2.7 KiB

Canaille is a French word meaning rascal. It is roughly pronounced Can I?, as in Can I access your data? Canaille is a simple OpenID Connect provider based upon a LDAP database.
It aims to be very light, simple to install and simple to maintain. Its main features are :
- Authentication against a LDAP directory;
- OAuth/OpenID Connect support;
- No outdated or exotic protocol support;
- No additional database required. Everything is stored in your LDAP server;
- The code is easy to read and easy to edit.
Install
⚠ Canaille is under heavy development and may not fit a production environment yet. ⚠
First you need to install the schemas into your LDAP server. There are several ways to achieve this:
LDAP schemas
As of OpenLDAP 2.4, two configuration methods are available:
- The deprecated one, based on a configuration file (generally
/etc/ldap/slapd.conf
); - The new one, based on a configuration directory (generally
/etc/ldap/slapd.d
).
Depending on the configuration method you use with your OpenLDAP installation, you need to chose how to add the canaille schemas:
Old fashion: Copy the schemas in your filesystem
test -d /etc/openldap/schema && sudo cp schema/* /etc/openldap/schema
test -d /etc/ldap/schema && sudo cp schema/* /etc/ldap/schema
sudo service slapd restart
New fashion: Use slapadd to add the schemas
sudo slapadd -n0 -l schema/*.ldif
sudo service slapd restart
Web interface
Then you can deploy the code either by copying the git repository or installing the pip package:
pip install canaille
Finally you have to run the website in a WSGI server:
pip install gunicorn
gunicorn "canaille:create_app()"
Recurrent jobs
You might want to clean up your database to avoid it growing too much. You can regularly delete expired tokens and authorization codes with:
env CONFIG=/path/to/config.toml FASK_APP=canaille flask clean
Contribute
Contributions are welcome!
To run the tests, you just need to run tox
.
To try a development environment, you can run the docker image and then open https://127.0.0.1:5000 You can then connect with user admin and password admin to access an admin account, or user user and password user for a regular one.
cp canaille/conf/config.sample.toml canaille/conf/config.toml
cp canaille/conf/oauth-authorization-server.sample.json canaille/conf/oauth-authorization-server.json
cp canaille/conf/openid-configuration.sample.json canaille/conf/openid-configuration.json
docker-compose up