Ajout du mecanisme d'invitation de Guichet

2020-02-14 22:41:28 +01:00 · 2020-02-14 22:41:28 +01:00 · 4abdf2883e
commit 4abdf2883e
parent 69e5c595d7
4 changed files with 53 additions and 21 deletions
--- a/consul/configuration/directory/bottin/config.json
+++ b/consul/configuration/directory/bottin/config.json
@ -6,10 +6,23 @@
  "acl": [
 		"*,dc=deuxfleurs,dc=fr::read:*:* !userpassword",
 		"*::read modify:SELF:*",
-		"cn=admin,dc=deuxfleurs,dc=fr::read add modify delete:*:*",
-		"*:cn=admin,ou=groups,dc=deuxfleurs,dc=fr:read add modify delete:*:*",
 		"ANONYMOUS::bind:*,ou=users,dc=deuxfleurs,dc=fr:",
 		"ANONYMOUS::bind:cn=admin,dc=deuxfleurs,dc=fr:",
-		"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::bind:*,ou=users,dc=deuxfleurs,dc=fr:*"
+		"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::bind:*,ou=users,dc=deuxfleurs,dc=fr:*",
+
+		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=invitations,dc=deuxfleurs,dc=fr:*",
+		"ANONYMOUS::bind:*,ou=invitations,dc=deuxfleurs,dc=fr:",
+		"*,ou=invitations,dc=deuxfleurs,dc=fr::delete:SELF:*",
+
+		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=users,dc=deuxfleurs,dc=fr:*",
+		"*,ou=invitations,dc=deuxfleurs,dc=fr::add:*,ou=users,dc=deuxfleurs,dc=fr:*",
+
+		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
+		"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
+		"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
+		"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
+
+		"cn=admin,dc=deuxfleurs,dc=fr::read add modify delete:*:*",
+		"*:cn=admin,ou=groups,dc=deuxfleurs,dc=fr:read add modify delete:*:*"
  ]
 }
--- a/consul/configuration/directory/guichet/config.json
+++ b/consul/configuration/directory/guichet/config.json
@ -1,15 +0,0 @@
-{
-  "http_bind_addr": ":9991",
-  "ldap_server_addr": "ldap://bottin2.service.2.cluster.deuxfleurs.fr:389",
-
-  "base_dn": "dc=deuxfleurs,dc=fr",
-  "user_base_dn": "ou=users,dc=deuxfleurs,dc=fr",
-  "user_name_attr": "cn",
-  "group_base_dn": "ou=groups,dc=deuxfleurs,dc=fr",
-  "group_name_attr": "cn",
-
-  "admin_account": "cn=admin,dc=deuxfleurs,dc=fr",
-  "group_can_admin": "cn=admin,ou=groups,dc=deuxfleurs,dc=fr",
-  "group_can_invite": "cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr"
-}
-
--- a/consul/configuration/directory/guichet/config.json.tpl
+++ b/consul/configuration/directory/guichet/config.json.tpl
@ -0,0 +1,29 @@
+{
+  "http_bind_addr": ":9991",
+  "ldap_server_addr": "ldap://bottin2.service.2.cluster.deuxfleurs.fr:389",
+
+  "base_dn": "dc=deuxfleurs,dc=fr",
+  "user_base_dn": "ou=users,dc=deuxfleurs,dc=fr",
+  "user_name_attr": "cn",
+  "group_base_dn": "ou=groups,dc=deuxfleurs,dc=fr",
+  "group_name_attr": "cn",
+
+  "invitation_base_dn": "ou=invitations,dc=deuxfleurs,dc=fr",
+  "invitation_name_attr": "cn",
+  "invited_mail_format": "{}@deuxfleurs.fr",
+  "invited_auto_groups": [
+    "cn=email,ou=groups,dc=deuxfleurs,dc=fr",
+    "cn=seafile,ou=groups,dc=deuxfleurs,dc=fr"
+  ],
+
+  "web_address": "https://guichet.deuxfleurs.fr",
+  "mail_from": "coucou@deuxfleurs.fr",
+  "smtp_server": "adnab.me:25",
+  "smtp_username": "{{ key "secrets/directory/guichet/smtp_user" | trimSpace }}",
+  "smtp_password": "{{ key "secrets/directory/guichet/smtp_pass" | trimSpace }}",
+
+  "admin_account": "cn=admin,dc=deuxfleurs,dc=fr",
+  "group_can_admin": "cn=admin,ou=groups,dc=deuxfleurs,dc=fr",
+  "group_can_invite": "cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr"
+}
+
--- a/nomad/bottin2.hcl
+++ b/nomad/bottin2.hcl
@ -12,7 +12,7 @@ job "directory2" {
    task "bottin" {
      driver = "docker"
      config {
-        image = "lxpz/bottin_amd64:12"
+        image = "lxpz/bottin_amd64:13"
        readonly_rootfs = true
        port_map {
          ldap_port = 1389
@ -61,7 +61,7 @@ job "directory2" {
    task "guichet" {
      driver = "docker"
      config {
-        image = "lxpz/guichet_amd64:5"
+        image = "lxpz/guichet_amd64:8"
        readonly_rootfs = true
        port_map {
          web_port = 9991
@ -71,8 +71,13 @@ job "directory2" {
        ]
      }

+      artifact {
+        source = "http://127.0.0.1:8500/v1/kv/configuration/directory/guichet/config.json.tpl?raw"
+        destination = "secrets/config.json.tpl"
+        mode = "file"
+      }
      template {
-        data = "{{ key \"configuration/directory/guichet/config.json\" }}"
+        source = "secrets/config.json.tpl"
        destination = "secrets/config.json"
      }