Compare commits
3 Commits
master
...
dist/eole/
Author | SHA1 | Date |
---|---|---|
wpetit | c0cb02e0bb | |
wpetit | 172de49089 | |
Arnaud Fornerot | 6296504eed |
|
@ -0,0 +1 @@
|
|||
7
|
|
@ -0,0 +1,14 @@
|
|||
Source: eole-cadolesldap
|
||||
Section: web
|
||||
Priority: optional
|
||||
Maintainer: CADOLES <contact@cadoles.com>
|
||||
Build-Depends: debhelper (>= 7.0.50)
|
||||
Standards-Version: 3.8.4
|
||||
Homepage: https://forge.cadoles.com/Cadoles/cadolesldap
|
||||
Vcs-Git: https://forge.cadoles.com/Cadoles/cadolesldap.git
|
||||
Vcs-Browser: https://forge.cadoles.com/Cadoles/cadolesldap.git
|
||||
|
||||
Package: eole-cadolesldap
|
||||
Architecture: all
|
||||
Depends: ${misc:Depends}, eole-annuaire
|
||||
Description: Templates cadolesldap.
|
|
@ -0,0 +1,44 @@
|
|||
Format: http://dep.debian.net/deps/dep5
|
||||
Upstream-Name: {PROJECT}
|
||||
Source: {URL}
|
||||
|
||||
Files: *
|
||||
Copyright: YEAR {UPSTREAM} {AUTHOR} <{MAIL}>
|
||||
License: {UPSTREAM LICENSE}
|
||||
|
||||
Files: debian/*
|
||||
Copyright: Cadoles <contact@cadoles.com>
|
||||
License: CeCILL-2
|
||||
|
||||
License: {UPSTREAM LICENSE}
|
||||
{TEXT OF THE LICENSE}
|
||||
|
||||
License: CeCILL-2
|
||||
This software is governed by the CeCILL-2 license under French law and
|
||||
abiding by the rules of distribution of free software. You can use,
|
||||
modify and or redistribute the software under the terms of the CeCILL-2
|
||||
license as circulated by CEA, CNRS and INRIA at the following URL
|
||||
"http://www.cecill.info";.
|
||||
.
|
||||
As a counterpart to the access to the source code and rights to copy,
|
||||
modify and redistribute granted by the license, users are provided only
|
||||
with a limited warranty and the software's author, the holder of the
|
||||
economic rights, and the successive licensors have only limited
|
||||
liability.
|
||||
.
|
||||
In this respect, the user's attention is drawn to the risks associated
|
||||
with loading, using, modifying and/or developing or reproducing the
|
||||
software by the user in light of its specific status of free software,
|
||||
that may mean that it is complicated to manipulate, and that also
|
||||
therefore means that it is reserved for developers and experienced
|
||||
professionals having in-depth computer knowledge. Users are therefore
|
||||
encouraged to load and test the software's suitability as regards their
|
||||
requirements in conditions enabling the security of their systems and/or
|
||||
data to be ensured and, more generally, to use and operate it in the
|
||||
same conditions as regards security.
|
||||
.
|
||||
The fact that you are presently reading this means that you have had
|
||||
knowledge of the CeCILL-2 license and that you accept its terms.
|
||||
.
|
||||
On Eole systems, the complete text of the CeCILL-2 License can be found
|
||||
in '/usr/share/common-licenses/CeCILL-2-en'.
|
|
@ -0,0 +1,3 @@
|
|||
# Set per distribution debian tag
|
||||
[DEFAULT]
