From d77d21d3119896673d8a969f70b68046ea99be91 Mon Sep 17 00:00:00 2001 From: Gabriel Detraz Date: Thu, 31 Aug 2017 19:40:24 +0200 Subject: [PATCH] Script d'installation : prise en charge config apache... --- install_re2o.sh | 201 +++++++++++++++++++++++++------- install_utils/apache2/re2o.conf | 22 ++++ install_utils/db.ldiff | 93 ++++++++------- install_utils/schema.ldiff | 44 +++---- re2o/settings_local.example.py | 8 +- 5 files changed, 250 insertions(+), 118 deletions(-) create mode 100644 install_utils/apache2/re2o.conf diff --git a/install_re2o.sh b/install_re2o.sh index 9dd19095..c00fc5f3 100755 --- a/install_re2o.sh +++ b/install_re2o.sh @@ -1,16 +1,41 @@ +#!/bin/bash echo "Installation de Re2o ! Cet utilitaire va procéder à l'installation initiale de re2o. Le serveur présent doit être vierge. Preconfiguration..." -while true; do - read -p "Moteur de bdd choisi (mysql ou postgresql)" sql_bdd_type - case $sql_bdd_type in - [mysql]* ) break;; - [postgresql]* ) break;; - * ) echo "Réponse incorrecte";; -esac -done -read -p "Extension locale (ex : example.org)" extension_locale +export DEBIAN_FRONTEND=noninteractive + +apt-get -y install dialog + +HEIGHT=15 +WIDTH=40 +CHOICE_HEIGHT=4 +BACKTITLE="Preconfiguration re2o" +MENU="Choisir une option" + +TITLE="Choix du moteur bdd" +OPTIONS=(1 "mysql" + 2 "postgresql") + +sql_bdd_type=$(dialog --clear \ + --backtitle "$BACKTITLE" \ + --title "$TITLE" \ + --menu "$MENU" \ + $HEIGHT $WIDTH $CHOICE_HEIGHT \ + "${OPTIONS[@]}" \ + 2>&1 >/dev/tty) + +clear + + +TITLE="Extension locale (ex : example.org)" + +extension_locale=$(dialog --title "$TITLE" \ + --backtitle "$BACKTITLE" \ + --inputbox "$TITLE" $HEIGHT $WIDTH \ + 2>&1 >/dev/tty) +clear + IFS='.' read -a extension_locale_array <<< $extension_locale @@ -21,21 +46,49 @@ done ldap_dn=${ldap_dn::-1} echo $ldap_dn -while true; do - read -p "Installer la base de donnée sql en local (Y/N)" sql_is_local - case $sql_is_local in - [N]* ) echo "Vous devrez fournir un login/mdp/host dans ce cas"; break;; - [Y]* ) break;; - * ) echo "Réponse incorrecte (Y/N)";; -esac -done +TITLE="Emplacement de la bdd" +OPTIONS=(1 "Local" + 2 "Distant") -read -p "Mot de passe sql " sql_password -if [ $sql_is_local == "N" ] +sql_is_local=$(dialog --clear \ + --backtitle "$BACKTITLE" \ + --title "$TITLE" \ + --menu "$MENU" \ + $HEIGHT $WIDTH $CHOICE_HEIGHT \ + "${OPTIONS[@]}" \ + 2>&1 >/dev/tty) + +clear + +TITLE="Mot de passe sql" + +sql_password=$(dialog --title "$TITLE" \ + --backtitle "$BACKTITLE" \ + --inputbox "$TITLE" $HEIGHT $WIDTH \ + 2>&1 >/dev/tty) +clear + + +if [ $sql_is_local == 2 ] then -read -p "Login sql " sql_login -read -p "Nom bdd sql " sql_name -read -p "Hote de la base de donnée " sql_host +TITLE="Login sql" +sql_login=$(dialog --title "$TITLE" \ + --backtitle "$BACKTITLE" \ + --inputbox "$TITLE" $HEIGHT $WIDTH \ + 2>&1 >/dev/tty) +clear +TITLE="Nom de la bdd sql" +sql_name=$(dialog --title "$TITLE" \ + --backtitle "$BACKTITLE" \ + --inputbox "$TITLE" $HEIGHT $WIDTH \ + 2>&1 >/dev/tty) +clear +TITLE="Hote de la base de donnée" +sql_host=$(dialog --title "$TITLE" \ + --backtitle "$BACKTITLE" \ + --inputbox "$TITLE" $HEIGHT $WIDTH \ + 2>&1 >/dev/tty) +clear else sql_name="re2o" sql_login="re2o" @@ -47,21 +100,41 @@ CREATE USER '$sql_login'@'localhost' IDENTIFIED BY '$sql_password'; GRANT ALL PRIVILEGES ON $sql_name.