2020-11-06 10:44:25 +00:00
Installation
############
⚠ Canaille is under heavy development and may not fit a production environment yet. ⚠
First you need to install the schemas into your LDAP server. There are several ways to achieve this:
LDAP schemas
============
As of OpenLDAP 2.4, two configuration methods are available:
2020-11-06 12:37:47 +00:00
2020-11-06 10:44:25 +00:00
- The `deprecated <https://www.openldap.org/doc/admin24/slapdconf2.html> `_ one, based on a configuration file (generally `/etc/ldap/slapd.conf`
- The new one, based on a configuration directory (generally `/etc/ldap/slapd.d`
Depending on the configuration method you use with your OpenLDAP installation, you need to chose how to add the canaille schemas:
Old fashion: Copy the schemas in your filesystem
2020-11-06 12:37:47 +00:00
------------------------------------------------
2020-11-06 10:44:25 +00:00
.. code-block :: console
2021-08-23 19:58:16 +00:00
test -d /etc/openldap/schema && sudo cp schemas/* /etc/openldap/schema
test -d /etc/ldap/schema && sudo cp schemas/* /etc/ldap/schema
2020-11-06 10:44:25 +00:00
sudo service slapd restart
New fashion: Use slapadd to add the schemas
2020-11-06 12:37:47 +00:00
-------------------------------------------
2020-11-06 10:44:25 +00:00
.. code-block :: console
2021-08-23 19:58:16 +00:00
sudo slapadd -n0 -l schemas/*.ldif
2020-11-06 10:44:25 +00:00
sudo service slapd restart
2021-10-12 16:14:09 +00:00
Canaille installation
=====================
Choose a path to store the canaille sources, for instance `/opt/canaille`
.. code-block :: console
sudo mkdir /etc/canaille
sudo virtualenv /etc/canaille
sudo /etc/canaille/bin/pip install canaille
Configuration
2020-11-06 10:44:25 +00:00
=============
2021-10-12 16:14:09 +00:00
Choose a path to store your configuration, for instance `/etc/canaille`
2020-11-06 10:44:25 +00:00
.. code-block :: console
2021-10-12 16:14:09 +00:00
sudo mkdir /etc/canaille
sudo openssl genrsa -out private.pem 4096
sudo openssl rsa -in private.pem -pubout -outform PEM -out public.pem
sudo cp canaille/conf/config.sample.toml /etc/canaille/config.toml
sudo cp canaille/conf/openid-configuration.sample.json /etc/canaille/openid-configuration.json
2021-10-13 08:12:44 +00:00
Then check your configuration file with the following command:
.. code-block :: console
env CONFIG=/etc/canaille/config.toml FASK_APP=canaille /opt/canaille/bin/canaille check
2021-10-12 16:14:09 +00:00
Web interface
=============
2020-11-06 10:44:25 +00:00
Finally you have to run the website in a WSGI server:
.. code-block :: console
2021-10-12 16:14:09 +00:00
sudo /opt/canaille/bin/pip install gunicorn
2020-11-06 10:44:25 +00:00
gunicorn "canaille:create_app()"
Recurrent jobs
2020-11-12 08:32:04 +00:00
==============
2020-11-06 10:44:25 +00:00
You might want to clean up your database to avoid it growing too much. You can regularly delete
expired tokens and authorization codes with:
.. code-block :: console
2021-10-13 07:38:44 +00:00
env CONFIG=/etc/canaille/config.toml FASK_APP=canaille /opt/canaille/bin/canaille clean
