From 3864d5e98f5092f3e8289150344f5d17c8d5116a Mon Sep 17 00:00:00 2001 From: root Date: Tue, 18 Dec 2018 09:39:17 +0100 Subject: [PATCH] first commit --- Makefile | 26 ++++ apps.mk | 64 ++++++++++ cadolesldap.mk | 8 ++ dicos/25_cadolesldap.xml | 41 +++++++ eole.mk | 231 +++++++++++++++++++++++++++++++++++ ldap/patchs/slapd.conf.patch | 35 ++++++ ldap/schema/cadoles.schema | 121 ++++++++++++++++++ posttemplate/91-cadolesldap | 42 +++++++ tmpl/cadolesldap.ldif | 72 +++++++++++ 9 files changed, 640 insertions(+) create mode 100644 Makefile create mode 100644 apps.mk create mode 100644 cadolesldap.mk create mode 100644 dicos/25_cadolesldap.xml create mode 100644 eole.mk create mode 100644 ldap/patchs/slapd.conf.patch create mode 100644 ldap/schema/cadoles.schema create mode 100755 posttemplate/91-cadolesldap create mode 100755 tmpl/cadolesldap.ldif diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..ffb7160 --- /dev/null +++ b/Makefile @@ -0,0 +1,26 @@ +################################ +# Makefile pour cadolesldap +################################ + +SOURCE=cadolesldap +VERSION=1.0 +EOLE_VERSION=2.6 +EOLE_RELEASE=2.6.2 +PKGAPPS=web + +################################ +# Début de zone à ne pas éditer +################################ + +include eole.mk +include apps.mk + +################################ +# Fin de zone à ne pas éditer +################################ + +# Makefile rules dedicated to application +# if exists +ifneq (, $(strip $(wildcard $(SOURCE).mk))) +include $(SOURCE).mk +endif diff --git a/apps.mk b/apps.mk new file mode 100644 index 0000000..1efe7df --- /dev/null +++ b/apps.mk @@ -0,0 +1,64 @@ +# +# NE PAS EDITER CE FICHIER +# +# Voir Makefile + + +########################## +# Application web envole # +########################## +ifneq (, $(filter oui web, $(PKGAPPS))) +# +# Sanity check +# +ifeq (, $(filter-out X.X, $(strip $(VERSION)))) +$(error $$(VERSION) variable has incorrect value '$(VERSION)') +endif + +# Where to store web application files +WEB_PATH := $(DESTDIR)/var/www/html + +# Envole +sharenvole_PROG_DIR := $(DESTDIR)/usr/share/envole/$(SOURCE) + +src_$(SOURCE)-$(VERSION)_REC_DIR := $(WEB_PATH)/$(SOURCE) +src_plugins-$(VERSION)_REC_DIR := $(WEB_PATH)/$(SOURCE)/plugin +src_lang-$(VERSION)_REC_DIR := $(WEB_PATH)/$(SOURCE)/lang + +endif + +########################## +# Application EOLE flask # +########################## +ifneq (, $(filter flask, $(PKGAPPS))) +# +# Sanity check +# +ifeq (, $(filter-out XXX, $(strip $(FLASK_MODULE)))) +$(error $$(FLASK_MODULE) variable has incorrect value '$(FLASK_MODULE)') +endif + +ifeq (, $(strip $(wildcard src/$(FLASK_MODULE).conf))) +$(error missing eoleflask configuration file 'src/$(FLASK_MODULE).conf') +endif + +# Everything is related to mount point +APPS_MOUNT_POINT := $(shell sed -ne 's|^"MOUNT_POINT"[[:space:]]*:[[:space:]]*"/\([^"]*\)",|\1|p' \ + src/$(FLASK_MODULE).conf) + +ifeq (, $(strip $(APPS_MOUNT_POINT))) +$(error no "MOUNT_POINT" in eoleflask configuration file 'src/$(FLASK_MODULE).conf') +endif + +# eole-flask configuration +src_DATA_DIR := $(DESTDIR)/etc/eole/flask/available + +# Where to store flask application files +FLASK_PATH := $(eole_DIR)/flask/$(APPS_MOUNT_POINT) + +# static files +src_$(FLASK_MODULE)_static_REC_DIR := $(FLASK_PATH)/static +src_$(FLASK_MODULE)_templates_REC_DIR := $(FLASK_PATH)/templates +src_$(FLASK_MODULE)_instance_REC_DIR := $(FLASK_PATH)/resources + +endif diff --git a/cadolesldap.mk b/cadolesldap.mk new file mode 100644 index 0000000..9d99978 --- /dev/null +++ b/cadolesldap.mk @@ -0,0 +1,8 @@ +# +# PVE specific variables +# + +# LDAP