1
0

add ldap support

This commit is contained in:
fischerman 2016-01-30 22:37:37 +01:00
parent adacce4ba1
commit 59fbf780e4
2 changed files with 26 additions and 2 deletions

View File

@ -2,8 +2,8 @@ FROM ubuntu
MAINTAINER Christian Lück <christian@lueck.tv> MAINTAINER Christian Lück <christian@lueck.tv>
RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y \ RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y \
nginx supervisor php5-fpm php5-cli php5-curl php5-gd php5-json \ git nginx supervisor php5-fpm php5-cli php5-curl php5-gd php5-json \
php5-pgsql php5-mysql php5-mcrypt && apt-get clean && rm -rf /var/lib/apt/lists/* php5-pgsql php5-ldap php5-mysql php5-mcrypt && apt-get clean && rm -rf /var/lib/apt/lists/*
# enable the mcrypt module # enable the mcrypt module
RUN php5enmod mcrypt RUN php5enmod mcrypt
@ -19,6 +19,10 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y curl --n
&& curl -SL https://tt-rss.org/gitlab/fox/tt-rss/repository/archive.tar.gz?ref=master | tar xzC /var/www --strip-components 1 \ && curl -SL https://tt-rss.org/gitlab/fox/tt-rss/repository/archive.tar.gz?ref=master | tar xzC /var/www --strip-components 1 \
&& apt-get purge -y --auto-remove curl \ && apt-get purge -y --auto-remove curl \
&& chown www-data:www-data -R /var/www && chown www-data:www-data -R /var/www
RUN git clone https://github.com/hydrian/TTRSS-Auth-LDAP.git /TTRSS-Auth-LDAP && \
cp -r /TTRSS-Auth-LDAP/plugins/auth_ldap plugins/ && \
ls -la /var/www/plugins
RUN cp config.php-dist config.php RUN cp config.php-dist config.php
# expose only nginx HTTP port # expose only nginx HTTP port
@ -32,6 +36,9 @@ ENV DB_NAME ttrss
ENV DB_USER ttrss ENV DB_USER ttrss
ENV DB_PASS ttrss ENV DB_PASS ttrss
# auth method, options are: internal, ldap
ENV AUTH_METHOD internal
# always re-configure database with current ENV when RUNning container, then monitor all services # always re-configure database with current ENV when RUNning container, then monitor all services
ADD configure-db.php /configure-db.php ADD configure-db.php /configure-db.php
ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf

View File

@ -104,6 +104,23 @@ $contents = file_get_contents($confpath);
foreach ($config as $name => $value) { foreach ($config as $name => $value) {
$contents = preg_replace('/(define\s*\(\'' . $name . '\',\s*)(.*)(\);)/', '$1"' . $value . '"$3', $contents); $contents = preg_replace('/(define\s*\(\'' . $name . '\',\s*)(.*)(\);)/', '$1"' . $value . '"$3', $contents);
} }
if(getenv('AUTH_METHOD') == "ldap") {
$config['PLUGINS'] = 'auth_ldap, note';
$contents .= "define('LDAP_AUTH_SERVER_URI', '" . env("LDAP_AUTH_SERVER_URI", "ldap://ldap") . "');\n";
$contents .= "define('LDAP_AUTH_USETLS', " . env("LDAP_AUTH_USETLS", "FALSE") . "); \n";
$contents .= "define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', " . env("LDAP_AUTH_ALLOW_UNTRUSTED_CERT", "TRUE") . ");\n";
$contents .= "define('LDAP_AUTH_BASEDN', '" . env("LDAP_AUTH_BASEDN") . "');\n";
$contents .= "define('LDAP_AUTH_ANONYMOUSBEFOREBIND', " . env("LDAP_AUTH_ANONYMOUSBEFOREBIND", "FALSE") . ";\n";
// ??? will be replaced with the entered username(escaped) at login
$contents .= "define('LDAP_AUTH_SEARCHFILTER', '" .env("LDAP_AUTH_SEARCHFILTER", "(&(objectClass=user)(sAMAccountName=???))") . "');\n";
$contents .= "define('LDAP_AUTH_BINDDN', '" . env("LDAP_AUTH_BINDDN") . "');\n";
$contents .= "define('LDAP_AUTH_BINDPW', '" . env("LDAP_AUTH_BINDPW") . "');\n";
$contents .= "define('LDAP_AUTH_LOGIN_ATTRIB', '" . env("LDAP_AUTH_LOGIN_ATTRIB", "sAMAccountName") . "');\n";
$contents .= "define('LDAP_AUTH_LOG_ATTEMPTS', " . env("LDAP_AUTH_LOG_ATTEMPTS", "FALSE") . ");\n";
$contents .= "define('LDAP_AUTH_DEBUG', " . env("LDAP_AUTH_DEBUG", "FALSE") . ");\n";
}
file_put_contents($confpath, $contents); file_put_contents($confpath, $contents);
function env($name, $default = null) function env($name, $default = null)