canaille-globuzma/README.md

80 lines
2.6 KiB
Markdown
Raw Normal View History

2020-10-21 12:04:40 +00:00
⚠ Canaille is under development. Do not use in production yet. ⚠
2020-08-31 12:10:32 +00:00
2020-10-21 12:04:40 +00:00
# Canaille
2020-08-14 11:15:52 +00:00
2020-10-23 12:42:08 +00:00
Canaille is a French word meaning *rascal*. It is roughly pronounced **Can I?**,
as in *Can I access your data?* Canaille is a simple OpenID Connect provider based upon a LDAP database.
2020-08-14 11:21:01 +00:00
2020-08-19 12:13:10 +00:00
It aims to be very light, simple to install and simple to maintain. Its main features are :
2020-08-27 14:08:26 +00:00
- Authentication against a LDAP directory;
2020-10-23 12:17:50 +00:00
- OAuth/OpenID Connect support;
- No outdated or exotic protocol support;
- No additional database required. Everything is stored in your LDAP server;
- The code is easy to read and easy to edit.
2020-08-18 15:39:34 +00:00
2020-08-19 12:01:33 +00:00
## Install
2020-08-19 12:02:08 +00:00
First you need to install the schemas into your LDAP server. There are several ways to achieve this:
2020-08-19 12:01:33 +00:00
2020-08-31 11:57:04 +00:00
### LDAP schemas
2020-10-23 10:50:51 +00:00
As of OpenLDAP 2.4, two configuration methods are available:
- The [deprecated](https://www.openldap.org/doc/admin24/slapdconf2.html) one, based on a configuration file (generally `/etc/ldap/slapd.conf`);
- The new one, based on a configuration directory (generally `/etc/ldap/slapd.d`).
2020-10-23 10:52:39 +00:00
Depending on the configuration method you use with your OpenLDAP installation, you need to chose how to add the canaille schemas:
2020-10-23 10:50:51 +00:00
#### Old fashion: Copy the schemas in your filesystem
2020-08-19 12:01:33 +00:00
```bash
2020-08-26 10:05:35 +00:00
test -d /etc/openldap/schema && sudo cp schema/* /etc/openldap/schema
test -d /etc/ldap/schema && sudo cp schema/* /etc/ldap/schema
2020-08-19 12:01:33 +00:00
sudo service slapd restart
```
2020-10-23 10:50:51 +00:00
#### New fashion: Use slapadd to add the schemas
2020-08-19 12:01:33 +00:00
```bash
sudo slapadd -n0 -l schema/*.ldif
2020-10-23 10:50:51 +00:00
sudo service slapd restart
2020-08-19 12:01:33 +00:00
```
2020-08-31 11:57:04 +00:00
### Web interface
2020-08-31 09:23:50 +00:00
Then you can deploy the code either by copying the git repository or installing the pip package:
```bash
2020-10-21 12:04:40 +00:00
pip install canaille
2020-08-31 09:23:50 +00:00
```
Finally you have to run the website in a WSGI server:
```bash
pip install gunicorn
2020-10-21 12:04:40 +00:00
gunicorn "canaille:create_app()"
2020-08-31 09:23:50 +00:00
```
2020-08-19 12:01:33 +00:00
## Recurrent jobs
You might want to clean up your database to avoid it growing too much. You can regularly delete
expired tokens and authorization codes with:
```
2020-10-23 10:27:50 +00:00
env CONFIG=/path/to/config.toml FASK_APP=canaille flask clean
```
2020-08-18 15:39:34 +00:00
## Contribute
Contributions are welcome!
To run the tests, you just need to run `tox`.
To try a development environment, you can run the docker image and then open https://127.0.0.1:5000
2020-09-26 08:23:05 +00:00
You can then connect with user *admin* and password *admin* to access an admin account, or user *user* and password *user* for a regular one.
2020-08-18 15:39:34 +00:00
```bash
2020-10-21 12:04:40 +00:00
cp canaille/conf/config.sample.toml canaille/conf/config.toml
cp canaille/conf/oauth-authorization-server.sample.json canaille/conf/oauth-authorization-server.json
cp canaille/conf/openid-configuration.sample.json canaille/conf/openid-configuration.json
2020-08-18 15:39:34 +00:00
docker-compose up
```