Update README

Ref: #30852
This commit is contained in:
Daniel Dehennin 2020-10-14 13:31:42 +02:00
parent a6eeb05ca9
commit 03a80f03fb
1 changed files with 15 additions and 26 deletions

View File

@ -4,27 +4,6 @@ LemonLDAP::NG EOLE integration
## Howto ## Howto
### Repository configuration
* Add the lemonldap-ng deb respository we need the last version of LemonLDAP.
GenConfig -> Mode Expert -> Dépôts tiers -> Libellé du dépôt
#### LemonLDAP::NG repository
* deb https://lemonldap-ng.org/deb 1.9 main
* deb-src https://lemonldap-ng.org/deb 1.9 main
* Key URL : https://lemonldap-ng.org/_media/rpm-gpg-key-ow2
#### Cadoles Repository
* deb [ arch=all ] https://vulcain.cadoles.com 2.6.2-dev main
* Key URL : https://vulcain.cadoles.com/cadoles.gpg
### Install packages
apt update
apt install eole-lemonldap
### Configure LemonLDAP in GenConfig ### Configure LemonLDAP in GenConfig
* Enable lemonldap in "Services" tab * Enable lemonldap in "Services" tab
@ -33,18 +12,28 @@ Gen_Config -> Services -> Activer LemonLDAP::NG -> "Oui"
* Fill LemonLDAP configuration * Fill LemonLDAP configuration
#### Nginx Web case #### On Scribe
* LemonLDAP::NG is configured to use the local LDAP service
* We register the supplementary host names to the AD DNS
* We add the supplementary host names to the `ssl_subjectalt_names`
#### Manual configuration
##### Nginx Web case
By default NGINX is configured to serve "web" application, in this case the lemonLDAP::NG application will By default NGINX is configured to serve "web" application, in this case the lemonLDAP::NG application will
not be served properly, so we need to disable this function not be served properly, so we need to disable this function
GenConfig -> Services -> Activer la publication dapplications web par Nginx -> "Non' GenConfig -> Services -> Activer la publication dapplications web par Nginx -> "Non'
#### Configuration DNS ##### Configuration DNS
* GenConfig -> Lemonldap -> Nom DNS du manager LemonLDAP-NG * GenConfig -> Lemonldap -> Nom DNS du manager LemonLDAP-NG
* GenConfig -> Lemonldap -> Nom DNS du service d'authentification LemonLDAP-NG * GenConfig -> Lemonldap -> Nom DNS du service d'authentification LemonLDAP-NG
#### Configuration LDAP ##### Configuration LDAP
* GenConfig -> Lemonldap -> Protocole LDAP à utiliser * GenConfig -> Lemonldap -> Protocole LDAP à utiliser
* GenConfig -> Lemonldap -> Adresse du Serveur LDAP utilisé par LemonLDAP::NG * GenConfig -> Lemonldap -> Adresse du Serveur LDAP utilisé par LemonLDAP::NG
* GenConfig -> Lemonldap -> Port d'écoute du LDAP utilisé par LemonLDAP::NG * GenConfig -> Lemonldap -> Port d'écoute du LDAP utilisé par LemonLDAP::NG
@ -52,14 +41,14 @@ GenConfig -> Services -> Activer la publication dapplications web par Nginx -
* GenConfig -> Lemonldap -> Utilisateur de connection à l'annuaire (DN ex: cn=reader,o=gouv,c=fr) * GenConfig -> Lemonldap -> Utilisateur de connection à l'annuaire (DN ex: cn=reader,o=gouv,c=fr)
* GenConfig -> Lemonldap -> Mot de passe de l'utilisateur de connection à l'annuaire (file like /root/.reader or the clear password) * GenConfig -> Lemonldap -> Mot de passe de l'utilisateur de connection à l'annuaire (file like /root/.reader or the clear password)
#### Configuration CAS ##### Configuration CAS
Add your CAS attributes mapping ( uid = uid and mail = mail are created by default) Add your CAS attributes mapping ( uid = uid and mail = mail are created by default)
* GenConfig -> Lemonldap -> Nom de l'attribut CAS * GenConfig -> Lemonldap -> Nom de l'attribut CAS
* GenConfig -> Lemonldap -> Attribut LDAP équivalent * GenConfig -> Lemonldap -> Attribut LDAP équivalent
### SSL issues ##### SSL issues
If you use "autosign" certificates you need to add the "manager" and "auth" service names to the alternative names. If you use "autosign" certificates you need to add the "manager" and "auth" service names to the alternative names.
You also need to include "reload" service name (available in GenConfig -> Mode Expert -> Lemonldap -> Nom DNS du service Reload de LemonLDAP-NG) You also need to include "reload" service name (available in GenConfig -> Mode Expert -> Lemonldap -> Nom DNS du service Reload de LemonLDAP-NG)