Skip to content

Commit bb7340d

Browse files
compgeniusescompgeniuses
authored
Add Ldap Config
1 parent 370df75 commit bb7340d

File tree

1 file changed

+69
-9
lines changed

1 file changed

+69
-9
lines changed

imageroot/actions/configure-module/10configure_environment_vars

Lines changed: 69 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,16 @@
11
#!/usr/bin/env python3
22

3-
#
43
# Copyright (C) 2022 Nethesis S.r.l.
54
# SPDX-License-Identifier: GPL-3.0-or-later
6-
#
75

86
import json
97
import sys
108
import agent
119
import secrets
1210
import base64
11+
from agent.ldapproxy import Ldapproxy
1312

1413
# Try to parse the stdin as JSON.
15-
# If parsing fails, output everything to stderr
1614
data = json.load(sys.stdin)
1715

1816
# MariaDB config
@@ -35,7 +33,6 @@ agent.write_envfile("database.env", maria_db)
3533
SECRET_KEY_BYTES = secrets.token_bytes(32)
3634
SECRET_KEY = base64.b64encode(SECRET_KEY_BYTES).decode('utf-8')
3735

38-
SEMAPHORE_DB_HOST = data.get("SEMAPHORE_DB_HOST", "mysql")
3936
SEMAPHORE_ADMIN_PASSWORD = data.get("SEMAPHORE_ADMIN_PASSWORD", "password")
4037
SEMAPHORE_ADMIN_NAME = data.get("SEMAPHORE_ADMIN_NAME", "admin")
4138
SEMAPHORE_ADMIN_EMAIL = data.get("SEMAPHORE_ADMIN_EMAIL", "admin@admin.com")
@@ -62,6 +59,55 @@ SEMAPHORE_TELEGRAM_ALERT = data.get("SEMAPHORE_TELEGRAM_ALERT", "False")
6259
SEMAPHORE_TELEGRAM_CHAT = data.get("SEMAPHORE_TELEGRAM_CHAT", "")
6360
SEMAPHORE_TELEGRAM_TOKEN = data.get("SEMAPHORE_TELEGRAM_TOKEN", "")
6461

62+
# LDAP Configuration
63+
ldap_domain = data.get("ldap_domain", "")
64+
agent.set_env("LDAP_DOMAIN", ldap_domain)
65+
66+
# Clear old LDAP values
67+
for key in [
68+
"LDAP_HOSTNAME", "LDAP_PORT", "LDAP_SEARCH_BIND_DN", "LDAP_SEARCH_BIND_PASSWORD",
69+
"LDAP_USER_BASE_DN", "LDAP_MEMBER_ATTRIBUTE", "LDAP_MEMBER_ATTRIBUTE_TYPE",
70+
"LDAP_GROUP_BASE_DN", "LDAP_USERNAME_ATTRIBUTE", "LDAP_USER_SEARCH_FILTER",
71+
"LDAP_GROUP_SEARCH_FILTER"]:
72+
agent.unset_env(key)
73+
74+
SEMAPHORE_LDAP_ENABLE = "False"
75+
SEMAPHORE_LDAP_BIND_DN = ""
76+
SEMAPHORE_LDAP_BIND_PASSWORD = ""
77+
SEMAPHORE_LDAP_SERVER = ""
78+
SEMAPHORE_LDAP_SEARCH_DN = ""
79+
SEMAPHORE_LDAP_SEARCH_FILTER = ""
80+
SEMAPHORE_LDAP_NEEDTLS = "False"
81+
SEMAPHORE_LDAP_MAPPING_DN = "dn"
82+
SEMAPHORE_LDAP_MAPPING_MAIL = "mail"
83+
SEMAPHORE_LDAP_MAPPING_UID = "uid"
84+
SEMAPHORE_LDAP_MAPPING_CN = "cn"
85+
86+
if ldap_domain:
87+
agent.bind_user_domains([ldap_domain])
88+
odom = Ldapproxy().get_domain(ldap_domain)
89+
base_dn = odom['base_dn']
90+
91+
agent.set_env("LDAP_HOSTNAME", "10.0.2.2")
92+
agent.set_env("LDAP_PORT", odom['port'])
93+
agent.set_env("LDAP_SEARCH_BIND_DN", odom['bind_dn'])
94+
agent.set_env("LDAP_SEARCH_BIND_PASSWORD", odom['bind_password'])
95+
96+
SEMAPHORE_LDAP_ENABLE = "True"
97+
SEMAPHORE_LDAP_BIND_DN = odom['bind_dn']
98+
SEMAPHORE_LDAP_BIND_PASSWORD = odom['bind_password']
99+
SEMAPHORE_LDAP_SERVER = "10.0.2.2"
100+
SEMAPHORE_LDAP_NEEDTLS = "False"
101+
102+
if odom['schema'] == "rfc2307":
103+
SEMAPHORE_LDAP_SEARCH_DN = f"ou=People,{base_dn}"
104+
elif odom['schema'] == "ad":
105+
SEMAPHORE_LDAP_SEARCH_DN = f"cn=Users,{base_dn}"
106+
SEMAPHORE_LDAP_SEARCH_FILTER = "(&(objectClass=top)(objectClass=user)(objectClass=person)(objectClass=organizationalPerson))"
107+
108+
else:
109+
agent.bind_user_domains([])
110+
65111
app_config = {
66112
"SEMAPHORE_DB_USER": MARIADB_USER,
67113
"SEMAPHORE_DB_PASS": MARIADB_PASSWORD,
@@ -75,22 +121,36 @@ app_config = {
75121
"SEMAPHORE_ADMIN": SEMAPHORE_ADMIN,
76122
"SEMAPHORE_ACCESS_KEY_ENCRYPTION": SECRET_KEY,
77123