* TO '$sql_login'@'localhost'; FLUSH PRIVILEGES;" -while true; do - read -p "Installer la base de donnée ldap en local (Y/N)" ldap_is_local - case $ldap_is_local in - [N]* ) echo "Vous devrez fournir un login/mdp/host dans ce cas"; break;; - [Y]* ) break;; - * ) echo "Réponse incorrecte (Y/N)";; -esac -done +TITLE="Emplacement du ldap" +OPTIONS=(1 "Local" + 2 "Distant") -read -p "Mot de passe ldap " ldap_password -if [ $ldap_is_local == "N" ] +ldap_is_local=$(dialog --clear \ + --backtitle "$BACKTITLE" \ + --title "$TITLE" \ + --menu "$MENU" \ + $HEIGHT $WIDTH $CHOICE_HEIGHT \ + "${OPTIONS[@]}" \ + 2>&1 >/dev/tty) + +echo "Vous devrez fournir un login/host dans le cas où le ldap est non local" + +TITLE="Mot de passe ldap" +ldap_password=$(dialog --title "$TITLE" \ + --backtitle "$BACKTITLE" \ + --inputbox "$TITLE" $HEIGHT $WIDTH \ + 2>&1 >/dev/tty) +clear +if [ $ldap_is_local == 2 ] then -read -p "Cn admin à utiliser " ldap_cn -read -p "Hote de la base de donnée (adresse ip seulement !)" ldap_host +TITLE="Cn ldap admin" +ldap_cn=$(dialog --title "$TITLE" \ + --backtitle "$BACKTITLE" \ + --inputbox "$TITLE" $HEIGHT $WIDTH \ + 2>&1 >/dev/tty) +clear +TITLE="Hote ldap" +ldap_host=$(dialog --title "$TITLE" \ + --backtitle "$BACKTITLE" \ + --inputbox "$TITLE" $HEIGHT $WIDTH \ + 2>&1 >/dev/tty) +clear else ldap_cn="cn=admin," ldap_cn+=$ldap_dn @@ -70,17 +143,17 @@ fi echo "Installation des paquets de base" -export DEBIAN_FRONTEND=noninteractive apt-get -y install python3-django python3-dateutil texlive-latex-base texlive-fonts-recommended python3-djangorestframework python3-django-reversion python3-pip libsasl2-dev libldap2-dev libssl-dev pip3 install django-bootstrap3 pip3 install django-ldapdb pip3 install django-macaddress -if [ $sql_bdd_type == "mysql" ] +if [ $sql_bdd_type == 1 ] then - if [ $sql_is_local == "Y" ] + if [ $sql_is_local == 1 ] then apt-get -y install mysql-server + mysql -u root --execute="$sql_command" else echo "Veuillez saisir la commande suivante sur le serveur sql distant, puis validez" echo $sql_command @@ -95,24 +168,24 @@ then fi apt-get -y install python3-mysqldb mysql-client else - if [ $sql_is_local == "Y" ] + if [ $sql_is_local == 1 ] then apt-get -y install postgresql-server fi apt-get -y install postgresql-client fi -if [ $ldap_is_local == "Y" ] +if [ $ldap_is_local == 1 ] then apt-get -y install slapd echo "Hashage du mot de passe ldap..." -hashed_ldap_passwd=$(slappasswd -s ldap_password) +hashed_ldap_passwd=$(slappasswd -s $ldap_password) echo $hashed_ldap_passwd echo "Formatage des fichiers de config ldap" -sed 's/dc=example,dc=org/'"$ldap_dn"'/g' install_utils/db.ldiff | sed 's/FILL_IT/'"$hashed_ldap_passwd"'/g' > /tmp/db -sed 's/dc=example,dc=org/'"$ldap_dn"'/g' install_utils/schema.ldiff | sed 's/FILL_IT/'"$hashed_ldap_passwd"'/g' > /tmp/schema +sed 's|dc=example,dc=org|'"$ldap_dn"'|g' install_utils/db.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db +sed 's|dc=example,dc=org|'"$ldap_dn"'|g' install_utils/schema.