Cadoles
/
cadolesldap
21
0
Fork 0
Code Issues 5 Pull Requests Releases Wiki Activity

first commit

This commit is contained in:
root 2018-12-18 09:39:17 +01:00
commit 3864d5e98f
9 changed files with 640 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Makefile Normal file
View File

@ -0,0 +1,26 @@
################################
# Makefile pour cadolesldap
################################
SOURCE=cadolesldap
VERSION=1.0
EOLE_VERSION=2.6
EOLE_RELEASE=2.6.2
PKGAPPS=web
################################
# Début de zone à ne pas éditer
################################
include eole.mk
include apps.mk
################################
# Fin de zone à ne pas éditer
################################
# Makefile rules dedicated to application
# if exists
ifneq (, $(strip $(wildcard $(SOURCE).mk)))
include $(SOURCE).mk
endif

64
apps.mk Normal file
View File

@ -0,0 +1,64 @@
#
# NE PAS EDITER CE FICHIER
#
# Voir Makefile
##########################
# Application web envole #
##########################
ifneq (, $(filter oui web, $(PKGAPPS)))
#
# Sanity check
#
ifeq (, $(filter-out X.X, $(strip $(VERSION))))
$(error $$(VERSION) variable has incorrect value '$(VERSION)')
endif
# Where to store web application files
WEB_PATH := $(DESTDIR)/var/www/html
# Envole
sharenvole_PROG_DIR := $(DESTDIR)/usr/share/envole/$(SOURCE)
src_$(SOURCE)-$(VERSION)_REC_DIR := $(WEB_PATH)/$(SOURCE)
src_plugins-$(VERSION)_REC_DIR := $(WEB_PATH)/$(SOURCE)/plugin
src_lang-$(VERSION)_REC_DIR := $(WEB_PATH)/$(SOURCE)/lang
endif
##########################
# Application EOLE flask #
##########################
ifneq (, $(filter flask, $(PKGAPPS)))
#
# Sanity check
#
ifeq (, $(filter-out XXX, $(strip $(FLASK_MODULE))))
$(error $$(FLASK_MODULE) variable has incorrect value '$(FLASK_MODULE)')
endif
ifeq (, $(strip $(wildcard src/$(FLASK_MODULE).conf)))
$(error missing eoleflask configuration file 'src/$(FLASK_MODULE).conf')
endif
# Everything is related to mount point
APPS_MOUNT_POINT := $(shell sed -ne 's|^"MOUNT_POINT"[[:space:]]*:[[:space:]]*"/\([^"]*\)",|\1|p' \
src/$(FLASK_MODULE).conf)
ifeq (, $(strip $(APPS_MOUNT_POINT)))
$(error no "MOUNT_POINT" in eoleflask configuration file 'src/$(FLASK_MODULE).conf')
endif
# eole-flask configuration
src_DATA_DIR := $(DESTDIR)/etc/eole/flask/available
# Where to store flask application files
FLASK_PATH := $(eole_DIR)/flask/$(APPS_MOUNT_POINT)
# static files
src_$(FLASK_MODULE)_static_REC_DIR := $(FLASK_PATH)/static
src_$(FLASK_MODULE)_templates_REC_DIR := $(FLASK_PATH)/templates
src_$(FLASK_MODULE)_instance_REC_DIR := $(FLASK_PATH)/resources
endif

8
cadolesldap.mk Normal file
View File

@ -0,0 +1,8 @@
#
# PVE specific variables
#
# LDAP init
ldap_schema_REC_DIR :=$(DESTDIR)/etc/ldap/schema
ldap_patchs_DATA_DIR :=$(DESTDIR)/usr/share/eole/creole/patch