|
||||
debian-tag = debian/envole/%(version)s
|
|
@ -0,0 +1,20 @@
|
|||
#!/usr/bin/make -f
|
||||
# -*- makefile -*-
|
||||
|
||||
# Uncomment this to turn on verbose mode.
|
||||
#export DH_VERBOSE=1
|
||||
|
||||
%:
|
||||
dh $@
|
||||
|
||||
override_dh_install:
|
||||
dh_install -peole-draaf --exclude=slapd.conf.patch \
|
||||
--exclude=cas.inc.php.tmpl.patch \
|
||||
--exclude=25-bdd-admin \
|
||||
--exclude=25_bdd_server.xml
|
||||
dh_install -pdraaf-apps
|
||||
dh_install -pdraaf-lemontheme
|
||||
dh_install -pdraaf-envoletheme
|
||||
dh_install -pdraaf-ldap
|
||||
dh_install -pdraaf-patchsso
|
||||
dh_install -pdraaf-bdd
|
|
@ -0,0 +1 @@
|
|||
3.0 (native)
|
|
@ -6,39 +6,24 @@
|
|||
|
||||
<variables>
|
||||
<family name='CADOLES LDAP'>
|
||||
<variable name="activer_admin_passfile" exists='True' redefine='True' hidden='True'><value>oui</value></variable>
|
||||
<variable name="activer_admin_passfile" redefine='True' hidden='True'><value>oui</value></variable>
|
||||
<variable name='activer_cadolesldap' type='oui/non' description='Activer Annuaire Cadoles'>
|
||||
<value>oui</value>
|
||||
</variable>
|
||||
|
||||
<variable type='string' name='cadolesldap_basedn' description="Base DN de l'annuaire" mandatory='True'/>
|
||||
<variable type='password' name='cadolesldap_pwdadmin' description="Mot de passe du compte admin durant l'instance" mandatory='True'/>
|
||||
<variable type='string' name='cadolesldap_pwdadmin' description="Mot de passe du compte admin durant l'instance" mandatory='True'/>
|
||||
<variable type='string' name='cadolesldap_organization' description="Nom de l'organisation principale" mandatory='True'/>
|
||||
<variable type='string' name='cadolesldap_niveau01branche' description="Nom de la branche de Niveau 01" mandatory='True'><value>niveau01</value></variable>
|
||||
<variable type='string' name='cadolesldap_niveau02branche' description="Nom de la branche de Niveau 02" mandatory='True'><value>niveau02</value></variable>
|
||||
|
||||
<variable type='string' name='cadolesldap_niveau01name' description="Nom de la première orgranisation de Niveau 01" mandatory='True'/>
|
||||
<variable type='string' name='cadolesldap_niveau01siren' description="SIREN de la première orgranisation de Niveau 01" mandatory='False'/>
|
||||
<variable type='oui/non' name='cadolesldap_create_reader' description="Créer un utilisateur de lecture dans l'annuaire">
|
||||
<value>oui</value>
|
||||
</variable>
|
||||
<variable type='string' name='cadolesldap_reader' description="Nom de l'utilisateur de lecture">
|
||||
<value>cadoles-reader</value>
|
||||
</variable>
|
||||
<variable type='password' name='cadolesldap_reader_pass' description="Mot de passe de l'utilisateur de lecture"/>
|
||||
<variable type='oui/non' name='cadolesldap_create_writer' description="Créer un utilisateur avec des droits d'écriture dans l'annuaire">
|
||||
<value>non</value>
|
||||
</variable>
|
||||
<variable type='string' name='cadolesldap_writer' description="Nom de l'utilisateur d'écriture">
|
||||
<value>cadoles-writer</value>
|
||||
</variable>
|
||||
<variable type='password' name='cadolesldap_writer_pass' description="Mot de passe de l'utilisateur d'écriture"/>
|
||||
|
||||
</family>
|
||||
</variables>
|
||||
|
||||
<constraints>
|
||||
<condition name='disabled_if_in' source='activer_cadolesldap'>
|
||||
<condition name='hidden_if_in' source='activer_cadolesldap'>
|
||||
<param>non</param>
|
||||
<target type='filelist'>cadolesldap</target>
|
||||
<target type='variable'>cadolesldap_pwdadmin</target>
|
||||
|
@ -50,18 +35,6 @@
|
|||
|
||||
</condition>
|
||||
|
||||
<condition name='disabled_if_in' source="cadolesldap_create_reader">
|
||||
<param>non</param>
|
||||
<target type='variable'>cadolesldap_reader</target>
|
||||
<target type='variable'>cadolesldap_reader_pass</target>
|
||||
</condition>
|
||||
|
||||
<condition name='disabled_if_in' source="cadolesldap_create_writer">
|
||||
<param>non</param>
|
||||
<target type='variable'>cadolesldap_writer</target>
|
||||
<target type='variable'>cadolesldap_writer_pass</target>
|
||||
</condition>
|
||||
|
||||
<fill name='concat' target='cadolesldap_organization'>
|
||||
<param type='eole'>libelle_etab</param>
|
||||
</fill>
|
||||
|
|
|
@ -1,50 +1,26 @@
|
|||
--- distrib/slapd.conf 2019-06-04 11:18:04.000000000 +0200
|
||||
+++ modif/slapd.conf 2021-01-12 11:06:19.496162295 +0100
|
||||
@@ -23,11 +23,19 @@
|
||||
+++ modif/slapd.conf 2020-03-24 09:10:44.724586266 +0100
|
||||
@@ -23,6 +23,7 @@
|
||||
%elif %%ldap_schema == 'zephir'
|
||||
include /etc/ldap/schema/openldap.schema
|
||||
%end if
|
||||
+include /etc/ldap/schema/cadoles.schema
|
||||
|
||||
|
||||
## Support du TLS
|
||||
+%if %%cert_type == "manuel"
|
||||
+TLSCertificateFile %%server_cert
|
||||
+TLSCertificateKeyFile %%server_key
|
||||
+TLSCACertificateFile %%server_pem
|
||||
+%else
|
||||
TLSCertificateFile /etc/ldap/ssl/certs/openldap.crt
|
||||
TLSCertificateKeyFile /etc/ldap/ssl/private/openldap.key
|
||||
TLSCACertificateFile /etc/ssl/certs/ca.crt
|
||||
+%end if
|
||||
+
|
||||
TLSVerifyClient never
|
||||
TLSCipherSuite SECURE256:+SIGN-ALL:-VERS-SSL3.0:!AES-128-CBC:!3DES-CBC:!DES-CBC:!ARCFOUR-128:!ARCFOUR-40:!RC2-40:!CAMELLIA-128-CBC:!NULL
|
||||
|
||||
@@ -46,6 +54,7 @@
|
||||
@@ -46,6 +47,7 @@
|
||||
%if %%ldap_replication == 'oui' or %%ldap_replication_client == 'oui'
|
||||
moduleload syncprov
|
||||
%end if
|
||||
+moduleload memberof
|
||||
|
||||
|
||||
# Sample security restrictions
|
||||
# Require integrity protection (prevent hijacking)
|
||||
@@ -80,6 +89,7 @@
|
||||
|
||||
# compatibilite EAD1 et appli PHP
|
||||
allow bind_v2
|
||||
+allow bind_anon_dn
|
||||
|
||||
database bdb
|
||||
# The base of your directory
|
||||
@@ -216,6 +226,10 @@
|
||||
syncprov-sessionlog 100
|
||||
%end if
|
||||
|
||||
+overlay memberof
|
||||
+memberof-group-oc cadolesGroup
|
||||
+memberof-member-ad cadolesMember
|
||||
+
|
||||
@@ -219,3 +221,7 @@
|
||||
%if %%ldap_replication_client == 'oui'
|
||||
include /etc/ldap/replication.conf
|
||||
%end if
|
||||
|
||||
+
|
||||
+overlay memberof
|
||||
+memberof-group-oc cadolesGroup
|
||||
+memberof-member-ad cadolesMember
|
||||
|
|
|
@ -131,6 +131,5 @@ objectclass ( 2.16.840.1.113732.3.1.4
|
|||
NAME 'cadolesGroup'
|
||||
DESC 'Descirption Groupe Cadoles'
|
||||
SUP top AUXILIARY
|
||||
MAY ( cadolesMember $
|
||||
mail
|
||||
MAY ( cadolesMember
|
||||
) )
|
||||
|
|
|
@ -1,96 +0,0 @@
|
|||
DN:
|
||||
changeType: modify
|
||||
add: schemaUpdateNow
|
||||
schemaUpdateNow: 1
|
||||
-
|
||||
|
||||
dn: CN=cadolesPerson,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
changeType: add
|
||||
objectClass: top
|
||||
objectClass: classSchema
|
||||
governsID: 2.16.840.1.113732.3.1.1
|
||||
schemaIdGuid:: BS9z8eJKvYZ+lS8OJgeC1g==
|
||||
cn: cadolesPerson
|
||||
name: cadolesPerson
|
||||
lDAPDisplayName: cadolesPerson
|
||||
description: Description Personne Cadoles
|
||||
subClassOf: top
|
||||
objectClassCategory: 3
|
||||
mayContain: givensName
|
||||
mayContain: usualname
|
||||
mayContain: birthdate
|
||||
mayContain: birthcountry
|
||||
mayContain: birthplace
|
||||
mayContain: gender
|
||||
mayContain: job
|
||||
mayContain: position
|
||||
mayContain: belongingpopulation
|
||||
mayContain: authlevel
|
||||
defaultObjectCategory: CN=cadolesPerson,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
|
||||
DN:
|
||||
changeType: modify
|
||||
add: schemaUpdateNow
|
||||
schemaUpdateNow: 1
|
||||
-
|
||||
|
||||
dn: CN=cadolesSiren,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
changeType: add
|
||||
objectClass: top
|
||||
objectClass: classSchema
|
||||
governsID: 2.16.840.1.113732.3.1.2
|
||||
schemaIdGuid:: 7pJbNueSjwpq7TsL2aiW1w==
|
||||
cn: cadolesSiren
|
||||
name: cadolesSiren
|
||||
lDAPDisplayName: cadolesSiren
|
||||
description: Siren
|
||||
subClassOf: top
|
||||
objectClassCategory: 3
|
||||
mayContain: siren
|
||||
mayContain: niveau01
|
||||
defaultObjectCategory: CN=cadolesSiren,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
|
||||
DN:
|
||||
changeType: modify
|
||||
add: schemaUpdateNow
|
||||
schemaUpdateNow: 1
|
||||
-
|
||||
|
||||
dn: CN=cadolesSiret,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
changeType: add
