canaille-globuzma/README.md

⚠ Canaille is under development. Do not use in production yet. ⚠

# Canaille

Canaille is a French word meaning *rascal*. It is roughly pronounced **Can I?**,
as in *Can I access your data?* Canaille is a simple OpenID Connect provider based upon a LDAP database.

It aims to be very light, simple to install and simple to maintain. Its main features are :
- Authentication against a LDAP directory;
- OAuth/OpenID Connect support;
- No outdated or exotic protocol support;
- No additional database required. Everything is stored in your LDAP server;
- The code is easy to read and easy to edit.

## Install

First you need to install the schemas into your LDAP server. There are several ways to achieve this:

### LDAP schemas

As of OpenLDAP 2.4, two configuration methods are available:
- The [deprecated](https://www.openldap.org/doc/admin24/slapdconf2.html) one, based on a configuration file (generally `/etc/ldap/slapd.conf`);
- The new one, based on a configuration directory (generally `/etc/ldap/slapd.d`).

Depending on the configuration method you use with your OpenLDAP installation, you need to chose how to add the canaille schemas:

#### Old fashion: Copy the schemas in your filesystem

```bash
test -d /etc/openldap/schema && sudo cp schema/* /etc/openldap/schema
test -d /etc/ldap/schema && sudo cp schema/* /etc/ldap/schema
sudo service slapd restart
```

#### New fashion: Use slapadd to add the schemas

```bash
sudo slapadd -n0 -l schema/*.ldif
sudo service slapd restart
```

### Web interface

Then you can deploy the code either by copying the git repository or installing the pip package:

```bash
pip install canaille
```

Finally you have to run the website in a WSGI server:

```bash
pip install gunicorn
gunicorn "canaille:create_app()"
```

## Recurrent jobs

You might want to clean up your database to avoid it growing too much. You can regularly delete
expired tokens and authorization codes with:

```
env CONFIG=/path/to/config.toml FASK_APP=canaille flask clean
```

## Contribute

Contributions are welcome!
To run the tests, you just need to run `tox`.

To try a development environment, you can run the docker image and then open https://127.0.0.1:5000
You can then connect with user *admin* and password *admin* to access an admin account, or user *user* and password *user* for a regular one.

```bash
cp canaille/conf/config.sample.toml canaille/conf/config.toml
cp canaille/conf/oauth-authorization-server.sample.json canaille/conf/oauth-authorization-server.json
cp canaille/conf/openid-configuration.sample.json canaille/conf/openid-configuration.json
docker-compose up
```
Renamed the project 'canaille' 2020-10-21 12:04:40 +00:00			`⚠ Canaille is under development. Do not use in production yet. ⚠`
readme 2020-08-31 12:10:32 +00:00
Renamed the project 'canaille' 2020-10-21 12:04:40 +00:00			`# Canaille`
Initial commit 2020-08-14 11:15:52 +00:00
Updated README 2020-10-23 12:42:08 +00:00			`Canaille is a French word meaning rascal. It is roughly pronounced Can I?,`
			`as in Can I access your data? Canaille is a simple OpenID Connect provider based upon a LDAP database.`
README 2020-08-14 11:21:01 +00:00
readme 2020-08-19 12:13:10 +00:00			`It aims to be very light, simple to install and simple to maintain. Its main features are :`
Serve server metadata files 2020-08-27 14:08:26 +00:00			`- Authentication against a LDAP directory;`
Updated README 2020-10-23 12:17:50 +00:00			`- OAuth/OpenID Connect support;`
			`- No outdated or exotic protocol support;`
			`- No additional database required. Everything is stored in your LDAP server;`
			`- The code is easy to read and easy to edit.`
tests workflow 2020-08-18 15:39:34 +00:00
readme 2020-08-19 12:01:33 +00:00			`## Install`

readme 2020-08-19 12:02:08 +00:00			`First you need to install the schemas into your LDAP server. There are several ways to achieve this:`
readme 2020-08-19 12:01:33 +00:00
readme 2020-08-31 11:57:04 +00:00			`### LDAP schemas`

Updated installation instructions 2020-10-23 10:50:51 +00:00			`As of OpenLDAP 2.4, two configuration methods are available:`
			- The [deprecated](https://www.openldap.org/doc/admin24/slapdconf2.html) one, based on a configuration file (generally `/etc/ldap/slapd.conf`);
			- The new one, based on a configuration directory (generally `/etc/ldap/slapd.d`).

Updated installation instructions 2020-10-23 10:52:39 +00:00			`Depending on the configuration method you use with your OpenLDAP installation, you need to chose how to add the canaille schemas:`

Updated installation instructions 2020-10-23 10:50:51 +00:00			`#### Old fashion: Copy the schemas in your filesystem`
readme 2020-08-19 12:01:33 +00:00
			```bash
Better installation instructions 2020-08-26 10:05:35 +00:00			`test -d /etc/openldap/schema && sudo cp schema/* /etc/openldap/schema`
			`test -d /etc/ldap/schema && sudo cp schema/* /etc/ldap/schema`
readme 2020-08-19 12:01:33 +00:00			`sudo service slapd restart`
			```

Updated installation instructions 2020-10-23 10:50:51 +00:00			`#### New fashion: Use slapadd to add the schemas`
readme 2020-08-19 12:01:33 +00:00
			```bash
			`sudo slapadd -n0 -l schema/*.ldif`
Updated installation instructions 2020-10-23 10:50:51 +00:00			`sudo service slapd restart`
readme 2020-08-19 12:01:33 +00:00			```

readme 2020-08-31 11:57:04 +00:00			`### Web interface`

Packaging 2020-08-31 09:23:50 +00:00			`Then you can deploy the code either by copying the git repository or installing the pip package:`

			```bash
Renamed the project 'canaille' 2020-10-21 12:04:40 +00:00			`pip install canaille`
Packaging 2020-08-31 09:23:50 +00:00			```

			`Finally you have to run the website in a WSGI server:`

			```bash
			`pip install gunicorn`
Renamed the project 'canaille' 2020-10-21 12:04:40 +00:00			`gunicorn "canaille:create_app()"`
Packaging 2020-08-31 09:23:50 +00:00			```
readme 2020-08-19 12:01:33 +00:00
Added a command to clean tokens and codes. Fixes #17 2020-10-23 09:31:16 +00:00			`## Recurrent jobs`

			`You might want to clean up your database to avoid it growing too much. You can regularly delete`
			`expired tokens and authorization codes with:`

			```
Readme 2020-10-23 10:27:50 +00:00			`env CONFIG=/path/to/config.toml FASK_APP=canaille flask clean`
Added a command to clean tokens and codes. Fixes #17 2020-10-23 09:31:16 +00:00			```

tests workflow 2020-08-18 15:39:34 +00:00			`## Contribute`

			`Contributions are welcome!`
			To run the tests, you just need to run `tox`.

			`To try a development environment, you can run the docker image and then open https://127.0.0.1:5000`
Readme 2020-09-26 08:23:05 +00:00			`You can then connect with user admin and password admin to access an admin account, or user user and password user for a regular one.`
tests workflow 2020-08-18 15:39:34 +00:00
			```bash
Renamed the project 'canaille' 2020-10-21 12:04:40 +00:00			`cp canaille/conf/config.sample.toml canaille/conf/config.toml`
			`cp canaille/conf/oauth-authorization-server.sample.json canaille/conf/oauth-authorization-server.json`
			`cp canaille/conf/openid-configuration.sample.json canaille/conf/openid-configuration.json`
tests workflow 2020-08-18 15:39:34 +00:00			`docker-compose up`
			```