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema echo "Destruction config ldap existante" service slapd stop @@ -135,10 +208,10 @@ fi echo "Ecriture de settings_local" -django_secret_key=$(python -c 'import random; import string; print "".join([random.SystemRandom().choice(string.digits + string.letters + string.punctuation) for i in range(100)])') +django_secret_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(50)]))") cp re2o/settings_local.example.py re2o/settings_local.py -#sed -i 's/SUPER_SECRET_KEY/'"$django_secret_key"'/g' re2o/settings_local.py +sed -i 's/SUPER_SECRET_KEY/'"$django_secret_key"'/g' re2o/settings_local.py sed -i 's/SUPER_SECRET_DB/'"$sql_password"'/g' re2o/settings_local.py sed -i 's/db_name_value/'"$sql_name"'/g' re2o/settings_local.py sed -i 's/db_user_value/'"$sql_login"'/g' re2o/settings_local.py @@ -150,5 +223,43 @@ sed -i 's/dc=example,dc=org/'"$ldap_dn"'/g' re2o/settings_local.py sed -i 's/example.org/'"$extension_locale"'/g' re2o/settings_local.py echo "Application des migrations" -#python3 manage.py migrate +python3 manage.py migrate + +echo "Collecte des statics" +python3 manage.py collectstatics + +BACKTITLE="Fin de l'installation" +TITLE="Serveur web à utiliser" +OPTIONS=(1 "apache2" + 2 "nginx") + +web_serveur=$(dialog --clear \ + --backtitle "$BACKTITLE" \ + --title "$TITLE" \ + --menu "$MENU" \ + $HEIGHT $WIDTH $CHOICE_HEIGHT \ + "${OPTIONS[@]}" \ + 2>&1 >/dev/tty) + +clear + +TITLE="Url où servir le serveur web (ex : re2o.example.org)" +url_server=$(dialog --title "$TITLE" \ + --backtitle "$BACKTITLE" \ + --inputbox "$TITLE" $HEIGHT $WIDTH \ + 2>&1 >/dev/tty) +clear + +if [ $web_serveur == 1 ] +then +apt-get -y install apache2 libapache2-mod-wsgi-py3 +cp install_utils/apache2/re2o.conf /etc/apache2/sites-available/re2o.conf +sed -i 's/URL_SERVER/'"$url_server"'/g' /etc/apache2/sites-available/re2o.conf +current_path=$(pwd) +sed -i 's|PATH|'"$current_path"'|g' /etc/apache2/sites-available/re2o.conf +a2ensite re2o +service apache2 reload +else +echo "Nginx non supporté, vous devrez installer manuellement" +fi diff --git a/install_utils/apache2/re2o.conf b/install_utils/apache2/re2o.conf new file mode 100644 index 00000000..0e0fd668 --- /dev/null +++ b/install_utils/apache2/re2o.conf @@ -0,0 +1,22 @@ + + ServerName URL_SERVER + + LogLevel warn + ErrorLog ${APACHE_LOG_DIR}/re2o-error.log + CustomLog ${APACHE_LOG_DIR}/re2o-access.log combined + + + AuthType Basic + AuthName "Password Required" + AuthUserFile /usr/local/password + Require valid-user + #Require all granted + + + Alias /static PATH/static_files + + WSGIScriptAlias / PATH/re2o/wsgi.py + WSGIProcessGroup re2o + WSGIDaemonProcess re2o processes=2 threads=16 maximum-requests=1000 display-name=re2o + + diff --git a/install_utils/db.ldiff b/install_utils/db.ldiff index 21b45546..f73c029e 100644 --- a/install_utils/db.ldiff +++ b/install_utils/db.ldiff @@ -1,39 +1,38 @@ -dn: dc=ldap,dc=example,dc=org +dn: dc=example,dc=org o: rezo -dc: ldap structuralObjectClass: organization entryUUID: fc97a0fe-514b-1034-9e4d-59675b32507b -creatorsName: cn=admin,dc=ldap,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=org