=groups,dc=example,dc=org
cn: admin
gidnumber: 500
objectclass: posixGroup
objectclass: top
# Entry 3: cn=users,ou=groups,dc=example,dc=org
dn: cn=users,ou=groups,dc=example,dc=org
cn: users
gidnumber: 501
objectclass: posixGroup
objectclass: top
# Entry 4: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
dn: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
cn: aitzol berasategi
gidnumber: 501
givenname: aitzol
homedirectory: /home/users/aitzol
mail: aitzol@disroot.org
mail: aitzol@lainoa.eus
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: berasategi
uid: aitzol
uidnumber: 1000
userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
# Entry 5: cn=aloña etxezabal,cn=users,ou=groups,dc=example,dc=org
dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9ZXhhbXBsZSxkYz1
vcmc=
cn:: YWxvw7FhIGV0eGV6YWJhbA==
gidnumber: 501
homedirectory: home/user/alona
mail: etxezabal2@gmail.com
mail: etxezabal2@lainoa.eus
objectclass: top
objectclass: inetOrgPerson
objectclass: posixAccount
sn: etxezabal
uid:: YWxvw7Fh
uidnumber: 1002
# Entry 6: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
dn: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
cn: araitz berasategi
gidnumber: 501
givenname: araitz
homedirectory: /home/users/araitz
mail: aberasategi@beasaingoikastola.eus
mail: araitz@lainoa.eus
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: berasategi
uid: araitz
uidnumber: 1001
userpassword: {SSHA}V0ExiUW1p5ICNVJigX9WkE+Hj7XKvMjL

81
backup/export_am.ldif
View File

@ -1,81 +0,0 @@
# LDIF Export for ou=groups,dc=example,dc=org
# Server: slapd (slapd)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 6
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on March 4, 2022 10:03 am
# Version: 1.2.5
version: 1
# Entry 1: ou=groups,dc=example,dc=org
dn: ou=groups,dc=example,dc=org
objectclass: organizationalUnit
objectclass: top
ou: groups
# Entry 2: cn=admin,ou=groups,dc=example,dc=org
dn: cn=admin,ou=groups,dc=example,dc=org
cn: admin
gidnumber: 500
objectclass: posixGroup
objectclass: top
# Entry 3: cn=users,ou=groups,dc=example,dc=org
dn: cn=users,ou=groups,dc=example,dc=org
cn: users
gidnumber: 501
objectclass: posixGroup
objectclass: top
# Entry 4: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
dn: cn=aitzol berasategi,cn=users,ou=groups,dc=example,dc=org
active: TRUE
cn: aitzol berasategi
ficticiouscn: FALSE
gidnumber: 501
givenname: aitzol
homedirectory: /home/users/aitzol
mail: aitzol@disroot.org
mail: aitzol@lainoa.eus
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
objectclass: accountsManagement
sn: berasategi
uid: aitzol
uidnumber: 1000
userpassword: {MD5}KqFTu3MOzIa+1t9lgOeUpw==
# Entry 5: cn=aloña etxezabal,cn=users,ou=groups,dc=example,dc=org
dn:: Y249YWxvw7FhIGV0eGV6YWJhbCxjbj11c2VycyxvdT1ncm91cHMsZGM9ZXhhbXBsZSxkYz1
vcmc=
cn:: YWxvw7FhIGV0eGV6YWJhbA==
gidnumber: 501
homedirectory: home/user/alona
mail: etxezabal2@gmail.com
mail: etxezabal2@lainoa.eus
objectclass: top
objectclass: inetOrgPerson
objectclass: posixAccount
sn: etxezabal
uid:: YWxvw7Fh
uidnumber: 1002
# Entry 6: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
dn: cn=araitz berasategi,cn=users,ou=groups,dc=example,dc=org
cn: araitz berasategi
gidnumber: 501
givenname: araitz
homedirectory: /home/users/araitz
mail: aberasategi@beasaingoikastola.eus
mail: araitz@lainoa.eus
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: berasategi
uid: araitz
uidnumber: 1001
userpassword: {SSHA}V0ExiUW1p5ICNVJigX9WkE+Hj7XKvMjL