init +ldap_schema_REC_DIR :=$(DESTDIR)/etc/ldap/schema +ldap_patchs_DATA_DIR :=$(DESTDIR)/usr/share/eole/creole/patch + diff --git a/dicos/25_cadolesldap.xml b/dicos/25_cadolesldap.xml new file mode 100644 index 0000000..ecba7ba --- /dev/null +++ b/dicos/25_cadolesldap.xml @@ -0,0 +1,41 @@ + + + + + + + + + + oui + + + + + + + + + + + + + + non + activer_cadolesldap + + + + non + cadolesldap + cadolesldap_pwdadmin + cadolesldap_organization + cadolesldap_niveau01branche + cadolesldap_niveau01name + cadolesldap_niveau01siren + cadolesldap_niveau02branche + + + + + diff --git a/eole.mk b/eole.mk new file mode 100644 index 0000000..9730365 --- /dev/null +++ b/eole.mk @@ -0,0 +1,231 @@ +# +# NE PAS EDITER CE FICHIER +# +# Utiliser .mk à inclure à la fin de Makefile + +################# +# Sanity checks # +################# + +ifeq (, $(DESTDIR)) +$(warning $$(DESTDIR) is empty, installation will be done in /) +endif + +ifeq (, $(filter-out XXX-XXX, $(strip $(SOURCE)))) +$(error $$(SOURCE) variable has incorrect value '$(SOURCE)') +endif + +ifeq (, $(filter-out 2.X, $(strip $(EOLE_VERSION)))) +$(error $$(EOLE_VERSION) variable has incorrect value '$(EOLE_VERSION)') +endif + +ifeq (, $(filter-out 2.X.Y, $(strip $(EOLE_RELEASE)))) +$(error $$(EOLE_RELEASE) variable has incorrect value '$(EOLE_RELEASE)') +endif + +######################### +# Variables definitions # +######################### + +INSTALL := install +INSTALL_DATA := install -m 644 +INSTALL_PROGRAM := install -m 755 +INSTALL_DIRECTORY := install -m 755 -d +INSTALL_RECURSIVE := cp -dr --no-preserve=ownership + +# Standard path +bin_PROG_DIR := $(DESTDIR)/usr/bin +sbin_PROG_DIR := $(DESTDIR)/usr/sbin +man8_DATA_DIR := $(DESTDIR)/usr/share/man/fr.UTF-8/man8 + +# Base +eole_DIR := $(DESTDIR)/usr/share/eole + +ifeq ($(strip $(EOLE_VERSION)), 2.3) +diagnose_PROG_DIR := $(eole_DIR)/diagnose/module +else +diagnose_PROG_DIR := $(eole_DIR)/diagnose/ +endif + +# Creole +creole_DIR := $(eole_DIR)/creole +dicos_DATA_DIR := $(creole_DIR)/dicos +tmpl_DATA_DIR := $(creole_DIR)/distrib +preservice_PROG_DIR := $(eole_DIR)/preservice +pretemplate_PROG_DIR := $(eole_DIR)/pretemplate +posttemplate_PROG_DIR := $(eole_DIR)/posttemplate +postservice_PROG_DIR := $(eole_DIR)/postservice +ifeq ($(strip $(EOLE_VERSION)), 2.3) +firewall_DATA_DIR := $(eole_DIR)/firewall +endif +bacula_restore_DATA_DIR := $(eole_DIR)/bacula/restore +bareos_restore_DATA_DIR := $(eole_DIR)/bareos/restore +bacula_fichier_DATA_DIR := $(DESTDIR)/etc/bacula/baculafichiers.d +bareos_fichier_DATA_DIR := $(DESTDIR)/etc/bareos/bareosfichiers.d +ifeq ($(strip $(EOLE_VERSION)), 2.3) +schedule_pre_PROG_DIR := $(eole_DIR)/schedule/pre +schedule_post_PROG_DIR := $(eole_DIR)/schedule/post +else +schedule_scripts_PROG_DIR := $(eole_DIR)/schedule/scripts +endif +extra_REC_DIR := $(creole_DIR)/extra + +# Zéphir +zephir_DATA_DIR := $(DESTDIR)/usr/share/zephir +zephir_configs_DATA_DIR := $(zephir_DATA_DIR)/monitor/configs +zephir_srv_DATA_DIR := $(zephir_configs_DATA_DIR)/services +zephir_scripts_PROG_DIR := $(zephir_DATA_DIR)/scripts + +# SSO +sso_DATA_DIR := $(DESTDIR)/usr/share/sso +sso_filtres_DATA_DIR := $(sso_DATA_DIR)/app_filters +sso_user-info_DATA_DIR := $(sso_DATA_DIR)/user_infos + +# EAD +ead_DATA_DIR := $(DESTDIR)/usr/share/ead2/backend/config +ead_actions_DATA_DIR := $(ead_DATA_DIR)/actions +ead_perms_DATA_DIR := $(ead_DATA_DIR)/perms +ead_roles_DATA_DIR := $(ead_DATA_DIR)/roles + +# Program libraries goes under /usr/lib// +lib_$(SOURCE)_DATA_DIR := $(DESTDIR)/usr/lib/$(SOURCE) + +# Scripts Eole +scripts_PROG_DIR := $(eole_DIR)/sbin +lib_eole_DATA_DIR := $(DESTDIR)/usr/lib/eole + +# LDAP +ldap_passwords_DATA_DIR := $(eole_DIR)/annuaire/password_files + +# LXC +lxc_DATA_DIR := $(eole_DIR)/lxc +lxc_fstab_DATA_DIR := $(lxc_DATA_DIR)/fstab +lxc_hosts_DATA_DIR := $(lxc_DATA_DIR)/hosts + +# SQL +sql_DATA_DIR := $(eole_DIR)/mysql/$(SOURCE) +sql_gen_DATA_DIR := $(sql_DATA_DIR)/gen +sql_updates_DATA_DIR := $(sql_DATA_DIR)/updates + +sql_conf_gen_DATA_DIR := $(eole_DIR)/applications/gen +sql_conf_passwords_DATA_DIR := $(eole_DIR)/applications/passwords +sql_conf_updates_DATA_DIR := $(eole_DIR)/applications/updates/$(SOURCE) + +# EoleDB sql directory +db_DIR := $(eole_DIR)/db +db_gen_DATA_DIR := $(eole_DIR)/db/$(SOURCE)/gen +db_updates_DATA_DIR := $(eole_DIR)/db/$(SOURCE)/updates + +# Certifs +certs_DATA_DIR := $(eole_DIR)/certs + +# Logrotate +logrotate_DATA_DIR := $(DESTDIR)/etc/logrotate.d + +# Cron +cron_PROG_DIR := $(DESTDIR)/etc/cron.daily + +# Python modules +ifneq ($(DESTDIR),) +PYTHON_OPTS := --root $(DESTDIR) +endif + +# Translation +TRANSLATION_SRC := translation +TRANSLATION_DEST := $(DESTDIR)/usr/share/locale +PO_FILES = $(wildcard $(TRANSLATION_SRC)/*/*.po) +MO_FOLDERS = $(addprefix $(TRANSLATION_DEST), $(addsuffix LC_MESSAGES,$(subst $(TRANSLATION_SRC),,$(dir $(PO_FILES))))) + +############################################# +# Common directories and files installation # +############################################# + +all: + +$(MO_FOLDERS): + $(INSTALL_DIRECTORY) $@ + +$(PO_FILES): $(MO_FOLDERS) + msgfmt -o $(TRANSLATION_DEST)$(subst $(TRANSLATION_SRC),,$(addsuffix LC_MESSAGES,$(dir $@)))/$(notdir $(@:.po=.mo)) $@ + +install-lang: $(PO_FILES) + +install:: install-dirs install-files install-lang + +# $1 = command to run +# $2 = source directory +# $3 = destination directory +define fc_install_file + if [ -d $2 ]; then \ + for file in `ls -1 $2/`; do \ + $1 $2/$$file $3 || true; \ + done; \ + fi +endef + +## +## Directory creation +## + +# use % to catch local name in $* +# data, program and recursive directory require a corresponding +# directory in local sources +%_DATA_DIR %_PROG_DIR %REC_DIR: + test ! -d $(subst _,/,$*) || $(INSTALL_DIRECTORY) $($@) + +# Create the directory referenced by the variable without a local one. +%_DIR: + @: # do nothing + +## +## Install files present directly under data, program and recursive directories +## + +# $* : name of variable +# $($*): value of variable +%-instdata: + $(call fc_install_file, $(INSTALL_DATA), $(subst _,/,$(subst _DATA_DIR,,$*)), $($*)) + +%-instprog: + $(call fc_install_file, $(INSTALL_PROGRAM), $(subst _,/,$(subst _PROG_DIR,,$*)), $($*)) + +%-instrec: + $(call fc_install_file, $(INSTALL_RECURSIVE), $(subst _,/,$(subst _REC_DIR,,$*)), $($*)) + + +# Use second expansion as variables may be created in included +# Makefiles +.SECONDEXPANSION: + +# List of all directories +installdirs_LIST = $(foreach V, $(filter %_DIR, $(.VARIABLES)), \ + $(if $(filter file, $(origin $(V))), \ + $(V))) +# List of data directories +installdata_LIST = $(filter %_DATA_DIR, $(installdirs_LIST)) +# List of program directories +installprog_LIST = $(filter %_PROG_DIR, $(installdirs_LIST)) +# List of recursive directories +installrec_LIST = $(filter %_REC_DIR, $(installdirs_LIST)) + +# Expand directories to create as dependency +# Use double-colon to permit user to define additionnal install-dirs +install-dirs:: $$(installdirs_LIST) + +# Expand files to install as dependency +# Use double-colon to permit user to define additionnal install-files +install-files:: install-data-files install-prog-files install-rec-dirs + +install-data-files: $$(patsubst %,%-instdata,$$(installdata_LIST)) + +install-prog-files: $$(patsubst %,%-instprog,$$(installprog_LIST)) + +install-rec-dirs: $$(patsubst %,%-instrec,$$(installrec_LIST)) + +# Installation of python modules +ifeq ($(shell test -f setup.py && echo 0), 0) +install-files:: + python setup.py install --no-compile --install-layout=deb $(PYTHON_OPTS) +endif + +.PHONY: install install-dirs install-files install-data-files install-prog-files install-rec-dirs diff --git a/ldap/patchs/slapd.conf.patch b/ldap/patchs/slapd.conf.patch new file mode 100644 index 0000000..7fed174 --- /dev/null +++ b/ldap/patchs/slapd.conf.patch @@ -0,0 +1,35 @@ +--- distrib/slapd.conf 2017-11-14 15:48:53.000000000 +0100 ++++ modif/slapd.conf 2018-03-26 17:01:41.136558718 +0200 +@@ -23,6 +23,8 @@ + %elif %%ldap_schema == 'zephir' + include /etc/ldap/schema/openldap.schema + %end if ++include /etc/ldap/schema/cadoles.schema ++ + + ## Support du TLS + TLSCertificateFile %%server_cert +@@ -43,6 +45,9 @@ + # Where the dynamically loaded modules are stored + modulepath /usr/lib/ldap + moduleload back_bdb ++# moduleload dynlist ++moduleload memberof ++ + %if %%ldap_replication == 'oui' or %%ldap_replication_client == 'oui' + moduleload syncprov + %end if +@@ -96,6 +101,13 @@ + # Mode 700 recommended. + directory /var/lib/ldap + ++#overlay dynlist ++#dynlist-attrset cadolesPerson labeledURI cadolesMemberOf ++ ++overlay memberof ++memberof-group-oc cadolesGroup ++memberof-member-ad cadolesMember ++ + # Indices to maintain + index objectClass eq + index uid,cn,sn eq,subinitial diff --git a/ldap/schema/cadoles.schema b/ldap/schema/cadoles.schema new file mode 100644 index 0000000..2e85020 --- /dev/null +++ b/ldap/schema/cadoles.schema @@ -0,0 +1,121 @@ +#------------------------------------------------------------------------------- +# +## schema Cadoles pour la Openid +# +#------------------------------------------------------------------------------- + +attributetype ( 2.16.840.1.113732.3.1.101 + NAME 'givensName' + DESC 'Prénoms Agent' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113732.3.1.102 + NAME 'usualname' + DESC 'Nom Usage' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113732.3.1.103 + NAME 'birthdate' + DESC 'Date de Naissance' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113732.3.1.104 + NAME 'birthcountry' + DESC 'Code INSEE Pays de Naissance' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113732.3.1.105 + NAME 'birthplace' + DESC 'Code INSEE Lieu de Naissance' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113732.3.1.106 + NAME 'gender' + DESC 'Sexe de la Personne' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113732.3.1.107 + NAME 'job' + DESC 'Métier' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113732.3.1.108 + NAME 'position' + DESC 'Fonction relative à Unité Organisationnelle' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113732.3.1.109 + NAME 'belongingpopulation' + DESC 'Population Appartenance' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113732.3.1.110 + NAME 'authlevel' + DESC 'Niveau Authentification Demandé' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113732.3.1.111 + NAME 'siren' + DESC 'Identifiant Entreprise' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113732.3.1.112 + NAME 'siret' + DESC 'Identifiant Etablissement' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113732.3.1.113 + NAME 'cadolesMember' + DESC 'Membres du groupe' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +objectclass ( 2.16.840.1.113732.3.1.1 + NAME 'cadolesPerson' + DESC 'Description Personne Cadoles' + SUP top AUXILIARY + MAY ( givensName $ + usualname $ + birthdate $ + birthcountry $ + birthplace $ + gender $ + job $ + position $ + belongingpopulation $ + authlevel + ) ) + +objectclass ( 2.16.840.1.113732.3.1.2 + NAME 'cadolesSiren' + DESC 'Siren' + SUP top AUXILIARY + MAY ( siren + ) ) + +objectclass ( 2.16.840.1.113732.3.1.3 + NAME 'cadolesSiret' + DESC 'Siret' + SUP top AUXILIARY + MAY ( siret $ + postalAddress + ) ) + +objectclass ( 2.16.840.1.113732.3.1.4 + NAME 'cadolesGroup' + DESC 'Descirption Groupe Cadoles' + SUP top AUXILIARY + MAY ( cadolesMember + ) ) diff --git a/posttemplate/91-cadolesldap b/posttemplate/91-cadolesldap new file mode 100755 index 0000000..9df89b8 --- /dev/null +++ b/posttemplate/91-cadolesldap @@ -0,0 +1,42 @@ +#!/bin/bash + +# +# Initialisation of LDAP Directory +# + + +# +# Run command as particular user +# +function runAs() { + USER=${1} + shift + CMD="su ${USER} -s /bin/bash -c ${@}" + + eval ${CMD} + return ${?} +} + +function main() +{ + MODE=${1} + + result=0 + + + if [[ ${MODE} == "instance" ]] + then + LDIF="/etc/cadolesldap/init/cadolesldap.ldif" + USER="openldap" + CMD="\"slapadd -l ${LDIF} -f \"/etc/ldap/slapd.conf\"\"" + + service slapd stop + runAs ${USER} ${CMD} + result=$((result+${?})) + service slapd start + return ${result} + fi +} + +main $@ +exit ${?} diff --git a/tmpl/cadolesldap.ldif b/tmpl/cadolesldap.ldif new file mode 100755 index 0000000..c56d7ce --- /dev/null +++ b/tmpl/cadolesldap.ldif @@ -0,0 +1,72 @@ +%import pyeole.ssha + +# Entrée 3: ou=%%cadolesldap_organization,o=gouv,c=fr +dn: ou=%%cadolesldap_organization,o=gouv,c=fr +objectclass: organizationalUnit +objectclass: top +ou: %%cadolesldap_organization + +# Entrée 4: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr +dn: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr +objectclass: organizationalUnit +objectclass: top +ou: %%cadolesldap_niveau01branche + +# Entrée 5: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr +dn: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr +objectclass: posixGroup +objectclass: top +objectclass: sambaGroupMapping +objectclass: cadolesGroup +objectclass: cadolesSiren +cn: %%cadolesldap_niveau01name +gidnumber: 1 +memberuid: admin +cadolesMember: uid=admin,ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr +sambagrouptype: 2 +sambasid: 1 +siren: %%cadolesldap_niveau01siren + +# Entrée 6: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,o=gouv,c=fr +dn: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,o=gouv,c=fr +objectclass: organizationalUnit +objectclass: top +ou: %%%%cadolesldap_niveau02branche + +# Entrée 7: ou=groups,ou=%%cadolesldap_organization,o=gouv,c=fr +dn: ou=groups,ou=%%cadolesldap_organization,o=gouv,c=fr +objectclass: organizationalUnit +objectclass: top +ou: groups + +# Entrée 8: ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr +dn: ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr +objectclass: organizationalUnit +objectclass: top +ou: users + +# Entrée 9: uid=admin,ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr +dn: uid=admin,ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr +objectclass: top +objectclass: person +objectclass: organizationalPerson +objectclass: inetOrgPerson +objectclass: cadolesPerson +objectclass: cadolesSiren +objectclass: cadolesSiret +authlevel: simple +uid: admin +cn: %%cadolesldap_organization +sn: %%cadolesldap_organization +displayname: Administrateur %%cadolesldap_organization +givenname: Administrateur +mail: %%system_mail_to +siren: %%cadolesldap_niveau01siren +userpassword: %%pyeole.ssha.ssha_encode(%%cadolesldap_pwdadmin) + + + + + + +