createTimestamp: 20150225150906Z description: ldap objectClass: top objectClass: dcObject objectClass: organization entryCSN: 20151003212702.245118Z#000000#000#000000 -modifiersName: cn=admin,dc=ldap,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=org modifyTimestamp: 20151003212702Z contextCSN: 20161004233332.689769Z#000000#000#000000 -dn: cn=admin,dc=ldap,dc=example,dc=org +dn: cn=admin,dc=example,dc=org objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin structuralObjectClass: organizationalRole entryUUID: fc97fa72-514b-1034-9e4e-59675b32507b -creatorsName: cn=admin,dc=ldap,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=org createTimestamp: 20150225150906Z description:: TERBUCBhZG1pbmlzdHJhdG9yDQo= userPassword: FILL_IT entryCSN: 20160604005945.576566Z#000000#000#000000 -modifiersName: cn=admin,dc=ldap,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=org modifyTimestamp: 20160604005945Z -dn: cn=Utilisateurs,dc=ldap,dc=example,dc=org +dn: cn=Utilisateurs,dc=example,dc=org gidNumber: 500 cn: Utilisateurs structuralObjectClass: posixGroup entryUUID: 5d53854e-5204-1034-8c61-8da535cabdfc -creatorsName: cn=admin,dc=ldap,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=org createTimestamp: 20150226130856Z sambaSID: 500 uid: Users @@ -42,143 +41,143 @@ objectClass: top objectClass: sambaSamAccount objectClass: radiusprofile entryCSN: 20150226130950.194154Z#000000#000#000000 -modifiersName: cn=admin,dc=ldap,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=org modifyTimestamp: 20150226130950Z -dn: ou=groups,dc=ldap,dc=example,dc=org +dn: ou=groups,dc=example,dc=org objectClass: organizationalUnit description: Groupes d'utilisateurs ou: groups structuralObjectClass: organizationalUnit entryUUID: 986aa1b6-bb86-1035-9a4c-2ff0c800ec24 -creatorsName: cn=admin,dc=ldap,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=org createTimestamp: 20160531142039Z entryCSN: 20160531142039.780151Z#000000#000#000000 -modifiersName: cn=admin,dc=ldap,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=org modifyTimestamp: 20160531142039Z -dn: ou=services,ou=groups,dc=ldap,dc=example,dc=org +dn: ou=services,ou=groups,dc=example,dc=org objectClass: organizationalUnit description: Groupes de comptes techniques ou: services structuralObjectClass: organizationalUnit entryUUID: cbb56904-bc6a-1035-9fbb-3dc3850d88ba -creatorsName: cn=admin,dc=ldap,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=org createTimestamp: 20160601173411Z entryCSN: 20160601173411.088359Z#000000#000#000000 -modifiersName: cn=admin,dc=ldap,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=org modifyTimestamp: 20160601173411Z -dn: ou=service-users,dc=ldap,dc=example,dc=org +dn: ou=service-users,dc=example,dc=org objectClass: organizationalUnit description: Utilisateurs techniques de l'annuaire ou: service-users structuralObjectClass: organizationalUnit entryUUID: 0e397270-bc6b-1035-9fbd-3dc3850d88ba -creatorsName: cn=admin,dc=ldap,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=org createTimestamp: 20160601173602Z entryCSN: 20160601173602.683304Z#000000#000#000000 -modifiersName: cn=admin,dc=ldap,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=org modifyTimestamp: 20160601173602Z -dn: cn=freeradius,ou=service-users,dc=ldap,dc=example,dc=org +dn: cn=freeradius,ou=service-users,dc=example,dc=org objectClass: applicationProcess objectClass: simpleSecurityObject cn: freeradius userPassword: FILL_IT structuralObjectClass: applicationProcess entryUUID: 8596e4ec-bc6b-1035-9fbf-3dc3850d88ba -creatorsName: cn=admin,dc=ldap,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=org createTimestamp: 20160601173922Z entryCSN: 20160601173922.944598Z#000000#000#000000 -modifiersName: cn=admin,dc=ldap,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=org modifyTimestamp: 20160601173922Z -dn: cn=nssauth,ou=service-users,dc=ldap,dc=example,dc=org +dn: cn=nssauth,ou=service-users,dc=example,dc=org objectClass: applicationProcess objectClass: simpleSecurityObject cn: nssauth structuralObjectClass: applicationProcess entryUUID: cfbdadc6-bc6b-1035-9fc4-3dc3850d88ba -creatorsName: cn=admin,dc=ldap,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=org createTimestamp: 20160601174127Z userPassword: FILL_IT entryCSN: 20160603093724.770069Z#000000#000#000000 -modifiersName: cn=admin,dc=ldap,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=org modifyTimestamp: 20160603093724Z -dn: cn=auth,ou=services,ou=groups,dc=ldap,dc=example,dc=org +dn: cn=auth,ou=services,ou=groups,dc=example,dc=org objectClass: groupOfNames cn: auth -member: cn=nssauth,ou=service-users,dc=ldap,dc=example,dc=org +member: cn=nssauth,ou=service-users,dc=example,dc=org structuralObjectClass: groupOfNames entryUUID: 98524836-bc6d-1035-9fc7-3dc3850d88ba -creatorsName: cn=admin,dc=ldap,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=org createTimestamp: 20160601175413Z entryCSN: 20160620005705.309928Z#000000#000#000000 -modifiersName: cn=admin,dc=ldap,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=org modifyTimestamp: 20160620005705Z -dn: ou=posix,ou=groups,dc=ldap,dc=example,dc=org +dn: ou=posix,ou=groups,dc=example,dc=org objectClass: organizationalUnit description: Groupes de comptes POSIX ou: posix structuralObjectClass: organizationalUnit entryUUID: fbd89c4a-bdb5-1035-9045-d5a09894d93e -creatorsName: cn=admin,dc=ldap,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=org createTimestamp: 20160603090455Z entryCSN: 20160603090455.267192Z#000000#000#000000 -modifiersName: cn=admin,dc=ldap,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=org modifyTimestamp: 20160603090455Z -dn: cn=wifi,ou=service-users,dc=ldap,dc=example,dc=org +dn: cn=wifi,ou=service-users,dc=example,dc=org objectClass: applicationProcess objectClass: simpleSecurityObject cn: wifi structuralObjectClass: applicationProcess entryUUID: 8cc2d1a6-bdc2-1035-9051-d5a09894d93e -creatorsName: cn=admin,dc=ldap,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=org createTimestamp: 20160603103452Z userPassword: FILL_IT entryCSN: 20160603103638.682210Z#000000#000#000000 -modifiersName: cn=admin,dc=ldap,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=org modifyTimestamp: 20160603103638Z -dn: cn=usermgmt,ou=services,ou=groups,dc=ldap,dc=example,dc=org +dn: