globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

Admin filters with memberof

Browse source
This commit is contained in:
Éloi Rivard 2020-08-31 13:54:33 +02:00
parent 2eba625c39
commit 73da4428c0
3 changed files with 20 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
TODO.md
View file

@ -1,6 +1,5 @@
- RFC 8414
- Extract ldaputils in another library
- Admin filter
- Limit login attempts by time interval
- Cleanup LDAP connections
- Test with wrong inputs

18
docker/bootstrap.ldif
View file

@ -10,6 +10,21 @@ dn: ou=tokens,dc=mydomain,dc=tld
objectclass: organizationalUnit
ou: tokens
dn: ou=groups,dc=mydomain,dc=tld
objectclass: organizationalUnit
ou: groups
dn: cn=users,ou=groups,dc=mydomain,dc=tld
objectclass: groupOfNames
cn: users
member: cn=Jane Doe,ou=users,dc=mydomain,dc=tld
member: cn=John Doe,ou=users,dc=mydomain,dc=tld
dn: cn=admins,ou=groups,dc=mydomain,dc=tld
objectclass: groupOfNames
cn: admins
member: cn=Jane Doe,ou=users,dc=mydomain,dc=tld
dn: ou=authorizations,dc=mydomain,dc=tld
objectclass: organizationalUnit
ou: authorizations
@ -22,6 +37,8 @@ cn: Jane Doe
sn: Doe
uid: admin
userpassword: {SSHA}7zQVLckaEc6cJEsS0ylVipvb2PAR/4tS
memberof: cn=admins,ou=groups,dc=mydomain,dc=tld
memberof: cn=users,ou=groups,dc=mydomain,dc=tld
dn: cn=John Doe,ou=users,dc=mydomain,dc=tld
objectclass: person
@ -31,3 +48,4 @@ cn: John Doe
sn: Doe
uid: user
userpassword: {SSHA}Yr1ZxSljRsKyaTB30suY2iZ1KRTStF1X
memberof: cn=users,ou=groups,dc=mydomain,dc=tld

3
oidc_ldap_bridge/conf/config.sample.toml
View file

@ -22,7 +22,8 @@ USER_FILTER = "(|(uid={login})(cn={login}))"
# Filter to match admin users. If your server has memberof
# you can filter against group membership
ADMIN_FILTER = "cn=Jane Doe"
# ADMIN_FILTER = "uid=admin"
ADMIN_FILTER = "memberof=cn=admins,ou=groups,dc=mydomain,dc=tld"
[JWT]
PUBLIC_KEY = "oidc_ldap_bridge/conf/public.pem"