|
||||
objectClass: top
|
||||
objectClass: classSchema
|
||||
governsID: 2.16.840.1.113732.3.1.3
|
||||
schemaIdGuid:: BOOf/nwBuCFehtpsyYrLjA==
|
||||
cn: cadolesSiret
|
||||
name: cadolesSiret
|
||||
lDAPDisplayName: cadolesSiret
|
||||
description: Siret
|
||||
subClassOf: top
|
||||
objectClassCategory: 3
|
||||
mayContain: siret
|
||||
mayContain: postalAddress
|
||||
mayContain: niveau02
|
||||
defaultObjectCategory: CN=cadolesSiret,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
|
||||
DN:
|
||||
changeType: modify
|
||||
add: schemaUpdateNow
|
||||
schemaUpdateNow: 1
|
||||
-
|
||||
|
||||
dn: CN=cadolesGroup,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
changeType: add
|
||||
objectClass: top
|
||||
objectClass: classSchema
|
||||
governsID: 2.16.840.1.113732.3.1.4
|
||||
schemaIdGuid:: IPc/rPzhpAjekHrvXgdI8w==
|
||||
cn: cadolesGroup
|
||||
name: cadolesGroup
|
||||
lDAPDisplayName: cadolesGroup
|
||||
description: Descirption Groupe Cadoles
|
||||
subClassOf: top
|
||||
objectClassCategory: 3
|
||||
mayContain: cadolesMember
|
||||
defaultObjectCategory: CN=cadolesGroup,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
|
|
@ -1,299 +0,0 @@
|
|||
DN:
|
||||
changeType: modify
|
||||
add: schemaUpdateNow
|
||||
schemaUpdateNow: 1
|
||||
-
|
||||
|
||||
dn: CN=givensName,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
changeType: add
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
attributeID: 2.16.840.1.113732.3.1.101
|
||||
schemaIdGuid:: Jlbt5wmATVMcWKBhHjDO6Q==
|
||||
cn: givensName
|
||||
name: givensName
|
||||
lDAPDisplayName: givensName
|
||||
description:: UHLDqW5vbXMgQWdlbnQ=
|
||||
attributeSyntax: 2.5.5.12
|
||||
oMSyntax: 64
|
||||
isSingleValued: TRUE
|
||||
|
||||
DN:
|
||||
changeType: modify
|
||||
add: schemaUpdateNow
|
||||
schemaUpdateNow: 1
|
||||
-
|
||||
|
||||
dn: CN=usualname,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
changeType: add
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
attributeID: 2.16.840.1.113732.3.1.102
|
||||
schemaIdGuid:: ZHr974ZZzNma8pHl9aaLKA==
|
||||
cn: usualname
|
||||
name: usualname
|
||||
lDAPDisplayName: usualname
|
||||
description: Nom Usage
|
||||
attributeSyntax: 2.5.5.12
|
||||
oMSyntax: 64
|
||||
isSingleValued: TRUE
|
||||
|
||||
DN:
|
||||
changeType: modify
|
||||
add: schemaUpdateNow
|
||||
schemaUpdateNow: 1
|
||||
-
|
||||
|
||||
dn: CN=birthdate,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
changeType: add
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
attributeID: 2.16.840.1.113732.3.1.103
|
||||
schemaIdGuid:: wkZpNuM104JsF2zMxq3fnw==
|
||||
cn: birthdate
|
||||
name: birthdate
|
||||
lDAPDisplayName: birthdate
|
||||
description: Date de Naissance
|
||||
attributeSyntax: 2.5.5.12
|
||||
oMSyntax: 64
|
||||
isSingleValued: TRUE
|
||||
|
||||
DN:
|
||||
changeType: modify
|
||||
add: schemaUpdateNow
|
||||
schemaUpdateNow: 1
|
||||
-
|
||||
|
||||
dn: CN=birthcountry,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
changeType: add
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
attributeID: 2.16.840.1.113732.3.1.104
|
||||
schemaIdGuid:: +ReayhtKgycw+f1WmyUFjA==
|
||||
cn: birthcountry
|
||||
name: birthcountry
|
||||
lDAPDisplayName: birthcountry
|
||||
description: Code INSEE Pays de Naissance
|
||||
attributeSyntax: 2.5.5.12
|
||||
oMSyntax: 64
|
||||
isSingleValued: TRUE
|
||||
|
||||
DN:
|
||||
changeType: modify
|
||||
add: schemaUpdateNow
|
||||
schemaUpdateNow: 1
|
||||
-
|
||||
|
||||
dn: CN=birthplace,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
changeType: add
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
attributeID: 2.16.840.1.113732.3.1.105
|
||||
schemaIdGuid:: PWA2lFufaLT7V426mHUTEA==
|
||||
cn: birthplace
|
||||
name: birthplace
|
||||
lDAPDisplayName: birthplace
|
||||
description: Code INSEE Lieu de Naissance
|
||||
attributeSyntax: 2.5.5.12
|
||||
oMSyntax: 64
|
||||
isSingleValued: TRUE
|
||||
|
||||
DN:
|
||||
changeType: modify
|
||||
add: schemaUpdateNow
|
||||
schemaUpdateNow: 1
|
||||
-
|
||||
|
||||
dn: CN=gender,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