41
dicos/25_cadolesldap.xml Normal file
View File

@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8"?>
<creole>
<files>
<file filelist='cadolesldap' name='/etc/cadolesldap/init/cadolesldap.ldif' rm='True' mkdir='True'/>
</files>
<variables>
<family name='CADOLES LDAP'>
<variable name='activer_cadolesldap' type='oui/non' description='Activer Annuaire Cadoles'>
<value>oui</value>
</variable>
<variable type='string' name='cadolesldap_pwdadmin' description="Mot de passe du compte admin durant l'instance" mandatory='True'/>
<variable type='string' name='cadolesldap_organization' description="Nom de l'organisation principale (exemple Cadoles)" mandatory='True'/>
<variable type='string' name='cadolesldap_niveau01branche' description="Nom de la branche de Niveau 01 (exemple Departement)" mandatory='True'/>
<variable type='string' name='cadolesldap_niveau01name' description="Nom de la première orgranisation de Niveau 01 (exemple Interne)" mandatory='True'/>
<variable type='string' name='cadolesldap_niveau01siren' description="SIREN de la première orgranisation de Niveau 01" mandatory='True'/>
<variable type='string' name='cadolesldap_niveau02branche' description="Nom de la branche de Niveau 02 (exemple Service)" mandatory='True'/>
</family>
</variables>
<constraints>
<condition name='disabled_if_in' source='activer_admin_passfile'>
<param>non</param>
<target type='variable'>activer_cadolesldap</target>
</condition>
<condition name='hidden_if_in' source='activer_cadolesldap'>
<param>non</param>
<target type='filelist'>cadolesldap</target>
<target type='variable'>cadolesldap_pwdadmin</target>
<target type='variable'>cadolesldap_organization</target>
<target type='variable'>cadolesldap_niveau01branche</target>
<target type='variable'>cadolesldap_niveau01name</target>
<target type='variable'>cadolesldap_niveau01siren</target>
<target type='variable'>cadolesldap_niveau02branche</target>
</condition>
</constraints>
<help>
</help>
</creole>

