search

kakwa / ldapcherry

Web UI for managing users and groups in multiple directory services.
MIT License
225 stars 70 forks source link

Demo attributes and roles files #34

Closed smacz42 closed 4 years ago

smacz42 commented 5 years ago

There exists an example for the Demo Backend for the INI file, but there are none that show the setup for the attributes.yml and roles.yml file.

Presumably these would be the same as the demo at https://ldapcherry.kakwalab.ovh/.

This would be helpful when setting up an integration testing or user acceptance environment where an LDAP connection is impossible or at least unwanted. This could also be used in dockerized environments for a self-contained backend (non-production). It is also helpful for testing custom javascript and templates.

I set up the application with all of the settings in ldapcherry.ini for the demo backend, and switched all of the ldap backend attributes to demo. The problem that I'm running into is that https://github.com/kakwa/ldapcherry/blob/master/ldapcherry/backend/backendDemo.py does not show what attributes are available (cn, uidNumber, etc.)

Are the attributes and users (admin and user) already set up in the Demo backend, or does it need to be populated before use? Which ones are available?

kakwa commented 5 years ago

Indeed, I should probably provide some example files for the demo backed in goodies.

However, please note that's not possible to modify the admin and user account, and most parameters are not set for these.

Here the configuration on the demo server:

[backends]
#####################################
#   configuration of demo backend   #
#####################################

# Name of the backend
demo.module = 'ldapcherry.backend.backendDemo'
# Display name of the Backend
demo.display_name  = 'Demo Backend'
# Groups of admin user
demo.admin.groups  = 'SECOFF'
# Groups of basic user
demo.basic.groups  = 'Test 2, Test 1'
# Password attribute name
demo.pwd_attr = 'userPassword'
# Attribute to use for the search
demo.search_attributes = 'cn, sn, givenName, uid'
# Login of default admin user
demo.admin.user = 'admin'
# Password of default admin user
demo.admin.password = 'admin'
# Login of default basic user
demo.basic.user = 'user'
# Password of default basic user
demo.basic.password = 'user'

role file

sec-officer:
    display_name: Security Officer
    description: Security officer of the system
    LC_admins: True
    backends_groups:
        demo:
            - SECOFF
admin-lv3:
    display_name: Administrators Level 3
    description: Super administrators of the system
    backends_groups:
        demo:
            - cn=dns admins,ou=Group,dc=example,dc=org
            - cn=nagios admins,ou=Group,dc=example,dc=org
            - cn=puppet admins,ou=Group,dc=example,dc=org
            - cn=users,ou=Group,dc=example,dc=org
admin-lv2:
    display_name: Administrators Level 2
    description: Basic administrators of the system
    backends_groups:
        demo:
            - cn=nagios admins,ou=Group,dc=example,dc=org
            - cn=users,ou=Group,dc=example,dc=org
developpers:
    display_name: Developpers
    description: Developpers of the system
    backends_groups:
        demo:
            - cn=developpers,ou=Group,dc=example,dc=org
            - cn=users,ou=Group,dc=example,dc=org
users:
    display_name: Simple Users
    description: Basic users of the system
    backends_groups:
        demo:
            - cn=users,ou=Group,dc=example,dc=org

attributes files:

cn:
    description: "First Name and Display Name"
    display_name: "Display Name"
    type: string
    weight: 30
    autofill:
        function: lcDisplayName
        args:
            - $first-name
            - $name
    backends:
        demo: cn
first-name:
    description: "First name of the user"
    display_name: "First Name"
    search_displayed: True
    type: string
    weight: 20
    backends:
        demo: givenName
name:
    description: "Family name of the user"
    display_name: "Name"
    search_displayed: True
    weight: 10
    type: string
    backends:
        demo: sn
email:
    description: "Email of the user"
    display_name: "Email"
    search_displayed: True
    type: email
    weight: 40
    autofill:
        function: lcMail
        args:
            - $first-name
            - $name
            - '@example.com'
    backends:
        demo: mail
uid:
    description: "UID of the user"
    display_name: "UID"
    search_displayed: True
    key: True
    type: string
    weight: 50
    autofill:
        function: lcUid
        args:
            - $first-name
            - $name
            - '10000'
            - '40000'
    backends:
        demo: uid
uidNumber:
    description: "User ID Number of the user"
    display_name: "UID Number"
    weight: 60
    type: int
    autofill:
        function: lcUidNumber
        args:
            - $first-name
            - $name
            - '10000'
            - '40000'
    backends:
        demo: uidNumber
gidNumber:
    description: "Group ID Number of the user"
    display_name: "GID Number"
    weight: 70
    type: int
    default: '10000'
    backends:
        demo: gidNumber
shell:
    description: "Shell of the user"
    display_name: "Shell"
    weight: 80
    self: True
    type: stringlist
    values:
        - /bin/bash
        - /bin/zsh
        - /bin/sh
    backends:
        demo: loginShell
home:
    description: "Home user path"
    display_name: "Home"
    weight: 90
    type: string
    autofill:
        function: lcHomeDir
        args:
            - $first-name
            - $name
            - /home/
    backends:
        demo: homeDirectory
password:
    description: "Password of the user"
    display_name: "Password"
    weight: 31
    self: True
    type: password
    backends:
        demo: userPassword