cn=usermgmt,ou=services,ou=groups,dc=example,dc=org objectClass: groupOfNames cn: usermgmt structuralObjectClass: groupOfNames entryUUID: ec01e206-bdc2-1035-9054-d5a09894d93e -creatorsName: cn=admin,dc=ldap,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=org createTimestamp: 20160603103732Z -member: cn=wifi,ou=service-users,dc=ldap,dc=example,dc=org +member: cn=wifi,ou=service-users,dc=example,dc=org entryCSN: 20160603103746.897151Z#000000#000#000000 -modifiersName: cn=admin,dc=ldap,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=org modifyTimestamp: 20160603103746Z -dn: cn=replica,ou=service-users,dc=ldap,dc=example,dc=org +dn: cn=replica,ou=service-users,dc=example,dc=org objectClass: applicationProcess objectClass: simpleSecurityObject cn: replica structuralObjectClass: applicationProcess entryUUID: caef5c54-c0e4-1035-948f-dfe369fe3d4f -creatorsName: cn=admin,dc=ldap,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=org createTimestamp: 20160607101733Z userPassword: FILL_IT entryCSN: 20160607101829.424643Z#000000#000#000000 -modifiersName: cn=admin,dc=ldap,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=org modifyTimestamp: 20160607101829Z -dn: cn=readonly,ou=services,ou=groups,dc=ldap,dc=example,dc=org +dn: cn=readonly,ou=services,ou=groups,dc=example,dc=org objectClass: groupOfNames cn: readonly structuralObjectClass: groupOfNames entryUUID: f6bd2366-c0e4-1035-9492-dfe369fe3d4f -creatorsName: cn=admin,dc=ldap,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=org createTimestamp: 20160607101846Z -member: cn=replica,ou=service-users,dc=ldap,dc=example,dc=org -member: cn=freeradius,ou=service-users,dc=ldap,dc=example,dc=org +member: cn=replica,ou=service-users,dc=example,dc=org +member: cn=freeradius,ou=service-users,dc=example,dc=org entryCSN: 20160619214628.287369Z#000000#000#000000 -modifiersName: cn=admin,dc=ldap,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=org modifyTimestamp: 20160619214628Z diff --git a/install_utils/schema.ldiff b/install_utils/schema.ldiff index 00fb9e08..e8b934aa 100644 --- a/install_utils/schema.ldiff +++ b/install_utils/schema.ldiff @@ -1108,35 +1108,35 @@ objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap -olcSuffix: dc=ldap,dc=example,dc=org +olcSuffix: dc=example,dc=org olcAccess: {0}to attrs=userPassword,sambaNTPassword,mail by self write by an - onymous auth by dn="cn=admin,dc=ldap,dc=example,dc=org" write by group="cn - =readonly,ou=services,ou=groups,dc=ldap,dc=example,dc=org" read by group=" - cn=usermgmt,ou=services,ou=groups,dc=ldap,dc=example,dc=org" write by * no + onymous auth by dn="cn=admin,dc=example,dc=org" write by group="cn + =readonly,ou=services,ou=groups,dc=example,dc=org" read by group=" + cn=usermgmt,ou=services,ou=groups,dc=example,dc=org" write by * no ne olcAccess: {1}to attrs=shadowLastChange,gecos,loginShell by self write by an - onymous auth by dn="cn=admin,dc=ldap,dc=example,dc=org" write by group="cn - =readonly,ou=services,ou=groups,dc=ldap,dc=example,dc=org" read by group=" - cn=auth,ou=services,ou=groups,dc=ldap,dc=example,dc=org" read by group="cn - =usermgmt,ou=services,ou=groups,dc=ldap,dc=example,dc=org" write by * none + onymous