changeType: add
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
attributeID: 2.16.840.1.113732.3.1.106
|
||||
schemaIdGuid:: SLktEEb4rGlIyy5Eo9Shjg==
|
||||
cn: gender
|
||||
name: gender
|
||||
lDAPDisplayName: gender
|
||||
description: Sexe de la Personne
|
||||
attributeSyntax: 2.5.5.12
|
||||
oMSyntax: 64
|
||||
isSingleValued: TRUE
|
||||
|
||||
DN:
|
||||
changeType: modify
|
||||
add: schemaUpdateNow
|
||||
schemaUpdateNow: 1
|
||||
-
|
||||
|
||||
dn: CN=job,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
changeType: add
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
attributeID: 2.16.840.1.113732.3.1.107
|
||||
schemaIdGuid:: nhVCGzIC/Fdk2uAMDGHfFA==
|
||||
cn: job
|
||||
name: job
|
||||
lDAPDisplayName: job
|
||||
description:: TcOpdGllcg==
|
||||
attributeSyntax: 2.5.5.12
|
||||
oMSyntax: 64
|
||||
isSingleValued: TRUE
|
||||
|
||||
DN:
|
||||
changeType: modify
|
||||
add: schemaUpdateNow
|
||||
schemaUpdateNow: 1
|
||||
-
|
||||
|
||||
dn: CN=position,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
changeType: add
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
attributeID: 2.16.840.1.113732.3.1.108
|
||||
schemaIdGuid:: j0OPKDBf7J/iPToHdwF0ZQ==
|
||||
cn: position
|
||||
name: position
|
||||
lDAPDisplayName: position
|
||||
description:: Rm9uY3Rpb24gcmVsYXRpdmUgw6AgVW5pdMOpIE9yZ2FuaXNhdGlvbm5lbGxl
|
||||
attributeSyntax: 2.5.5.12
|
||||
oMSyntax: 64
|
||||
isSingleValued: TRUE
|
||||
|
||||
DN:
|
||||
changeType: modify
|
||||
add: schemaUpdateNow
|
||||
schemaUpdateNow: 1
|
||||
-
|
||||
|
||||
dn: CN=belongingpopulation,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
changeType: add
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
attributeID: 2.16.840.1.113732.3.1.109
|
||||
schemaIdGuid:: KVMi+GCSzkYHccfbRnCmaQ==
|
||||
cn: belongingpopulation
|
||||
name: belongingpopulation
|
||||
lDAPDisplayName: belongingpopulation
|
||||
description: Population Appartenance
|
||||
attributeSyntax: 2.5.5.12
|
||||
oMSyntax: 64
|
||||
isSingleValued: TRUE
|
||||
|
||||
DN:
|
||||
changeType: modify
|
||||
add: schemaUpdateNow
|
||||
schemaUpdateNow: 1
|
||||
-
|
||||
|
||||
dn: CN=authlevel,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
changeType: add
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
attributeID: 2.16.840.1.113732.3.1.110
|
||||
schemaIdGuid:: i7mCIv1VtoKwDOwX8hHs4A==
|
||||
cn: authlevel
|
||||
name: authlevel
|
||||
lDAPDisplayName: authlevel
|
||||
description:: Tml2ZWF1IEF1dGhlbnRpZmljYXRpb24gRGVtYW5kw6k=
|
||||
attributeSyntax: 2.5.5.12
|
||||
oMSyntax: 64
|
||||
isSingleValued: TRUE
|
||||
|
||||
DN:
|
||||
changeType: modify
|
||||
add: schemaUpdateNow
|
||||
schemaUpdateNow: 1
|
||||
-
|
||||
|
||||
dn: CN=siren,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
changeType: add
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
attributeID: 2.16.840.1.113732.3.1.111
|
||||
schemaIdGuid:: yWAVXrzf61bqVFmttTCMoQ==
|
||||
cn: siren
|
||||
name: siren
|
||||
lDAPDisplayName: siren
|
||||
description: Identifiant Entreprise
|
||||
attributeSyntax: 2.5.5.12
|
||||
oMSyntax: 64
|
||||
isSingleValued: TRUE
|
||||
|
||||
DN:
|
||||
changeType: modify
|
||||
add: schemaUpdateNow
|
||||
schemaUpdateNow: 1
|
||||
-
|
||||
|
||||
dn: CN=siret,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
changeType: add
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
attributeID: 2.16.840.1.113732.3.1.112
|
||||
schemaIdGuid:: xuETMsIWjPkNn9PP6XH2Hw==
|
||||
cn: siret
|
||||
name: siret
|
||||
lDAPDisplayName: siret
|
||||
description: Identifiant Etablissement
|
||||
attributeSyntax: 2.5.5.12
|
||||
oMSyntax: 64
|
||||
isSingleValued: TRUE
|
||||
|
||||
DN:
|
||||
changeType: modify
|
||||
add: schemaUpdateNow
|
||||
schemaUpdateNow: 1
|
||||
-
|
||||
|
||||
dn: CN=cadolesMember,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
changeType: add
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
attributeID: 2.16.840.1.113732.3.1.113
|
||||
schemaIdGuid:: jKgWUFwz5KWM4Fkbbiuw6Q==
|
||||
cn: cadolesMember
|
||||
name: cadolesMember
|
||||
lDAPDisplayName: cadolesMember
|
||||
