diff --git a/README.md b/README.md index df73a11..a3ec206 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,66 @@ # eole-lemonldap -Intégration LemonLDAP::NG pour EOLE +LemonLDAP::NG EOLE integration ## Howto +### Repository configuration + * Add the lemonldap-ng deb respository we need the last version of LemonLDAP. -Gen_config -> Mode Expert -> Dépôts tiers -> Libellé du dépôt +GenConfig -> Mode Expert -> Dépôts tiers -> Libellé du dépôt - ### LemonLDAP::NG repository +#### LemonLDAP::NG repository * deb https://lemonldap-ng.org/deb stable main * deb-src https://lemonldap-ng.org/deb stable main * Key URL : https://lemonldap-ng.org/_media/rpm-gpg-key-ow2 +#### Cadoles Repository +* deb [ arch=all ] https://vulcain.cadoles.com 2.6.2-dev main +* Key URL : https://vulcain.cadoles.com/cadoles.gpg + +### Install packages + +apt update +apt install eole-lemonldap + +### Configure LemonLDAP in GenConfig + +* Enable lemonldap in "Services" tab + +Gen_Config -> Services -> Activer LemonLDAP::NG -> "Oui" + +* Fill LemonLDAP configuration + +#### Configuration DNS +* GenConfig -> Lemonldap -> Nom DNS du manager LemonLDAP-NG +* GenConfig -> Lemonldap -> Nom DNS du service d'authentification LemonLDAP-NG + +#### Configuration LDAP +* GenConfig -> Lemonldap -> Protocole LDAP à utiliser +* GenConfig -> Lemonldap -> Adresse du Serveur LDAP utilisé par LemonLDAP::NG +* GenConfig -> Lemonldap -> Port d'écoute du LDAP utilisé par LemonLDAP::NG +* GenConfig -> Lemonldap -> Base DN des utilisateurs dans l'annuaire +* GenConfig -> Lemonldap -> Utilisateur de connection à l'annuaire (DN ex: cn=reader,o=gouv,c=fr) +* GenConfig -> Lemonldap -> Mot de passe de l'utilisateur de connection à l'annuaire (file like /root/.reader or the clear password) + +#### Configuration CAS + +Add your CAS attributes mapping ( uid = uid and mail = mail are created by default) + +* GenConfig -> Lemonldap -> Nom de l'attribut CAS +* GenConfig -> Lemonldap -> Attribut LDAP équivalent + +### SSL issues + +If you use "autosign" certificates you need to add the "manager" and "auth" service names to the alternative names. +You also need to include "reload" service name (available in GenConfig -> Mode Expert -> Lemonldap -> Nom DNS du service Reload de LemonLDAP-NG) + +* GenConfig -> Mode Expert -> Certificats ssl -> Nom Alternatif de la machine (SubjectAltName) + +If you use "manual" certificates make sure this names are covered by your SSL Certificate + +If you use "letsencrypt" mode you also need to add this names to the let'sencrypt request: + +* GenConfig -> Mode Expert -> Certificat ssl -> Nom de domaines supplémentaires diff --git a/tmpl/lmConf-1.js b/tmpl/lmConf-1.js index 3fa8709..1c21d85 100644 --- a/tmpl/lmConf-1.js +++ b/tmpl/lmConf-1.js @@ -229,7 +229,11 @@ }, "portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/", "hideOldPassword": 0, +%if %%is_file(%%ldapBindUserPassword) + "managerPassword": "%%pwdreader("", %%ldapBindUserPassword)", +%else "managerPassword": "%%ldapBindUserPassword", +%end if "authChoiceParam": "lmAuth", "lwpSslOpts": {}, "portalSkinRules": {},