78-
# SMTP/Email settings
124+
# SMTP
79125
"SEMAPHORE_EMAIL_SENDER": MAIL_FROM_NAME,
80126
"SEMAPHORE_EMAIL_HOST": SMTP_HOST,
81127
"SEMAPHORE_EMAIL_PORT": str(SMTP_PORT),
82128
"SEMAPHORE_EMAIL_USERNAME": SMTP_USERNAME,
83129
"SEMAPHORE_EMAIL_PASSWORD": SMTP_PASSWORD,
84130

85-
# Gotify alerts
131+
# Gotify
86132
"SEMAPHORE_GOTIFY_ALERT": SEMAPHORE_GOTIFY_ALERT,
87133
"SEMAPHORE_GOTIFY_URL": SEMAPHORE_GOTIFY_URL,
88134
"SEMAPHORE_GOTIFY_TOKEN": SEMAPHORE_GOTIFY_TOKEN,
89135

90-
# Telegram alerts
136+
# Telegram
91137
"SEMAPHORE_TELEGRAM_ALERT": SEMAPHORE_TELEGRAM_ALERT,
92138
"SEMAPHORE_TELEGRAM_CHAT": SEMAPHORE_TELEGRAM_CHAT,
93-
"SEMAPHORE_TELEGRAM_TOKEN": SEMAPHORE_TELEGRAM_TOKEN
139+
"SEMAPHORE_TELEGRAM_TOKEN": SEMAPHORE_TELEGRAM_TOKEN,
140+
141+
# LDAP
142+
"SEMAPHORE_LDAP_ENABLE": SEMAPHORE_LDAP_ENABLE,
143+
"SEMAPHORE_LDAP_BIND_DN": SEMAPHORE_LDAP_BIND_DN,
144+
"SEMAPHORE_LDAP_BIND_PASSWORD": SEMAPHORE_LDAP_BIND_PASSWORD,
145+
"SEMAPHORE_LDAP_SERVER": SEMAPHORE_LDAP_SERVER,
146+
"SEMAPHORE_LDAP_SEARCH_DN": SEMAPHORE_LDAP_SEARCH_DN,
147+
"SEMAPHORE_LDAP_SEARCH_FILTER": SEMAPHORE_LDAP_SEARCH_FILTER,
148+
"SEMAPHORE_LDAP_NEEDTLS": SEMAPHORE_LDAP_NEEDTLS,
149+
"SEMAPHORE_LDAP_MAPPING_DN": SEMAPHORE_LDAP_MAPPING_DN,
150+
"SEMAPHORE_LDAP_MAPPING_MAIL": SEMAPHORE_LDAP_MAPPING_MAIL,
151+
"SEMAPHORE_LDAP_MAPPING_UID": SEMAPHORE_LDAP_MAPPING_UID,
152+
"SEMAPHORE_LDAP_MAPPING_CN": SEMAPHORE_LDAP_MAPPING_CN
94153
}
95154

96-
agent.write_envfile("app.env", app_config)
155+
agent.write_envfile("app.env", app_config)
156+
agent.dump_env()

0 commit comments

Comments
 (0)