description: Membres du groupe
|
||||
attributeSyntax: 2.5.5.1
|
||||
oMSyntax: 127
|
||||
isSingleValued: FALSE
|
||||
|
||||
DN:
|
||||
changeType: modify
|
||||
add: schemaUpdateNow
|
||||
schemaUpdateNow: 1
|
||||
-
|
||||
|
||||
dn: CN=niveau01,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
changeType: add
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
attributeID: 2.16.840.1.113732.3.1.114
|
||||
schemaIdGuid:: ax677pNcedcU/lJbaV61rg==
|
||||
cn: niveau01
|
||||
name: niveau01
|
||||
lDAPDisplayName: niveau01
|
||||
description: Label Entreprise
|
||||
attributeSyntax: 2.5.5.12
|
||||
oMSyntax: 64
|
||||
isSingleValued: TRUE
|
||||
|
||||
DN:
|
||||
changeType: modify
|
||||
add: schemaUpdateNow
|
||||
schemaUpdateNow: 1
|
||||
-
|
||||
|
||||
dn: CN=niveau02,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||
changeType: add
|
||||
objectClass: top
|
||||
objectClass: attributeSchema
|
||||
attributeID: 2.16.840.1.113732.3.1.115
|
||||
schemaIdGuid:: caUDcwXPL7LKxotwqD4LsQ==
|
||||
cn: niveau02
|
||||
name: niveau02
|
||||
lDAPDisplayName: niveau02
|
||||
description: Label Etablissement
|
||||
attributeSyntax: 2.5.5.12
|
||||
oMSyntax: 64
|
||||
isSingleValued: TRUE
|
|
@ -1,69 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
#
|
||||
# Initialisation of LDAP Directory
|
||||
#
|
||||
|
||||
|
||||
#
|
||||
# Run command as particular user
|
||||
#
|
||||
function runAs() {
|
||||
USER=${1}
|
||||
shift
|
||||
CMD="su ${USER} -s /bin/bash -c ${@}"
|
||||
|
||||
eval ${CMD}
|
||||
return ${?}
|
||||
}
|
||||
|
||||
function addLDAPschema()
|
||||
{
|
||||
LDIF="/etc/cadolesldap/init/cadolesldap.ldif"
|
||||
USER="openldap"
|
||||
CMD="\"slapadd -l ${LDIF} -f \"/etc/ldap/slapd.conf\"\""
|
||||
|
||||
service slapd stop
|
||||
runAs ${USER} ${CMD}
|
||||
result=$((result+${?}))
|
||||
service slapd start
|
||||
return ${result}
|
||||
}
|
||||
|
||||
function addADSchema()
|
||||
{
|
||||
/usr/share/eole/sbin/cadoles_add_schema.sh
|
||||
return ${?}
|
||||
}
|
||||
|
||||
function main()
|
||||
{
|
||||
MODE=${1}
|
||||
result=0
|
||||
|
||||
|
||||
if [[ ${MODE} == "instance" ]]
|
||||
then
|
||||
if [[ $(CreoleGet eole_module) == "seth" ]]
|
||||
then
|
||||
addADSchema
|
||||
return ${?}
|
||||
else
|
||||
addLDAPschema
|
||||
return ${?}
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
if [[ $(CreoleGet eole_module eolebase) != "seth" ]]
|
||||
then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [[ $(CreoleGet activer_cadolesldap non) == "oui" ]]
|
||||
then
|
||||
main $@
|
||||
exit ${?}
|
||||
else
|
||||
exit 0
|
||||
fi
|
|
@ -17,49 +17,27 @@ function runAs() {
|
|||
return ${?}
|
||||
}
|
||||
|
||||
function addLDAPschema()
|
||||
{
|
||||
LDIF="/etc/cadolesldap/init/cadolesldap.ldif"
|
||||
USER="openldap"
|
||||
CMD="\"slapadd -l ${LDIF} -f \"/etc/ldap/slapd.conf\"\""
|
||||
|
||||
service slapd stop
|
||||
runAs ${USER} ${CMD}
|
||||
result=$((result+${?}))
|
||||
service slapd start
|
||||
return ${result}
|
||||
}
|
||||
|
||||
function addADSchema()
|
||||
{
|
||||
/usr/share/eole/sbin/cadoles_add_schema.sh
|
||||
return ${?}
|
||||
}
|
||||
|
||||
function main()
|
||||
{
|
||||
MODE=${1}
|
||||
result=0
|
||||
MODE=${1}
|
||||
|
||||
result=0
|
||||
|
||||
|
||||
if [[ ${MODE} == "instance" ]]
|
||||
then
|
||||
if [[ $(CreoleGet eole_module) == "seth" ]]
|
||||
then
|
||||
addADSchema
|
||||
return ${?}
|
||||
else
|
||||
addLDAPschema
|
||||
return ${?}
|
||||
fi
|
||||
fi
|
||||
if [[ ${MODE} == "instance" ]]
|
||||
then
|
||||
LDIF="/etc/cadolesldap/init/cadolesldap.ldif"
|
||||
USER="openldap"
|
||||
CMD="\"slapadd -l ${LDIF} -f \"/etc/ldap/slapd.conf\"\""
|
||||
|
||||
service slapd stop
|
||||
runAs ${USER} ${CMD}
|
||||
result=$((result+${?}))
|
||||
service slapd start
|
||||
return ${result}
|
||||
fi
|
||||
}
|
||||
|
||||
if [[ $(CreoleGet eole_module eolebase) == "seth" ]]
|
||||
then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [[ $(CreoleGet activer_cadolesldap non) == "oui" ]]
|
||||
then
|
||||
main $@
|
||||
|
|
|
@ -1,93 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
