New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use sasl authentication for LDAP (by root user) #183

Open
wants to merge 1 commit into
base: stretch-unstable
from

Conversation

Projects
None yet
1 participant
@Josue-T
Copy link
Contributor

Josue-T commented Nov 29, 2018

Problem

  • For each action in LDAP we need to give the admin password.
  • Will be a problem if we need to update LDAP in the app install scripts.

Solutions

Use sasl authentication for LDAP. By that LDAP authenticate the user by his UID. So if the user is root it will be automatically authenticated.

Note that this PR depends reciprocally of YunoHost/yunohost#585

The main important change in the yunohost repos is this change in the actionmap :

            default:
                vendor: ldap
                help: admin_password
                parameters:
                    uri: ldap://localhost:389
                    base_dn: dc=yunohost,dc=org
-                    user_rdn: cn=admin
+                    user_rdn: cn=admin,dc=yunohost,dc=org

How to test

With ynhdev :

  • for the yunohost repos checkout the branch "group_permission"
  • For the moulinette repos checkout the branch "LDAP_validate_uniqueness" and "sasl_authentication"
  • Do the postinstall
  • Do any action which need LDAP (create user, create group, update permission, etc) and see that you don't need any password.

PR Status

Ready for review.

@Josue-T Josue-T requested review from Psycojoker , JimboJoe , zamentur and alexAubin Nov 29, 2018

@Josue-T Josue-T referenced this pull request Nov 29, 2018

Open

Group permission #585

5 of 14 tasks complete

@Josue-T Josue-T force-pushed the sasl_authentication branch from ed97c28 to c50be49 Nov 29, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment