globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity
Lightweight identity and authorization management software
199 commits 5 branches 57 tags 18 MiB
CSS 45.2%
JavaScript 31.5%
Python 18.7%
HTML 4.5%
Find a file
Éloi Rivard 4581e98989 Canaille logo. Fixes #29
2020-11-05 12:52:36 +01:00
canaille Canaille logo. Fixes #29 2020-11-05 12:52:36 +01:00
docker Moderators group. #12 2020-11-02 12:13:03 +01:00
schemas Consents page 2020-09-17 12:01:21 +02:00
tests Moderators group. #12 2020-11-02 12:13:03 +01:00
.coveralls.yml Updated coveralss token 2020-10-21 15:05:38 +02:00
.gitignore Renamed the project 'canaille' 2020-10-21 14:04:40 +02:00
.gitlab-ci.yml Python 3.9 support 2020-10-20 09:51:15 +02:00
CHANGES.md Changelog 2020-10-30 10:42:47 +01:00
docker-compose.yml Added some ldap debug information 2020-09-16 17:48:36 +02:00
LICENSE.md License 2020-08-19 13:50:12 +02:00
MANIFEST.in Renamed the project 'canaille' 2020-10-21 14:04:40 +02:00
README.md Canaille logo. Fixes #29 2020-11-05 12:52:36 +01:00
setup.cfg Added a command to clean tokens and codes. Fixes #17 2020-10-23 11:33:27 +02:00
setup.py setup.cfg instead of requirements.txt 2020-08-19 11:45:02 +02:00

README.md

Canaille

Canaille is a French word meaning rascal. It is roughly pronounced Can I?, as in Can I access your data? Canaille is a simple OpenID Connect provider based upon a LDAP database.

It aims to be very light, simple to install and simple to maintain. Its main features are :

  • Authentication against a LDAP directory;
  • OAuth/OpenID Connect support;
  • No outdated or exotic protocol support;
  • No additional database required. Everything is stored in your LDAP server;
  • The code is easy to read and easy to edit.

Install

⚠ Canaille is under heavy development and may not fit a production environment yet. ⚠

First you need to install the schemas into your LDAP server. There are several ways to achieve this:

LDAP schemas

As of OpenLDAP 2.4, two configuration methods are available:

  • The deprecated one, based on a configuration file (generally /etc/ldap/slapd.conf);
  • The new one, based on a configuration directory (generally /etc/ldap/slapd.d).

Depending on the configuration method you use with your OpenLDAP installation, you need to chose how to add the canaille schemas:

Old fashion: Copy the schemas in your filesystem

test -d /etc/openldap/schema && sudo cp schema/* /etc/openldap/schema
test -d /etc/ldap/schema && sudo cp schema/* /etc/ldap/schema
sudo service slapd restart

New fashion: Use slapadd to add the schemas

sudo slapadd -n0 -l schema/*.ldif
sudo service slapd restart

Web interface

Then you can deploy the code either by copying the git repository or installing the pip package:

pip install canaille

Finally you have to run the website in a WSGI server:

pip install gunicorn
gunicorn "canaille:create_app()"

Recurrent jobs

You might want to clean up your database to avoid it growing too much. You can regularly delete expired tokens and authorization codes with:

env CONFIG=/path/to/config.toml FASK_APP=canaille flask clean

Contribute

Contributions are welcome! To run the tests, you just need to run tox.

To try a development environment, you can run the docker image and then open https://127.0.0.1:5000 You can then connect with user admin and password admin to access an admin account, or user user and password user for a regular one.

cp canaille/conf/config.sample.toml canaille/conf/config.toml
cp canaille/conf/oauth-authorization-server.sample.json canaille/conf/oauth-authorization-server.json
cp canaille/conf/openid-configuration.sample.json canaille/conf/openid-configuration.json
docker-compose up