if [[ ! -e /etc/eole/samba4-vars.conf ]]
|
||||
then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
. /etc/eole/samba4-vars.conf
|
||||
|
||||
function updateSchemaDN()
|
||||
{
|
||||
STR=${1}
|
||||
DN=${2}
|
||||
FILE=${3}
|
||||
|
||||
sed -i -e "s/${STR}/${DN}/g" ${FILE}
|
||||
return ${?}
|
||||
}
|
||||
|
||||
function user_exists() {
|
||||
local username="${1}"
|
||||
samba-tool user show "${username}" > /dev/null 2>&1
|
||||
return ${?}
|
||||
}
|
||||
|
||||
DN="$(CreoleGet cadolesldap_basedn)"
|
||||
BASEDN="CN=Schema,CN=Configuration,${DN}"
|
||||
INITDIR="/etc/cadolesldap/init"
|
||||
|
||||
RETURNED=$(ldbsearch --option="dsdb:schema update allowed"=true -H /var/lib/samba/private/sam.ldb -b $BASEDN CN=siren CN | grep "returned.*records")
|
||||
|
||||
if [ "$RETURNED" = "# returned 0 records" ]; then
|
||||
# Import schema
|
||||
SCHEMAS="cadoles.schema cadoles.schema-2"
|
||||
PRIVATE_DIR=/etc/eole/private
|
||||
|
||||
for schema in $SCHEMAS
|
||||
do
|
||||
updateSchemaDN "{DNCONFIG}" "${DN}" /etc/ldap/schema/eole/${schema}.ldif
|
||||
if [[ $? -ne 0 ]]
|
||||
then
|
||||
echo "Error updating DN for ${schema}"
|
||||
break
|
||||
fi
|
||||
ldbmodify -H /var/lib/samba/private/sam.ldb /etc/ldap/schema/eole/${schema}.ldif --option="dsdb:schema update allowed"=true
|
||||
if [[ $? -ne 0 ]]
|
||||
then
|
||||
echo "Error updating Schema ${schema} !!"
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
lv1=$(CreoleGet cadolesldap_niveau01name )
|
||||
RETURNED=$(ldbsearch --option="dsdb:schema update allowed"=true -H /var/lib/samba/private/sam.ldb -b $DN OU=${lv1} OU | grep "#.* entries")
|
||||
if [ "$RETURNED" = "# 0 entries" ]; then
|
||||
ldbmodify -H /var/lib/samba/private/sam.ldb ${INITDIR}/cadolesldap.ldif
|
||||
if [[ -e ${INITDIR}/cadolesindex.ldif ]]
|
||||
then
|
||||
ldbmodify --option="dsdb:schema update allowed"=true -H /var/lib/samba/private/sam.ldb ${INITDIR}/cadolesindex.ldif
|
||||
fi
|
||||
|
||||
if [[ $(CreoleGet cadolesldap_create_reader non) == "oui" ]]
|
||||
then
|
||||
user=$(CreoleGet cadolesldap_reader)
|
||||
password=$(CreoleGet cadolesldap_reader_pass)
|
||||
if ! user_exists ${user}
|
||||
then
|
||||
echo "Ajout du compte d'écriture dans l'annuaire '$user'... "
|
||||
samba-tool user create --random-password $user
|
||||
samba-tool user setexpiry $user --noexpiry
|
||||
samba-tool user setpassword $user --newpassword="${password}"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ $(CreoleGet cadolesldap_create_writer non) == "oui" ]]
|
||||
then
|
||||
user=$(CreoleGet cadolesldap_writer)
|
||||
password=$(CreoleGet cadolesldap_writer_pass)
|
||||
if ! user_exists ${user}
|
||||
then
|
||||
echo "Ajout du compte d'écriture dans l'annuaire '$user'... "
|
||||
samba-tool user create --random-password $user
|
||||
samba-tool user setexpiry $user --noexpiry
|
||||
samba-tool group addmembers 'Domain Admins' $user
|
||||
samba-tool user setpassword $user --newpassword="${password}"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
|
@ -1,121 +1,66 @@
|
|||
%import pyeole.ssha
|
||||
|
||||
# Entrée 3: ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
dn: ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
%if %%eole_module == "seth"
|
||||
changetype: add
|
||||
%end if
|
||||
# Entrée 3: ou=%%cadolesldap_organization,o=gouv,c=fr
|
||||
dn: ou=%%cadolesldap_organization,o=gouv,c=fr
|
||||
objectclass: organizationalUnit
|
||||
objectclass: top
|
||||
ou: %%cadolesldap_organization
|
||||
|
||||
# Entrée 4: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
dn: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
%if %%eole_module == "seth"
|
||||
changetype: add
|
||||
%end if
|
||||
# Entrée 4: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr
|
||||
dn: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr
|
||||
objectclass: organizationalUnit
|
||||
objectclass: top
|
||||
ou: %%cadolesldap_niveau01branche
|
||||
|
||||
# Entrée 5: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
dn: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
%if %%eole_module == "seth"
|
||||
changetype: add
|