231
eole.mk Normal file
View File

@ -0,0 +1,231 @@
#
# NE PAS EDITER CE FICHIER
#
# Utiliser <appli>.mk à inclure à la fin de Makefile
#################
# Sanity checks #
#################
ifeq (, $(DESTDIR))
$(warning $$(DESTDIR) is empty, installation will be done in /)
endif
ifeq (, $(filter-out XXX-XXX, $(strip $(SOURCE))))
$(error $$(SOURCE) variable has incorrect value '$(SOURCE)')
endif
ifeq (, $(filter-out 2.X, $(strip $(EOLE_VERSION))))
$(error $$(EOLE_VERSION) variable has incorrect value '$(EOLE_VERSION)')
endif
ifeq (, $(filter-out 2.X.Y, $(strip $(EOLE_RELEASE))))
$(error $$(EOLE_RELEASE) variable has incorrect value '$(EOLE_RELEASE)')
endif
#########################
# Variables definitions #
#########################
INSTALL := install
INSTALL_DATA := install -m 644
INSTALL_PROGRAM := install -m 755
INSTALL_DIRECTORY := install -m 755 -d
INSTALL_RECURSIVE := cp -dr --no-preserve=ownership
# Standard path
bin_PROG_DIR := $(DESTDIR)/usr/bin
sbin_PROG_DIR := $(DESTDIR)/usr/sbin
man8_DATA_DIR := $(DESTDIR)/usr/share/man/fr.UTF-8/man8
# Base
eole_DIR := $(DESTDIR)/usr/share/eole
ifeq ($(strip $(EOLE_VERSION)), 2.3)
diagnose_PROG_DIR := $(eole_DIR)/diagnose/module
else
diagnose_PROG_DIR := $(eole_DIR)/diagnose/
endif
# Creole
creole_DIR := $(eole_DIR)/creole
dicos_DATA_DIR := $(creole_DIR)/dicos
tmpl_DATA_DIR := $(creole_DIR)/distrib
preservice_PROG_DIR := $(eole_DIR)/preservice
pretemplate_PROG_DIR := $(eole_DIR)/pretemplate
posttemplate_PROG_DIR := $(eole_DIR)/posttemplate
postservice_PROG_DIR := $(eole_DIR)/postservice
ifeq ($(strip $(EOLE_VERSION)), 2.3)
firewall_DATA_DIR := $(eole_DIR)/firewall
endif
bacula_restore_DATA_DIR := $(eole_DIR)/bacula/restore
bareos_restore_DATA_DIR := $(eole_DIR)/bareos/restore
bacula_fichier_DATA_DIR := $(DESTDIR)/etc/bacula/baculafichiers.d
bareos_fichier_DATA_DIR := $(DESTDIR)/etc/bareos/bareosfichiers.d
ifeq ($(strip $(EOLE_VERSION)), 2.3)
schedule_pre_PROG_DIR := $(eole_DIR)/schedule/pre
schedule_post_PROG_DIR := $(eole_DIR)/schedule/post
else
schedule_scripts_PROG_DIR := $(eole_DIR)/schedule/scripts
endif
extra_REC_DIR := $(creole_DIR)/extra
# Zéphir
zephir_DATA_DIR := $(DESTDIR)/usr/share/zephir
zephir_configs_DATA_DIR := $(zephir_DATA_DIR)/monitor/configs
zephir_srv_DATA_DIR := $(zephir_configs_DATA_DIR)/services
zephir_scripts_PROG_DIR := $(zephir_DATA_DIR)/scripts
# SSO
sso_DATA_DIR := $(DESTDIR)/usr/share/sso
sso_filtres_DATA_DIR := $(sso_DATA_DIR)/app_filters
sso_user-info_DATA_DIR := $(sso_DATA_DIR)/user_infos
# EAD
ead_DATA_DIR := $(DESTDIR)/usr/share/ead2/backend/config
ead_actions_DATA_DIR := $(ead_DATA_DIR)/actions
ead_perms_DATA_DIR := $(ead_DATA_DIR)/perms
ead_roles_DATA_DIR := $(ead_DATA_DIR)/roles
# Program libraries goes under /usr/lib/<PROGRAM>/
lib_$(SOURCE)_DATA_DIR := $(DESTDIR)/usr/lib/$(SOURCE)
# Scripts Eole
scripts_PROG_DIR := $(eole_DIR)/sbin
lib_eole_DATA_DIR := $(DESTDIR)/usr/lib/eole
# LDAP
ldap_passwords_DATA_DIR := $(eole_DIR)/annuaire/password_files
# LXC
lxc_DATA_DIR := $(eole_DIR)/lxc
lxc_fstab_DATA_DIR := $(lxc_DATA_DIR)/fstab
lxc_hosts_DATA_DIR := $(lxc_DATA_DIR)/hosts
# SQL
sql_DATA_DIR := $(eole_DIR)/mysql/$(SOURCE)
sql_gen_DATA_DIR := $(sql_DATA_DIR)/gen
sql_updates_DATA_DIR := $(sql_DATA_DIR)/updates
sql_conf_gen_DATA_DIR := $(eole_DIR)/applications/gen
sql_conf_passwords_DATA_DIR := $(eole_DIR)/applications/passwords
