WIP: LDAP server and support for Mastodon, ejabberd and MediaWiki #112
无审核者
标签
未选择标签
service
accounts
service
discourse
service
drone-ci
service
email
service
garage
service
gitea
service
ipfs
service
mastodon
service
postgres
service
remotestorage
service
wiki
service
xmpp
bug
design
dev environment
docs
duplicate
enhancement
feature
good first issue
idea
invalid
kredits-1
kredits-2
kredits-3
on hold
ops
question
release
major
release
minor
release
patch
security
ui/ux
wontfix
未选择里程碑
暂无项目
未指派成员
1 名参与者
通知
到期时间
未设置到期时间。
依赖工单
没有设置依赖项。
参考:kosmos/chef#112
正在加载...
在新工单中引用
屏蔽一个用户
没有提供说明。
删除分支 feature/107-ldap
删除分支是永久的。虽然已删除的分支在实际被删除前有可能会短时间存在,但这在大多数情况下无法撤销。是否继续?
The kosmos-dirsrv::default recipe sets up 389 Directory Server, including a TLS cert acquired using Let's Encrypt in production (that requires ldap.kosmos.org pointing to the server's IP). It also creates a group (ou=users,dc=kosmos,dc=org
) for the users. Mastodon, ejabberd and MediaWiki are configured so that the existing users in the databases still work. For MediaWiki the UI is a bit clunky, there is "Log in" button to log in using the database and "Log in with PluggableAuth" to log in using LDAP. Once we have migrated the existing users to LDAP we can set
$wgPluggableAuth_EnableLocalLogin
to false to remove the option to login using the database, leaving only the "Log in with PluggableAuth" buttonExample user:
Hashed password generated with:
Imported into the server using:
This is not running on a server yet, it has only been tested in a VM. Before running this we will need to set the DNS entry for ldap.kosmos.org to the IP of the chosen server
Closes #112
I'm going to split this up into two PRs, one to create the LDAP server and another one for the config changes for the services
LDAP server and support for Mastodon, ejabberd and MediaWiki为 WP: LDAP server and support for Mastodon, ejabberd and MediaWikiWP: LDAP server and support for Mastodon, ejabberd and MediaWiki为 WIP: LDAP server and support for Mastodon, ejabberd and MediaWikigreg 于2019-12-04 16:48:09 +00:00 引用了合并请求
合并请求已关闭