KokaKiwi/bottin
1
0
Fork 0
forked from Deuxfleurs/bottin
Code Issues Pull requests Projects Releases Wiki Activity

Add bottin logo

Browse source
This commit is contained in:
Alex 2020-02-01 16:45:22 +01:00
parent e8ce6e33e5
commit 827083fb29
2 changed files with 17 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
README.md
View file

@ -1,3 +1,8 @@
# Bottin
<div style="text-align: center"><img src="bottin.go" height="250px" /></div>
Bottin is a LDAP server that uses Consul's key-value store as a storage backend, Bottin is a LDAP server that uses Consul's key-value store as a storage backend,
in order to provide a redundant (high-availability) LDAP server on a Nomad+Consul cluster. in order to provide a redundant (high-availability) LDAP server on a Nomad+Consul cluster.
It is a reimplementation of [superboum's Bottin](https://github.com/superboum/bottin) It is a reimplementation of [superboum's Bottin](https://github.com/superboum/bottin)
@ -21,7 +26,7 @@ The configuration file is a JSON file whose contents is described in the followi
Bottin is licensed under the terms of the GPLv3. Bottin is licensed under the terms of the GPLv3.
# Server initialization ## Server initialization
When Bottin is launched on an empty database, When Bottin is launched on an empty database,
it creates a special admin entity with the name `cn=admin,your_suffix`. it creates a special admin entity with the name `cn=admin,your_suffix`.
@ -33,36 +38,36 @@ so unless you don't want to use it, make sure to keep rules that allow to
bind to the admin entity and that allows the admin entity to do everything. bind to the admin entity and that allows the admin entity to do everything.
# Configuration of Bottin ## Configuration of Bottin
## Logging ### Logging
Bottin supports all of the log levels of [logrus](https://github.com/sirupsen/logrus). Bottin supports all of the log levels of [logrus](https://github.com/sirupsen/logrus).
The log level can be specified in the key `log_level` of the json config file, The log level can be specified in the key `log_level` of the json config file,
or in the environment variable `BOTTIN_LOG_LEVEL`. or in the environment variable `BOTTIN_LOG_LEVEL`.
By default, the log level is set to `info`. By default, the log level is set to `info`.
## The LDAP suffix ### The LDAP suffix
Bottin only handles LDAP entries under a given path, which is typically of Bottin only handles LDAP entries under a given path, which is typically of
the form `dn=sld,dn=tld`, where `sld.tld` is your domain name. Specify this the form `dn=sld,dn=tld`, where `sld.tld` is your domain name. Specify this
suffix in the `suffix` key of the json config file. suffix in the `suffix` key of the json config file.
## Connection to the Consul server ### Connection to the Consul server
By default, Bottin connects to the Consul server on localhost. By default, Bottin connects to the Consul server on localhost.
Change this by specifying the `consul_host` key in the json config file. Change this by specifying the `consul_host` key in the json config file.
## Bind addresses ### Bind addresses
### Insecure port #### Insecure port
By default, Bottin listens on all interfaces on port 389 for standard By default, Bottin listens on all interfaces on port 389 for standard
non-TLS connections. Change the value of the `bind` key in the json config non-TLS connections. Change the value of the `bind` key in the json config
file to change this behaviour (default value: `0.0.0.0:389`). An empty string file to change this behaviour (default value: `0.0.0.0:389`). An empty string
will disable this port and Bottin will not listen for non-TLS connections. will disable this port and Bottin will not listen for non-TLS connections.
### Secure port #### Secure port
If a TLS configuration is provided (see next section), Bottin also listens If a TLS configuration is provided (see next section), Bottin also listens
on all interfaces on port 636 for TLS connections. Change the value of the on all interfaces on port 636 for TLS connections. Change the value of the
@ -70,7 +75,7 @@ on all interfaces on port 636 for TLS connections. Change the value of the
value: `0.0.0.0:636`). An empty string will disable this port and Bottin value: `0.0.0.0:636`). An empty string will disable this port and Bottin
will not listen for TLS connections. will not listen for TLS connections.
## TLS ### TLS
Bottin supports TLS connections using either fully secure connections or Bottin supports TLS connections using either fully secure connections or
using the STARTLS functionnality of the LDAP protocol to upgrade from an using the STARTLS functionnality of the LDAP protocol to upgrade from an
@ -87,14 +92,14 @@ insecure port, independently of whether the secure port is enabled or not.
The secure port is disabled and a warning is shown if the `bind_secure` value The secure port is disabled and a warning is shown if the `bind_secure` value
is set (non-empty) and no valid TLS configuration is provided. is set (non-empty) and no valid TLS configuration is provided.
## Access control list ### Access control list
Bottin supports a flexible syntax to specify access rights to items in the database. Bottin supports a flexible syntax to specify access rights to items in the database.
The ACL is specified as a list of rules. A request will be allowed if there exists a rule that allows it. Otherwise an insufficient permission error will be returned. The ACL is specified as a list of rules. A request will be allowed if there exists a rule that allows it. Otherwise an insufficient permission error will be returned.
The list of ACL rules are specified in the `acl` key of the json config file, as a list of strings whose structure is defined in the next paragraph. The list of ACL rules are specified in the `acl` key of the json config file, as a list of strings whose structure is defined in the next paragraph.
### Rule format #### Rule format
A rule is a string composed of five fields separated by `:`. The fields are the following: A rule is a string composed of five fields separated by `:`. The fields are the following:
@ -105,7 +110,7 @@ A rule is a string composed of five fields separated by `:`. The fields are the
5. The allowed attributes for a read, add or modify operation. This is specified as a list of patterns to include and exclude attributes, separated by spaces. A pattern that starts by `!` is an exclude pattern, otherwise it is an include pattern. To read/write an attribute, it has to match at least one include pattern and not match any exclude pattern. Delete operations do not check for any attribute, thus as soon as `delete` is included in the allowed actions, the right to delete entities is granted. 5. The allowed attributes for a read, add or modify operation. This is specified as a list of patterns to include and exclude attributes, separated by spaces. A pattern that starts by `!` is an exclude pattern, otherwise it is an include pattern. To read/write an attribute, it has to match at least one include pattern and not match any exclude pattern. Delete operations do not check for any attribute, thus as soon as `delete` is included in the allowed actions, the right to delete entities is granted.
### Rule examples #### Rule examples
- Anybody (before binding) can bind to an entity under `ou=users,dc=bottin,dc=eu`: - Anybody (before binding) can bind to an entity under `ou=users,dc=bottin,dc=eu`:
`ANONYMOUS::bind:*,ou=users,dc=bottin,dc=eu:` `ANONYMOUS::bind:*,ou=users,dc=bottin,dc=eu:`

BIN
bottin.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 66 KiB