||||
%end if
|
||||
# Entrée 5: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr
|
||||
dn: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr
|
||||
objectclass: posixGroup
|
||||
objectclass: top
|
||||
%if %%eole_module == "seth"
|
||||
objectclass: group
|
||||
%else
|
||||
objectclass: sambaGroupMapping
|
||||
%end if
|
||||
objectclass: cadolesGroup
|
||||
objectclass: cadolesSiren
|
||||
cn: %%cadolesldap_niveau01name
|
||||
gidnumber: 1
|
||||
memberuid: admin
|
||||
%if %%eole_module != "seth"
|
||||
cadolesMember: uid=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
%end if
|
||||
%if %%eole_module != "seth"
|
||||
cadolesMember: uid=admin,ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
|
||||
sambagrouptype: 2
|
||||
sambasid: 1
|
||||
%end if
|
||||
%if not %%is_empty(%%cadolesldap_niveau01siren)
|
||||
siren: %%cadolesldap_niveau01siren
|
||||
%else
|
||||
siren: %%cadolesldap_niveau01name
|
||||
%end if
|
||||
|
||||
# Entrée 6: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
dn: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
%if %%eole_module == "seth"
|
||||
changetype: add
|
||||
%end if
|
||||
# Entrée 6: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,o=gouv,c=fr
|
||||
dn: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,o=gouv,c=fr
|
||||
objectclass: organizationalUnit
|
||||
objectclass: top
|
||||
ou: %%cadolesldap_niveau02branche
|
||||
ou: %%%%cadolesldap_niveau02branche
|
||||
|
||||
# Entrée 7: ou=groups,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
dn: ou=groups,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
%if %%eole_module == "seth"
|
||||
changetype: add
|
||||
%end if
|
||||
# Entrée 7: ou=groups,ou=%%cadolesldap_organization,o=gouv,c=fr
|
||||
dn: ou=groups,ou=%%cadolesldap_organization,o=gouv,c=fr
|
||||
objectclass: organizationalUnit
|
||||
objectclass: top
|
||||
ou: groups
|
||||
|
||||
# Entrée 8: ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
dn: ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
%if %%eole_module == "seth"
|
||||
changetype: add
|
||||
%end if
|
||||
# Entrée 8: ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
|
||||
dn: ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
|
||||
objectclass: organizationalUnit
|
||||
objectclass: top
|
||||
ou: users
|
||||
|
||||
%if %%eole_module == "seth"
|
||||
# Entrée 9: cn=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
dn: cn=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
%else
|
||||
# Entrée 9: uid=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
dn: uid=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
%end if
|
||||
%if %%eole_module == "seth"
|
||||
changetype: add
|
||||
%end if
|
||||
# Entrée 9: uid=admin,ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
|
||||
dn: uid=admin,ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
|
||||
objectclass: top
|
||||
objectclass: person
|
||||
objectclass: organizationalPerson
|
||||
%if %%eole_module == "seth"
|
||||
objectclass: user
|
||||
%end if
|
||||
objectclass: inetOrgPerson
|
||||
objectclass: cadolesPerson
|
||||
objectclass: cadolesSiren
|
||||
objectclass: cadolesSiret
|
||||
authlevel: simple
|
||||
uid: admin
|
||||
cn: admin
|
||||
cn: %%cadolesldap_organization
|
||||
sn: %%cadolesldap_organization
|
||||
displayname: Administrateur %%cadolesldap_organization
|
||||
givenname: Administrateur
|
||||
%if not %%is_empty(%%system_mail_to)
|
||||
mail: %%system_mail_to
|
||||
%end if
|
||||
%if not %%is_empty(%%cadolesldap_niveau01siren)
|
||||
siren: %%cadolesldap_niveau01siren
|
||||
%else
|
||||
siren: %%cadolesldap_niveau01name
|
||||
%end if
|
||||
niveau01: %%cadolesldap_niveau01name
|
||||
userpassword: %%pyeole.ssha.ssha_encode(%%cadolesldap_pwdadmin)
|
||||
|
||||
%if %%eole_module == "seth"
|
||||
# FIXME CadolesMember ...
|
||||
# Entrée 9bis: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
#dn: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
#changetype: add
|
||||
#cadolesMember: cn=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||
%end if
|
Loading…
Reference in New Issue