84
ezabatu.md Normal file
View File

@ -0,0 +1,84 @@
# LDAP kudeaketarako Web Interfazea
[base]: https://github.com/jirutka/ldap-passwd-webui
[proiektu-izena]: ldap-python-webui
[git-izena]: aitzol/[proiektu-izena]
[pypi-bottle]: https://pypi.python.org/pypi/bottle/
[pypi-ldap3]: https://pypi.python.org/pypi/ldap3
[settings]: https://git.lainoa.eus/aitzol/ldap-python-webui/src/branch/master/settings.ini.example
[GPL3]: https://www.gnu.org/licenses/gpl-3.0.txt
[LICENSE]: https://www.gnu.org/licenses/licenses.html
[wsgiref]: https://docs.python.org/3/library/wsgiref.html#module-wsgiref.simple_server
[WSGI]: https://en.wikipedia.org/wiki/Web_Server_Gateway_Interface
[LDAP]: https://eu.wikipedia.org/wiki/LDAP
[fork]: https://github.com/jirutka/ldap-passwd-webui
Proiektu honen helburua erabiltzaileei [LDAP][LDAP] protokoloa erabiltzen duten zerbitzuetan norberaren kontuaren kudeaketarako tresna bat eskaintzea da, kontua sortu, pasahitza aldatu eta oinarrizko beste eragiketa batzuk burutzeko aukera emanez. [Bottle](http://bottlepy.org), Python-en WSGI web-framework-a erabiliz dago eraikia, [@jirutka][fork]-ren _ldap-passwd-webui_ proiektuan oinarritua.
## Instalakuntza
#### Baldintzak
* Python 3.x
* [bottle][pypi-bottle]
* [ldap3][pypi-ldap3] 2.x
#### Urratsak
Biltegi honetako edukiak klonatu eta menpekotasunak instalatu:
git clone https://git.lainoa.eus/aitzol/ldap-python-webui
cd ldap-python-webui
pip install -r requirements.txt
## Abian jarri
#### Konfiguraketa
Konfiguraketa [settings.ini][settings] fitxategian ezartzen da. Fitxategi honen kokapena `CONF_FILE` ingurumen-aldagaia erabiliz zehaztu daiteke.
#### Ingurunea
`LDAP_ADMIN_PASSWORD` eta `LDAP_READONLY_PASSWORD` _environment_ edo ingurumen-aldagaiak sisteman ezarri.
#### Abiarazteko aukerak
* [WSGI][WSGI] zerbitzariaren bidez, [wsgiref][wsgiref]-en oinarritua:
```
uwsgi --http :8080 --enable-threads --wsgi-file app.py
```
* Berezko Bottle zerbitzariaren bidez zuzenean `app.py` exekutatuz:
```
cd ldap-python-webui
python3 app.py
```
* Ondoren nabigatzailean http://localhost:8080 helbidea ireki
## Ezaugarriak
* Saioa hasi
> Erabiltzaile izena eta pasahitzaz LDAP zerbitzarian saioa hasi.
* Izen-abizenak(aukerakoa) editatu
* Email helbidea editatu
* Pasahitza aldatu
* kontua ezabatu
* Kontua sortu
> Gonbidapen kodea erabiliz
* Lokalizazioa/Hizkuntza egokitzeko aukera
## Egiteke
* Erabiltzaileari ePosta bidez kontua aktibatzeko eskatzea.
* Pasahitza berrezartzen denean erabiltzaileari ePosta bidez jakinaraztea.
## Screenshot
![alt text](data/screenshot.png "Screenshot")
## Lizentzia
Lan hau [GPLv3 License][LICENSE] lizentziapean aurkitzen da.
Lizentziaren textu osoa eskuratzeko ikusi ondorengo [esteka][GPL3].