mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
aa64d0c4e5
* Added `ActiveDirectory` suite for integration tests with Samba AD * Updated documentation * Minor styling refactor to suites * Clean up LDAP user provisioning * Fix Authelia home splash to reference correct link for webmail * Add notification message for password complexity errors * Add password complexity integration test * Rename implementation default from rfc to custom * add specific defaults for LDAP (activedirectory implementation) * add docs to show the new defaults * add docs explaining the importance of users filter * add tests * update instances of LDAP implementation names to use the new consts where applicable * made the 'custom' case in the UpdatePassword method for the implementation switch the default case instead * update config examples due to the new defaults * apply changes from code review * replace schema default name from MSAD to ActiveDirectory for consistency * fix missing default for username_attribute * replace test raising on empty username attribute with not raising on empty Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
103 lines
3.6 KiB
Bash
Executable File
103 lines
3.6 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
appSetup () {
|
|
|
|
# Set variables
|
|
DOMAIN=${DOMAIN:-SAMDOM.LOCAL}
|
|
DOMAINPASS=${DOMAINPASS:-youshouldsetapassword}
|
|
NOCOMPLEXITY=${NOCOMPLEXITY:-false}
|
|
INSECURELDAP=${INSECURELDAP:-false}
|
|
|
|
LDOMAIN=${DOMAIN,,}
|
|
UDOMAIN=${DOMAIN^^}
|
|
URDOMAIN=${UDOMAIN%%.*}
|
|
|
|
# Set up samba
|
|
mv /etc/krb5.conf /etc/krb5.conf.orig
|
|
echo "[libdefaults]" > /etc/krb5.conf
|
|
echo " dns_lookup_realm = false" >> /etc/krb5.conf
|
|
echo " dns_lookup_kdc = true" >> /etc/krb5.conf
|
|
echo " default_realm = ${UDOMAIN}" >> /etc/krb5.conf
|
|
# If the finished file isn't there, this is brand new, we're not just moving to a new container
|
|
if [[ ! -f /etc/samba/external/smb.conf ]]; then
|
|
mv /etc/samba/smb.conf /etc/samba/smb.conf.orig
|
|
samba-tool domain provision --use-rfc2307 --domain=${URDOMAIN} --realm=${UDOMAIN} --server-role=dc --dns-backend=SAMBA_INTERNAL --adminpass=${DOMAINPASS}
|
|
if [[ ${NOCOMPLEXITY,,} == "true" ]]; then
|
|
samba-tool domain passwordsettings set --complexity=off
|
|
samba-tool domain passwordsettings set --history-length=0
|
|
samba-tool domain passwordsettings set --min-pwd-length=3
|
|
samba-tool domain passwordsettings set --min-pwd-age=0
|
|
samba-tool domain passwordsettings set --max-pwd-age=0
|
|
fi
|
|
sed -i "/\[global\]/a \
|
|
\\\tidmap_ldb:use rfc2307 = yes\\n\
|
|
wins support = yes\\n\
|
|
template shell = /bin/bash\\n\
|
|
winbind nss info = rfc2307\\n\
|
|
idmap config ${URDOMAIN}: range = 10000-20000\\n\
|
|
idmap config ${URDOMAIN}: backend = ad\
|
|
" /etc/samba/smb.conf
|
|
if [[ ${INSECURELDAP,,} == "true" ]]; then
|
|
sed -i "/\[global\]/a \
|
|
\\\tldap server require strong auth = no\
|
|
" /etc/samba/smb.conf
|
|
fi
|
|
# Once we are set up, we'll make a file so that we know to use it if we ever spin this up again
|
|
mkdir -p /etc/samba/external
|
|
cp /etc/samba/smb.conf /etc/samba/external/smb.conf
|
|
else
|
|
cp /etc/samba/external/smb.conf /etc/samba/smb.conf
|
|
fi
|
|
|
|
# Set up supervisor
|
|
mkdir /etc/supervisor.d/
|
|
echo "[supervisord]" > /etc/supervisor.d/supervisord.ini
|
|
echo "nodaemon=true" >> /etc/supervisor.d/supervisord.ini
|
|
echo "" >> /etc/supervisor.d/supervisord.ini
|
|
echo "[program:samba]" >> /etc/supervisor.d/supervisord.ini
|
|
echo "command=/usr/sbin/samba -i" >> /etc/supervisor.d/supervisord.ini
|
|
|
|
appProvision
|
|
appStart
|
|
}
|
|
|
|
appStart () {
|
|
/usr/bin/supervisord
|
|
}
|
|
|
|
appProvision () {
|
|
samba-tool user setpassword administrator --newpassword=password
|
|
samba-tool ou create "OU=Users"
|
|
samba-tool ou create "OU=Groups"
|
|
samba-tool group add dev --groupou=OU=Groups
|
|
samba-tool group add admins --groupou=OU=Groups
|
|
samba-tool user create john password --userou=OU=Users --use-username-as-cn --given-name John --surname Doe --mail-address john.doe@authelia.com
|
|
samba-tool user create harry password --userou=OU=Users --use-username-as-cn --given-name Harry --surname Potter --mail-address harry.potter@authelia.com
|
|
samba-tool user create bob password --userou=OU=Users --use-username-as-cn --given-name Bob --surname Dylan --mail-address bob.dylan@authelia.com
|
|
samba-tool user create james password --userou=OU=Users --use-username-as-cn --given-name James --surname Dean --mail-address james.dean@authelia.com
|
|
samba-tool group addmembers "dev" john,bob
|
|
samba-tool group addmembers "admins" john
|
|
}
|
|
|
|
case "$1" in
|
|
start)
|
|
if [[ -f /etc/samba/external/smb.conf ]]; then
|
|
cp /etc/samba/external/smb.conf /etc/samba/smb.conf
|
|
appStart
|
|
else
|
|
echo "Config file is missing."
|
|
fi
|
|
;;
|
|
setup)
|
|
# If the supervisor conf isn't there, we're spinning up a new container
|
|
if [[ -f /etc/supervisor.d/supervisord.ini ]]; then
|
|
appStart
|
|
else
|
|
appSetup
|
|
fi
|
|
;;
|
|
esac
|
|
|
|
exit 0 |