auth by dn="cn=admin,dc=example,dc=org" write by group="cn + =readonly,ou=services,ou=groups,dc=example,dc=org" read by group=" + cn=auth,ou=services,ou=groups,dc=example,dc=org" read by group="cn + =usermgmt,ou=services,ou=groups,dc=example,dc=org" write by * none olcAccess: {2}to dn.base="" by * read -olcAccess: {3}to dn.sub="ou=groups,dc=ldap,dc=example,dc=org" by group="cn= - auth,ou=services,ou=groups,dc=ldap,dc=example,dc=org" read by group="cn=re - adonly,ou=services,ou=groups,dc=ldap,dc=example,dc=org" read -olcAccess: {4}to dn.sub="cn=Utilisateurs,dc=ldap,dc=example,dc=org" by grou - p="cn=auth,ou=services,ou=groups,dc=ldap,dc=example,dc=org" read by self r - ead by group="cn=readonly,ou=services,ou=groups,dc=ldap,dc=example,dc=org" - read by group="cn=usermgmt,ou=services,ou=groups,dc=ldap,dc=example,dc=or +olcAccess: {3}to dn.sub="ou=groups,dc=example,dc=org" by group="cn= + auth,ou=services,ou=groups,dc=example,dc=org" read by group="cn=re + adonly,ou=services,ou=groups,dc=example,dc=org" read +olcAccess: {4}to dn.sub="cn=Utilisateurs,dc=example,dc=org" by grou + p="cn=auth,ou=services,ou=groups,dc=example,dc=org" read by self r + ead by group="cn=readonly,ou=services,ou=groups,dc=example,dc=org" + read by group="cn=usermgmt,ou=services,ou=groups,dc=example,dc=or g" write -olcAccess: {5}to dn.sub="ou=service-users,dc=ldap,dc=example,dc=org" by gro - up="cn=auth,ou=services,ou=groups,dc=ldap,dc=example,dc=org" read by group - ="cn=readonly,ou=services,ou=groups,dc=ldap,dc=example,dc=org" read -olcAccess: {6}to dn.base="dc=ldap,dc=example,dc=org" by * read -olcAccess: {7}to * by dn="cn=admin,dc=ldap,dc=example,dc=org" write by self - read by group="cn=readonly,ou=services,ou=groups,dc=ldap,dc=example,dc=or +olcAccess: {5}to dn.sub="ou=service-users,dc=example,dc=org" by gro + up="cn=auth,ou=services,ou=groups,dc=example,dc=org" read by group + ="cn=readonly,ou=services,ou=groups,dc=example,dc=org" read +olcAccess: {6}to dn.base="dc=example,dc=org" by * read +olcAccess: {7}to * by dn="cn=admin,dc=example,dc=org" write by self + read by group="cn=readonly,ou=services,ou=groups,dc=example,dc=or g" read olcLastMod: TRUE -olcRootDN: cn=admin,dc=ldap,dc=example,dc=org +olcRootDN: cn=admin,dc=example,dc=org olcRootPW: FILL_IT olcDbCheckpoint: 512 30 olcDbConfig: {0}set_cachesize 0 2097152 0 diff --git a/re2o/settings_local.example.py b/re2o/settings_local.example.py index 9ec1d8c6..caf3da47 100644 --- a/re2o/settings_local.example.py +++ b/re2o/settings_local.example.py @@ -65,10 +65,10 @@ EMAIL_HOST = 'smtp.example.org' # Reglages pour la bdd ldap LDAP = { - 'base_user_dn' : 'cn=Utilisateurs,dc=ldap,dc=example,dc=org', - 'base_userservice_dn' : 'ou=service-users,dc=ldap,dc=example,dc=org', - 'base_usergroup_dn' : 'ou=posix,ou=groups,dc=ldap,dc=example,dc=org', - 'base_userservicegroup_dn' : 'ou=services,ou=groups,dc=ldap,dc=example,dc=org', + 'base_user_dn' : 'cn=Utilisateurs,dc=example,dc=org', + 'base_userservice_dn' : 'ou=service-users,dc=example,dc=org', + 'base_usergroup_dn' : 'ou=posix,ou=groups,dc=example,dc=org', + 'base_userservicegroup_dn' : 'ou=services,ou=groups,dc=example,dc=org', 'user_gid' : 500, }