fix: use hydra-ldap and olm operator to fix example

2025-02-13 17:02:48 +01:00
parent c97266c272
commit c01eb28d8c
34 changed files with 729 additions and 461 deletions
--- a/examples/authenticated-app/files/glauth.conf
+++ b/examples/authenticated-app/files/glauth.conf
@ -0,0 +1,83 @@
+debug = true
+
+[ldap]
+  enabled = true
+  listen = "0.0.0.0:3893"
+  tls = false
+
+[ldaps]
+  enabled = false
+
+[behaviors]
+  IgnoreCapabilities = true
+
+[backend]
+  datastore = "config"
+  baseDN = "dc=glauth,dc=com"
+
+[[users]]
+  uid = "serviceuser"
+  name = "serviceuser"
+  mail = "serviceuser@example.com"
+  uidnumber = 5001
+  primarygroup = 5502
+  # use echo -n "mysecret" | openssl dgst -sha256
+  passsha256 = "652c7dc687d98c9889304ed2e408c74b611e86a40caa51c4b43f1dd5913c5cd0" # mysecret
+    [[users.capabilities]]
+    action = "search"
+    object = "*"
+
+[[users]]
+  uid = "jdoe"
+  name = "jdoe"
+  uidnumber = 5002
+  primarygroup = 5501
+  givenname = "John"
+  sn = "Doe"
+  mail = "jdoe@example.com"
+  passsha256 = "d30a5f57532a603697ccbb51558fa02ccadd74a0c499fcf9d45b33863ee1582f" # jdoe
+    [[users.customattributes]]
+    employeetype = ["Intern", "Temp"]
+    employeenumber = [12345, 54321]
+
+[[users]]
+  uid = "jdoe2"
+  name = "jdoe2"
+  uidnumber = 5003
+  primarygroup = 5501
+  givenname = "John"
+  sn = "Doe2"
+  mail = "jdoe2@jdoe2.com"
+  passsha256 = "d30a5f57532a603697ccbb51558fa02ccadd74a0c499fcf9d45b33863ee1582f" # jdoe
+
+[[users]]
+  uid = "siret1"
+  name = "siret1"
+  uidnumber = 5004
+  primarygroup = 5501
+  givenname = "Siret"
+  sn = "Siret"
+  mail = "siret1@siret.com"
+  passsha256 = "7926ef18c7ae8eb23d4d325aa6bd81cc9ae99b429e9299a18dbd2c4729486ebc" # siret
+    [[users.customattributes]]
+    siret = ["0001"]
+
+[[users]]
+  uid = "siret2"
+  name = "siret2"
+  uidnumber = 5005
+  primarygroup = 5501
+  givenname = "Siret"
+  sn = "Siret"
+  mail = "siret2@siret.com"
+  passsha256 = "7926ef18c7ae8eb23d4d325aa6bd81cc9ae99b429e9299a18dbd2c4729486ebc" # siret
+    [[users.customattributes]]
+    siret = ["0002"]
+
+[[groups]]
+  name = "users"
+  gidnumber = 5501
+
+[[groups]]
+  name = "svcaccts"
+  gidnumber = 5502
--- a/examples/authenticated-app/files/hydra-dispatcher-apps.yaml
+++ b/examples/authenticated-app/files/hydra-dispatcher-apps.yaml
@ -0,0 +1,42 @@
+hydra:
+  apps:
+    - id: ldap
+      title:
+        fr: Connexion LDAP
+        en: Login LDAP
+      description:
+        fr: Authentification avec LDAP
+        en: Authentication with LDAP
+      login_url: "%env(string:HYDRA_DISPATCHER_LDAP_LOGIN_URL)%"
+      consent_url: "%env(string:HYDRA_DISPATCHER_LDAP_CONSENT_URL)%"
+      logout_url: "%env(string:HYDRA_DISPATCHER_LDAP_LOGOUT_URL)%"
+      attributes_rewrite_configuration:
+        siret:
+          rules:
+            - "property_exists(consent.session.id_token, 'siret') ?  consent.session.id_token.siret : null"
+            - "value ?: ( consent.session.id_token.email matches '/.*@example.com$/' ? '0000' : null )"
+            - "value ?: ( consent.session.id_token.email matches '/.*@jdoe.com$/' ? '0001' : null )"
+        family_name:
+          rules:
+            - "property_exists(consent.session.id_token, 'family_name') ? consent.session.id_token.family_name : null"
+        given_name:
+          rules:
+            - "property_exists(consent.session.id_token, 'given_name') ? consent.session.id_token.given_name : null"
+        email:
+          rules:
+            - "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null"
+  firewall:
+    additional_properties: true
+    rules:
+      siret:
+        required: false
+      email:
+        required: false
+      given_name:
+        required: false
+      family_name:
+        required: false
+  webhook:
+    enabled: false
+  webhook_post_login:
+    enabled: false