Commit 517281a1 authored by Johannes Zellner's avatar Johannes Zellner

Make ldap auth optional

parent d691ed49
......@@ -17,6 +17,7 @@
"icon": "file://logo.png",
"changelog": "file://CHANGELOG",
"postInstallMessage": "file://POSTINSTALL.md",
"optionalSso": true,
"addons": {
"mysql": {},
"localstorage": {},
......
......@@ -37,43 +37,45 @@ $mysql -e "INSERT INTO lime_settings_global (stg_name, stg_value) VALUES ('email
$mysql -e "INSERT INTO lime_settings_global (stg_name, stg_value) VALUES ('emailsmtpuser', '${MAIL_SMTP_USERNAME}') ON DUPLICATE KEY UPDATE stg_value='${MAIL_SMTP_USERNAME}';"
$mysql -e "INSERT INTO lime_settings_global (stg_name, stg_value) VALUES ('emailsmtppassword', '${MAIL_SMTP_PASSWORD}') ON DUPLICATE KEY UPDATE stg_value='${MAIL_SMTP_PASSWORD}';"
echo "==> Configure LDAP plugin"
LDAP_PLUGIN_ID=3
$mysql -e "INSERT INTO lime_plugins (id, name, active) VALUES (${LDAP_PLUGIN_ID}, 'AuthLDAP', 1) ON DUPLICATE KEY UPDATE name='AuthLDAP',active=1;"
if [[ -n "${LDAP_SERVER:-}" ]]; then
echo "==> Configure LDAP plugin"
LDAP_PLUGIN_ID=3
$mysql -e "INSERT INTO lime_plugins (id, name, active) VALUES (${LDAP_PLUGIN_ID}, 'AuthLDAP', 1) ON DUPLICATE KEY UPDATE name='AuthLDAP',active=1;"
# can't do normal upserts, since the primary is the id column, which we don't know upfront
declare -A ldap_keys;
declare -A ldap_values;
ldap_keys[0]="server"; ldap_values[${ldap_keys[0]}]="'\"${LDAP_SERVER}\"'"
ldap_keys[1]="ldapport"; ldap_values[${ldap_keys[1]}]="'\"${LDAP_PORT}\"'"
ldap_keys[2]="ldapversion"; ldap_values[${ldap_keys[2]}]="'\"2\"'"
ldap_keys[3]="ldapoptreferrals"; ldap_values[${ldap_keys[3]}]="'\"0\"'"
ldap_keys[4]="ldaptls"; ldap_values[${ldap_keys[4]}]="'null'"
ldap_keys[5]="ldapmode"; ldap_values[${ldap_keys[5]}]="'\"searchandbind\"'"
ldap_keys[6]="userprefix"; ldap_values[${ldap_keys[6]}]="'null'"
ldap_keys[7]="domainsuffix"; ldap_values[${ldap_keys[7]}]="'null'"
ldap_keys[8]="searchuserattribute"; ldap_values[${ldap_keys[8]}]="'\"username\"'"
ldap_keys[9]="usersearchbase"; ldap_values[${ldap_keys[9]}]="'\"${LDAP_USERS_BASE_DN}\"'"
ldap_keys[10]="extrauserfilter"; ldap_values[${ldap_keys[10]}]="'\"\"'"
ldap_keys[11]="binddn"; ldap_values[${ldap_keys[11]}]="'\"${LDAP_BIND_DN}\"'"
ldap_keys[12]="bindpwd"; ldap_values[${ldap_keys[12]}]="'\"${LDAP_BIND_PASSWORD}\"'"
ldap_keys[13]="mailattribute"; ldap_values[${ldap_keys[13]}]="'\"mail\"'"
ldap_keys[14]="fullnameattribute"; ldap_values[${ldap_keys[14]}]="'\"displayname\"'"
ldap_keys[15]="is_default"; ldap_values[${ldap_keys[15]}]="'\"1\"'"
ldap_keys[16]="autocreate"; ldap_values[${ldap_keys[16]}]="'\"1\"'"
ldap_keys[17]="automaticsurveycreation"; ldap_values[${ldap_keys[17]}]="'\"1\"'"
ldap_keys[18]="groupsearchbase"; ldap_values[${ldap_keys[18]}]="'\"\"'"
ldap_keys[19]="groupsearchfilter"; ldap_values[${ldap_keys[19]}]="'\"\"'"
ldap_keys[20]="allowInitialUser"; ldap_values[${ldap_keys[20]}]="'\"1\"'"
# can't do normal upserts, since the primary is the id column, which we don't know upfront
declare -A ldap_keys;