sql_conf_updates_DATA_DIR := $(eole_DIR)/applications/updates/$(SOURCE)
# EoleDB sql directory
db_DIR := $(eole_DIR)/db
db_gen_DATA_DIR := $(eole_DIR)/db/$(SOURCE)/gen
db_updates_DATA_DIR := $(eole_DIR)/db/$(SOURCE)/updates
# Certifs
certs_DATA_DIR := $(eole_DIR)/certs
# Logrotate
logrotate_DATA_DIR := $(DESTDIR)/etc/logrotate.d
# Cron
cron_PROG_DIR := $(DESTDIR)/etc/cron.daily
# Python modules
ifneq ($(DESTDIR),)
PYTHON_OPTS := --root $(DESTDIR)
endif
# Translation
TRANSLATION_SRC := translation
TRANSLATION_DEST := $(DESTDIR)/usr/share/locale
PO_FILES = $(wildcard $(TRANSLATION_SRC)/*/*.po)
MO_FOLDERS = $(addprefix $(TRANSLATION_DEST), $(addsuffix LC_MESSAGES,$(subst $(TRANSLATION_SRC),,$(dir $(PO_FILES)))))
#############################################
# Common directories and files installation #
#############################################
all:
$(MO_FOLDERS):
$(INSTALL_DIRECTORY) $@
$(PO_FILES): $(MO_FOLDERS)
msgfmt -o $(TRANSLATION_DEST)$(subst $(TRANSLATION_SRC),,$(addsuffix LC_MESSAGES,$(dir $@)))/$(notdir $(@:.po=.mo)) $@
install-lang: $(PO_FILES)
install:: install-dirs install-files install-lang
# $1 = command to run
# $2 = source directory
# $3 = destination directory
define fc_install_file
if [ -d $2 ]; then \
for file in `ls -1 $2/`; do \
$1 $2/$$file $3 || true; \
done; \
fi
endef
##
## Directory creation
##
# use % to catch local name in $*
# data, program and recursive directory require a corresponding
# directory in local sources
%_DATA_DIR %_PROG_DIR %REC_DIR:
test ! -d $(subst _,/,$*) || $(INSTALL_DIRECTORY) $($@)
# Create the directory referenced by the variable without a local one.
%_DIR:
@: # do nothing
##
## Install files present directly under data, program and recursive directories
##
# $* : name of variable
# $($*): value of variable
%-instdata:
$(call fc_install_file, $(INSTALL_DATA), $(subst _,/,$(subst _DATA_DIR,,$*)), $($*))
%-instprog:
$(call fc_install_file, $(INSTALL_PROGRAM), $(subst _,/,$(subst _PROG_DIR,,$*)), $($*))
%-instrec:
$(call fc_install_file, $(INSTALL_RECURSIVE), $(subst _,/,$(subst _REC_DIR,,$*)), $($*))
# Use second expansion as variables may be created in included
# Makefiles
.SECONDEXPANSION:
# List of all directories
installdirs_LIST = $(foreach V, $(filter %_DIR, $(.VARIABLES)), \
$(if $(filter file, $(origin $(V))), \
$(V)))
# List of data directories
installdata_LIST = $(filter %_DATA_DIR, $(installdirs_LIST))
# List of program directories
installprog_LIST = $(filter %_PROG_DIR, $(installdirs_LIST))
# List of recursive directories
installrec_LIST = $(filter %_REC_DIR, $(installdirs_LIST))
# Expand directories to create as dependency
# Use double-colon to permit user to define additionnal install-dirs
install-dirs:: $$(installdirs_LIST)
# Expand files to install as dependency
# Use double-colon to permit user to define additionnal install-files
install-files:: install-data-files install-prog-files install-rec-dirs
install-data-files: $$(patsubst %,%-instdata,$$(installdata_LIST))
install-prog-files: $$(patsubst %,%-instprog,$$(installprog_LIST))
install-rec-dirs: $$(patsubst %,%-instrec,$$(installrec_LIST))
# Installation of python modules
ifeq ($(shell test -f setup.py && echo 0), 0)
install-files::
python setup.py install --no-compile --install-layout=deb $(PYTHON_OPTS)
endif
.PHONY: install install-dirs install-files install-data-files install-prog-files install-rec-dirs

35
ldap/patchs/slapd.conf.patch Normal file
View File

@ -0,0 +1,35 @@
--- distrib/slapd.conf 2017-11-14 15:48:53.000000000 +0100
+++ modif/slapd.conf 2018-03-26 17:01:41.136558718 +0200
@@ -23,6 +23,8 @@
%elif %%ldap_schema == 'zephir'
include /etc/ldap/schema/openldap.schema
%end if
+include /etc/ldap/schema/cadoles.schema
+
## Support du TLS
TLSCertificateFile %%server_cert
@@ -43,6 +45,9 @@
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_bdb
+# moduleload dynlist
+moduleload memberof
+
%if %%ldap_replication == 'oui' or %%ldap_replication_client == 'oui'
moduleload syncprov
%end if
@@ -96,6 +101,13 @@
# Mode 700 recommended.
directory /var/lib/ldap
+#overlay dynlist
+#dynlist-attrset cadolesPerson labeledURI cadolesMemberOf
+
+overlay memberof
+memberof-group-oc cadolesGroup
+memberof-member-ad cadolesMember
+
# Indices to maintain
index objectClass eq
index uid,cn,sn eq,subinitial

121
ldap/schema/cadoles.schema Normal file
View File

@ -0,0 +1,121 @@
#-------------------------------------------------------------------------------
#
## schema Cadoles pour la Openid
#
#-------------------------------------------------------------------------------
attributetype ( 2.16.840.1.113732.3.1.101
NAME 'givensName'
DESC 'Prénoms Agent'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 2.16.840.1.113732.3.1.102
NAME 'usualname'
DESC 'Nom Usage'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 2.16.840.1.113732.3.1.103
NAME 'birthdate'
DESC 'Date de Naissance'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 2.16.840.1.113732.3.1.104
NAME 'birthcountry'
DESC 'Code INSEE Pays de Naissance'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 2.16.840.1.113732.3.1.105
NAME 'birthplace'
DESC 'Code INSEE Lieu de Naissance'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 2.16.840.1.113732.3.1.106
NAME 'gender'
DESC 'Sexe de la Personne'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 2.16.840.1.113732.3.1.107
NAME 'job'
DESC 'Métier'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 2.16.840.1.113732.3.1.108
NAME 'position'
DESC 'Fonction relative à Unité Organisationnelle'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 2.16.840.1.113732.3.1.109
NAME 'belongingpopulation'
DESC 'Population Appartenance'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 2.16.840.1.113732.3.1.110
NAME 'authlevel'
DESC 'Niveau Authentification Demandé'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 2.16.840.1.113732.3.1.111
NAME 'siren'
DESC 'Identifiant Entreprise'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 2.16.840.1.113732.3.1.112
NAME 'siret'
DESC 'Identifiant Etablissement'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 2.16.840.1.113732.3.1.113
NAME 'cadolesMember'
DESC 'Membres du groupe'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
objectclass ( 2.16.840.1.113732.3.1.1
NAME 'cadolesPerson'
DESC 'Description Personne Cadoles'
SUP top AUXILIARY
MAY ( givensName $
usualname $
birthdate $
birthcountry $
birthplace $
gender $
job $
position $
belongingpopulation $
authlevel
) )
objectclass ( 2.16.840.1.113732.3.1.2
NAME 'cadolesSiren'
DESC 'Siren'
SUP top AUXILIARY
MAY ( siren
) )
objectclass ( 2.16.840.1.113732.3.1.3
NAME 'cadolesSiret'
DESC 'Siret'
SUP top AUXILIARY
MAY ( siret $
postalAddress
) )
objectclass ( 2.16.840.1.113732.3.1.4
NAME 'cadolesGroup'
DESC 'Descirption Groupe Cadoles'
SUP top AUXILIARY
MAY ( cadolesMember
) )

42
posttemplate/91-cadolesldap Executable file
View File

@ -0,0 +1,42 @@
#!/bin/bash
#
# Initialisation of LDAP Directory
#
#
# Run command as particular user
#
function runAs() {
USER=${1}
shift
CMD="su ${USER} -s /bin/bash -c ${@}"
eval ${CMD}
return ${?}
}
function main()
{
MODE=${1}
result=0
if [[ ${MODE} == "instance" ]]
then
LDIF="/etc/cadolesldap/init/cadolesldap.ldif"
USER="openldap"
CMD="\"slapadd -l ${LDIF} -f \"/etc/ldap/slapd.conf\"\""
service slapd stop
runAs ${USER} ${CMD}
result=$((result+${?}))
service slapd start
return ${result}
fi
}
main $@
exit ${?}

72
tmpl/cadolesldap.ldif Executable file
View File

@ -0,0 +1,72 @@
%import pyeole.ssha
# Entrée 3: ou=%%cadolesldap_organization,o=gouv,c=fr
dn: ou=%%cadolesldap_organization,o=gouv,c=fr
objectclass: organizationalUnit
objectclass: top
ou: %%cadolesldap_organization
# Entrée 4: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr
dn: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr
objectclass: organizationalUnit
objectclass: top
ou: %%cadolesldap_niveau01branche
# Entrée 5: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr
dn: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr
objectclass: posixGroup
objectclass: top
objectclass: sambaGroupMapping
objectclass: cadolesGroup
objectclass: cadolesSiren
cn: %%cadolesldap_niveau01name
gidnumber: 1
memberuid: admin
cadolesMember: uid=admin,ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
sambagrouptype: 2
sambasid: 1
siren: %%cadolesldap_niveau01siren
# Entrée 6: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,o=gouv,c=fr
dn: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,o=gouv,c=fr
objectclass: organizationalUnit
objectclass: top
ou: %%%%cadolesldap_niveau02branche
# Entrée 7: ou=groups,ou=%%cadolesldap_organization,o=gouv,c=fr
dn: ou=groups,ou=%%cadolesldap_organization,o=gouv,c=fr
objectclass: organizationalUnit
objectclass: top
ou: groups
# Entrée 8: ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
dn: ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
objectclass: organizationalUnit
objectclass: top
ou: users
# Entrée 9: uid=admin,ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
dn: uid=admin,ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: cadolesPerson
objectclass: cadolesSiren
objectclass: cadolesSiret
authlevel: simple
uid: admin
cn: %%cadolesldap_organization
sn: %%cadolesldap_organization
displayname: Administrateur %%cadolesldap_organization
givenname: Administrateur
mail: %%system_mail_to
siren: %%cadolesldap_niveau01siren
userpassword: %%pyeole.ssha.ssha_encode(%%cadolesldap_pwdadmin)