declare -A ldap_values;
ldap_keys[0]="server"; ldap_values[${ldap_keys[0]}]="'\"${LDAP_SERVER}\"'"
ldap_keys[1]="ldapport"; ldap_values[${ldap_keys[1]}]="'\"${LDAP_PORT}\"'"
ldap_keys[2]="ldapversion"; ldap_values[${ldap_keys[2]}]="'\"2\"'"
ldap_keys[3]="ldapoptreferrals"; ldap_values[${ldap_keys[3]}]="'\"0\"'"
ldap_keys[4]="ldaptls"; ldap_values[${ldap_keys[4]}]="'null'"
ldap_keys[5]="ldapmode"; ldap_values[${ldap_keys[5]}]="'\"searchandbind\"'"
ldap_keys[6]="userprefix"; ldap_values[${ldap_keys[6]}]="'null'"
ldap_keys[7]="domainsuffix"; ldap_values[${ldap_keys[7]}]="'null'"
ldap_keys[8]="searchuserattribute"; ldap_values[${ldap_keys[8]}]="'\"username\"'"
ldap_keys[9]="usersearchbase"; ldap_values[${ldap_keys[9]}]="'\"${LDAP_USERS_BASE_DN}\"'"
ldap_keys[10]="extrauserfilter"; ldap_values[${ldap_keys[10]}]="'\"\"'"
ldap_keys[11]="binddn"; ldap_values[${ldap_keys[11]}]="'\"${LDAP_BIND_DN}\"'"
ldap_keys[12]="bindpwd"; ldap_values[${ldap_keys[12]}]="'\"${LDAP_BIND_PASSWORD}\"'"
ldap_keys[13]="mailattribute"; ldap_values[${ldap_keys[13]}]="'\"mail\"'"
ldap_keys[14]="fullnameattribute"; ldap_values[${ldap_keys[14]}]="'\"displayname\"'"
ldap_keys[15]="is_default"; ldap_values[${ldap_keys[15]}]="'\"1\"'"
ldap_keys[16]="autocreate"; ldap_values[${ldap_keys[16]}]="'\"1\"'"
ldap_keys[17]="automaticsurveycreation"; ldap_values[${ldap_keys[17]}]="'\"1\"'"
ldap_keys[18]="groupsearchbase"; ldap_values[${ldap_keys[18]}]="'\"\"'"
ldap_keys[19]="groupsearchfilter"; ldap_values[${ldap_keys[19]}]="'\"\"'"
ldap_keys[20]="allowInitialUser"; ldap_values[${ldap_keys[20]}]="'\"1\"'"
for key in ${ldap_keys[@]}; do
if [[ -z `$mysql -e "SELECT * FROM lime_plugin_settings WHERE plugin_id=${LDAP_PLUGIN_ID} AND lime_plugin_settings.key='${key}';"` ]]; then
echo " ==> Insert new ldap config ${key} = ${ldap_values[$key]}"
$mysql -e "INSERT INTO lime_plugin_settings (plugin_id, lime_plugin_settings.key, value) VALUES (${LDAP_PLUGIN_ID}, '${key}', ${ldap_values[$key]}) WHERE plugin_id=${LDAP_PLUGIN_ID} AND lime_plugin_settings.key='${key}';"
else
echo " ==> Update ldap config ${key} = ${ldap_values[$key]}"
$mysql -e "UPDATE lime_plugin_settings SET value=${ldap_values[$key]} WHERE plugin_id=${LDAP_PLUGIN_ID} AND lime_plugin_settings.key='${key}';"
fi
for key in ${ldap_keys[@]}; do
if [[ -z `$mysql -e "SELECT * FROM lime_plugin_settings WHERE plugin_id=${LDAP_PLUGIN_ID} AND lime_plugin_settings.key='${key}';"` ]]; then
echo " ==> Insert new ldap config ${key} = ${ldap_values[$key]}"
$mysql -e "INSERT INTO lime_plugin_settings (plugin_id, lime_plugin_settings.key, value) VALUES (${LDAP_PLUGIN_ID}, '${key}', ${ldap_values[$key]}) WHERE plugin_id=${LDAP_PLUGIN_ID} AND lime_plugin_settings.key='${key}';"
else
echo " ==> Update ldap config ${key} = ${ldap_values[$key]}"
$mysql -e "UPDATE lime_plugin_settings SET value=${ldap_values[$key]} WHERE plugin_id=${LDAP_PLUGIN_ID} AND lime_plugin_settings.key='${key}';"
fi
done
done
echo "==> Configure apache"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment